METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA

US 20090100268A1
Filed: 03/27/2008
Published: 04/16/2009
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. A method for determining access to electronic data via a designated store, the method comprising:

associating an access level with the store, the access level comprising access rules;

retrieving the access rules when a file is deposited in the store;

encrypting the file in accordance with the access rules to produce an encrypted data portion;

generating a header to include security information from the access rules; and

integrating the header with the encrypted data portion to produce a secured file.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

230 Citations

89 Claims

1. A method for determining access to electronic data via a designated store, the method comprising:
- associating an access level with the store, the access level comprising access rules;
  
  retrieving the access rules when a file is deposited in the store;
  
  encrypting the file in accordance with the access rules to produce an encrypted data portion;
  
  generating a header to include security information from the access rules; and
  
  integrating the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1 wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 3. The method of claim 2, wherein the streaming audio is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 4. The method of claim 2, wherein the streaming video is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 5. The method of claim 2, wherein the images are one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 6. The method of claim 2, wherein the multimedia files are one or more of Flash Video (FLV) files, AutoDesk Animator®
    - (FLC, FLI, CEL) files, QuickTime®
      
      Movies (MOV, QT, MQV), Shockwave®
      
      Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 7. The method of claim 2, wherein the audio files are one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice®
    - (QCP) audio, Sound Designer II®
      
      (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.

8. A computer readable medium comprising computer program code that enables a processor to determine access to electronic data via a designated store, the computer program code comprising:
- associating means for enabling a processor to associate an access level with the store, the access level comprising access rules;
  
  retrieving means for enabling a processor to retrieve the access rules when a file is deposited in the store;
  
  encrypting means for enabling a processor to encrypt the file in accordance with the access rules to produce an encrypted data portion;
  
  generating means for enabling a processor to generate a header to include security information from the access rules; and
  
  integrating means for enabling a processor to integrate the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium as recited in claim 8, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 10. The computer readable medium as recited in claim 9, wherein the streaming audio is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 11. The computer readable medium as recited in claim 9, wherein the streaming video is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 12. The computer readable medium as recited in claim 9, wherein the images are one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics®
      
      (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 13. The computer readable medium as recited in claim 8, wherein the multimedia files are one or more of Flash Video (FLV) files, AutoDesk Animator®
    - (FLC, FLI, CEL) files, QuickTime®
      
      Movies (MOV, QT, MQV), Shockwave®
      
      Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 14. The computer readable medium as recited in claim 8, wherein the audio files are one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice®
    - (QCP) audio, Sound Designer II®
      
      (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.

15. A system capable of determining access to electronic data via a designated store, comprising:
- a first module configured to associate an access level with the store, the access level comprising access rules;
  
  a second module configured to retrieve the access rules when a file is deposited in the store;
  
  a third module configured to encrypt the file in accordance with the access rules to produce an encrypted data portion;
  
  a fourth module configured to generate a header to include security information from the access rules; and
  
  a fifth module configured to integrate the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system as recited in claim 15, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 17. The system as recited in claim 16, wherein the streaming audio is one or more of MP3, Real Player audio streams, Windows Media audio streams, Streaming Download Project (SDP) streams, Microsoft Media Services (MMS) unicast data streams, and Real Time Streaming Protocol (RTSP) streams.
  - 18. The system as recited in claim 16, wherein the streaming video is one or more of streaming Flash Video, SDP streams, MMS streams, and RTSP streams.
  - 19. The system as recited in claim 16, wherein the images are one or more of Joint Photographic Experts Group (JPEG, JPG), Tagged Image File Format (TIFF), bitmapped graphics format (BMP, DIB), Portable Network Graphics (PNG), PICT (PICT, PCT, PIC), TARGA File Format (TGA, TPIC) files, Adobe Photoshop®
    - images (PSD), QuickTime®
      
      (QTIF, QTI) images, Silicon Graphics) (SGI, RGB) images, and Graphics Interchange Format (GIF) images.
  - 20. The system as recited in claim 16, wherein the multimedia files are one or more of Flash Video (FLV) files, AutoDesk Animator®
    - (FLC, FLI, CEL) files, QuickTime®
      
      Movies (MOV, QT, MQV), Shockwave®
      
      Flash (SWF) objects, Video for Windows (AVI), Digital Video (DV) files, and executable code.
  - 21. The system as recited in claim 16, wherein the audio files are one or more of MPEG Layer-3 (MP3) files, MP3 playlists (M3U, M3URL), Audio Interchange File Format (AIFF, AIF, AIFC, CDDA) audio files, uLaw/AU audio (AU, SND, ULW) files, Musical Instrument Digital Interface (MIDI, MID, SMF, KAR) files, QUALCOMM PureVoice®
    - (QCP) audio, Sound Designer II®
      
      (SD2), GSM, AMR, AAC, ADTS, CAF, and Wave (WAV, BWF) audio files.

