Reliable embedded file content addressing

US 7,269,733 B1
Filed: 04/10/2003
Issued: 09/11/2007
Est. Priority Date: 04/10/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for processing information objects comprising:

identifying an information object for which to apply a successive disposition;

identifying contractual criteria associated with a first entity;

determining a validation token indicative of the content of the information object;

determining a service specifier indicative of contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and

computing, from an authenticating credential corresponding to the second entity, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity;

the authentication instrument confirming and binding the validation token and the service specifier, the service specifier further corresponding to conditional courses of action including the disposition of the file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Conventional archive and retrieval systems inadequately identify the archival data with sufficient granularity to associate data items with retrieval performance, and do not define a recourse following loss of archived data. A method for file archiving, identification, and failure recourse facilitates successive disposition by generating an authenticated receipt of files transferred for storage via an authentication instrument that is verifiable towards both the data stored and a corresponding agreement. The authenticated receipt provides nonrepudiation assurances about the content of the file and the contractual terms under which the file was stored via an authenticating signature of the archive storage server which associates the file content with the contractual terms. The nonrepudiation assurances allow verification of the content of the archived file through a checksum or hash, and the authenticated receipt further indicates the terms of the contractual agreement for recourse by the client depositor in the event of loss of the file.

90 Citations

View as Search Results

28 Claims

1. A method for processing information objects comprising:
- identifying an information object for which to apply a successive disposition;
  
  identifying contractual criteria associated with a first entity;
  
  determining a validation token indicative of the content of the information object;
  
  determining a service specifier indicative of contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and
  
  computing, from an authenticating credential corresponding to the second entity, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity;
  
  the authentication instrument confirming and binding the validation token and the service specifier, the service specifier further corresponding to conditional courses of action including the disposition of the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the authentication instrument is operable as a filename adapted to be stored and identified by the user and the computing the authentication instrument further comprises:
    - determining a descriptive identifier corresponding to the information object and indicative of the contents of the information object; and
      
      appending the descriptive identifier to the authentication instrument.
  - 3. The method of claim 1 wherein the service specifier is a deterministic index to external contractual terms, the external contractual terms indicative ofa destruction date of the information object;
    - a disclosure recourse in the event of unintended disclosure of the information object; and
      
      a loss recourse in the event of a failure to recall the information object via the authentication instrument.
  - 4. The method of claim 3 wherein the service specifier further comprises at least one of:
    - external, well known verifiable terms;
      
      embedded, deterministic terms embedded in the information object;
      
      definable terms computed from deterministic value specifications during the computing the authentication instrument.
  - 5. The method of claim 4 wherein the definable terms further comprise at least one of the length of the data in the information object, the storage time of the information object, the monetary value of the information object, a compromise damage value of the information object, and a retrieval time of the information object.
  - 6. The method of claim 4 wherein the external well known terms further comprise an established standard promulgated by a third party and published via verifiable and ascertainable sources.
  - 7. The method of claim 1 wherein the identifying the information object, identifying the contractual criteria, and the computing the resultant authentication instrument further comprises:
    - identifying an external protocol having predetermined parameters, the external protocol operable to transmit data over a public access network;
      
      associating the identity of the information object, the identity of the contractual criteria, and the authentication instrument with the predetermined parameters; and
      
      providing the information object, the contractual criteria, and the authentication instrument via the predetermined parameters.
  - 8. The method of claim 7 wherein the external protocol is a legacy file transfer protocol adapted to be employed in preexisting applications.
  - 9. The method of claim 1 wherein identifying the information object is performed according to predetermined criteria comprising:
    - defining a set of rules concerning information objects stored in files, the rules indicative of time and storage constraints triggering the identifying;
      
      identifying a group of potential files for consideration;
      
      checking, at periodic intervals, each the potential files according to the rules; and
      
      selecting, if a potential file conforms to the rules, the potential file.

