Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients

US 5,191,611 A
Filed: 01/18/1991
Issued: 03/02/1993
Est. Priority Date: 04/03/1989
Status: Expired due to Term

First Claim

Patent Images

1. A security system for granting user entities access, according to their uniquely assigned privileges, to material stored in logical zones on any form of storage medium, and to permit user entities to manage, operate upon and communicate, as enabled by those assigned privileges, both secure and selective materials in said logical zones provided by one or more storage entities, said system comprising:

a wired or wireless communications network provided with two or more nodes, at each of which node an operation or procedure can be performed;

at least two computer processing and storage entities containing storage medium or media, each of said computer processing and storage entities connected to said communications network;

said storage entities containing storage medium or media allowing erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones on any of said storage medium or media the user entity will be allowed to access and perform the selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones;

means in each storage entity for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting and modifying the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media;

a personal accessing device;

a means for providing an interface coupling for exchanging information between said personal accessing device and at least one of said computer processing and storage entities, said personal accessing device containing a security identification code to enable said personal accessing device to be in communication with any of said computer processing and storage entities for transmitting said security identification code to said computer processing and storage entities;

a means for disabling said personal accessing device if an incorrect personal identification code is entered more than a predetermined amount of times;

wherein said security identification code is compared or operated upon in any of said computer processing and storage entities to said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access and other privileged operations.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for granting privileges for securely and selectively retrieving material such as data and databases, messages and other textual information, graphics, tables, analogs such as maps, facsimiles (FAX) of all manner of transmitted materials, audio such as voice or speech and music, video, images, and photographs, provided on storage media utilizing information encoded in the storage media. The storage media are included in one or more reading devices associated with a computer or computers. A storage retrieval device, such as a smart card, is used in conjunction with the computer to determine whether information retrieval by a particular user to specific storage media is granted. The storage media can be sub-divided into a plurality of logical zones and access to all or a portion of the material on the storage media is granted based upon the logical zones to which the user is allowed information retrieval. Information provided on the storage media would include access/information management control device such as index table listing the security identification code, the logical zones to which a particular user is assigned as well as a personal security key used in conjunction with a personal security key provided in the personal access device such as a smart card. The interaction between the user'"'"'s personal accessing device and the access/information management control device provided on the storage media determine if information retrieval is granted as well as specific information retrieval privileges accorded to the user. The present invention can be embedded in another device or system, such as a facsimile system which would allow a user access to only those messages specifically directed to him. Furthermore, the invention can be used in local area networks, wide area networks, point-to-point communication networks, as well as store-and-forward systems.

Citations

26 Claims

1. A security system for granting user entities access, according to their uniquely assigned privileges, to material stored in logical zones on any form of storage medium, and to permit user entities to manage, operate upon and communicate, as enabled by those assigned privileges, both secure and selective materials in said logical zones provided by one or more storage entities, said system comprising:
- a wired or wireless communications network provided with two or more nodes, at each of which node an operation or procedure can be performed;
  
  at least two computer processing and storage entities containing storage medium or media, each of said computer processing and storage entities connected to said communications network;
  
  said storage entities containing storage medium or media allowing erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones on any of said storage medium or media the user entity will be allowed to access and perform the selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones;
  
  means in each storage entity for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting and modifying the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media;
  
  a personal accessing device;
  
  a means for providing an interface coupling for exchanging information between said personal accessing device and at least one of said computer processing and storage entities, said personal accessing device containing a security identification code to enable said personal accessing device to be in communication with any of said computer processing and storage entities for transmitting said security identification code to said computer processing and storage entities;
  
  a means for disabling said personal accessing device if an incorrect personal identification code is entered more than a predetermined amount of times;
  
  wherein said security identification code is compared or operated upon in any of said computer processing and storage entities to said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access and other privileged operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The security system in accordance with claim 1 wherein said means for interface coupling is provided with means for presenting information and wherein access management control means information controlling logical zones and user entity data contained within logical zones can be transmitted to any of said computer processing and storage entities connected to said communications network, whereat designation of logical zones and information therein can be created, recorded and dynamically updated.
  - 3. The system in accordance with claim 2 in which said personal accessing device incorporates a means of selective transaction monitoring and data collection of usage of logical zone material comprising items such as type of material accessed, type of operations performed, grade of service initiation and disablement and termination of service and time and frequency of usage.
  - 4. The system in accordance with claim 3 further including a means for billing the user based upon interrogating said personal accessing device to determine history of usage.
  - 5. The security system in accordance with claim 1, wherein said personal accessing device is provided with a means for encrypting and decrypting material.
  - 6. The system in accordance with claim 1 further including a means for billing the user based upon interrogating said personal accessing device to determine history of usage.
  - 7. The system in accordance with claim 1 in which said personal accessing device incorporates a means of selective transaction monitoring and data collection of usage of logical zone material comprising items such as type of material accessed, type of operation performed, grade of service, initiation and disablement and termination of service and time and frequency of usage.
  - 8. The system in accordance with claim 7 further including a means for billing the user based upon interrogating said personal accessing device to determine history of usage.

