Methods and systems for providing access control to electronic data

US 20080034205A1
Filed: 08/10/2007
Published: 02/07/2008
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to electronic data, comprising:

(a) receiving an access request on a server machine for electronic data, wherein the request includes an identifier identifying a user and an associated client machine;

(b) establishing a secured link between the server machine and the client machine associated with the user;

(c) validating the user according to the identifier;

(d) sending an authentication message to the client machine when the user is validated, wherein the authentication message includes a user key and a link to the requested electronic data;

(e) formatting the electronic data to include a header portion and an encrypted data portion;

(f) controlling access to the encrypted data portion of the electronic data by constructing the header portion to contain a signature signifying that the electronic data is secured, encrypted security information with access rules controlling access to the data portion, and a key that can be retrieved to decrypt the encrypted data portion;

(g) determining if user access to the electronic data is permitted by the access rules; and

(h) decrypting the encrypted security information with the user key when the determining in step (g) determines that the user is permitted to access the electronic data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e.g., a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated, and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.

193 Citations

View as Search Results

36 Claims

1. A method for controlling access to electronic data, comprising:
- (a) receiving an access request on a server machine for electronic data, wherein the request includes an identifier identifying a user and an associated client machine;
  
  (b) establishing a secured link between the server machine and the client machine associated with the user;
  
  (c) validating the user according to the identifier;
  
  (d) sending an authentication message to the client machine when the user is validated, wherein the authentication message includes a user key and a link to the requested electronic data;
  
  (e) formatting the electronic data to include a header portion and an encrypted data portion;
  
  (f) controlling access to the encrypted data portion of the electronic data by constructing the header portion to contain a signature signifying that the electronic data is secured, encrypted security information with access rules controlling access to the data portion, and a key that can be retrieved to decrypt the encrypted data portion;
  
  (g) determining if user access to the electronic data is permitted by the access rules; and
  
  (h) decrypting the encrypted security information with the user key when the determining in step (g) determines that the user is permitted to access the electronic data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 3. The method of claim 2, wherein the streaming audio electronic data is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 4. The method of claim 2, wherein the streaming video electronic data is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 5. The method of claim 2, wherein the image electronic data is one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 6. The method of claim 2, wherein the multimedia electronic data is one or more of Flash Video (FLV) files, AutoDesk Animator®
    - (FLC, FLI, CEL) files, QuickTime®
      
      Movies (MOV, QT, MQV), Shockwave®
      
      Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 7. The method of claim 2, wherein the audio files are one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice®
    - (QCP) audio, Sound Designer II®
      
      (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.
  - 8. The method of claim 1, wherein the user is one or more of a human user, a group of human users, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 9. The method of claim 1, wherein the client machine associated with the user is one or more of personal computers (PCs), computer terminals, mobile phones, personal digital assistants (PDAs), BlackBerry®
    - devices, pocket PCs, smart phones, hand held computers, palmtop computers, laptop computers, tablet PCs, ultra-mobile PCs, and other wireless and non-wireless machines capable of establishing a secured link with the server machine.

10. A computer readable medium including at least computer program code, which when executed by a computer, causes the computer to:
- (a) receive authentication requests containing an identifier identifying a user and a client machine;
  
  (b) parse authentication requests to identify the user and the client machine contained within the identifier;
  
  (c) establish a secured link with the client machine;
  
  (d) authenticate the user according to the identifier;
  
  (e) send an authentication message to the client machine when the user is authenticated;
  
  (f) activate a user key in the client machine when the authentication message is sent;
  
  (g) provide access control management to electronic data wherein the electronic data includes an encrypted data portion and security information with access rules and a file key; and
  
  (h) retrieve the file key to decrypt the encrypted data portion when user access is permitted by the access rules.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer readable medium of claim 10, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 12. The computer readable medium of claim 11, wherein the streaming audio electronic data is one or more of MP3, Real Player®
    - audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 13. The computer readable medium of claim 11, wherein the streaming video electronic data is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 14. The computer readable medium of claim 11, wherein the image electronic data is one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 15. The computer readable medium of claim 11, wherein the multimedia electronic data is one or more of Flash Video (FLV) files, AutoDesk Animator®
    - (FLC, FLI, CEL) files, QuickTime®
      
      Movies (MOV, QT, MQV), Shockwave®
      
      Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 16. The computer readable medium of claim 11, wherein the audio files include one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice®
    - (QCP) audio, Sound Designer II®
      
      (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.
  - 17. The computer readable medium of claim 10, wherein the user is one or more of a human user, a group of human users, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 18. The computer readable medium of claim 10, wherein the client machine associated with the user is one or more of personal computers (PCs), computer terminals, mobile phones, personal digital assistants (PDAs), BlackBerry®
    - devices, pocket PCs, smart phones, hand held computers, pocket computers, palmtop computers, laptop computers, tablet PCs, ultra-mobile PCs and other wireless and non-wireless machines capable of establishing a secured link with the server machine.