10. A data communication device for processing information objects comprising:
- a storage server in the data communications device operable to receive a request from a first entity indicative of an information object and a successive disposition of the information object, the successive disposition indicative of contractual criteria associated with the first entity, the storage server further operable to identify, in an agreement repository, the contractual criteria associated with the first entity;
  
  a memory responsive to the storage server and operable for persistent storage and retrieval of the information objects, each of the information objects having a content;
  
  a validator in the storage server operable to determine a validation token indicative of the content of the information object;
  
  a receipt manager in the storage server operable to compute a service specifier indicative of the contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and
  
  an authenticator in the storage server operable to compute, from an authenticating credential corresponding to the storage server, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity, the authentication instrument further comprising a filename adapted to be stored and identified by the user, the authentication instrument further including;
  
  a descriptive identifier corresponding to the information object and indicative of the contents of the information object.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The data communication device of claim 10 wherein the authentication instrument further comprises a receipt operable to confirm and bind the validation token and the service specifier, the service specifier further indicative of conditional courses of action including the disposition of the file.
  - 12. The data communication device of claim 10 wherein the service specifier is a deterministic index to external contractual terms, the external contractual terms further comprising at least one of:
    - a destruction date of the information object;
      
      a disclosure recourse in the event of unintended disclosure of the information object; and
      
      a loss recourse operable to address failure to recall the information object via the authentication instrument.
  - 13. The data communication device of claim 10 wherein the service specifier further comprises at least one of:
    - external, well known verifiable terms;
      
      embedded, deterministic terms embedded in the information object;
      
      definable terms computed from deterministic value specifications during the computing the authentication instrument.
  - 14. The data communication device of claim 13 wherein the definable terms further comprise at least one of the length of the data in the information object, the storage time of the information object, the monetary value of the information object, a compromise damage value of the information object, and a retrieval time of the information object.
  - 15. The data communication device of claim 13 wherein the external well known terms further comprise an established standard promulgated by a third party and published via verifiable and ascertainable sources.
  - 16. The data communication device of claim 10 further comprising an external protocol having predetermined parameters, the data communications device responsive to the external protocol to transmit data over a public access network, the predetermined parameters operable to associate the information object, the contractual criteria, and the authentication instrument.
  - 17. The data communication device claim 16 wherein the external protocol is a legacy file transfer protocol adapted to be employed in preexisting applications.
  - 18. The data communication device of claim 10 further comprising a predetermined criteria operable to identify the information object, the predetermined criteria includinga set of rules concerning information objects stored in files, the rules indicative of time and storage constraints triggering the identifying, the set of rules further operable toidentify a group of potential files for consideration;
    - poll, at periodic intervals, each the potential files according to the rules; and
      
      select, if a potential file conforms to the rules, the potential file.
  - 19. The data communications device of claim 18 wherein the memory further comprises a plurality of external, redundant storage repositories each operable to shadow the information object.
  - 20. The data communications device of claim 18 wherein the authenticator is further operable to retrieve the authentication credential from a PKI repository via the network.

21. A business method for providing archive storage services comprising:
- receiving, from a user, an information object for archive, and contractual criteria indicative of a request for archive storage services;
  
  identifying, in an agreement repository, an insurance agreement corresponding to the contractual criteria, the insurance agreement having insurance parameters indicative of payment amounts;
  
  building a service specifier indicative of the insurance agreement and the corresponding insurance parameters;
  
  computing a validation token indicative of the contents of the information object, the validation token providing nonmodification assurances about the information object;
  
  aggregating, in a data insurer, an insurance receipt comprising the validation token and the service specifier; and
  
  authenticating, in an authenticator, the insurance receipt to compute an authentication instrument providing irrefutable assurances according to the insurance agreement, the authentication instrument confirming and binding the validation token and the service specifier, the service specifier further corresponding to conditional courses of action including the disposition of the file.
- View Dependent Claims (22, 23, 24)
- - 22. The business method of claim 21 further comprising a predetermined set of contractual criteria, the contractual criteria identifiable by a user for inclusion in the insurance descriptor.
  - 23. The business method of claim 21 wherein the payment amounts further comprise at least one of:
    - payment amounts further comprise payment for storage of the information object,payment for loss of the information object; and
      
      payment for failure of performance according to the insurance agreement.
  - 24. The business method of claim 21 wherein the information object further comprises a file identifier, and the file identifier, contractual criteria, and authentication identifier, and identifying further comprises building an insurance descriptor including the file identifier, contractual criteria, and authentication identifier.

