SYSTEM FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY

US 20090222673A1
Filed: 05/15/2009
Published: 09/03/2009
Est. Priority Date: 01/11/1996
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for the protection of digital data comprising:

a first processor programmed to run an operating system, the operating system programmed to generate one or more interrupts;

an access mechanism including access control software run on a second processor and a memory, the access mechanism operative to;

detect one or more interrupts at or below a BIOS level, a given detected interrupt being associated with an operating system request to access protected portions of the data;

restrict access to the protected portions of the data by the operating system in accordance with at least one rule; and

a tamper detecting mechanism operative to prevent access to the data in an unprotected form comprising means for destroying data stored in the access mechanism when tampering is detected.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Digital data protection is provided by a processor running an operating system programmed to generate one or more interrupts; an access mechanism detects one or more interrupts at or below a BIOS level, a given detected interrupt being associated with an operating system request to access protected portions of the data, and restricts access to the protected portions of the data by the operating system in accordance with at least one rule; a tamper detecting mechanism prevents access to the data in an unprotected form has means for destroying data stored in the access mechanism when tampering is detected.

Citations

25 Claims

1. An apparatus for the protection of digital data comprising:
- a first processor programmed to run an operating system, the operating system programmed to generate one or more interrupts;
  
  an access mechanism including access control software run on a second processor and a memory, the access mechanism operative to;
  
  detect one or more interrupts at or below a BIOS level, a given detected interrupt being associated with an operating system request to access protected portions of the data;
  
  restrict access to the protected portions of the data by the operating system in accordance with at least one rule; and
  
  a tamper detecting mechanism operative to prevent access to the data in an unprotected form comprising means for destroying data stored in the access mechanism when tampering is detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein the first processor interfaces with output peripheral devices to send packaged data only through the access mechanism.
  - 3. The apparatus of claim 2, wherein the output peripheral devices include at least one of a display, a printer a disk drive and a network interface.
  - 4. The apparatus of claim 1, wherein the memory is configured to store the at least one rule and the protected portions of the data.
  - 5. The apparatus of claim 1, wherein the rules and the protected portions of the data are received separately.
  - 6. The apparatus of claim 1, wherein the rules and the protected portions of the date are received as a package.
  - 7. The apparatus of claim 1, wherein both the rules and the protected portions of the data are encrypted.
  - 8. The apparatus of claim 1, wherein the rules indicate at least one of(a) which users are allowed to access the protected data,(b) distribution rights of the data,(c) access control rights of the user,(d) access control quantities, and(e) payment requirements, andwhen the rules indicate which users are allowed to access the protected portions of the data, the device further comprises:
    - means for allowing the user access to a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data;
      
      when the rules indicate distribution rights of the data, the device further comprises;
      
      means for allowing distribution of the data only in accordance with the distribution rights indicated in the rules;
      
      when the rules indicate access control rights of the user, the device further comprises;
      
      means for allowing the user to access the data only in accordance with the access control rights indicated in the rules;
      
      when the rules indicate access control quantities, the device further comprises;
      
      means for allowing access to the data only in accordance with the access control quantities indicated in the rules;
      
      when the rules indicate payment requirements, the device further comprising;
      
      means for allowing access to the data only if the payment requirements indicated in the rules are satisfied.
  - 9. The apparatus of claim 1, wherein the access mechanism only permits output of the protected portions of the data to output peripheral devices in accordance with the rules.

