Integrated method and system for controlling information access and distribution

US 6,141,754 A
Filed: 11/28/1997
Issued: 10/31/2000
Est. Priority Date: 11/28/1997
Status: Expired due to Term

First Claim

Patent Images

1. A distributed content entity embodied in a computer-readable medium, comprising:

an information entity;

a protection specification;

wherein the protection specification includes information for controlling use of the information entity, the protection specification and the information entity are associated, and the protection specification is distributed with the information entity; and

an identifier for identifying at least one of a protection model and an information model.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed content entity includes a protection specification and an information entity, in which the protection specification and the information entity are attached and transported together. The protection specification includes information for controlling the use of the information entity. A framework generates the distributed content entity, in which the framework includes a protection specification unit storing the protection specification and including an access control enforcement manager and an enhanced access control enforcement manager; an information unit for storing the protected information entity; and an access checking unit connected to the protection specification unit and the information unit. The access checking unit checks whether a user has a privilege to access the protected information entity based on the protection specification and the access control manager, and checks whether the requested access meets conditions determined based on the protection specification and enforced by the enhanced access control manager. An example of the enhanced access control manager is a terms and conditions enforcement manager for enforcing the terms and conditions of an agreement relating to permitted uses of the protected information entity.

562 Citations

66 Claims

1. A distributed content entity embodied in a computer-readable medium, comprising:
- an information entity;
  
  a protection specification;
  
  wherein the protection specification includes information for controlling use of the information entity, the protection specification and the information entity are associated, and the protection specification is distributed with the information entity; and
  
  an identifier for identifying at least one of a protection model and an information model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 29)
- - 2. The distributed content entity according to claim 1, wherein the protection specification is physically attached to the information entity.
  - 3. The distributed content entity according to claim 1, wherein the protection specification is logically attached to the information entity.
  - 4. The distributed content entity according to claim 1, wherein the protection specification includes at least one of access control information, intellectual property rights management information, and integrity and authenticity assurance information related to the information entity.
  - 5. The distributed content entity according to claim 1, wherein the distributed content entity is encrypted.
  - 6. The distributed content entity according to claim 1, wherein the distributed content entity contains a digital signature.
  - 7. The distributed content entity according to claim 1, wherein the distributed content entity is embodied in a computer-readable medium.
  - 8. The distributed content entity according to claim 1, wherein the protection specification is located remotely from the information entity.
  - 9. The distributed content entity according to claim 1, wherein the protection specification is attached to the information entity.
  - 10. The distributed content entity according to claim 9, wherein the protection specification is indirectly attached to the information entity.
  - 11. The distributed content entity according to claim 1, wherein the protection specification is associated with more than one information entity.
  - 29. The framework according to claim 11, wherein the distributed content entity further includes an identifier for at least one of a protection model and an information model.

12. A framework for protecting a distributed content entity, the distributed content entity including a protection specification and an information entity, the framework comprising:
- a protection specification unit storing the protection specification;
  
  an information unit for storing the information entity, wherein the information unit is in a distributed arrangement with the protection specification unit; and
  