25. A method for associating stored information and validation criteria in a content address comprising:
- receiving, at a storage server, an information object for storage from a client;
  
  computing a validation token indicative of the information in the information object;
  
  selecting a service specifier indicative of successive courses of action to be applied on behalf of the information object;
  
  identifying a redundancy storage medium for the information object based on the service specifier;
  
  aggregating the validation token, the service specifier, and the storage medium to form a persistent token indicative of the existence and content of the data object and the disposition thereof; and
  
  computing an authentication instrument over the persistent token, the authentication instrument computed using an authentication credential of the storage server; and
  
  returning the authentication instrument to the client, wherein the authentication instrument is a receipt confirming and binding the validation token and the service specifier, the service specifier further corresponding to conditional courses of action including the disposition of the file, the authentication instrument further comprising a filename adapted to be stored and identified by the user, the authentication instrument further including;
  
  a descriptive identifier corresponding to the information object and indicative of the contents of the information object.

26. A computer program product having a computer readable medium operable to store computer program logic embodied in computer program code encoded thereon for processing information objects comprising:
- computer program code for identifying an information object for which to apply a successive disposition;
  
  computer program code for identifying contractual criteria associated with a first entity;
  
  computer program code for determining a validation token indicative of the content of the information object;
  
  computer program code for determining a service specifier indicative of contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and
  
  computer program code for computing, from an authenticating credential, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity, the service specifier being a deterministic index to external contractual terms, the external contractual terms indicative ofa destruction date of the information object;
  
  a disclosure recourse in the event of unintended disclosure of the information object; and
  
  a loss recourse in the event of a failure to recall the information object via the authentication instrument.

27. An encoded set of processor based instructions on a computer readable storage medium having computer program code embodying program logic for directing a processor responsive to the instructions to perform steps for processing information objects comprising:
- program code for identifying an information object for which to apply a successive disposition;
  
  program code for identifying contractual criteria associated with a first entity;
  
  program code for determining a validation token indicative of the content of the information object;
  
  program code for determining a service specifier indicative of contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and
  
  program code for computing, from an authenticating credential, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity, the authentication instrument further comprising a filename adapted to be stored and identified by the user and the authentication instrument further including;
  
  a descriptive identifier corresponding to the information object and indicative of the contents of the information object.

28. A data communication device for processing information objects comprising:
- means for identifying an information object for which to apply a successive disposition;
  
  means for identifying contractual criteria associated with a first entity;
  
  means for determining a validation token indicative of the content of the information object;
  
  means for determining a service specifier indicative of contractual criteria corresponding to an obligation by a second entity to perform the successive disposition of the information object on behalf of the first entity; and
  
  means for computing, from an authenticating credential, an authentication instrument by aggregating the validation token and the service specifier, the authentication instrument providing nonrepudiation assurances between the first and second entity about the content of the information object and the corresponding successive disposition by the second entity, the authentication instrument confirming and binding the validation token and the service specifier, the service specifier further corresponding to conditional courses of action including the disposition of the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
O'Toole, James W. Jr.
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US10/410,967
Time in Patent Office

1,615 Days
Field of Search

726/12, 726/14, 726/10, 726/7, 713/175, 705/77
US Class Current

713/175
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

G06Q 20/401   Transaction verification

Reliable embedded file content addressing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Reliable embedded file content addressing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links