Digital data distribution detection, deterrence and disablement system and method
First Claim
1. A system for distributing a document over a communication network and tracking a use of the document by one or more recipient device communicatively connected to the communication network, comprising:
- a server communicatively connected to the communication network;
a database including a data storage communicatively connected to the server, the database includes the documenta data set stored in the data storage of the database, the data set representing the document and any and each use of the document by any of the one or more recipient device;
at least one policy contained in the data storage, relative to the data set and either of the document, the use of the document by at least certain of the one or more recipient device, and combinations;
a content protector, communicatively connected to the database and the server, the content protector obtains from the database the data set and, as dictated by the at least one policy for the data set, watermarks the document as a distributable document and calculates at least one hash of the distributable document, and delivers the distributable document to the server for distribution to the one or more recipient device;
an access controller, communicatively connected to the database and the server, each respective one of the one or more recipient device communicatively connects to the access controller over the communication network in response to accessing the distributable document by the respective recipient device for the use of the document by the respective recipient device;
a fingerprint communicated by the respective recipient device to the access controller over the communication network, upon accessing the distributable document by the respective recipient device; and
wherein the access controller, upon the respective recipient device accessing the distributable document for the use of the document by the device and the access controller receiving the fingerprint from the respective recipient device, calculates, in conjunction with the database, next hash of the distributable document, compares the at least one hash to the next hash, and, if the at least one policy of the database for the respective recipient device so dictates, adds the fingerprint to the data set for the document and the use by the respective recipient device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of distributing a data over a network includes protecting the data as a protected document by encryption and watermarking, controlling access to the protected document based on permissions, checking for permissions from a database, recording a record of the step of checking in the database, and accessing the protected document if allowed per permissions from the step of checking. The method collects a so-called “document thread” indicating a fingerprint of the first accessor of the data and the distributions and uses subsequently made of the data. The method is operable via a web page interface, such as through a browser of a device of the network communicatively connected to a web server of a data center. The method is alternately operable atop a document/data management system, including a client device application of a device of the network communicatively connected to the document/data management system. The method provides detection and log of the protected data in each event of access by the device over the network, deterrence of inappropriate access to the protected data by the device through policies for the document and device and event recordation on access, and disablement of the protected data for access by the device if access is not permissible per the method.
14 Citations
12 Claims
-
1. A system for distributing a document over a communication network and tracking a use of the document by one or more recipient device communicatively connected to the communication network, comprising:
-
a server communicatively connected to the communication network; a database including a data storage communicatively connected to the server, the database includes the document a data set stored in the data storage of the database, the data set representing the document and any and each use of the document by any of the one or more recipient device; at least one policy contained in the data storage, relative to the data set and either of the document, the use of the document by at least certain of the one or more recipient device, and combinations; a content protector, communicatively connected to the database and the server, the content protector obtains from the database the data set and, as dictated by the at least one policy for the data set, watermarks the document as a distributable document and calculates at least one hash of the distributable document, and delivers the distributable document to the server for distribution to the one or more recipient device; an access controller, communicatively connected to the database and the server, each respective one of the one or more recipient device communicatively connects to the access controller over the communication network in response to accessing the distributable document by the respective recipient device for the use of the document by the respective recipient device; a fingerprint communicated by the respective recipient device to the access controller over the communication network, upon accessing the distributable document by the respective recipient device; and wherein the access controller, upon the respective recipient device accessing the distributable document for the use of the document by the device and the access controller receiving the fingerprint from the respective recipient device, calculates, in conjunction with the database, next hash of the distributable document, compares the at least one hash to the next hash, and, if the at least one policy of the database for the respective recipient device so dictates, adds the fingerprint to the data set for the document and the use by the respective recipient device. - View Dependent Claims (2, 3, 4)
-
-
5. A method of distribution of a document by a data center to a device in communication with the data center over a communication network, comprising the steps of:
-
receiving by a server a document request from the device, the document request includes an identifier of the device and of the document; detecting the document request by the server upon the step of receiving; communicating the document request to a content protector; requesting by the content protector from a database a data set representative of the document and any and each access by the device to the document for use in a process of the device; retrieving by the content protector from the database the data set and the at least one policy; adding an identifier of the device and the document to the data set, in accordance with the at least one policy; watermarking the document as a distributable document, by the content protector based on the at least one policy and the data set; calculating by the content protector a hash of the distributable document; communicating the distributable document by the content protector to the server; providing the distributable document by the server to the device; communicating by the device with an access controller if the distributable document at the device is actively accessed by the device for use in a process of the device, invoked by the distributable document when so accessed; receiving by the access controller a fingerprint communicated by the device to the access controller upon access by the device to the distributable document for use in the process of the device; calculating by the access controller a next hash of the distributable document responsive to the step of communicating by the device with the access controller on access to the distributable document by the device for use in the process of the device; comparing by the access controller the next hash to the hash; and adding the fingerprint to the data set for the document and device, if the at least one policy of the database so dictates. - View Dependent Claims (6, 7, 8)
-
-
9. A method of distribution of a document by a data center to a device in communication with the data center over a communication network, comprising the steps of:
-
receiving by a server a document request from the device, the document request includes an identifier of the device and of the document; detecting the document request by the server upon the step of receiving; communicating the document request to a content protector; requesting by the content protector from a database a data set representative of the document and at least one policy of the database relative to the data set and the document request; retrieving by the content protector from the database the data set and the at least one policy; transforming the data set and the at least one policy by the content protector to yield the document; protecting the document as a protected document, by the content protector based on the at least one policy; calculating by the content protector a first hash and a second hash of the protected document; communicating the protected document by the content protector to the server; providing the protected document by the server to the device; communicating by the device with an access controller if the protected document at the device is actively accessed by the device for use in a process of the device, invoked by the protected document when so accessed; calculating by the access controller a third hash of the protected document responsive to the step of communicating by the device; comparing by the access controller the third hash to the first hash and the second hash; retrieving by the access controller, if the device is permitted access to the document for the process as dictated by the at least one policy of the database and the step of comparing, an applicable permission from the database for the protected document, the applicable permission for the protected document uniquely corresponds to the document and the device per the at least one policy, the data set, and the document request; logging each access to the document by the device, in the database, in response to the step of communicating by the device with the access controller;
reporting by the access controller to the device, if permitted by the at least one policy, the applicable permission for the protected document for access to the document by the device for the process of the device;obtaining by the device from the access controller a key to decode the document at the device, if required by the at least one policy for the document and the device, wherein, after the document is processed by the device, if permitted, the document automatically re-encrypts to the protected document at the device, requiring next applicable permissions for additional access to the document by the device. - View Dependent Claims (10, 11, 12)
-
Specification