22. A method for updating a key used by an access control system that limits access to a secured document, the method comprising:
- (a) determining whether an old key should be updated;
  
  (b) obtaining a new key to be used in place of the old key that is to be updated when step (a) determines that the old key should be updated;
  
  (c) determining a user that is affected by the new key;
  
  (d) providing the new key to the user that is affected by the new key;
  
  (e) subsequently determining whether the user is requesting access to a secured document that is secured using the old key; and
  
  (f) when step (e) determines that the user is requesting access to a secured document that is secured using the old key, decrypting at least a portion of the secured document using the old key and then encrypting the at least a portion of the secured document using the new key.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The method as recited in claim 22, wherein the method is automatically performed.
  - 24. The method as recited in claim 22, wherein said determining automatically determines that the old key should be updated based on predetermined criteria.
  - 25. The method as recited in claim 22, wherein the determining determines that the old key should be updated on-demand by a user.
  - 26. The method as recited in claim 25, wherein said user is one of a human, a group of human users, an application, a process, a server, a client, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 27. The method as recited in claim 22, wherein said determining makes use of a key update schedule.
  - 28. The method as recited in claim 22, wherein said determining determines that the old key should be updated when the old key has been compromised.
  - 29. The method as recited in claim 22, wherein the old key and the new key are group keys.
  - 30. The method as recited in claim 22, wherein the user that is affected by the new key pertains to a group of users.

31. A computer readable medium comprising computer program code that enables a processor to update a key used by an access control system that limits access to a secured document, said computer readable medium comprising:
- computer program code enabling a processor to determine whether an old key should be updated;
  
  computer program code enabling the processor to obtain a new key to be used in place of the old key that is to be updated when said computer program code for determining determines that the old key should be updated;
  
  computer program code enabling the processor to determine a user that is affected by the new key;
  
  computer program code enabling the processor to provide the new key to the user that is affected by the new key;
  
  computer program code enabling the processor to subsequently determine whether the user is requesting access to a secured document that is secured using the old key;
  
  computer code enabling the processor to decrypt at least a portion of the secured document using the old key; and
  
  computer code enabling the processor to encrypt the at least a portion of the secured document using the new key, when the computer code for determining determines that the user is requesting access to a secured document that is secured using the old key.
- View Dependent Claims (32, 33)
- - 32. The computer readable medium as recited in claim 31, wherein said computer program code for determining determines that the old key should be updated based on predetermined criteria or on-demand by a user.
  - 33. The computer readable medium as recited in claim 31, wherein the old key and the new key are group keys.

34. A system for maintaining keys for encryption and/or decryption of electronic files, said system comprising:
- a key update monitor module configured to monitor a plurality of keys to determine when at least one of the keys is to be updated;
  
  a key generator operatively connected to the key update monitor module, said key generator generates at least one new key to be used to replace the at least one of the keys to be updated;
  
  a key distribution manager operatively connected to the key generator, wherein the key distribution manager distributes the at least one new key to one or more interested entities; and
  
  a key replacement manager that manipulates the files that are encrypted by the at least one old key to be re-encrypted with the at least one new key.
- View Dependent Claims (35, 36, 37, 38)
- - 35. A system as recited in claim 34, wherein the interested entities are selected from the group consisting of human users, processes, applications, clients, servers, computing devices, software agents, database queries, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with user keys.
  - 36. The system as recited in claim 34, wherein the key replacement manager is configured to decrypt at least a portion of the electronic data files using the at least one old key and then re-encrypt at least the portion of the files using the at least one new key.
  - 37. The system as recited in claim 34, wherein the interested entities are selected from the group consisting of human users, processes, applications, clients, servers, computing devices, software agents, database queries, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with user keys.
  - 38. The system as recited in claim 34, wherein the old key and the new key are group keys.

