Method and system for managing a data object so as to comply with predetermined conditions for usage

US 8,474,058 B2
Filed: 08/21/2003
Issued: 06/25/2013
Est. Priority Date: 02/01/1995
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at least two data packages, each data package comprising a data object and a set of control data, the set of control data for each data package including at least one usage control element defining a usage of the data object, the usage complying with a variable number of conditions, the data object and the usage control element for each data package being encrypted;

decrypting the usage control elements of the sets of control data;

examining, by use of a data processor, the usage control elements of the at least two data packages to find a match;

determining whether a data processor is capable of completing a security procedure specified in a security control element of the usage control elements, and disabling the usage when the data processor is not capable of completing the security procedure; and

performing an action specified in the sets of control data of the at least two data packages, if the usage is not disabled.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for managing a data object so as to comply with predetermined conditions for usage of the data object. To control the usage of the data object, a set of control data, defining uses of the data object, which comply with the predetermined conditions, is created for the data object. The data object is concatenated with the user set of control data, encrypted and transferred to the user. When the user wants to use the data object, a special user program checks whether the usage complies with the control data. If so, the usage is enabled. Otherwise it is disabled.

Citations

38 Claims

1. A method comprising:
- receiving at least two data packages, each data package comprising a data object and a set of control data, the set of control data for each data package including at least one usage control element defining a usage of the data object, the usage complying with a variable number of conditions, the data object and the usage control element for each data package being encrypted;
  
  decrypting the usage control elements of the sets of control data;
  
  examining, by use of a data processor, the usage control elements of the at least two data packages to find a match;
  
  determining whether a data processor is capable of completing a security procedure specified in a security control element of the usage control elements, and disabling the usage when the data processor is not capable of completing the security procedure; and
  
  performing an action specified in the sets of control data of the at least two data packages, if the usage is not disabled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 additionally comprising:
    - updating the usage control element of each data package; and
      
      re-encrypting each updated usage control element of each data package.
  - 3. The method of claim 1 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of user.
  - 4. The method of claim 1 wherein the at least one usage control element defining a usage of the data object corresponds to a particular time limit for usage.
  - 5. The method of claim 1 wherein the at least one usage control element defining a usage of the data object corresponds to a particular geographical area for usage.
  - 6. The method of claim 1 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of allowed operations.
  - 7. The method of claim 1 wherein the at least one usage control element defining a usage of the data object corresponds to a particular number of uses of the data object.
  - 8. The method of claim 1 wherein the set of control data includes an identifier, which uniquely identifies the set of control data.
  - 9. The method of claim 1 wherein the set of control data is concatenated to the data object.
  - 10. The method of claim 1 wherein the data object is sent independently of the set of control data.

11. A method comprising:
- receiving at least two data packages, each data package comprising a data object and a set of control data, the set of control data for each data package including at least one usage control element defining a usage of the data object, the usage complying with a variable number of conditions, the data object for each data package being encrypted;
  
  examining, by use of a data processor, the usage control elements of the at least two data packages to find a match;
  
  determining whether a data processor is capable of completing a security procedure specified in a security control element of the usage control elements, and disabling the usage when the data processor is not capable of completing the security procedure; and
  
  performing an action specified in the sets of control data of the at least two data packages, if the usage is not disabled.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of user.
  - 13. The method of claim 11 wherein the at least one usage control element defining a usage of the data object corresponds to a particular time limit for usage.
  - 14. The method of claim 11 wherein the at least one usage control element defining a usage of the data object corresponds to a particular geographical area for usage.
  - 15. The method of claim 11 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of allowed operations.
  - 16. The method of claim 11 wherein the at least one usage control element defining a usage of the data object corresponds to a particular number of uses of the data object.
  - 17. The method of claim 11 wherein the set of control data includes an identifier, which uniquely identifies the set of control data.
  - 18. The method of claim 11 wherein the set of control data is concatenated to the data object.
  - 19. The method of claim 11 wherein the data object is sent independently of the set of control data.

