Method and system for digital rights management of documents
First Claim
1. A method comprising, on at least one computer system:
- generating a first symmetric session key for a cryptocontainer;
encrypting, in a first section of the cryptocontainer, a recipient list and the first symmetric session key using a second symmetric session key;
generating a usage rights timeline for each of one or more electronic documents;
encrypting, in a second section of the cryptocontainer, the one or more electronic documents, and each said usage rights timeline using the first symmetric session key;
encrypting the second session key in the cryptocontainer using a public key belonging to a key server;
wherein the cryptocontainer enables the recipient list to be individually decrypted from the cryptocontainer separately from the one or more electronic documents; and
transmitting the cryptocontainer over a communications network to each recipient in the recipient list of the cryptocontainer.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.
-
Citations
15 Claims
-
1. A method comprising, on at least one computer system:
-
generating a first symmetric session key for a cryptocontainer; encrypting, in a first section of the cryptocontainer, a recipient list and the first symmetric session key using a second symmetric session key; generating a usage rights timeline for each of one or more electronic documents; encrypting, in a second section of the cryptocontainer, the one or more electronic documents, and each said usage rights timeline using the first symmetric session key; encrypting the second session key in the cryptocontainer using a public key belonging to a key server; wherein the cryptocontainer enables the recipient list to be individually decrypted from the cryptocontainer separately from the one or more electronic documents; and transmitting the cryptocontainer over a communications network to each recipient in the recipient list of the cryptocontainer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for receiving electronic documents over a communications network, wherein digital rights of access for each of the electronic documents are cryptographically managed and secured, comprising, by a computer system:
-
electronically receiving a cryptocontainer comprising; an encrypted first section including a recipient list and a first symmetric key, wherein the encrypted first section has been encrypted using a second symmetric key; an encrypted second section comprising one or more electronic documents, wherein the encrypted second section has been encrypted using the first symmetric session key; and an encrypted key portion comprising the second symmetric key, wherein the encrypted key portion has been encrypted using a public key of a key server; opening a secured connection with the key server and authenticating an identity of a recipient with a certificate issued by an authenticating server; and comparing the identity of the recipient with each of a plurality of recipients listed in the recipient list by the key server, and in case of a match, issuing a one-time license to decrypt the first symmetric session key to the recipient by the key server, and in case of no match, denying access to the recipient to the cryptocontainer. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product comprising a non-transitory computer-usable medium having computer-readable code embodied therein, the computer-readable code adapted to be executed to implement a method comprising:
-
generating a first symmetric session key for a cryptocontainer; encrypting, in a first section of the cryptocontainer, a recipient list and the first symmetric session key using a second symmetric session key; generating a usage rights timeline for each of one or more electronic documents; encrypting, in a second section of the cryptocontainer, the one or more electronic documents and each said usage rights timeline using the first symmetric session key; encrypting the second session key in the cryptocontainer using a public key belonging to a key server; and wherein the cryptocontainer enables the recipient list to be individually decrypted from the cryptocontainer separately from the one or more electronic documents; transmitting the cryptocontainer over a communications network to each recipient in the recipient list of the cryptocontainer. - View Dependent Claims (12, 13, 14, 15)
-
Specification