39. A method for securing an electronic document, the method comprising:
- (a) obtaining an electronic document to be secured;
  
  (b) assigning at least one data type to the electronic document;
  
  (c) obtaining a data type key associated with the data type that has been assigned;
  
  (d) encrypting at least a data portion of the electronic document using a first key, wherein the first key is the data type key or is acquired using the data type key; and
  
  (e) attaching security information to the encrypted data portion to produce a secured electronic document.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 40. The method as recited in claim 39, wherein the data type provides a categorization of different types of content.
  - 41. The method as recited in claim 39, wherein the method further comprises:
    - (f) saving the secured electronic document to a storage device.
  - 42. The method as recited in claim 39, wherein assigning step (b) of the data type comprises:
    - receiving a selection of at least one of a plurality of available data types.
  - 43. The method as recited in claim 39, wherein assigning step (b) comprises:
    - (b1) displaying a plurality of available data types; and
      
      (b2) selecting at least one of the available data types being displayed.
  - 44. The method as recited in claim 43, wherein the displaying step (b1) and the selecting step (b2) are performed with the assistance of a graphical user interface.
  - 45. The method as recited in claim 39, wherein the security information includes the data type key.
  - 46. The method as recited in claim 45, wherein the data type key within the security information is encrypted.
  - 47. The method as recited in claim 39, wherein encrypting step (d) uses an encryption hierarchy, and wherein the data type key is used in at least one level of the encryption hierarchy.
  - 48. The method as recited in claim 39, wherein the security information includes at least the first key which is encrypted by another key that is the data type key or another key acquired using the data type key.
  - 49. The method as recited in claim 39, wherein said method further comprises imposing at least one data type policy restriction to the secured electronic document based on the data type assigned to the electronic document.

50. A method for unsecuring an electronic document, the method comprising:
- (a) identifying an electronic document to be unsecured for access by a requester;
  
  (b) determining a particular data type of the electronic document;
  
  (c) determining whether the requestor has permission to access electronic documents having the particular data type;
  
  (d) obtaining a data type key associated when determining step (c) determines that the requestor has permission to access electronic documents having the particular data type, the data type key being associated with the particular data type;
  
  (e) decrypting at least a data portion of the electronic document using at least a first key, wherein the first key is a data type key or the first key is acquired using the data type key; and
  
  (f) providing at least the unencrypted data portion to the requestor.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 51. The method as recited in claim 50, wherein said decrypting step (e) comprises:
    - (e1) decrypting an encrypted first key using the data type key; and
      
      (e2) decrypting at least the data portion of the secured electronic document using at least the first key.
  - 52. The method as recited in claim 50, wherein decrypting step (e) comprises:
    - (e1) decrypting an encrypted second key using the data type key;
      
      (e2) decrypting an encrypted first key using the second key; and
      
      (e3) decrypting at least the data portion of the secured electronic document using at least the first key.
  - 53. The method as recited in claim 50, wherein the data type provides a categorization of different types of content.
  - 54. The method as recited in claim 50, wherein the secured electronic document includes the data portion and security information, the security information includes a reference to the data type key in an encrypted or unencrypted manner.
  - 55. The method as recited in claim 50, wherein the secured electronic document includes the data portion and security information, and wherein the reference to the data type key within the security information is encrypted.
  - 56. The method as recited in claim 50, wherein decrypting step (e) is used to reverse an encryption hierarchy, and wherein the data type key is used in at least one level of the encryption hierarchy.
  - 57. The method as recited in claim 50, wherein decrypting step (e) uses the first key to decrypt at least the data portion of the electronic document, and wherein the security information includes at least the first key which is encrypted by another key that is the data type key or another key acquired using the data type key.
  - 58. The method as recited in claim 50, wherein obtaining step (d) further comprises obtaining at least one data type policy restriction.
  - 59. The method as recited in claim 58, wherein the at least one data type policy restriction prevents usage of the data type key in specified circumstances.
  - 60. The method as recited in claim 58, wherein the decrypting in step (e) is prohibited when the at least one data type policy restriction is not satisfied.
  - 61. The method as recited in claim 58, wherein the at least one data type policy restriction is specified by an administrative user.
  - 62. The method as recited in claim 50, wherein the method further comprises:
    - (g) determining, prior to providing step (f), whether the secured electronic document has at least one data type policy restriction; and
      
      (h) requiring that the at least one data type policy restriction is satisfied before at least one of obtaining step (d), decrypting step (e), or providing step (f) are performed.
  - 63. The method as recited in claim 62, wherein the at least one data type policy restriction is a rule affiliated with the data type for the secured electronic document.

