Method and system for digital rights management of documents
First Claim
1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:
- on a computer system comprising at least one computer, installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;
on the computer system, authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool;
wherein said author license comprises an email address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server;
entering, by the computer system, an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;
generating, by the authoring tool, a symmetric session key for said recipient list;
encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;
adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;
encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer;
transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and
wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.
85 Citations
34 Claims
-
1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:
-
on a computer system comprising at least one computer, installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool; on the computer system, authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool; wherein said author license comprises an email address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server; entering, by the computer system, an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool; generating, by the authoring tool, a symmetric session key for said recipient list; encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server; adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents; encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer; transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for receiving electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:
-
on a computer system comprising at least one computer, receiving via e-mail a cryptocontainer comprising a plurality of electronic documents by a recipient; wherein the receiving is performed using an email address of the recipient; on the computer system, installing a viewing tool from a public network server for accessing said plurality of electronic documents within said cryptocontainer; opening, by the computer system, a secured connection with a key server and authenticating the identity of said recipient with a certificate issued by an authenticating server; wherein said authenticating the identity of said recipient is performed using a hardware fingerprint together with said e-mail address of said recipient; wherein the key server compares the identity of said recipient with each of a plurality of recipients listed in said cryptocontainer; responsive to the key-server comparison resulting in a match; receiving, by the computer system, a one-time license to decrypt a symmetric session key for said cryptocontainer from said key server; decrypting said symmetric session key for said cryptocontainer with said license; and via the decrypted symmetric session key, the computer system decrypting and accessing said plurality of electronic documents from said cryptocontainer; responsive to the key-server comparison resulting in no match; on the computer system, denying access to said recipient to said cryptocontainer. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer-readable coded adapted to be executed to implement a method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, the method comprising:
-
installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool; authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool; wherein said author license comprises an e-mail address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server; entering an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool; generating, by the authoring tool, a symmetric session key for said recipient list; encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server; adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents; encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer; transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer- readable coded adapted to be executed to implement a method for receiving electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, the method comprising:
-
receiving via e-mail a cryptocontainer comprising a plurality of electronic documents by a recipient; wherein the receiving is performed using an email address of the recipient; installing a viewing tool from a public network server for accessing said plurality of electronic documents within said cryptocontainer; opening a secured connection with a key server and authenticating the identity of said recipient with a certificate issued by an authenticating server; wherein said authenticating the identity of said recipient is performed using a hardware fingerprint together with said e-mail address of said recipient; wherein the key server compares the identity of said recipient with each of a plurality of recipients listed in said cryptocontainer; responsive to the key-server comparison resulting in a match; receiving a one-time license to decrypt a symmetric session key for said cryptocontainer from said key server; decrypting said symmetric session key for said cryptocontainer with said license; and via the decrypted symmetric session key, decrypting and accessing said plurality of electronic documents from said cryptocontainer; responsive to the key-server comparison resulting in no match; denying access to said recipient to said cryptocontainer. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
Specification