  an access checking unit connected to the protection specification unit and the information unit,wherein the access checking unit checks whether a user has a privilege to access the information entity based on the protection specification, checks whether the requested access meets conditions determined based on the protection specification, combines the information entity and the protection specification into a distributed content entity and sends the distributed content entity to a user, and wherein the protection specification includes one or more information items for controlling use of the information entity.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33)
- - 13. The framework according to claim 12, wherein the access checking unit performs the checking in response to a request from the user for access to the information entity.
  - 14. The framework according to claim 13, wherein the user is one of an end-user consumer of the information entity and a distributor of the information entity.
  - 15. The framework according to claim 14, further comprising a user privilege unit connected to the access checking unit, the user privilege unit storing user privileges.
  - 16. The framework according to claim 14, further comprising a usage meter connected to the access checking unit, the usage meter recording a number of uses of the information entity and providing the recorded number of uses to the access checking unit when checking whether the requested access meets the conditions determined based on the protection specification, wherein one of the conditions is the number of allowed uses of the information entity.
  - 17. The framework according to claim 16, wherein the access checking unit receives transaction information from a commerce unit indicating a transaction based use of the information entity is to be allowed.
  - 18. The framework according to claim 12, wherein the access checking unit performs the checking in response to a request from a push unit for transmitting the information entity to the user without the user requesting the information entity.
  - 19. The framework according to claim 18, wherein the user is one of an end-user consumer of the information entity and a distributor of the information entity.
  - 20. The framework according to claim 19, further comprising a user privilege unit connected to the access checking unit, the user privilege unit storing user privileges.
  - 21. The framework according to claim 19, further comprising a usage meter connected to the access checking unit, the usage meter recording a number of uses of the information entity and providing the recorded number of uses to the access checking unit when checking whether the requested access meets the conditions determined based on the protection specification, wherein one of the conditions is the number of allowed uses of the information entity.
  - 22. The framework according to claim 21, wherein the access checking unit receives transaction information from a commerce unit indicating a transaction based use of the information entity is to be allowed.
  - 23. The framework according to claim 12, wherein the protection specification contains only information applicable to the user.
  - 24. The framework according to claim 12, wherein the protection specification contains all information items associated with the information entity being sent.
  - 25. The framework according to claim 12, wherein the access checking unit combines the information entity and the protection specification into a distributed content entity only in response to the access checking unit checking and determining that the user has a privilege to access the information entity and that the requested access meets the conditions determined based on the protection specification.
  - 26. The framework according to claim 12, wherein prior to sending the distributed content entity to the user, the distributed content entity is encrypted.
  - 27. The framework according to claim 26, wherein the distributed content entity is encrypted according to an encryption method provided by a clearance center.
  - 28. The framework according to claim 12, wherein the protection specification includes at least one of access control information, intellectual property rights management information, and integrity and authenticity assurance information related to the information entity.
  - 30. The framework according to claim 12, wherein the protection specification is located remotely from the information entity.
  - 31. The framework according to claim 12, wherein the protection specification is combined to be indirectly attached to the information entity.
  - 32. The framework according to claim 12, wherein the protection specification is combined with more than one information entity.
  - 33. The framework according to claim 12, further comprising an access control manager enforcing access to the information entity based on the protection specification.

34. An apparatus for generating a distributed content entity including a protection specification and an information entity, the protection specification containing information for controlling use of the information entity, the apparatus comprising:
- a protection specification unit storing the protection specification;
  
  an information unit for storing the information entity, wherein the information unit is in a distributed arrangement with the protection specification unit; and
  
  an access checking unit connected to the protection specification unit and the information unit,wherein the access checking unit combines the information entity from the information unit with the protection specification from the protection specification unit to form the distributed content entity for distribution.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 35. The apparatus according to claim 34, wherein the access checking unit transmits the distributed content entity to a receiver without the receiver requesting access to the information entity.
  - 36. The apparatus according to claim 35, wherein prior to transmitting the distributed content entity the distributed content entity is encrypted.
  - 37. The apparatus according to claim 36, wherein the distributed content entity is encrypted according to an encryption method provided by a clearance center.
  - 38. The apparatus according to claim 34, wherein the protection specification includes at least one of access control information, intellectual property rights management information, and integrity and authenticity assurance information related to the information entity.
  - 39. The apparatus according to claim 34, wherein the distributed content entity further includes an identifier for at least one of a protection model and an information model.
  - 40. The apparatus according to claim 34, wherein the protection specification is located remotely from the information entity.
  - 41. The apparatus according to claim 34, wherein the protection specification is combined to be indirectly attached to the information entity.
  - 42. The apparatus according to claim 34, wherein the protection specification is combined with more than one information entity.
  - 43. The apparatus according to claim 34, further comprising an access control manager enforcing access to the information entity based on the protection specification.

