Digital data distribution detection, deterrence and disablement system and method

US 8,407,806 B2
Filed: 02/15/2007
Issued: 03/26/2013
Est. Priority Date: 09/29/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A system for distributing a document over a communication network and tracking a use of the document by one or more recipient device communicatively connected to the communication network, comprising:

a server communicatively connected to the communication network;

a database including a data storage communicatively connected to the server, the database includes the documenta data set stored in the data storage of the database, the data set representing the document and any and each use of the document by any of the one or more recipient device;

at least one policy contained in the data storage, relative to the data set and either of the document, the use of the document by at least certain of the one or more recipient device, and combinations;

a content protector, communicatively connected to the database and the server, the content protector obtains from the database the data set and, as dictated by the at least one policy for the data set, watermarks the document as a distributable document and calculates at least one hash of the distributable document, and delivers the distributable document to the server for distribution to the one or more recipient device;

an access controller, communicatively connected to the database and the server, each respective one of the one or more recipient device communicatively connects to the access controller over the communication network in response to accessing the distributable document by the respective recipient device for the use of the document by the respective recipient device;

a fingerprint communicated by the respective recipient device to the access controller over the communication network, upon accessing the distributable document by the respective recipient device; and

wherein the access controller, upon the respective recipient device accessing the distributable document for the use of the document by the device and the access controller receiving the fingerprint from the respective recipient device, calculates, in conjunction with the database, next hash of the distributable document, compares the at least one hash to the next hash, and, if the at least one policy of the database for the respective recipient device so dictates, adds the fingerprint to the data set for the document and the use by the respective recipient device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of distributing a data over a network includes protecting the data as a protected document by encryption and watermarking, controlling access to the protected document based on permissions, checking for permissions from a database, recording a record of the step of checking in the database, and accessing the protected document if allowed per permissions from the step of checking. The method collects a so-called “document thread” indicating a fingerprint of the first accessor of the data and the distributions and uses subsequently made of the data. The method is operable via a web page interface, such as through a browser of a device of the network communicatively connected to a web server of a data center. The method is alternately operable atop a document/data management system, including a client device application of a device of the network communicatively connected to the document/data management system. The method provides detection and log of the protected data in each event of access by the device over the network, deterrence of inappropriate access to the protected data by the device through policies for the document and device and event recordation on access, and disablement of the protected data for access by the device if access is not permissible per the method.

14 Citations

View as Search Results

12 Claims

1. A system for distributing a document over a communication network and tracking a use of the document by one or more recipient device communicatively connected to the communication network, comprising:
- a server communicatively connected to the communication network;
  
  a database including a data storage communicatively connected to the server, the database includes the documenta data set stored in the data storage of the database, the data set representing the document and any and each use of the document by any of the one or more recipient device;
  
  at least one policy contained in the data storage, relative to the data set and either of the document, the use of the document by at least certain of the one or more recipient device, and combinations;
  
  a content protector, communicatively connected to the database and the server, the content protector obtains from the database the data set and, as dictated by the at least one policy for the data set, watermarks the document as a distributable document and calculates at least one hash of the distributable document, and delivers the distributable document to the server for distribution to the one or more recipient device;
  
  an access controller, communicatively connected to the database and the server, each respective one of the one or more recipient device communicatively connects to the access controller over the communication network in response to accessing the distributable document by the respective recipient device for the use of the document by the respective recipient device;
  
  a fingerprint communicated by the respective recipient device to the access controller over the communication network, upon accessing the distributable document by the respective recipient device; and
  
  wherein the access controller, upon the respective recipient device accessing the distributable document for the use of the document by the device and the access controller receiving the fingerprint from the respective recipient device, calculates, in conjunction with the database, next hash of the distributable document, compares the at least one hash to the next hash, and, if the at least one policy of the database for the respective recipient device so dictates, adds the fingerprint to the data set for the document and the use by the respective recipient device.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, further comprising:
    - a web page interface served by the server to the one or more recipient device, each of the one or more recipient device communicatively connects to the web page interface to request the document;
      
      wherein the distributable document from the content protector is deliverable to each of the one or more recipient device requesting the document via the web page interface.
  - 3. The system of claim 1, further comprising:
    - a document manager communicatively connected to the content protector; and
      
      a client application of the respective recipient device for communicatively connecting the respective recipient device to the document manager to request the document;
      
      wherein the distributable document from the content protector is obtained by the respective recipient device from the document manager via the client application communicating with the server over the communication network.
  - 4. The system of claim 1, wherein a second device obtains the distributable document from any of the one or more recipient device, further comprising:
    - at least one different policy contained in the data storage, relative to the data set for the document and either of the document, the use of the document by the second device, and combinations; and
      
      a second fingerprint communicated by the second device to the access controller over the communication, upon any access to the distributable document for use by the second device;
      
      wherein the access controller, upon the second device accessing the distributable document for the use of the document by the device and the access controller receiving the fingerprint from the second device as invoked by the distributable document on access, calculates, in conjunction with the database, another next hash of the distributable document, compares the at least one hash to the other next hash, and, if the at least one policy of the database for the second device so dictates, adds the second fingerprint to the data set for the document and the use by the second device.

5. A method of distribution of a document by a data center to a device in communication with the data center over a communication network, comprising the steps of:
- receiving by a server a document request from the device, the document request includes an identifier of the device and of the document;
  
  detecting the document request by the server upon the step of receiving;
  
  communicating the document request to a content protector;
  
  requesting by the content protector from a database a data set representative of the document and any and each access by the device to the document for use in a process of the device;
  
  retrieving by the content protector from the database the data set and the at least one policy;
  
  adding an identifier of the device and the document to the data set, in accordance with the at least one policy;
  
  watermarking the document as a distributable document, by the content protector based on the at least one policy and the data set;
  
  calculating by the content protector a hash of the distributable document;
  
  communicating the distributable document by the content protector to the server;
  
  providing the distributable document by the server to the device;
  
  communicating by the device with an access controller if the distributable document at the device is actively accessed by the device for use in a process of the device, invoked by the distributable document when so accessed;
  
  receiving by the access controller a fingerprint communicated by the device to the access controller upon access by the device to the distributable document for use in the process of the device;
  
  calculating by the access controller a next hash of the distributable document responsive to the step of communicating by the device with the access controller on access to the distributable document by the device for use in the process of the device;
  
  comparing by the access controller the next hash to the hash; and
  
  adding the fingerprint to the data set for the document and device, if the at least one policy of the database so dictates.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprising the steps of:
    - serving a web page interface to the device, by a web server connected to the content protector;
      
      delivering the distributable document, in the step of providing the distributable document by the server, to the device via the web page interface.
  - 7. The method of claim 5, further comprising the steps of:
    - managing a plurality of data sets in the database, each respective data set representative of a respective document for the step of retrieving by the content protector via a document management system connected to the database; and
      
      communicatively connecting a client application of the device to the document management system to control the step of managing in order to selectively provide to the device at least one distributable document from the step of watermarking in respect of at least one of the respective document.
  - 8. The method of claim 5, further comprising the steps of:
    - providing the distributable document by the device to a second device;
      
      communicating by the second device with the access controller if the distributable document at the second device is actively accessed by the second device for use of the document in a process of the second device, wherein the step of communicating is invoked by the distributable document when actively accessed by the second device for use in the process of the second device;
      
      communicating by the second device to the access controller a second fingerprint upon access by the second device to the distributable document for the process of the second device;
      
      calculating by the access controller another hash of the distributable document responsive to the step of communicating by the second device with the access controller on access to the distributable document by the second device for use in the process of the device; and
      
      adding by the access controller the second fingerprint to the data set for the document and the use by the second device.

9. A method of distribution of a document by a data center to a device in communication with the data center over a communication network, comprising the steps of:
- receiving by a server a document request from the device, the document request includes an identifier of the device and of the document;
  
  detecting the document request by the server upon the step of receiving;
  
  communicating the document request to a content protector;
  
  requesting by the content protector from a database a data set representative of the document and at least one policy of the database relative to the data set and the document request;
  
  retrieving by the content protector from the database the data set and the at least one policy;
  
  transforming the data set and the at least one policy by the content protector to yield the document;
  
  protecting the document as a protected document, by the content protector based on the at least one policy;
  
  calculating by the content protector a first hash and a second hash of the protected document;
  
  communicating the protected document by the content protector to the server;
  
  providing the protected document by the server to the device;
  
  communicating by the device with an access controller if the protected document at the device is actively accessed by the device for use in a process of the device, invoked by the protected document when so accessed;
  
  calculating by the access controller a third hash of the protected document responsive to the step of communicating by the device;
  
  comparing by the access controller the third hash to the first hash and the second hash;
  
  retrieving by the access controller, if the device is permitted access to the document for the process as dictated by the at least one policy of the database and the step of comparing, an applicable permission from the database for the protected document, the applicable permission for the protected document uniquely corresponds to the document and the device per the at least one policy, the data set, and the document request;
  
  logging each access to the document by the device, in the database, in response to the step of communicating by the device with the access controller;
  
  reporting by the access controller to the device, if permitted by the at least one policy, the applicable permission for the protected document for access to the document by the device for the process of the device;
  
  obtaining by the device from the access controller a key to decode the document at the device, if required by the at least one policy for the document and the device, wherein, after the document is processed by the device, if permitted, the document automatically re-encrypts to the protected document at the device, requiring next applicable permissions for additional access to the document by the device.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising the steps of:
    - repeating the steps of communicating with the access controller, retrieving a permission, if any, logging each access, and reporting the permission, if any, for each distinct device obtaining the document and attempting to access the document for a process of the respective device.
  - 11. The method of claim 10, wherein the at least one policy of the database for at least one of the device is different from the at least one policy of the database for another of the device.
  - 12. The method of claim 9, further comprising the step of:
    - providing a software program stored in memory of the device for communicatively connecting the device to the access controller to perform the step of communicating by the device with the access controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kevin W. Schick, Purusharth Agrawal
Original Assignee
Kevin W. Schick, Purusharth Agrawal
Inventors
Agrawal, Purusharth, Schick, Kevin W
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Vaughan, Michael R

Application Number

US11/675,123
Publication Number

US 20080082827A1
Time in Patent Office

2,231 Days
Field of Search

None
US Class Current

726/29
CPC Class Codes

H04L 2463/101 applying security measures ...

H04L 63/10 for controlling access to d...

Digital data distribution detection, deterrence and disablement system and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Digital data distribution detection, deterrence and disablement system and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links