Method and system for digital rights management of documents

US 8,239,682 B2
Filed: 09/28/2005
Issued: 08/07/2012
Est. Priority Date: 09/28/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:

on a computer system comprising at least one computer, installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;

on the computer system, authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool;

wherein said author license comprises an email address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server;

entering, by the computer system, an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;

generating, by the authoring tool, a symmetric session key for said recipient list;

encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;

adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;

encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer;

transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and

wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

85 Citations

View as Search Results

34 Claims

1. A method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:
- on a computer system comprising at least one computer, installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;
  
  on the computer system, authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool;
  
  wherein said author license comprises an email address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server;
  
  entering, by the computer system, an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;
  
  generating, by the authoring tool, a symmetric session key for said recipient list;
  
  encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;
  
  adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;
  
  encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer;
  
  transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and
  
  wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein said usage rights timeline comprises keyframes for digital rights management for each of said electronic documents in said cryptocontainer, wherein each of said keyframes comprises individual entries for granting rights for opening, copying, viewing, printing, exporting, deleting, making visible, showing thumbnails, renaming, forwarding, attaching, and moving each of said electronic documents in said cryptocontainer for a certain period in time.
  - 3. The method as recited in claim 2, wherein a keyframe, comprising an entry for granting said rights for viewing an electronic document, grants View Only rights to an assigned recipient for said electronic document, and wherein said View Only rights are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 4. The method as recited in claim 1, further comprising:
    - signing a plurality of said electronic documents added to said cryptocontainer by saidauthor using a digital signature, wherein the intent of said digital signature is specified in text form using a Signature Line entry.
  - 5. The method as recited in claim 1, further comprising:
    - notifying said author of the security rating of an e-mail client over a given time period, wherein said security rating comprises a ratio of a number of securely sent items to a total number of sent items.
  - 6. The method as recited in claim 1, wherein a recipient is assigned membership to a user group, wherein said user group is selected for generating said usage permission template for each of said electronic documents.
  - 7. The method as recited in claim 1, wherein said author license comprises the e-mail address of said author and a biometric identification encrypted together with said public key of said key server signed by a private key of said key server.
  - 8. The method as recited in claim 1, further comprising:
    - recording a timestamped log of each individual operation performed on said cryptocontainer.
  - 9. The method as recited in claim 1, wherein said authoring tool is a network application executed as a service by a network server.
  - 10. The method as recited in claim 1, wherein said usage rights timelines are predefined and stored as a template for retrieving a set of usage rights for applying to a cryptocontainer. application executed as a service by a network server.

11. A method for receiving electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, comprising:
- on a computer system comprising at least one computer, receiving via e-mail a cryptocontainer comprising a plurality of electronic documents by a recipient;
  
  wherein the receiving is performed using an email address of the recipient;
  
  on the computer system, installing a viewing tool from a public network server for accessing said plurality of electronic documents within said cryptocontainer;
  
  opening, by the computer system, a secured connection with a key server and authenticating the identity of said recipient with a certificate issued by an authenticating server;
  
  wherein said authenticating the identity of said recipient is performed using a hardware fingerprint together with said e-mail address of said recipient;
  
  wherein the key server compares the identity of said recipient with each of a plurality of recipients listed in said cryptocontainer;
  
  responsive to the key-server comparison resulting in a match;
  
  receiving, by the computer system, a one-time license to decrypt a symmetric session key for said cryptocontainer from said key server;
  
  decrypting said symmetric session key for said cryptocontainer with said license; and
  
  via the decrypted symmetric session key, the computer system decrypting and accessing said plurality of electronic documents from said cryptocontainer;
  
  responsive to the key-server comparison resulting in no match;
  
  on the computer system, denying access to said recipient to said cryptocontainer.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method as recited in claim 11, wherein said authenticating the identity of said recipient is performed using a biometric identifier together with said e-mail address of said recipient.
  - 13. The method as recited in claim 11, wherein said viewing tool is a network application executed as a service by a network server.
  - 14. The method as recited in claim 11, wherein a usage rights timeline, comprising individual keyframes, retrieved from said cryptocontainer for restricting the rights of said recipient is individually enforced by said viewing tool for each of said plurality of electronic documents accessed by said recipient over the time period for which said keyframes in said usage rights timeline have been defined.
  - 15. The method as recited in claim 14, wherein said viewing tool enforces View Only rights to an assigned recipient for an electronic document, and wherein said View Only rights are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 16. The method as recited in claim 14, wherein said viewing tool enforces rights for displaying an electronic document to an assigned recipient, and wherein said rights for displaying are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 17. The method as recited in claim 11, further comprising:
    - recording a timestamped log of each individual operation performed on said cryptocontainer.

18. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer-readable coded adapted to be executed to implement a method for transmitting electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, the method comprising:
- installing an authoring tool for generating and distributing cryptocontainers comprising said electronic documents, wherein said authoring tool includes a public key belonging to a key server and a public key belonging to said authoring tool;
  
  authenticating an author of a cryptocontainer with a certificate issued by an authenticating server, wherein an author license is created and stored with said authoring tool;
  
  wherein said author license comprises an e-mail address of said author and a hardware fingerprint encrypted together with said public key of said key server signed by a private key of said key server;
  
  entering an e-mail address for each of a plurality of recipients into a recipient list of said cryptocontainer in said authoring tool;
  
  generating, by the authoring tool, a symmetric session key for said recipient list;
  
  encrypting, by the authoring tool, said symmetric session key for said recipient list in said cryptocontainer together with said public key belonging to said key server;
  
