Method and system for protecting digital objects distributed over a network
First Claim
1. In a communications network, a system for protecting objects comprising:
- a) an object server connected to the network, the object server running a first software program having instructions to be executed by the object server, said instructions including designating at least one object among a set of objects stored at the object server to be protected and determining a security policy for each protected object;
b) a requester device having means for requesting a protected object from the object server, the requester device connected to the network; and
c) a security server running a second software program providing protection services for objects designated by the first software program as protected objects, the security server connected to the network wherein the second software program has instructions to be executed by the security server for providing protection services, said instructions including;
i) obtaining the requested protected object from a storage location;
ii) combining the requested protected object with mobile code, a security policy, and object controls; and
iii) sending the requested protected object combined with mobile code, the security policy, and object controls to the requester device, wherein the mobile code instantiates the security policy and object controls for the requested protected object at the requester device upon receipt of the object such that the requested protected object may be accessed only in accordance with the security policy and object controls associated with the requested protected object.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for protecting objects stored on network servers are presented. An object server runs computer software that designates which objects are to be protected and the security policy for that object. If the object server receives a request for a protected object, the object server creates an enhanced request containing cryptographically protected data related to the request and to the requested object; this enhanced request is redirected to a security server. The security server authenticates the request, retrieves the requested object from the object server, a file server associated with the security server, or a local cache, encrypts the object, and combines the encrypted object with mobile code, the security policy, and object controls to implement the policy. This package is then sent to the requester, which executes the mobile code, resulting in the installation of the security policy and object controls on the requester computer. The requested object is rendered subject to the security policy and object controls. The security server maintains a logfile of actions taken on the object. This logfile can be used to create an audit trail for the object.
83 Citations
42 Claims
-
1. In a communications network, a system for protecting objects comprising:
-
a) an object server connected to the network, the object server running a first software program having instructions to be executed by the object server, said instructions including designating at least one object among a set of objects stored at the object server to be protected and determining a security policy for each protected object;
b) a requester device having means for requesting a protected object from the object server, the requester device connected to the network; and
c) a security server running a second software program providing protection services for objects designated by the first software program as protected objects, the security server connected to the network wherein the second software program has instructions to be executed by the security server for providing protection services, said instructions including;
i) obtaining the requested protected object from a storage location;
ii) combining the requested protected object with mobile code, a security policy, and object controls; and
iii) sending the requested protected object combined with mobile code, the security policy, and object controls to the requester device, wherein the mobile code instantiates the security policy and object controls for the requested protected object at the requester device upon receipt of the object such that the requested protected object may be accessed only in accordance with the security policy and object controls associated with the requested protected object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. In a communications network, a method for protecting objects comprising:
-
a) receiving a request from a requestor device at an object server for a protected object;
b) redirecting the request to a security server;
c) obtaining the requested protected object, the obtainment performed by the security server;
d) combining the requested protected object with the security policy, object controls, and mobile code;
e) sending the requested protected object combined with the security policy, object controls, and mobile code to the requestor device; and
f) executing the mobile code at the requester device when the mobile code is received at the requester device, wherein the mobile code instantiates the security policy and the object controls at the requester device such that the requested protected object is accessed in accordance with the security policy. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification