Systems and methods of secure data exchange

US 9,613,190 B2
Filed: 04/22/2015
Issued: 04/04/2017
Est. Priority Date: 04/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method for managing digital rights management (DRM) protected content sharing in a networked secure collaborative computer data exchange environment, the method comprising:

establishing, by a secure exchange facility managed by an intermediate organizational entity, a user login data authentication procedure that allows a user through at least one client computing device to access the secure exchange facility, wherein the user is one of a plurality of users of a plurality of other organizational entities that access content shared through the secure exchange facility, where communication between the secure exchange facility and the plurality of users is through a communications network;

receiving computer data content and at least one indicator of access rights for the computer data content from a first user of the plurality of users associated with a first organizational entity of the plurality of other organizational entities, wherein the first user permits sharing access to the computer data content by at least a second user of the plurality of users associated with a second organizational entity based on the indicated access rights, wherein the second organizational entity is one of the plurality of other organizational entities and is different than the first organizational entity;

transforming the computer data content into DRM protected computer data content through communications with a DRM engine, wherein the DRM engine is selected based on a content type of the computer data content, and wherein the DRM engine is provided by an entity other than the intermediate organizational entity and other than any of the plurality of other organizational entities that access content shared through the secure exchange facility;

granting, by the secure exchange facility, shared access to the DRM protected computer data content to at least the second user;

wherein the secure exchange facility further comprises a data management facility and plurality of data storage nodes, wherein the data management facility is managed by the intermediate organizational entity and is adapted to provide permissioned control to the plurality of other organizational entities for use of at least one of the plurality of data storage nodes, wherein each of the other organizational entities is granted permissioned control of at least one of the plurality of data storage nodes by the intermediate organizational entity for storing data comprised of the content and metadata, wherein the data management facility manages secure data exchange of the content through the data storage nodes, and wherein the data management facility has access to the metadata of the stored data for managing sharing of the content via the data storage nodes, but the data management facility does not have access to the content; and

wherein the secure exchange facility provides content services to the plurality of data storage nodes that operate on and store the content, store metadata, and provide at least one of data transformation, filtering to the content, analytics related to the content, and searching tools for the searching for content.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method for managing digital rights management (DRM) protected content sharing in a networked secure collaborative computer data exchange environment includes establishing, by a secure exchange facility and managed by an intermediate organizational entity, a procedure that allows a user from a first entity to share access to computer data content with a user from a second entity based on indicated access rights. The method includes transforming the computer data content into DRM protected content, utilizing a DRM engine provided by a separate entity. The method includes granting access to the content to the second user, providing permissioned control to entities utilizing a number of data storage nodes, and managing secure data exchange of the content and metadata, without the secure exchange facility having access to the content. The method includes operations to support content services including data transformation, filtering, analytics, and searching tools for the content.

Citations

22 Claims

1. A method for managing digital rights management (DRM) protected content sharing in a networked secure collaborative computer data exchange environment, the method comprising:
- establishing, by a secure exchange facility managed by an intermediate organizational entity, a user login data authentication procedure that allows a user through at least one client computing device to access the secure exchange facility, wherein the user is one of a plurality of users of a plurality of other organizational entities that access content shared through the secure exchange facility, where communication between the secure exchange facility and the plurality of users is through a communications network;
  
  receiving computer data content and at least one indicator of access rights for the computer data content from a first user of the plurality of users associated with a first organizational entity of the plurality of other organizational entities, wherein the first user permits sharing access to the computer data content by at least a second user of the plurality of users associated with a second organizational entity based on the indicated access rights, wherein the second organizational entity is one of the plurality of other organizational entities and is different than the first organizational entity;
  
  transforming the computer data content into DRM protected computer data content through communications with a DRM engine, wherein the DRM engine is selected based on a content type of the computer data content, and wherein the DRM engine is provided by an entity other than the intermediate organizational entity and other than any of the plurality of other organizational entities that access content shared through the secure exchange facility;
  
  granting, by the secure exchange facility, shared access to the DRM protected computer data content to at least the second user;
  
  wherein the secure exchange facility further comprises a data management facility and plurality of data storage nodes, wherein the data management facility is managed by the intermediate organizational entity and is adapted to provide permissioned control to the plurality of other organizational entities for use of at least one of the plurality of data storage nodes, wherein each of the other organizational entities is granted permissioned control of at least one of the plurality of data storage nodes by the intermediate organizational entity for storing data comprised of the content and metadata, wherein the data management facility manages secure data exchange of the content through the data storage nodes, and wherein the data management facility has access to the metadata of the stored data for managing sharing of the content via the data storage nodes, but the data management facility does not have access to the content; and
  