  adding, by the authoring tool, said electronic documents to said cryptocontainer, wherein for each recipient on said recipient list a usage rights timeline is generated for each of said electronic documents;
  
  encrypting, by the authoring tool, said cryptocontainer comprising said encrypted symmetric session key for said recipient list, together with said electronic documents, and together with each of said usage rights timelines, wherein said cryptocontainer enables said encrypted symmetric session key for said recipient list to be individually decrypted from said cryptocontainer;
  
  transmitting, by the authoring tool, said cryptocontainer over a communications network to each of said plurality of recipients in said recipient list of said cryptocontainer; and
  
  wherein the transmitting is performed via email using the email address of the author and the email address for each of the plurality of recipients.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The computer program product as recited in claim 18, wherein said usage rights timeline comprises keyframes for digital rights management for each of said electronic documents in said cryptocontainer, wherein each of said keyframes comprises individual entries for granting rights for opening, copying, viewing, printing, exporting, deleting, making visible, showing thumbnails, renaming, forwarding, attaching, and moving each of said electronic documents in said cryptocontainer for a certain period in time.
  - 20. The computer program product as recited in claim 19, wherein a keyframe, comprising an entry for granting said rights for viewing an electronic document, grants View Only rights to an assigned recipient for said electronic document, and wherein said View Only rights are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 21. The computer program product as recited in claim 18, the method comprising:
    - signing a plurality of said electronic documents added to said cryptocontainer by said author using a digital signature, wherein the intent of said digital signature is specified in text form using a Signature Line entry.
  - 22. The computer program product as recited in claim 18, the method comprising:
    - notifying said author of the security rating of an e-mail client over a given time period, wherein said security rating comprises a ratio of a number of securely sent items to a total number of sent items.
  - 23. The computer program product as recited in claim 18, wherein a recipient is assigned membership to a user group, wherein said user group is selected for generating said usage permission template for each of said electronic documents.
  - 24. The computer program product as recited in claim 18, wherein said author license comprises the e-mail address of said author and a biometric identification encrypted together with said public key of said key server signed by a private key of said key server.
  - 25. The computer program product as recited in claim 18, the method comprising:
    - recording a timestamped log of each individual operation performed on said cryptocontainer.
  - 26. The computer program product as recited in claim 18, wherein said authoring tool is a network application executed as a service by a network server.
  - 27. The computer program product as recited in claim 18, wherein said usage rights timelines are pre-defined and stored as a template for retrieving a set of usage rights for applying to a cryptocontainer.

28. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer- readable coded adapted to be executed to implement a method for receiving electronic documents over a communications network, wherein digital rights of access for each of said electronic documents are cryptographically managed and secured, the method comprising:
- receiving via e-mail a cryptocontainer comprising a plurality of electronic documents by a recipient;
  
  wherein the receiving is performed using an email address of the recipient;
  
  installing a viewing tool from a public network server for accessing said plurality of electronic documents within said cryptocontainer;
  
  opening a secured connection with a key server and authenticating the identity of said recipient with a certificate issued by an authenticating server;
  
  wherein said authenticating the identity of said recipient is performed using a hardware fingerprint together with said e-mail address of said recipient;
  
  wherein the key server compares the identity of said recipient with each of a plurality of recipients listed in said cryptocontainer;
  
  responsive to the key-server comparison resulting in a match;
  
  receiving a one-time license to decrypt a symmetric session key for said cryptocontainer from said key server;
  
  decrypting said symmetric session key for said cryptocontainer with said license; and
  
  via the decrypted symmetric session key, decrypting and accessing said plurality of electronic documents from said cryptocontainer;
  
  responsive to the key-server comparison resulting in no match;
  
  denying access to said recipient to said cryptocontainer.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The computer program product as recited in claim 28, wherein said authenticating the identity of said recipient is performed using a biometric identifier together with said e-mail address of said recipient.
  - 30. The computer program product as recited in claim 28, wherein said viewing tool is a network application executed as a service by a network server.
  - 31. The computer program product as recited in claim 28, wherein a usage rights timeline, comprising individual keyframes, retrieved from said cryptocontainer for restricting the rights of said recipient is individually enforced by said viewing tool for each of said plurality of electronic documents accessed by said recipient over the time period for which said keyframes in said usage rights timeline have been defined.
  - 32. The computer program product as recited in claim 31, wherein said viewing tool enforces View Only rights to an assigned recipient for an electronic document, and wherein said View Only rights are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 33. The computer program product as recited in claim 31, wherein said viewing tool enforces rights for displaying an electronic document to an assigned recipient, and wherein said rights for displaying are enforced by using a hardware overlay from an encrypted binary stream to render said document visible, such that no original document source data or metadata is transferred to said recipient.
  - 34. The computer program product as recited in claim 28, the method comprising:
    - recording a timestamped log of each individual operation performed on said cryptocontainer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keyavi Data Corp.
Original Assignee
NL Systems LLC
Inventors
Meehan, Patrick Carson, Price, Zachary Wisenbaker, Zambroski, Raymond Joseph Jr., Frenchu, William Henry, Hickey, Shawn Patrick, White, Jesse Lee, Mohr, Anthony Allen, Gomsrud, Jeremy Wayne
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US11/237,564
Publication Number

US 20070074270A1
Time in Patent Office

2,505 Days
Field of Search

726/2, 380/4, 380/25, 380/825, 713201-202, 713/151, 713153-156, 714/15
US Class Current

713/170
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0861   Generation of secret inform...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Method and system for digital rights management of documents

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for digital rights management of documents

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links