Apparatus and method for assuring compliance with distribution and usage policy
First Claim
1. A method for providing multi-domain control over a digital data item via a first domain data item specific security policy assigned to said digital data item at a first domain, said digital data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
- assigning a digital data item specific security policy to said digital data item within said first domain, said digital data item specific security policy being applied in accordance with a first domain security policy operational within said first domain;
transferring said digital items to said second domain together with additional data defining said digital data item specific first domain security policy, said second domain having a second domain security policy operational within said second domain, said first and second domain security policies being autonomously defined;
analyzing said first digital data item specific first domain security policy within said second domain in respect of said digital data item; and
performing at least one of distributing and allowing usage of said digital item within said second domain in accordance with said analyzed digital data item specific first domain security policy, so as to provide control of said digital data item in said autonomous second domain in accordance with said digital data item specific security policy of said first domain.
22 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing multi-domain control over a digital data item via a first domain security policy assigned to the digital data item at a first domain, the data item being transferred from the first domain to a second domain, the second domain being autonomous from the first domain in respect of security policies. The method comprises assigning the security policy to the digital item within the first domain; transferring the digital items to the second domain together with data defining the first domain security policy; analyzing the first domain security policy within the second domain; and distributing and/or allowing usage of the digital items within the second domain in accordance with analyzed first domain security policy, and/or reporting breaches or attempted breaches of the policy.
28 Citations
48 Claims
-
1. A method for providing multi-domain control over a digital data item via a first domain data item specific security policy assigned to said digital data item at a first domain, said digital data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
assigning a digital data item specific security policy to said digital data item within said first domain, said digital data item specific security policy being applied in accordance with a first domain security policy operational within said first domain; transferring said digital items to said second domain together with additional data defining said digital data item specific first domain security policy, said second domain having a second domain security policy operational within said second domain, said first and second domain security policies being autonomously defined; analyzing said first digital data item specific first domain security policy within said second domain in respect of said digital data item; and performing at least one of distributing and allowing usage of said digital item within said second domain in accordance with said analyzed digital data item specific first domain security policy, so as to provide control of said digital data item in said autonomous second domain in accordance with said digital data item specific security policy of said first domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 25, 26, 27, 28, 29, 30, 31, 41, 44)
-
-
21. A method for providing multi-domain monitoring over a digital data item, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
assigning a digital data item specific security policy to said digital data item within said first domain, said digital data item specific security policy being able to comprise digital data item specific requirements for breach reports, said digital data item specific security policy being applied in accordance with a first domain security policy operational within said first domain; transferring said digital data item having said respective digital data item specific first security policy to said second domain, said second domain having a second domain security policy operational within said second domain, said first and second domain security policies being autonomously defined, said transferring being together with additional data defining said respective digital data item specific first domain security policy; analyzing said digital data item specific first domain security policy within said autonomous second domain; and reporting about breaches or breach attempts within said autonomous second domain in accordance with said analyzed digital data item specific first domain security policy and said breach report requirements. - View Dependent Claims (22, 23, 24, 42, 45)
-
-
32. Apparatus for providing multi-domain control over specific digital data items via a digital data item specific first domain security policy assigned to a respective digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, apparatus comprising:
-
a policy reference monitor, configured for assigning a digital data item specific security policy to a digital item within said first domain, said digital data item specific security policy being applied in accordance with a first domain security policy operational within said first domain; and an assurance reference monitor configured for; receiving said digital data items sent to said second domain together with data defining respective digital data item specific first domain security policy, said second domain having a second domain security policy operational within said second domain, said first and second domain security policies being autonomously defined; analyzing said data defining said respective digital data item specific first domain security policy, performing at least one of distributing and allowing usage of said digital items within said second domain in accordance with said analyzed digital data item specific first domain security policy, and communicating with said policy reference monitor. - View Dependent Claims (33, 34, 35, 36, 37, 43, 46)
-
-
38. A method for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
assigning said security policy to said digital item within said first domain, wherein said first domain security policy is operational within the perimeter of a source organization; transferring said digital items to said second domain together with data defining said first domain security policy; analyzing said first domain security policy within said second domain, wherein said second domain is operational within the perimeter of a recipient organization, said first and second domain security policies being autonomously defined by said source and said recipient organizations respectively; performing at least one of distributing and allowing usage of said digital items within said second domain in accordance with said analyzed first domain security policy; and utilizing an arbitrator for resolutions of conflicts, said arbitrator being independent of both said first domain and said second domain, wherein said arbitrator utilizes accumulated results of similar negotiations from the same or similar organizations as precedents and resolves said conflicts based on such precedents.
-
-
39. A method for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
assigning said security policy to said digital item within said first domain, wherein said first domain is operational within the perimeter of a source organization; transferring said digital items to said second domain together with data defining said first domain security policy, wherein said second domain is operational within the perimeter of a recipient organization, said first and second domain security policies being autonomously defined by said source and said recipient organizations respectively; analyzing said first domain security policy within said second domain; performing at least one of distributing and allowing usage of said digital items within said second domain in accordance with said analyzed first domain security policy; and utilizing an assurance authority for assuring the execution of said distribution policy, said assurance authority being independent of said first domain and said second domain and comprising assurance functionality to render trust at both said first and said second domain.
-
-
40. A method for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said digital data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
assigning said security policy to said digital item within said first domain, wherein said first domain is operational within the perimeter of a source organization; transferring said digital items to said second domain together with data defining said first domain security policy, wherein said second domain is operational within the perimeter of a recipient organization, said first and second domain security policies being autonomously defined by said source and said recipient organizations respectively; analyzing said first domain security policy within said second domain; performing at least one of distributing and al1owing usage of said digital items within said second domain in accordance with said analyzed first domain security policy; and utilizing a trustee for auditing compliance of said second domain with said first domain security policy at said first domain.
-
-
47. A method for providing multi-domain control over a digital data item via a first domain digital data item specific security policy assigned to said digital data item at a first domain, said digital data item being transferred from said first domain to a second domain, the method comprising:
-
assigning said digital data item specific security policy to said digital data item within said first domain; transferring said digital data item to said second domain together with additional data defining said digital data item specific first domain security policy, said second domain being autonomous from said first domain in respect of security policies; analyzing said digital data item specific first domain security policy within said second domain in respect of said digital data item; and performing at least one of distributing and allowing usage of said digital item within said autonomous second domain in accordance with said analyzed digital data item specific first domain security policy, so as to provide control of said digital data item in said autonomous second domain in accordance with said digital data item specific security policy of said first domain, and wherein said digital data item comprises one of;
a document, a digital audio file, a digital video file, a digital image and a drawing.
-
-
48. Apparatus for providing multi-domain control over specific digital data items via a digital data item specific first domain security policy assigned to a respective digital data item at a first domain, said digital data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, comprising:
-
a policy reference monitor, configured for assigning said digital data item specific security policy to said digital item within said first domain; and an assurance reference monitor configured for; receiving said digital items sent to said second domain together with data defining respective digital data item specific first domain security policy; analyzing said data defining said respective digital data item specific first domain security policy, performing at least one of distributing and allowing usage of said digital items within said second domain in accordance with said analyzed digital data item specific first domain security policy, and communicating with said policy reference monitor, and wherein said digital data item comprises one of;
a document, a digital audio file, a digital video file, a digital image and a drawing.
-
Specification