Computer method and apparatus for managing data objects in a distributed context
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-017/00
H04L-009/00
G06F-021/00
G06F-015/173
G06F-015/16
출원번호
UP-0856112
(2004-05-28)
등록번호
US-7587749
(2009-09-22)
발명자
/ 주소
Leser, Norbert
Kyne, Fajen
Morgan, Robert
Barclay, Christopher B.
Gaudet, Edward J.
Schoonmaker, James
Epstein, Arnold S.
Smith, Michael D.
출원인 / 주소
Liquid Machines, Inc.
대리인 / 주소
Hamilton Brook Smith & Reynolds, PC
인용정보
피인용 횟수 :
39인용 특허 :
32
초록▼
In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identificat
In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identification of a respective control policy. Each control policy comprises at least an indication of a subset of the users who may access the data object, an indication of the privileges granted to each subset of users able to access the data object, and an indication of a subset of users who may define or edit the control policy. The invention method and apparatus separate the management of the control policies of data objects from the creation and use of the data objects. The invention method and apparatus automate common policy changes, distribution of policy changes to the enforcement agents, and propagation of control policies to derivative works.
대표청구항▼
What is claimed is: 1. A computer method for maintaining and managing control over content in a distributed context, said method comprising the steps of: storing control policies in a memory, associating content with the control policies by attaching to each content an identification of a respectiv
What is claimed is: 1. A computer method for maintaining and managing control over content in a distributed context, said method comprising the steps of: storing control policies in a memory, associating content with the control policies by attaching to each content an identification of a respective control policy, for each content, the associating forming an association between the content and the respective control policy, wherein each control policy comprises at least (i) an indication of a set of users who may access the content, (ii) an indication of privileges granted to each user in the set, and (iii) an indication of a set of users who may define or edit the control policy; storing the control policies; upon a user requesting to access content, checking whether the user is indicated in the set of users who may access the content in the manner requested, based on the respective control policy of the content; for each content, maintaining the association between the content and the respective control policy independent of a computer structure encapsulating the content and separate from physical access to the computer structure encapsulating the content; and propagating the association between the content and the respective control policy to a derivative of the content. 2. The computer method for maintaining and managing control over content of claim 1, further comprising: allowing the user to access the content if the user is in the set of users who may access the content in the manner requested. 3. The computer method for maintaining and managing control over content of claim 1, wherein the step of storing control policies includes storing control policies on a control policy server; and the method further comprising the steps of: determining control policy server availability; if the control policy server is unavailable, determining a duration of time for which access rights are valid for the content; and allowing the user to access the content if the access rights are still valid for the content for the user. 4. The computer method of claim 3, further comprising the step of: caching a control policy associated with a content in a first user and a second user without registering the cached control policy with the control policy server; sharing the content in a collaborative manner between the first user and the second user within the bounds of the cached control policy. 5. The computer method of claim 4, wherein the content is created while the server is unavailable. 6. The computer method for maintaining and managing control over content of claim 1, further comprising: providing an interface for defining and editing a control policy by a set of users, based on the indication of who may define and edit the control policy and what modifications are permitted. 7. The computer method for maintaining and managing control over content of claim 1, wherein the control policy further contains an indication of one or more of: device constraints, location constraints, time-of-access constraints, and network connectivity constraints. 8. The method for maintaining and managing control over content of claim 1, wherein the control policy further contains an indication of users who may transfer a content out of the control policy and an indication of users who may assign the control policy to content. 9. The method for maintaining and managing control over content of claim 1, wherein a role within the control policy is a set of usage rights and a list of users, and wherein usage rights of a user appearing in multiple roles within the control policy are aggregated. 10. The method for maintaining and managing control over content of claim 1, wherein the content is encrypted. 11. The method for maintaining and managing control over content of claim 10, wherein the content is encrypted with a content encryption key, which is encrypted with a key encryption key of the control policy associated with the content. 12. The method for maintaining and managing control over content of claim 1, further comprising: transferring the content from the respective control policy to a second control policy. 13. The method for maintaining and managing control over content of claim 12, wherein the second control policy is at least one of: an unprotected content state and a control policy for which the user has privileges to assign content to that policy. 14. The method for maintaining and managing control over content of claim 12, further comprising: transferring the content automatically from one control policy to a second control policy upon occurrence of a predetermined event, wherein the second control policy is at least one of: a control policy for which the user has privileges to assign content to that policy and an unprotected content state. 15. The method for maintaining and managing control over content of claim 14, wherein the predetermined event is a business event determined by a creator of the control policy. 16. The method for maintaining and managing control over content of claim 14, further comprising: recording the transfer of the content in an activity log such that audit of changes to the content is enabled. 17. The method for maintaining and managing control over content of claim 1, wherein control policies are grouped into business processes. 18. The method for maintaining and managing control over content of claim 17, wherein business processes are organized hierarchically. 19. The method for maintaining and managing control over content of claim 18, wherein the hierarchy is used in limiting scope of content transfers between control policies. 20. The method for maintaining and managing control over content of claim 18, wherein default policies of one business process apply to other business processes as a function of the hierarchy. 