Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
First Claim
1. A security system for granting user entities access, according to their uniquely assigned privileges, to material stored in logical zones on any form of storage medium, and to permit user entities to manage, operate upon and communicate, as enabled by those assigned privileges, both secure and selective materials in said logical zones provided by one or more storage entities, said system comprising:
- a wired or wireless communications network provided with two or more nodes, at each of which node an operation or procedure can be performed;
at least two computer processing and storage entities containing storage medium or media, each of said computer processing and storage entities connected to said communications network;
said storage entities containing storage medium or media allowing erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones on any of said storage medium or media the user entity will be allowed to access and perform the selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones;
means in each storage entity for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting and modifying the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media;
a personal accessing device;
a means for providing an interface coupling for exchanging information between said personal accessing device and at least one of said computer processing and storage entities, said personal accessing device containing a security identification code to enable said personal accessing device to be in communication with any of said computer processing and storage entities for transmitting said security identification code to said computer processing and storage entities;
a means for disabling said personal accessing device if an incorrect personal identification code is entered more than a predetermined amount of times;
wherein said security identification code is compared or operated upon in any of said computer processing and storage entities to said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access and other privileged operations.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for granting privileges for securely and selectively retrieving material such as data and databases, messages and other textual information, graphics, tables, analogs such as maps, facsimiles (FAX) of all manner of transmitted materials, audio such as voice or speech and music, video, images, and photographs, provided on storage media utilizing information encoded in the storage media. The storage media are included in one or more reading devices associated with a computer or computers. A storage retrieval device, such as a smart card, is used in conjunction with the computer to determine whether information retrieval by a particular user to specific storage media is granted. The storage media can be sub-divided into a plurality of logical zones and access to all or a portion of the material on the storage media is granted based upon the logical zones to which the user is allowed information retrieval. Information provided on the storage media would include access/information management control device such as index table listing the security identification code, the logical zones to which a particular user is assigned as well as a personal security key used in conjunction with a personal security key provided in the personal access device such as a smart card. The interaction between the user'"'"'s personal accessing device and the access/information management control device provided on the storage media determine if information retrieval is granted as well as specific information retrieval privileges accorded to the user. The present invention can be embedded in another device or system, such as a facsimile system which would allow a user access to only those messages specifically directed to him. Furthermore, the invention can be used in local area networks, wide area networks, point-to-point communication networks, as well as store-and-forward systems.
-
Citations
26 Claims
-
1. A security system for granting user entities access, according to their uniquely assigned privileges, to material stored in logical zones on any form of storage medium, and to permit user entities to manage, operate upon and communicate, as enabled by those assigned privileges, both secure and selective materials in said logical zones provided by one or more storage entities, said system comprising:
-
a wired or wireless communications network provided with two or more nodes, at each of which node an operation or procedure can be performed; at least two computer processing and storage entities containing storage medium or media, each of said computer processing and storage entities connected to said communications network; said storage entities containing storage medium or media allowing erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones on any of said storage medium or media the user entity will be allowed to access and perform the selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones; means in each storage entity for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting and modifying the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media; a personal accessing device; a means for providing an interface coupling for exchanging information between said personal accessing device and at least one of said computer processing and storage entities, said personal accessing device containing a security identification code to enable said personal accessing device to be in communication with any of said computer processing and storage entities for transmitting said security identification code to said computer processing and storage entities; a means for disabling said personal accessing device if an incorrect personal identification code is entered more than a predetermined amount of times; wherein said security identification code is compared or operated upon in any of said computer processing and storage entities to said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access and other privileged operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security system for granting user entities access to materials provided on a storage medium or media, said system comprising:
-
a computer system including at least one computer and means for presenting information; a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones; means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting, modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media; a personal accessing device; means for providing interface coupling for exchanging information between said personal accessing device and said computer system, said personal accessing device containing a security identification code, to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system; wherein, said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of granting user access to, and information management and control over material provided on a storage medium or media, with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information, said storage medium or media containing one or a plurality of information management control and user material logical zones, comprising the steps of:
-
assigning security identification codes to all users allowed access to the storage medium or media; preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes, said access management control means provided in a personal accessing device; encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods; enabling said personal accessing device by utilizing the user'"'"'s correct personal identification code; transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device; determining if said search and retrieval programs are encrypted; decrypting said search and retrieval programs, if appropriate; requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means; determining if said requested directories are encrypted; decrypting said requested directories if they are encrypted; displaying said requested directories on said means for visually presenting information; requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user'"'"'s privileged logical zone or zones based upon said requested directories; decrypting said user material in said personal accessing device; and transmitting the decrypted material back to the computer for use. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
- 23. The method in accordance with claim 51, wherein said encrypted material is transmitted to said personal accessing device, and then decrypted in said personal accessing device using an encryption key stored in said personal accessing device for each of said logical zones, said decrypted material being retransmitted to the computer for use.
Specification