×

Multi-factor content protection

  • US 8,059,820 B2
  • Filed: 10/11/2007
  • Issued: 11/15/2011
  • Est. Priority Date: 10/11/2007
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product for implementing a method of protecting sensitive content by controlling how the sensitive content is used and accessed at a recipient computing system which is part of a computing network of a central organization, the computer program product comprising a computer storage device at the recipient computing system which contains computer-executable instructions to implement at the recipient computing system the method, and wherein the method is comprised of:

  • at the recipient computing system which includes a trusted agent, running a trusted application that requires use of sensitive content stored within the central organization, and whereinaccess and use of the sensitive content is controlled by a policy associated with the content, the policy defining access and use restrictions,the sensitive content is encrypted to a content key,and access and use of the sensitive content requires decryption of the associated policy and the content key and then using the sensitive content only in accordance with its associated policy;

    at the recipient computing system, receiving from an access server of the central organization at least a portion of said policy and said content key, both of which are encrypted to (1) a trusted agent key maintained at said trusted agent, and (2) at least one other protection factor stored at the recipient computing system;

    at the recipient computing system, decrypting the received portion of the policy and the content key using the trusted agent key and the at least one other protection factor;

    at the recipient computing system, decrypting the content using the decrypted content key; and

    at the recipient computing system, the trusted application then using the decrypted sensitive content subject to the access and use restrictions contained in said portion of said policy received from the access server of the central organization.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×