Method and apparatus for location-based digital rights management
First Claim
1. A computer-implemented method, comprising:
- receiving a request to access a document, the request associated with a first access node identifier, the first access node identifier indicating a current storage location of the document within a repository;
retrieving document attribute information associated with the document from a content services server, the document attribute information including an authorized node identifier assigned to the document, the authorized node identifier identifies a storage location of the document within the repository, the storage location having access privileges;
comparing, using at least one processor coupled to a memory, the authorized node identifier to the first access node identifier;
denying access to the document in response to determining a discrepancy between the authorized node and the first access node based on a result of the comparing; and
providing access to the document in response to determining that the authorized node identifier and the access node identifier are consistent, based on a result of the comparing.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for location-based access control applies a location-based identifier to a document, wherein the location-based identifier indicates an original storage location of the document. The original storage location is an authorized node having access privileges specific to the document. In response to the document being moved or copied, an access control engine compares a current location of the document to the original storage location and denies access when there is a discrepancy. When the document is moved consistent with an access control policy, such as when an administrator moves the document, an original storage location identifier is changed consistent with a new location. The document is only accessible when accessed from an authorized location. The locations may be referred to as access nodes, wherein each access node corresponds to a folder.
158 Citations
14 Claims
-
1. A computer-implemented method, comprising:
-
receiving a request to access a document, the request associated with a first access node identifier, the first access node identifier indicating a current storage location of the document within a repository; retrieving document attribute information associated with the document from a content services server, the document attribute information including an authorized node identifier assigned to the document, the authorized node identifier identifies a storage location of the document within the repository, the storage location having access privileges; comparing, using at least one processor coupled to a memory, the authorized node identifier to the first access node identifier; denying access to the document in response to determining a discrepancy between the authorized node and the first access node based on a result of the comparing; and providing access to the document in response to determining that the authorized node identifier and the access node identifier are consistent, based on a result of the comparing. - View Dependent Claims (2, 3)
-
-
4. An apparatus, comprising:
-
at least one processor coupled to a memory; a content services repository to store a plurality of documents, each document from the plurality of documents associated with an authorized node identifier, the authorized node identifier associated with an authorized node in the repository; a content services authorizer to; compare, using the at least one processor, the authorized node identifier of a document from the plurality of documents and an access node identifier, the access node identifier associated with a current location of the document in the repository, and verify a request to access the document from an access node associated with the access node identifier; and a rights management server to provide access control information in response to the verified request. - View Dependent Claims (5, 6, 7)
-
-
8. A computer-implemented method, comprising:
-
receiving a request to access a document stored at a location within a file store; retrieving document attribute information associated with the document, the document attribute information including; a first node identifier assigned to the document identifying a first location within the file store; and a second node identifier assigned to the document identifying a second location within the file store; comparing, using at least one processor coupled to a memory, the first node identifier to the second node identifier; denying access to the document in response to determining a discrepancy between the first node identifier and the second node identifier based on a result of the comparing; and retrieving access control information in response to determining that the first node identifier and the second node identifier are consistent, based on a result of the comparing. - View Dependent Claims (9, 10, 11)
-
-
12. An apparatus, comprising:
-
a processor coupled to a memory; a document store to store a plurality of documents, each document having a first attribute containing a first storage location within the document store and a second attribute containing a second storage location within the document store; a content services authorizer to; compare, using the processor, the first attribute of a document from the plurality of documents to the second attribute of the document from the plurality of documents; and verify a request to access the document when the first attribute is consistent the second attribute; and a rights management server to provide access control information in response to the verified request. - View Dependent Claims (13, 14)
-
Specification