21. The method for maintaining and managing control over content of claim 1, further comprising the step of enabling an audit or forensic analysis of a business process based on activities granted or denied within one or more control policies of the business process. 22. The method for maintaining and managing control over content of claim 1, further comprising: displaying an indication of the control policy associated with a logical data object accessed by an authenticated user on a client computer. 23. The method for maintaining and managing control over content of claim 22, further comprising: requesting, by a client, from a server storing control policies, a list of control policies for which the user has permissions; and displaying the indication of a control policy of the logical data object content in a drop-down window located in a title bar of a window displaying the logical data object content, wherein the drop-down window displays the list of control policies requested from the server. 24. The method for maintaining and managing control over content of claim 23, wherein the drop-down window shows a business process hierarchy of the control policies. 25. The method for maintaining and managing control over content of claim 22, wherein the drop-down window shows the control policies to which the user can transfer the content. 26. The method for maintaining and managing control over content of claim 1, wherein one or more content use the same control policy. 27. The method for maintaining and managing control over content of claim 26, further comprising: moving or copying at least a portion of a first content into a second content; and conciliating control policy for at least a portion of the first content within the second content based on control policies associated with the first and the second content. 28. The method for maintaining and managing control over content of claim 1, further comprising: modifying the control policy associated with the content without accessing the content. 29. The method for maintaining and managing control over content of claim 28, wherein modifying the control policy associated with the content further comprises similarly modifying multiple control policies. 30. The method for maintaining and managing control over content of claim 29, wherein the multiple control policies are part of one business process. 31. The method for maintaining and managing control over content of claim 1, further comprising: recording information about the control policy associated with the content on a control policy server; modifying the control policy associated with the content; and reverting to an original control policy configuration based on the recorded information. 32. The method for maintaining and managing control over content of claim 1, further comprising: applying a predetermined change to the respective control policy of the content. 33. The method for maintaining and managing control over content of claim 32, wherein the predetermined change is indicated in a business process with which the control policy is associated. 34. The method for maintaining and managing control over content of claim 1, wherein the indication of the respective control policy further includes a policy reference and an indication of a control policy server storing the respective control policy. 35. The method for maintaining and managing control over content of claim 34, wherein the indication of a control policy server is a Uniform Resource Locator (URL), and the policy reference is a numerical value known to the control policy server. 36. The method for maintaining and managing control over content of claim 1, further comprising: distributing the content to a set of users. 37. The method for maintaining and managing control over content of claim 36, further comprising: checking, on a content access by a user, whether the user is in the set of the users who may access the content in the manner requested, based on the respective control policy. 38. The method for maintaining and managing control over content of claim 1, further comprising: recording the content access request and disposition in an activity log. 39. The method for maintaining and managing control over content of claim 38, further comprising: identifying the content in the activity log based on a unique document identifier. 40. The method for maintaining and managing control over content of claim 1, wherein the content is ephemeral and is inaccessible after a designated time. 41. The method for maintaining and managing control over content of claim 1, wherein the content is permanent and is always recoverable. 42. A computer-implemented client for maintaining and managing control over content in a distributed environment, said client comprising: a policy checker configured to check respective control policies stored in a memory for each content, the policy checker determining a policy reference of the respective control policy, wherein each control policy comprises at least an indication of a set of users who may access the content, an indication of privileges granted to each user of the set, and an indication of a set of users who may define or edit the control policy; a communication module configured to contact a policy server with the determined policy reference; a user interface configured to provide a user access to the content if the user is indicated in the set of users who may access the content in the manner requested based on the respective control policy corresponding to the determined policy reference; and wherein the policy reference effectively forms an association between the respective control policy and the content, and the association being: (i) maintained independent of a computer structure encapsulating the content and separate from physical access to the computer structure encapsulating the content, and (ii) propagated to a derivative of the content. 43. A computer-implemented client of claim 42, further comprising: a time element that indicates to the policy checker duration of time for which access rights are valid for the content. 44. A computer-implemented server for maintaining and managing control over content in a distributed environment, said server comprising: a set of control policies stored in a memory, wherein each control policy comprises at least an indication of a set of users who may access the content, an indication of privileges granted to each user of the set, and an indication of a set of users who may define or edit the control policy; a communication module adapted to return information about a control policy in response to receiving a control policy reference; and wherein the policy reference effectively forms an association between a respective control policy and the content, and the association being: (i) maintained independent of a a computer structure encapsulating the content and separate from physical access to the computer structure encapsulating the content and (ii) propagated to a derivative of the content.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (32)
Fabbio Robert A. (Austin TX), Access control policies for an object oriented database, including access control lists which span across object boundar.
Kocher Paul C. ; Jaffe Joshua M. ; Jun Benjamin C., Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems.
Brundrett Peter ; Garg Praerit ; Gu Jianrong ; Kelly ; Jr. James W. ; Kaplan Keith S. ; Reichel Robert P. ; Andrew Brian ; Kimura Gary D. ; Miller Thomas J., Encrypting file system and method.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
Stefik Mark J. (Woodside CA) Merkle Ralph C. (Sunnyvale CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of digital works having a fee reporting mechanism.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Littlefield, Duncan A.; Nallathambi, Vimal K.; Chanchlani, Girish, Data recovery operations, such as recovery from modified network data management protocol data.
Littlefield, Duncan Alden; Nallathambi, Vimal Kumar; Chanchlani, Girish, Data recovery operations, such as recovery from modified network data management protocol data.
Hayashi, Takamichi; Kuno, Hiroshi; Yoshimura, Koji, Information storage device, information processing system, information processing method, and program.
Fairchild, Granville R.; Frischling, Bill; Keeling, John; Pacheco, Dan; Rosmarin, Myron, Method and apparatus providing omnibus view of online and offline content of various file types and sources.
Fairchild, Granville R; Frischling, Bill; Keeling, John; Pacheco, Dan; Rosmarin, Myron, Method and apparatus providing omnibus view of online and offline content of various file types and sources.
Kumarasamy, Paramasivam, Storage management of data using an open-archive architecture, including streamlined access to primary data originally stored on network-attached storage and archived to secondary storage.
Kottomtharayil, Rajiv; Gokhale, Parag; Prahlad, Anand; Kumar Vijayan, Manoj; Ngo, David; Devassy, Varghese, System and method for sharing media in a computer network.
Kottomtharayil, Rajiv; Gokhale, Parag; Prahlad, Anand; Vijayan, Manoj Kumar; Ngo, David; Devassy, Varghese, Systems and methods for performing storage operations in a computer network.
Kottomtharayil, Rajiv; Gokhale, Parag; Prahlad, Anand; Vijayan, Manoj Kumar; Ngo, David; Devassy, Varghese, Systems and methods for performing storage operations in a computer network.
Kottomtharayil, Rajiv; Vijayan, Manoj Kumar, Systems and methods for uniquely identifying removable media by its manufacturing defects wherein defects includes bad memory or redundant cells or both.
Muller, Marcus S.; Gokhale, Parag; Kottomtharayil, Rajiv, Systems and methods of media management, such as management of media to and from a media storage library.
Muller, Marcus S.; Gokhale, Parag; Kottomtharayil, Rajiv, Systems and methods of media management, such as management of media to and from a media storage library.
Muller, Marcus S.; Gokhale, Parag; Kottomtharayil, Rajiv, Systems and methods of media management, such as management of media to and from a media storage library.
Muller, Marcus S.; Gokhale, Parag; Kottomtharayil, Rajiv, Systems and methods of media management, such as management of media to and from a media storage library.
Kottomtharayil, Rajiv; Vijayan Retnamma, Manoj K., Systems and methods of media management, such as management of media to and from a media storage library, including removable media.
Kottomtharayil, Rajiv; Vijayan, Manoj Kumar, Systems and methods of media management, such as management of media to and from a media storage library, including removable media.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.