44. A method for transmitting a protected information entity, comprising:
- generating a distributed content entity by combining the protected information entity with a protection specification containing information for controlling use of the protected information entity, and an identifier for identifying at least one of a protection model and an information model; and
  
  transmitting the distributed content entity.
- View Dependent Claims (45, 46, 47, 48, 49, 50)
- - 45. The method according to claim 44, wherein the protection specification specifies access and privilege controls for using the protected information entity.
  - 46. The method according to claim 44, further comprising encrypting the distributed content entity prior to transmission.
  - 47. The method according to claim 44, wherein the protection specification includes at least one of access control information, intellectual property rights management information, and integrity and authenticity assurance information related to the protected information entity.
  - 48. The method according to claim 44, wherein the protection specification is located remotely from the information entity.
  - 49. The method according to claim 44, wherein the protection specification is combined to be indirectly attached to the information entity.
  - 50. The method according to claim 44, wherein the protection specification is combined with more than one information entity.

51. A program product, embodied on a computer-readable medium, for protecting a distributed content entity which includes an information entity and a protection specification containing information for controlling use of the information entity, wherein the protection specification is for distribution with the information entity, the program product comprising:
- a protection specification code means for storing the protection specification;
  
  an information code means for storing the information entity, wherein the information code means is in a distributed arrangement with the protection specification code means; and
  
  an access checking unit code means for checking whether a user has a privilege to access the information entity based on the protection specification, and for checking whether the requested access meets conditions determined based on the protection specification.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59)
- - 52. The program product, embodied on a computer-readable medium, according to claim 51, wherein the protection specification includes at least one of access control information, intellectual property rights management information, and integrity and authenticity assurance information related to the information entity.
  - 53. The program product, embodied on a computer-readable medium, according to claim 51, wherein the distributed content entity further includes an identifier for at least one of a protection model and an information model.
  - 54. The program product according to claim 51, wherein the protection specification is located remotely from the information entity if the user has a privilege to access the information entity.
  - 55. The program product according to claim 54, wherein the protection specification is located remotely from the information entity.
  - 56. The program product according to claim 54, wherein the protection specification is attached to the information entity.
  - 57. The program product according to claim 56, wherein the protection specification is indirectly attached to the information entity.
  - 58. The program product according to claim 54, wherein the protection specification is associated with more than one information entity.
  - 59. The program product according to claim 54, further comprising an access control code means enforcing access to the information entity based on the protection specification.

60. An apparatus for receiving a distributed content entity including a protection specification associated with an information entity, the protection specification containing information for controlling use of the information entity, the apparatus comprising:
- an access checking unit receiving the distributed content entity; and
  
  an information unit connected to the access checking unit and storing the information entity,wherein the protection specification is in a distributed relation with the information unit, andwherein the access checking unit records the information entity in the information unit, and controls use of the information entity based on the protection specification.

61. A method for receiving a distributed content entity including a protection specification associated with an information entity and an identifier for identifying at least one of a protection model and an information model, the protection specification containing information for controlling use of the information entity, the method comprising:
- receiving the distributed content entity; and
  
  controlling use of the information entity based on the protection specification and the identifier, wherein the protection specification is in a distributed relation with the information entity.
- View Dependent Claims (62, 63, 64, 65, 66)
- - 62. The method according to claim 61, further comprising:
    - requesting a key for decrypting the information entity;
      
      receiving the key only if authorization is granted based on the protection specification.
  - 63. The method according to claim 61, wherein the protection specification is located remotely from the information entity.
  - 64. The method according to claim 61, wherein the protection specification is attached to the information entity.
  - 65. The method according to claim 64, wherein the protection specification is indirectly attached to the information entity.
  - 66. The method according to claim 61, wherein the protection specification is associated with more than one information entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uniloc 2017 LLC (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Choy, David M.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US08/979,713
Time in Patent Office

1,068 Days
Field of Search

713/200, 713/201, 713/202, 713/189, 713/194, 709/229, 709/226, 711/163, 705/51, 705/52, 705/55, 705/57, 705/59
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Integrated method and system for controlling information access and distribution

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

562 Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated method and system for controlling information access and distribution

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

562 Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links