  wherein the secure exchange facility provides content services to the plurality of data storage nodes that operate on and store the content, store metadata, and provide at least one of data transformation, filtering to the content, analytics related to the content, and searching tools for the searching for content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. A method of claim 1, further comprising translating the access rights into a form that can be parsed by the DRM engine, forwarding, to the DRM engine, the translated access rights, and providing, by the DRM engine, the translated access rights to at least the second user to enable the shared access to the DRM protected computer data content.
  - 3. The method of claim 1, wherein the computer data content is a secure encrypted computer data content.
  - 4. The method of claim 3, wherein at least one of the plurality of other organizational entities manages its own encryption keys for use in encrypting computer data content.
  - 5. The method of claim 4, wherein computer data content is encrypted with a data key, and the data key is encrypted with both a customer key and a system master key to create double-encrypted computer data content.
  - 6. The method of claim 5, wherein double-encryption of computer data content is applied at a plurality of levels of content management.
  - 7. The method of claim 1, further comprising:
    - receiving from the first user an indicator of revision to access rights that revokes sharing access to the computer data content to at least the second user;
      
      wherein the computer data content and revised access rights for the computer data content are transformed into a revised DRM protected computer data content through communications with the DRM engine; and
      
      revoking, by the secure exchange facility, sharing access to the computer data content to at least the second user.
  - 8. The method of claim 1, wherein the at least one of data transformation and filtering is at least one of container-specific, application-specific, and customer-specific.
  - 9. The method of claim 1, further comprising providing a plurality of content repositories for storing the computer data content.
  - 10. The method of claim 9, wherein at least one of the plurality of content repositories is outside the management of the intermediate organizational entity, wherein collectively the plurality of content repositories including the at least one of the plurality of content repositories outside the management of the intermediate organizational entity comprises a plurality of heterogeneous content repositories.
  - 11. The method of claim 10, further comprising providing a secure federated access facility for uniting access to the plurality of heterogeneous content repositories through a single user interface.
  - 12. The method of claim 1, further comprising receiving second computer data content from the first user, and providing a digital rights authentication service that permits the second user to access the computer data content and the second computer data content upon reception of a single digital rights management authentication, thereby enabling the second user to access both computer data content items without providing authentication for more than one of the two computer data content items.
  - 13. The method of claim 1, further comprising providing a secure managed key facility for managing encryption keys used to encrypt the computer data content, wherein the secure managed key facility generates a content key for encrypting the computer data content along with a content key reference, wherein the content key reference is stored along with the computer data content, and the content key reference is transferred along with the computer data content to the second user once shared access is granted.
  - 14. The method of claim 1, further comprising providing a dynamic entitlement management facility, wherein the dynamic entitlement management facility enables a DRM-based entitlement permission to be dynamically changed based on a contextual indication.
  - 15. The method of claim 1, further comprising an action checking facility, wherein the action checking facility manages actions with respect to an application capability resident on the computer device of at least one of the first user and the second user.
  - 16. The method of claim 1, further comprising providing a secure mobile device facility to manage a trusted environment policy for a plurality of mobile devices used by the plurality of users, wherein the plurality of mobile devices are able to securely inter-communicate with each other within a trusted environment.
  - 17. The method of claim 1, further comprising providing a collaborative customer relationship management (CRM) facility, wherein the collaborative CRM facility is used in conjunction with a multi-party collaboration in order to track contacts and communications of the plurality of users.
  - 18. The method of claim 1, further comprising providing a work-stream synchronization facility, wherein the work-stream synchronization facility provides the ability for a secure collaboration container of a user to be synchronized onto a desktop work-stream channel of the user.
  - 19. The method of claim 1, further comprising providing a contextual sharing facility, wherein the contextual sharing facility manages the sharing of the computer data content based on the contextual environment of at least one of the first user and the second user.
  - 20. The method of claim 1, wherein sharing of the computer data content by the first user is restricted based on at least one of the IP address and the domain name associated with the computing device of the first user.
  - 21. The method of claim 1, further comprising application programming interface (API) functionality between the secure exchange facility and the plurality of other organizational entities.
  - 22. The method of claim 1, wherein the computer data content is encrypted when transferred from a computer of the first user to the secure exchange facility, transferred within the secure exchange facility, stored within the secure exchange facility, and transferred from the secure exchange facility to a computer of the second user.

Specification

Resources

Litigation Campaign Assessment

Application Number

US14/693,643
Publication Number

US 20150310188A1
Time in Patent Office

713 Days
Field of Search

726 28
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/1063   Personalisation

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

Systems and methods of secure data exchange

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of secure data exchange

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links