9. A security system for granting user entities access to materials provided on a storage medium or media, said system comprising:
- a computer system including at least one computer and means for presenting information;
  
  a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones, each of said logical zones provided with particular material therein, said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading, writing, replacing, deleting, modifying and communicating based upon access request information provided to the system by the user, said access management control means provided in each said storage medium or media at a location remote from, and non-contiguous with, said user logical zones;
  
  means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating, modifying or deleting logical zones and selectively reading, writing, replacing, deleting, modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media;
  
  a personal accessing device;
  
  means for providing interface coupling for exchanging information between said personal accessing device and said computer system, said personal accessing device containing a security identification code, to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system;
  
  wherein, said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The security system in accordance with claim 9, wherein said personal accessing device is provided with a means for encrypting and decrypting material.
  - 11. The system in accordance with claim 9 further including a means for billing the user based upon interrogating said personal accessing device to determine history of usage.
  - 12. The system in accordance with claim 9 in which said personal accessing device incorporates a means for selective transaction monitoring and data collection of usage of logical zone material comprising items such as type of material accessed, type of operations performed, grade of service, initiation and disablement and termination of service and time and frequency of usage.
  - 13. The system in accordance with claim 12 further including a means of transferring selective transaction monitoring and data collection information onto the access management control logical zones of the storage medium or media for physical return or electronic interrogation to retrieve billing and usage history information.

14. A method of granting user access to, and information management and control over material provided on a storage medium or media, with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information, said storage medium or media containing one or a plurality of information management control and user material logical zones, comprising the steps of:
- assigning security identification codes to all users allowed access to the storage medium or media;
  
  preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes, said access management control means provided in a personal accessing device;
  
  encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods;
  
  enabling said personal accessing device by utilizing the user'"'"'s correct personal identification code;
  
  transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device;
  
  determining if said search and retrieval programs are encrypted;
  
  decrypting said search and retrieval programs, if appropriate;
  
  requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means;
  
  determining if said requested directories are encrypted;
  
  decrypting said requested directories if they are encrypted;
  
  displaying said requested directories on said means for visually presenting information;
  
  requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user'"'"'s privileged logical zone or zones based upon said requested directories;
  
  decrypting said user material in said personal accessing device; and
  
  transmitting the decrypted material back to the computer for use.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method in accordance with claim 14 further including the steps of disabling said personal accessing device if an incorrect personal identification code is entered more than a predetermined number of times.
  - 16. The method in accordance with claim 15 further including the step of initiating one or more alarms if an incorrect personal identification code is entered.
  - 17. The method in accordance with claim 14, wherein said search and retrieval programs are decrypted in said personal accessing device.
  - 18. The method in accordance with claim 14, wherein said requested directories are decrypted in said personal accessing device.
  - 19. The method in accordance with claim 14, further including the step of assigning the user logical zone or zones to which a particular user is granted selective privileged operations upon the content and zone storage requirements for specific user logical zones, based upon the security identification code assigned to each user.
  - 20. The method in accordance with claim 14, further including the step of determining which operational privileges the authorized user has been assigned, based upon the security identification code assigned to each user.
  - 21. The method in accordance with claim 14, wherein new user material is encrypted within said personal accessing device and transmitted to, and stored in the appropriate logical zone or zones on said storage medium or media.
  - 22. The method in accordance with claim 14, wherein all of the material provided on said storage media or medium is encrypted using any type or combination of types of encryption/decryption methods.

23. The method in accordance with claim 51, wherein said encrypted material is transmitted to said personal accessing device, and then decrypted in said personal accessing device using an encryption key stored in said personal accessing device for each of said logical zones, said decrypted material being retransmitted to the computer for use.
- View Dependent Claims (24, 25, 26)
- - 24. The method in accordance with claim 23, wherein material provided in the user'"'"'s logical zone or zones is dynamically and remotely updated.
  - 25. The method in accordance with claim 24 wherein only updated material belonging to a particular user'"'"'s privileged logical zone or zones is encrypted/decrypted in the user'"'"'s said personal accessing device using the user'"'"'s encryption/decryption key or keys and then transmitted to the computer system for recording in the secure storage medium or media.
  - 26. The method in accordance with claim 25, wherein the computer system is provided as part of a communications network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lanrald Data Mgmt Nv LLC (Intellectual Ventures LLC)
Original Assignee
Gerald S. Lang
Inventors
Lang, Gerald S.
Primary Examiner(s)
Swann, Tod R.

Application Number

US07/642,889
Time in Patent Office

774 Days
Field of Search

380/4, 380/18, 380/23, 380/25, 380/24, 380/49, 380/50, 364/246.6, 364/246.9, 364/969.3, 364/969.4, 358/435, 358/436, 358/442, 358/438, 358/439, 379/100, 395/425, 395/725
US Class Current

705/53
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/34   involving the use of extern...

G06F 21/80   in storage media based on m...

G06F 2211/007   Encryption, En-/decode, En-...

G07C 9/33   by means of a password

Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links