Method and apparatus for location-based digital rights management

US 8,613,108 B1
Filed: 03/26/2009
Issued: 12/17/2013
Est. Priority Date: 03/26/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving a request to access a document, the request associated with a first access node identifier, the first access node identifier indicating a current storage location of the document within a repository;

retrieving document attribute information associated with the document from a content services server, the document attribute information including an authorized node identifier assigned to the document, the authorized node identifier identifies a storage location of the document within the repository, the storage location having access privileges;

comparing, using at least one processor coupled to a memory, the authorized node identifier to the first access node identifier;

denying access to the document in response to determining a discrepancy between the authorized node and the first access node based on a result of the comparing; and

providing access to the document in response to determining that the authorized node identifier and the access node identifier are consistent, based on a result of the comparing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for location-based access control applies a location-based identifier to a document, wherein the location-based identifier indicates an original storage location of the document. The original storage location is an authorized node having access privileges specific to the document. In response to the document being moved or copied, an access control engine compares a current location of the document to the original storage location and denies access when there is a discrepancy. When the document is moved consistent with an access control policy, such as when an administrator moves the document, an original storage location identifier is changed consistent with a new location. The document is only accessible when accessed from an authorized location. The locations may be referred to as access nodes, wherein each access node corresponds to a folder.

158 Citations

View as Search Results

14 Claims

1. A computer-implemented method, comprising:
- receiving a request to access a document, the request associated with a first access node identifier, the first access node identifier indicating a current storage location of the document within a repository;
  
  retrieving document attribute information associated with the document from a content services server, the document attribute information including an authorized node identifier assigned to the document, the authorized node identifier identifies a storage location of the document within the repository, the storage location having access privileges;
  
  comparing, using at least one processor coupled to a memory, the authorized node identifier to the first access node identifier;
  
  denying access to the document in response to determining a discrepancy between the authorized node and the first access node based on a result of the comparing; and
  
  providing access to the document in response to determining that the authorized node identifier and the access node identifier are consistent, based on a result of the comparing.
- View Dependent Claims (2, 3)
- - 2. The method as in claim 1, comprising:
    - receiving credential information associated with the request;
      
      comparing the credential information to an access control list for approval; and
      
      authorizing the request for the document and downloading the document in response to the request based on approval of the credential information.
  - 3. The method as in claim 1, comprising:
    - assigning an original node identifier associated with the authorized node in the file storage system, the authorized node having access rights associated with at least one user; and
      
      storing the original node identifier in memory storage in the content services server.

4. An apparatus, comprising:
- at least one processor coupled to a memory;
  
  a content services repository to store a plurality of documents, each document from the plurality of documents associated with an authorized node identifier, the authorized node identifier associated with an authorized node in the repository;
  
  a content services authorizer to;
  
  compare, using the at least one processor, the authorized node identifier of a document from the plurality of documents and an access node identifier, the access node identifier associated with a current location of the document in the repository, andverify a request to access the document from an access node associated with the access node identifier; and
  
  a rights management server to provide access control information in response to the verified request.
- View Dependent Claims (5, 6, 7)
- - 5. The apparatus as in claim 4, wherein the access control information includes encryption information for decrypting the document.
  - 6. The apparatus as in claim 4, wherein the rights management server comprises a license database and an access control list, the access control list identifying at least one user having access privileges for the authorized node.
  - 7. The apparatus as in claim 4, wherein the content services authorizer is further adapted to deny the request based on an inconsistency between the access node identifier and the authorized node identifier.

8. A computer-implemented method, comprising:
- receiving a request to access a document stored at a location within a file store;
  
  retrieving document attribute information associated with the document, the document attribute information including;
  
  a first node identifier assigned to the document identifying a first location within the file store; and
  
  a second node identifier assigned to the document identifying a second location within the file store;
  
  comparing, using at least one processor coupled to a memory, the first node identifier to the second node identifier;
  
  denying access to the document in response to determining a discrepancy between the first node identifier and the second node identifier based on a result of the comparing; and
  
  retrieving access control information in response to determining that the first node identifier and the second node identifier are consistent, based on a result of the comparing.
- View Dependent Claims (9, 10, 11)
- - 9. The computer implemented method of claim 8 wherein the first node identifier identities a prior storage location of the document and wherein the second node identifier identifies either a prior storage location of the document or a current storage location of the document.
  - 10. The computer implemented method of claim 8 wherein the second node identifier is updated to be a current storage location of the document within the file store when the document is moved from a prior storage location of the document within the file store to the current location of the document within the file store.
  - 11. The computer implemented method of claim 8 wherein the second node identifier retains its current value when the document is moved from a prior storage location of the document within the file store to the current location of the document within the file store.

12. An apparatus, comprising:
- a processor coupled to a memory;
  
  a document store to store a plurality of documents, each document having a first attribute containing a first storage location within the document store and a second attribute containing a second storage location within the document store;
  
  a content services authorizer to;
  
  compare, using the processor, the first attribute of a document from the plurality of documents to the second attribute of the document from the plurality of documents; and
  
  verify a request to access the document when the first attribute is consistent the second attribute; and
  
  a rights management server to provide access control information in response to the verified request.
- View Dependent Claims (13, 14)
- - 13. The apparatus of claim 12 wherein the first attribute contains an original storage location of the document within the document store and wherein the second attribute contains a storage location within the document store where the document is authorized to reside.
  - 14. The apparatus of claim 12 wherein the first attribute contains an original storage location of the document within the document store and wherein the second attribute contains a storage location within the document store where the document is not authorized to reside.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Aggarwal, Neerav
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US12/411,983
Time in Patent Office

1,727 Days
Field of Search

726/6, 726/29
US Class Current

726/29
CPC Class Codes

G06F 21/1013   to locations

H04L 2463/101   applying security measures ...

H04L 63/101   Access control lists [ACL]

H04N 21/222   Secondary servers, e.g. pro...

H04N 21/2265   Server identification by a ...

H04N 21/4627   Rights management associate...

H04N 21/8352   involving content or source...

Method and apparatus for location-based digital rights management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for location-based digital rights management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links