System and method for dynamically enabling components to implement data transfer security mechanisms

US 7,363,508 B2
Filed: 05/21/2003
Issued: 04/22/2008
Est. Priority Date: 05/21/2003
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a computer system coupled to a network;

a first component coupled to the network; and

a security system coupled to the network;

wherein the computer system comprises;

a discovery mechanism whichdiscovers one or more components which are present on the network; and

obtains one or more proxy objects from discovered components,wherein a proxy object for a component indicates types of data which the component can receive and understand and one or more data-type-handler interfaces which the component can accept and execute; and

wherein the first component comprises an interface system that communicates with a data type handler object and accesses at least one interface provided by the data type handler object, wherein the data type handler object is a software object that includes mobile code for handling at least one type of data that otherwise cannot be read or understood by the first component, and wherein the interface system implements at least one data transfer security mechanism;

wherein the security system accesses the interface provided by the data type handler object to obtain a data transfer security mechanism and implements the data transfer security mechanism; and

wherein the data type handler object employed by the interface system on the first component is employed as a function of data type and security that is applied to the data type by the data transfer security mechanism.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for implementing data transfer security mechanisms. The method includes a first component transferring a data type handler object to a second component. The second interface invokes an interface accessible through the date type handler object which includes instructions that are executed by the second component to implement a data transfer security mechanism. Further, the data type handler interface can be encrypted, include cryptographic keys, and/or include digital signatures.

11 Citations

View as Search Results

36 Claims

1. A system comprising:
- a computer system coupled to a network;
  
  a first component coupled to the network; and
  
  a security system coupled to the network;
  
  wherein the computer system comprises;
  
  a discovery mechanism whichdiscovers one or more components which are present on the network; and
  
  obtains one or more proxy objects from discovered components,wherein a proxy object for a component indicates types of data which the component can receive and understand and one or more data-type-handler interfaces which the component can accept and execute; and
  
  wherein the first component comprises an interface system that communicates with a data type handler object and accesses at least one interface provided by the data type handler object, wherein the data type handler object is a software object that includes mobile code for handling at least one type of data that otherwise cannot be read or understood by the first component, and wherein the interface system implements at least one data transfer security mechanism;
  
  wherein the security system accesses the interface provided by the data type handler object to obtain a data transfer security mechanism and implements the data transfer security mechanism; and
  
  wherein the data type handler object employed by the interface system on the first component is employed as a function of data type and security that is applied to the data type by the data transfer security mechanism.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system as set forth in claim 1 wherein a portion of the data transfer security mechanism comprises cryptographic information and another portion of the data transfer security mechanism enables the first component to use the cryptographic information to decrypt encrypted content.
  - 3. The system as set forth in claim 2 wherein the cryptographic information is modified by a second component in response to at least one encryption characteristic of the encrypted content being changed.
  - 4. The system as set forth in claim 2 wherein the cryptographic information comprises at least one cryptographic key.
  - 5. The system as set forth in claim 1 wherein the data transfer security mechanism instructs the first component to obtain cryptographic information from the first component or at least one other component.
  - 6. The system as set forth in claim 1 wherein the data transfer security mechanism enables the first component to authenticate the data type handler-object.
  - 7. The system as set forth in claim 6 wherein the first component has access to at least one of a digital certificate, a public key and a shared secret that the first component uses to authenticate the data type handler object, the shared secret being a set of information known by just the first component and another component.
  - 8. The system as set forth in claim 1 wherein the first component has access to cryptographic information and the data transfer security mechanism requests at least one portion of the cryptographic information from the first component to enable the first component to decrypt portions of encrypted content using the requested cryptographic information.
  - 9. The system as set forth in claim 8 wherein the cryptographic information further comprises at least one cryptographic key located at the first component or at one or more other components.
  - 10. The system as set forth in claim 1 wherein the data type handler object is digitally signed with a cryptographic signature, wherein the first component rejects the data type handler object if the first component determines that the cryptographic signature was not created nor endorsed by a trusted source component.
  - 11. The system as set forth in claim 1 wherein the data type handler object is encrypted using a first cryptographic key of the first component, wherein a second cryptographic key of the first component is used by the first component to decrypt the data type handler object, the second cryptographic key is stored at a secure location that is securely accessible to the first component.
  - 12. The system as set forth in claim 1 wherein the data transfer security mechanism enables the first component to interpret at least one content rights expression language statement associated with content, wherein the data transfer security mechanism forces the first component to abide by the interpreted content rights expression language statement.