10. A method comprising:
- receiving protected data at an access mechanism, the access mechanism including access control software, a first processor and a memory device;
  
  transmitting an unprotected form of the protected data to a second processor in accordance with at least one rule;
  
  detecting, through the use of the access mechanism, an interrupt at or below a BIOS level, the detected interrupt comprising a request to output the unprotected form of the protected data to an output peripheral device;
  
  outputting the unprotected form of the protected data to the output peripheral device through the access mechanism in accordance with the at least one rule.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 11. The method of claim 10, the method further comprising the step of destroying data when tampering is detected.
  - 12. The method of claim 10, wherein the rules and the data are received as a package.
  - 13. The method of claim 10, wherein the rules and the data are received separately.
  - 14. The method of claim 10, further comprising:
    - outputting the unprotected form of the protected data to the access mechanism;
      
      encrypting the unprotected form of the protected data to protect the data and outputting the protected data to a memory device in accordance with the at least one rule.
  - 15. The method of claim 10, further comprising:
    - outputting the unprotected form of the protected data to the access mechanism;
      
      encrypting the unprotected form of the protected data to protect the data and outputting the protected data to a memory device in accordance with the at least one rule.
  - 16. The method of claim 10, wherein the rules indicate at least one of(a) which users are allowed to access the protected portions of the data,(b) distribution rights of the data,(c) access control rights of the user,(d) access control quantities, and(e) payment requirements, andwhen the rules indicate which users are allowed to access the protected portions of the data, the method further comprises the step of:
    - allowing the user access to a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data;
      
      when the rules indicate distribution rights of the data, the method further comprises the step of;
      
      allowing distribution of the data only in accordance with the distribution rights indicated in the rules;
      
      when the rules indicate access control rights of the user, the method further comprises the step of;
      
      allowing the user to access the data only in accordance with the access control rights indicated in the rules;
      
      when the rules indicate access control quantities, the method further comprises the step of;
      
      allowing access to the data only in accordance with the access control quantities indicated in the rules;
      
      when the rules indicate payment requirements, the method further comprises the step of;
      
      allowing access to the data only if the payment requirements indicated in the rules are satisfied.
  - 17. The method as in claim 16, wherein access control rights include at least one of:
    - (a) local display rights,(b) printing rights,(c) copying rights,(d) execution rights,(e) transmission rights, and(f) modification rights,and wherein the access control quantities include at least one of;
      
      (g) a number of allowed read-accesses to the data;
      
      (h) an allowable size of a read-access to the data;
      
      (i) an expiration date of the data;
      
      (j) an intensity of access to the data;
      
      (k) an allowed level of accuracy and fidelity;
      
      (l) an allowed resolution of access to the data; and
      
      (m) a valid start date of the data.
  - 18. The method of claim 10 further comprising:
    - the access mechanism is further operative to at least one of;
      
      alter and revoke the rules.
  - 19. The method of claim 10, wherein the rules are validated at a predetermined time interval.
  - 20. The method of claim 10, wherein the rules indicate distribution rights of the data such that a receiver of the data may request transfer of a protected file to a list of new persons and grant them at least one of:
    - same or modified access rules.
  - 21. The method of claim 10, wherein the rules indicate access control rights given a user the ability to grant another user control of access rules to protect content.
  - 22. The method of claim 10 further comprising:
    - at least one of;
      
      altering and revoking the rules using the access mechanism.
  - 23. The method of claim 10, wherein the rules are validated at a predetermined time interval.
  - 24. The method of claim 10, wherein the rules indicate distribution rights of the data such that a receiver of the data may request transfer of a protected file to a list of new persons and grant them at least one of:
    - same or modified access rules.
  - 25. The method of claim 10, wherein the rules indicate access control rights given a user the ability to grant another user control of access rules to protect content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hanger Solutions, LLC (IP Investments Group LLC)
Original Assignee
Verifides Technology Corporation
Inventors
Abrams, Marshall D., Schneck, Paul B.

Application Number

US12/467,172
Publication Number

US 20090222673A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/1011   to devices

G06F 21/1062   Editing

G06F 21/1063   Personalisation

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/018 : Certifying business or prod...

G11B 20/00673 : wherein the erased or nulli...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2463/101 : applying security measures ...

H04L 63/0428 : wherein the data content is...

H04L 9/08 : Key distribution or managem...

H04L 9/0822 : using key encryption key

View All

SYSTEM FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links