64. A computer program product comprising a computer readable medium having computer program logic recorded thereon enabling a processor to secure an electronic document, said computer program code comprising:
- computer program code enabling a processor to obtain an electronic document to be secured;
  
  computer program code enabling a processor to assign a data type to the electronic document;
  
  computer program code enabling a processor to obtain a data type key associated with the data type that has been assigned;
  
  computer program code enabling a processor to encrypt at least a data portion of the electronic document using a first key, the first key being the data type key or acquired using the data type key; and
  
  computer program code enabling a processor to attach security information to the encrypted data portion to produce a secured electronic document.

65. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the format comprising:
- a header including security information controlling the access to the contents in the electronic data, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules;
  
  an encrypted data portion generated by encrypting the electronic data with the first key according to a predetermined cipher scheme; and
  
  wherein the header is integrated with the encrypted data portion to generate a secured file.
- View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
- - 66. The format of claim 65, wherein the access rules are displayable in an application to display what access restrictions in the secured file.
  - 67. The format of claim 65, wherein the access rules are further encrypted and included in the security information.
  - 68. The format of claim 67, wherein the access rules are expressed in a descriptive language.
  - 69. The format of claim 68, wherein the descriptive language is a markup language that is one of (i) SGML, (ii) HTML, or (iii) XACML.
  - 70. The format of claim 65, wherein the second key is used to encrypt the first key according to the predetermined cipher scheme.
  - 71. The format of claim 70, wherein the first key is a file key that can be used to encrypt as well as decrypt the encrypted data portion and the second key is a protection key designated to protect the file key in conjunction with a key associated with a user attempting to access the secured file.
  - 72. The method as recited in claim 71, wherein said user is one of a human, a group of human users, an application, a process, a server, a client, a software agent, a group of software agents, a software application, a database query, devices, and executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 73. The format of claim 71, wherein the encrypted first key is protected by the classification level of the electronic data, wherein the classification level controls restrictive access to the first key.
  - 74. The format of claim 73, wherein the electronic data classification level is another encryption of the encrypted first key such that the first key can only be retrieved with both the second key and a classification level key associated with a user attempting to access the secured file.
  - 75. The format of claim 74, wherein the classification level information is related to a special access policy such that the first key can only be retrieved with the second key and a successful test of the special access policy against access privilege of a user attempting to access the secured file.
  - 76. The format of claim 71, wherein the second key is encrypted and protected by access rules.
  - 77. The format of claim 76 wherein the access rules are further encrypted and included in the security information of the header.
  - 78. The format of claim 77, wherein the encrypted access rules can be decrypted with a user key associated with the user attempting to access the secured file.
  - 79. The format of claim 78, wherein the access rules, once decrypted, are tested against access privileges of the user.
  - 80. The format of claim 79, wherein the protection key can be retrieved only when the user has the access privilege in accordance with the access rules.
  - 81. The format of claim 73, wherein the classification level pertains to a confidential level of the secured file, the confidential level ranging from most classified to non-classified.
  - 82. The format of claim 81, wherein the classification level key designated to one confidential level can be used for all confidential levels at or lower than the one confidential level.
  - 83. The format of claim 65, wherein the encrypted first key can be updated without having to retrieve the second key.

84. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the format comprising:
- a header including an encrypted version of a first key, at least an encrypted version of a second key, access rules controlling the access to the contents in the electronic data, wherein the second key is symmetric and used to create the encrypted version of the first key as well as retrieve the first key when sufficient user access privileges are provided externally;
  
  an encrypted data portion generated by encrypting the electronic data with the first key according to a predetermined cipher scheme; and
  
  wherein the header is integrated with the encrypted data portion to generate a secured file.
- View Dependent Claims (85, 86, 87, 88, 89)
- - 85. The format of claim 84, wherein the access rules expressed in a descriptive language control who can access the contents in the electronic data.
  - 86. The format of claim 85, wherein at least part of the access rules are used to test access privileges of the user before the encrypted version of the second key can be decrypted.
  - 87. The format of claim 84, wherein the encrypted data portion has a plurality of segments, each produced from encrypting a block of the electronic data.
  - 88. The format of claim 87, wherein a block size of the block is a constant.
  - 89. The format of claim 88, wherein the constant is a multiple of a defined block size in the predefined cipher scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
HUANG, Weiqing, RYAN, Nicholas Michael, GARCIA, Denis Jacques Paul, OUYE, Michael Michio, GILBERTSON, Eric, HUMPICH, Serge, ROSSMANN, Alain, CROCKER, Steven Toye, VAINSTEIN, Klimenty

Granted Patent

US 8,543,827 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

89 Claims

Specification

Use Cases

Quick Links

Others

METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

89 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others