Method and system for protecting digital objects distributed over a network by electronic mail
First Claim
1. In a communications network, a system for protecting objects delivered within the network comprising:
- a) a sending device connected to the network, the sending device configured by software running at the sending device to identify a security policy for an object and the recipient of the object;
b) a recipient device connected to the network, the recipient device configured by software running at the recipient device to request and receive an object;
c) an object server connected to the network, the object server configured by software running at the object server to store the object and to respond to the request from the recipient; and
d) a security server connected to the network, the security server configured by software running at the security server to protect the object such that it may be accessed only according to the security policy after it is sent to the recipient device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for protecting digital objects transmitted over a network. A sender creates a notification specifying an object to be delivered to a recipient as well the object'"'"'s security policy and any authentication information required to access the object. The notification is sent to an object server which creates an identifier associated with the object and sends an e-mail message with the identifier to the recipient. The recipient may access the object by referencing the identifier. The object server authenticates the request for the object and redirects the request to a security server. The security server protects the object in accordance with the security policy designated by the sender and combines the object with mobile code to enforce the security policy at the recipient'"'"'s computer. The protected object is sent to the recipient. When the recipient tries to access the object, the mobile code executes and instantiates the object'"'"'s security policy and object controls for enforcing the security policy at the recipient. The object may only be accessed in accordance with the security policy. An audit trail of actions related to the object may also be established.
91 Citations
44 Claims
-
1. In a communications network, a system for protecting objects delivered within the network comprising:
-
a) a sending device connected to the network, the sending device configured by software running at the sending device to identify a security policy for an object and the recipient of the object;
b) a recipient device connected to the network, the recipient device configured by software running at the recipient device to request and receive an object;
c) an object server connected to the network, the object server configured by software running at the object server to store the object and to respond to the request from the recipient; and
d) a security server connected to the network, the security server configured by software running at the security server to protect the object such that it may be accessed only according to the security policy after it is sent to the recipient device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. In a communications network, a system for protecting objects delivered in the network, the system comprising:
-
a) a sending device having a first e-mail program and a first software program in association with the first e-mail program, the first software program having means for designating at least one of the following;
i) a security policy for an object, ii) at least one recipient of the object;
iii) authentication information required in order to access the object, where the designations made by the first software program are sent via an e-mail message to the object server;
b) the object server in network connection with the sending device, the object server having a second e-mail program and a second software program in association with the second e-mail program, the second software program having means for doing at least one of the following;
i) creating an identifier associated with the object;
ii) authenticating a request for an object; and
iii) redirecting an authenticated request for an object to a security server;
iv) storing any attachments from the e-mail message from the sending device at the object server;
where the object server sends an e-mail message containing the identifier associated with the object to the at least one recipient designated by the first software program and receives a request from the recipient for the object which is redirected to the security server after authentication of the request;
c) the security server in network connection with the object server, the security server having a third e-mail program and a third software program in association with the third e-mail program, the third software program having means for doing at least one of the following;
i) obtaining the object from the object server;
ii) obtaining the object from local storage;
iii) combining the object with mobile code, the security policy, and object controls; and
iv) encrypting the object; and
d) a recipient device in network connection with the object server, the recipient device having a fourth e-mail program and a browser in association with the e-mail program, where the recipient device receives the e-mail message from the object server and requests the object from the object server by referencing the identifier. - View Dependent Claims (20, 21, 22, 27)
-
-
23. A method for protecting objects delivered in a network comprising:
-
a) designating a security policy for an object and at least one recipient to receive the object;
b) sending a first notification specifying the security policy for and at least one recipient of the object to an object server;
c) creating an identifier for the object;
d) sending a second notification containing the identifier to the at least one recipient;
e) requesting the object using the identifier;
f) redirecting the request for the object to a security server;
g) protecting the object according to the security policy; and
h) sending the object to the requesting recipient, where the object may be accessed only according to the security policy. - View Dependent Claims (24, 25, 26, 28, 29, 30, 31, 32, 33)
-
-
34. A method for protecting objects delivered in a network comprising:
-
a) designating a security policy for an object and at least one recipient to receive the object, the designation performed at a sending device;
b) creating an identifier for the object at an object server;
c) requesting the object using the identifier;
d) protecting the object according to the security policy at a security server, the protection including combining the object with mobile code, the security policy, and object controls; and
e) sending the object to the requesting recipient, where the object'"'"'s security policy and object controls are instantiated at the recipient device and the object may be accessed only according to the security policy. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification