IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0538637
(2012-06-29)
|
등록번호 |
US-8677126
(2014-03-18)
|
발명자
/ 주소 |
- Meehan, Patrick Carson
- Price, Zachary Wisenbaker
- Zambroski, Jr., Raymond Joseph
- Frenchu, William Henry
- Hickey, Shawn Patrick
- White, Jesse Lee
- Mohr, Anthony Allen
- Gomsrud, Jeremy Wayne
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
4 인용 특허 :
73 |
초록
▼
A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according
A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.
대표청구항
▼
1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising: installing an authoring tool for generating and distributing cryptocontainers comprising said
1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising: installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool, and wherein said author license comprises an e-mail address of said author and said public key belonging to said authoring tool, signed by a private key belonging to said key server;entering an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;generating a symmetric session key for said recipient list;encrypting said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;adding said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;encrypting said cryptocontainer comprising said symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said symmetric session key for said recipient list to be individually decrypted from said cryptocontainer; andtransmitting said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer. 2. The method as recited in claim 1, wherein said usage rights timeline comprises keyframes for digital rights management for each of said electronic documents in said cryptocontainer, wherein each of said keyframes comprises individual entries for granting rights for opening, copying, viewing, printing, exporting, deleting, making visible, showing thumbnails, renaming, forwarding, attaching, and moving each of said electronic documents in said cryptocontainer for a certain period in time. 3. The method as recited in claim 1, further comprising: signing a plurality of said electronic documents added to said cryptocontainer by said author using a digital signature, wherein the intent of said digital signature is specified in text form using a Signature Line entry. 4. The method as recited in claim 1, further comprising: notifying said author of the security rating of an e-mail client over a given time period, wherein said security rating comprises a ratio of a number of securely sent items to a total number of sent items. 5. The method as recited in claim 1, wherein a recipient is assigned membership to a user group, wherein said user group is selected for generating said usage permission template for each of said electronic documents. 6. The method as recited in claim 1, wherein said author license comprises an e-mail address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server. 7. The method as recited in claim 1, wherein said author license comprises an e-mail address of said author and a biometric identification encrypted together with said public key of said key server signed by a private key of said key server. 8. The method as recited in claim 1, further comprising: recording a timestamped log of each individual operation performed on said cryptocontainer. 9. The method as recited in claim 1, wherein said authoring tool is a network application executed as a service by a network server. 10. The method as recited in claim 1, wherein said usage rights timelines are predefined and stored as a template for retrieving a set of usage rights for applying to a cryptocontainer. 11. A method for receiving electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising: receiving via e-mail a cryptocontainer comprising a plurality of electronic documents by a recipient;installing a viewing tool from a public network server for accessing said plurality of electronic documents within said cryptocontainer;opening a secured connection with a key server and authenticating the identity of said recipient with a certificate issued by an authenticating server;comparing the identity of said recipient with each of a plurality of recipients listed in said cryptocontainer by said key server, and in case of a match,issuing a one-time license to decrypt a symmetric session key for said cryptocontainer to said recipient by said key server,and in case of no match,denying access to said recipient to said cryptocontainer. 12. The method as recited in claim 11, wherein said authenticating the identity of said recipient is performed using a hardware fingerprint together with said e-mail address of said recipient. 13. The method as recited in claim 11, wherein said authenticating the identity of said recipient is performed using a biometric identifier together with said e-mail address of said recipient. 14. The method as recited in claim 11, wherein said viewing tool is a network application executed as a service by a network server. 15. The method as recited in claim 11, further comprising: decrypting said symmetric session key for said cryptocontainer with said license; anddecrypting and accessing said plurality of electronic documents by said recipient from said cryptocontainer. 16. The method as recited in claim 15, wherein a usage rights timeline, comprising individual keyframes, retrieved from said cryptocontainer for restricting the rights of said recipient is individually enforced by said viewing tool for each of said plurality of electronic documents accessed by said recipient over the time period for which said keyframes in said usage rights timeline have been defined. 17. The method as recited in claim 15, further comprising: recording a timestamped log of each individual operation performed on said cryptocontainer. 18. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer-readable coded adapted to be executed to implement a method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, the method comprising: installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool, and wherein said author license comprises an e-mail address of said author and said public key belonging to said authoring tool, signed by a private key belonging to said key server;entering an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;generating a symmetric session key for said recipient list;encrypting said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;adding said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;encrypting said cryptocontainer comprising said symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said symmetric session key for said recipient list to be individually decrypted from said cryptocontainer; andtransmitting said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer. 19. The computer program product as recited in claim 18, wherein said usage rights timeline comprises keyframes for digital rights management for each of said electronic documents in said cryptocontainer, wherein each of said keyframes comprises individual entries for granting rights for opening, copying, viewing, printing, exporting, deleting, making visible, showing thumbnails, renaming, forwarding, attaching, and moving each of said electronic documents in said cryptocontainer for a certain period in time. 20. The computer program product as recited in claim 18, the method comprising: signing a plurality of said electronic documents added to said cryptocontainer by said author using a digital signature, wherein the intent of said digital signature is specified in text form using a Signature Line entry.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.