20. A system comprising:
- a data processor;
  
  a receiving module, being executable by the data processor, to receive at least two data packages, each data package comprising a data object and a set of control data, the set of control data for each data package including at least one usage control element defining a usage of the data object, the usage complying with a variable number of conditions, the data object and the usage control element for each data package being encrypted;
  
  a decryption module to decrypt the usage control elements of the sets of control data;
  
  a security module to examine the usage control elements of the at least two data packages to find a match, to determine whether the data processor is capable of completing a security procedure specified in a security control element of the usage control elements, and to disable the usage when the data processor is not capable of completing the security procedure; and
  
  a usage manager module to perform an action specified in the sets of control data of the at least two data packages, if the usage is not disabled.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The system of claim 20 additionally comprising:
    - an update module to update the usage control element of each data package; and
      
      an encryption module to re-encrypt each updated usage control element of each data package.
  - 22. The system of claim 20 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of user.
  - 23. The system of claim 20 wherein the at least one usage control element defining a usage of the data object corresponds to a particular time limit for usage.
  - 24. The system of claim 20 wherein the at least one usage control element defining a usage of the data object corresponds to a particular geographical area for usage.
  - 25. The system of claim 20 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of allowed operations.
  - 26. The system of claim 20 wherein the at least one usage control element defining a usage of the data object corresponds to a particular number of uses of the data object.
  - 27. The system of claim 20 wherein the set of control data includes an identifier, which uniquely identifies the set of control data.
  - 28. The system of claim 20 wherein the set of control data is concatenated to the data object.
  - 29. The system of claim 20 wherein the data object is sent independently of the set of control data.

30. A system comprising:
- a data processor;
  
  a receiving module, being executable by the data processor, to receive at least two data packages, each data package comprising a data object and a set of control data, the set of control data for each data package including at least one usage control element defining a usage of the data object, the usage complying with a variable number of conditions, the data object for each data package being encrypted;
  
  a security module to examine the usage control elements of the at least two data packages to find a match, to determine whether the data processor is capable of completing a security procedure specified in a security control element of the usage control elements, and to disable the usage when the data processor is not capable of completing the security procedure; and
  
  a usage manager module to perform an action specified in the sets of control data of the at least two data packages, if the usage is not disabled.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The system of claim 30 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of user.
  - 32. The system of claim 30 wherein the at least one usage control element defining a usage of the data object corresponds to a particular time limit for usage.
  - 33. The system of claim 30 wherein the at least one usage control element defining a usage of the data object corresponds to a particular geographical area for usage.
  - 34. The system of claim 30 wherein the at least one usage control element defining a usage of the data object corresponds to a particular kind of allowed operations.
  - 35. The system of claim 30 wherein the at least one usage control element defining a usage of the data object corresponds to a particular number of uses of the data object.
  - 36. The system of claim 30 wherein the set of control data includes an identifier, which uniquely identifies the set of control data.
  - 37. The system of claim 30 wherein the set of control data is concatenated to the data object.
  - 38. The system of claim 30 wherein the data object is sent independently of the set of control data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Solutions Corporation (Adeia Inc.)
Original Assignee
Rovi Solutions Corporation (Adeia Inc.)
Inventors
Benson, Greg, Urich, Gregory H., Knauft, Christopher L.
Primary Examiner(s)
VON BUHR, MARIA N

Application Number

US10/645,991
Publication Number

US 20040039741A1
Time in Patent Office

3,596 Days
Field of Search

707/9, 707/10, 707/105, 707781-788, 705/54, 705 57- 59, 705 50- 52, 726 26- 33, 713/150, 713/160, 713/161
US Class Current

726/31
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6236   between heterogeneous systems

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2151   Time stamp

Y10S 707/99939   Privileged access

Method and system for managing a data object so as to comply with predetermined conditions for usage

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing a data object so as to comply with predetermined conditions for usage

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links