13. A method comprising:
- providing a proxy object for a component in response to a discovery request sent by a computer system, wherein the proxy object indicates types of data which the component can receive and understand one or more data-type-handler interfaces which the component can accept and execute;
  
  communicating with a data type handler object, wherein the data type handler object is a software object that includes mobile code for handling at least one type of data that otherwise cannot be read or understood by a first component, wherein the first component comprises an interface system, wherein the interface system communicates with the data-type-handler object and accesses at least one interface provided by the data-type-handler object, and wherein the interface system implements at least one data transfer security mechanism;
  
  accessing at least one interface provided by the data type handler object to obtain a data transfer security mechanism; and
  
  implementing the data transfer security mechanism,wherein the data type handler object employed by the interface system on the first component is employed as a function of data type and security that is applied to the data type by the data transfer security mechanism.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises:
    - obtaining cryptographic information from the data transfer security mechanism; and
      
      decrypting encrypted content using the cryptographic information.
  - 15. The method as set forth in claim 14 wherein the cryptographic information is modified by at least one component in response to at least one encryption characteristic of the encrypted content being changed.
  - 16. The method as set forth in claim 14 wherein the cryptographic information comprises at least one cryptographic key.
  - 17. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises obtaining cryptographic information from a first component or at least one other component.
  - 18. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises authenticating the data type handler object.
  - 19. The method as set forth in claim 18 wherein the authenticating the data type handler object further comprises using at least one of a digital certificate, a public key and a shared secret to perform the authenticating, the shared secret being a set of information known by just the first component and another component.
  - 20. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises:
    - requesting from a first component cryptographic information that is accessible to the first component; and
      
      decrypting portions of encrypted content using the requested cryptographic information.
  - 21. The method as set forth in claim 20 wherein the cryptographic information further comprises at least one cryptographic key located at the first component or at one or more other components.
  - 22. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises rejecting the data type handler object if the first component determines that the data type handler object is not digitally signed with a cryptographic signature which was either created or endorsed by a trusted source component.
  - 23. The method as set forth in claim 13 wherein the data type handler object is encrypted at a first component using a first cryptographic key of the first component, and wherein the implementing the data transfer security mechanism further comprises:
    - storing a second cryptographic key of the first component at a secure location that is securely accessible to a second component; and
      
      decrypting the data type handler object at the second component using the second cryptographic key of the first component.
  - 24. The method as set forth in claim 13 wherein the implementing the data transfer security mechanism further comprises:
    - interpreting at a first component at least one content rights expression language statement associated with content; and
      
      forcing the first component to abide by the interpreted content rights expression language statement.

25. A computer-readable medium having stored thereon instructions, which when executed by at least one processor, causes the processor to perform:
- providing a proxy object for a component in response to a discovery request sent by a computer system, wherein the proxy object indicates types of data which the component can receive and understand one or more data-type-handler interfaces which the component can accept and execute;
  
  communicating with a data type handler object, wherein the data type handler object is a software object that includes mobile code for handling at least one type of data that otherwise cannot be read or understood by a first component, wherein the first component comprises an interface system, wherein the interface system communicates with the data-type-handler object and accesses at least one interface provided by the data-type-handler object, and wherein the interface system implements at least one data transfer security mechanism;
  
  accessing at least one interface provided by the data type handler object to obtain a data transfer security mechanism; and
  
  implementing the data transfer security mechanism,wherein the data type handler object employed by the interface system on the first component is employed as a function of data type and security that is applied to the data type format by the data transfer security mechanism.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises:
    - obtaining cryptographic information; and
      
      decrypting encrypted content using the cryptographic information.
  - 27. The medium as set forth in claim 26 wherein the cryptographic information is modified by at least one component in response to at least one encryption characteristic of the encrypted content being changed.
  - 28. The medium as set forth in claim 26 wherein the cryptographic information comprises at least one cryptographic key.
  - 29. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises obtaining cryptographic information from a first component or at least one other component.
  - 30. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises authenticating the data type handler object.
  - 31. The medium as set forth in claim 30 wherein the authenticating the data type handler object further comprises using at least one of a digital certificate, a public key and a shared secret to perform the authenticating, the shared secret being a set of information known by just the first component and another component.
  - 32. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises:
    - requesting from a first component cryptographic information that is accessible to the first component; and
      
      decrypting portions of encrypted content using the requested cryptographic information.
  - 33. The medium as set forth in claim 32 wherein the cryptographic information further comprises at least one cryptographic key located at the first component or at one or more other components.
  - 34. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises rejecting the data type handler object if the first component determines that the data type handler object is not digitally signed with a cryptographic signature which was either created or endorsed by a trusted source component.
  - 35. The medium as set forth in claim 25 wherein the data type handler object is encrypted at a first component using a first cryptographic key of the first component, and wherein the implementing the data transfer security mechanism further comprises:
    - storing a second cryptographic key of the first component at a secure location that is securely accessible to a second component; and
      
      decrypting the data type handler object at the second component using the second cryptographic key of the first component.
  - 36. The medium as set forth in claim 25 wherein the implementing the data transfer security mechanism further comprises:
    - interpreting at a first component at least one content rights expression language statement associated with content; and
      
      forcing the first component to abide by the interpreted content rights expression language statement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gula Consulting Limited Liability Company (Intellectual Ventures LLC)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Smetters, Diana K., Smith, Trevor, Edwards, W. Keith, Sedivy, Jana Z., Newman, Mark W.
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
Dada; Beemnet W

Application Number

US10/442,582
Publication Number

US 20040236943A1
Time in Patent Office

1,798 Days
Field of Search

713/161, 713/189, 713/193, 713/164, 713/167, 726/2, 726/3, 726/6, 726/30, 709/225, 709/226, 709/229
US Class Current

713/189
CPC Class Codes

H04L 2463/101 applying security measures ...

H04L 63/0428 wherein the data content is...

System and method for dynamically enabling components to implement data transfer security mechanisms

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for dynamically enabling components to implement data transfer security mechanisms

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links