19. A computer readable medium including at least computer program code, which when executed by a computer, causes the computer to:
- a) receive a request to access secured electronic data at a server computer, wherein the electronic data includes a header and an encrypted data portion, the header further including encrypted security information including at least access rules and a file key, and wherein the request includes a user key, and an identifier identifying a user and a client machine associated with the user;
  
  b) establish a secured link between the server and the client machine associated with the user;
  
  c) authenticate the user in the server based on the user and client machine information in the identifier;
  
  d) decrypt the security information in the header of the requested secured electronic data using the user key;
  
  e) retrieve the file key retrieved from the header;
  
  f) retrieve access rules from the security information;
  
  g) determine from the access rules if the user has necessary access privileges to access the encrypted data portion;
  
  h) decrypt the encrypted data portion when the it has been determined that user has necessary access privileges to access the encrypted data portion; and
  
  i) provide user access to the decrypted data portion via the secured link established between the server and the client machine associated with the user.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer readable medium of claim 19, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 21. The computer readable medium of claim 20, wherein the streaming audio electronic data is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 22. The computer readable medium of claim 20, wherein the streaming video electronic data is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 23. The computer readable medium of claim 20, wherein the image electronic data is one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 24. The computer readable medium of claim 20, wherein the multimedia electronic data is one or more of Flash Video (FLV) files, AutoDesk Animator (FLC, FLI, CEL) files, QuickTime Movies (MOV, QT, MQV), Shockwave Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 25. The computer readable medium of claim 20, wherein the audio files include one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice (QCP) audio, Sound Designer II (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.
  - 26. The computer readable medium of claim 20, wherein the user is one or more of a human user, a group of human users, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 27. The computer readable medium of claim 20, wherein the client machine associated with the user is one or more of personal computers (PCs), computer terminals, mobile phones, personal digital assistants (PDAs), BlackBerry®
    - devices, pocket PCs, smart phones, hand held computers, pocket computers, palmtop computers, laptop computers, tablet PCs, ultra-mobile PCs and other wireless and non-wireless machines capable of establishing a secured link with the server machine.

28. A system for providing access control management to electronic data, comprising:
- (a) a link module executable in a server computer configured to establish a secured link between the server computer and a client machine when an access request containing an access request identifier identifying at least a user and an associated client machine is received at the server from the client machine;
  
  (b) an authentication module executable in the server computer configured to authenticate the user and the client machine identified in the access request identifier;
  
  (c) a document securing module executable in the server computer configured to secure electronic data in a format including security information in a header that includes encrypted security information controlling access to the encrypted data portion and a signature signifying that the electronic data is secured, and an encrypted data portion;
  
  (d) a key issuing module executable in the server computer configured to issue a user key after the user has been authenticated by the authentication module in step (b), wherein the user key is used to decrypt the encrypted security information, wherein the security information includes a set of access rules and a file key;
  
  (e) a rule processing module executable in the server computer configured to decrypt and retrieve access rules from the security information and measure the retrieved access rules against the access privileges of the user requesting access to the electronic data;
  
  (f) a cipher module executable in the server computer configured to decrypt and retrieve the file key from the security information and subsequently decrypt the encrypted data portion using the file key; and
  
  (g) a document release module executable in the server computer configured to fulfill the access request by releasing a decrypted version of a requested document to the user via the secured link established by the link module in step (a) when the authentication module authenticates both the user and the client machine in step (b) and the and rule processing module determines that the user is permitted to access the requested electronic data in step (e).
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The system of claim 28, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 30. The system of claim 29, wherein the streaming audio electronic data is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 31. The system of claim 29, wherein the streaming video electronic data is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 32. The system of claim 29, wherein the image electronic data is one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 33. The system of claim 29, wherein the multimedia electronic data is one or more of Flash Video (FLV) files, AutoDesk Animator (FLC, FLI, CEL) files, QuickTime Movies (MOV, QT, MQV), Shockwave Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 34. The system of claim 29, wherein the audio files include one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice (QCP) audio, Sound Designer II (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.
  - 35. The system of claim 29, wherein the user is one or more of a human user, a group of human users, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 36. The system of claim 29, wherein the client machine associated with the user is one or more of personal computers (PCs), computer terminals, mobile phones, personal digital assistants (PDAs), BlackBerry®
    - devices, pocket PCs, smart phones, hand held computers, pocket computers, palmtop computers, laptop computers, tablet PCs, ultra-mobile PCs and other wireless and non-wireless machines capable of establishing a secured link with the server machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Ouye, Michael, Garcia, Denis Jacques, Alain, Rossmann, Zuili, Patrick, Supramaniam, Senthilvasan, Humpich, Serge, Lee, Chang-Ping, Hilderbrand, Hal, Vainstein, Klimenty, Huang, Weiqing, Ryan, Nicholas

Granted Patent

US 7,913,311 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

G06F 12/00   Accessing, addressing or al...

G06F 12/14   Protection against unauthor...

G06F 21/00   Security arrangements for p...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 67/01   Protocols

H04L 9/40   Network security protocols

Methods and systems for providing access control to electronic data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

193 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for providing access control to electronic data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others