RU2801890C2 - Access control system for metadata of intellectual property objects - Google Patents

Abstract

FIELD: controlling access to metadata of intellectual property objects.

SUBSTANCE: system for controlling access to metadata of intellectual property objects, for example, characterizing the rights to the corresponding objects, containing a distributed data warehouse, made by the formator, for the corresponding intellectual property object, the main metadata block containing a description of the rules, for example, a method or methods for restoring the description of the object and rights to it from distributed data blocks and a means of forming additional blocks is proposed metadata made in the form of a distributed registry containing a list of users from the system user community, indicating for each of the users a set of access rights to data blocks and metadata. The system forms modifying blocks such that with the formation of a continuous sequential chain of blocks, with each change of the data block and metadata block by the modifying block, a subsequent block of the chain is formed for the corresponding block containing the modified data of the corresponding block of the chain, and the hash sum of the preceding block of the chain and the hash sum of the subsequent block of the chain, calculated taking into account the hash sum of the preceding block of the chain, and the storage of blocks is carried out in the form of an excess set of data.

EFFECT: improve access control to metadata of intellectual property objects.

3 cl, 3 dwg

Description

In the digital age, the main property of intellectual property objects, which distinguishes these objects from tangible and other intangible objects, is the possibility of their unlimited reproduction, use, distribution without loss of quality and consumer properties.

When carrying out the circulation of intellectual property objects through global information networks, the management of objects becomes more complicated, including tracking their use.

Licensing and sublicensing form a complex system of holders of the rights to use intellectual property objects that own different amounts of rights (methods of use, term, territory of use, etc.). In some cases, the management of intellectual property objects implies the possibility of their unlimited reproduction and distribution, as well as a system of open licenses, including various types of compound licenses, which also significantly complicates control over the legitimate use of these objects.

An illegally issued license with the right to sublicense can cause material damage to the right holder, involve a large number of users and intermediaries in the illegal circulation of intellectual property.

The currently used automated anti-plagiarism systems cannot always recognize the authenticity or availability of rights to distributed works, do not allow users who purchase a license to obtain reliable information about the seller's right or rights.

When disposing of the rights to intellectual property objects for their further distribution or their use in production, there is no trusted source of information about the history of transactions in relation to the rights to objects.

Another problem of the prior art is the loss of rights by legal owners due to the loss of information about legally acquired licenses, for example, if it is impossible to confirm the right in the event of a dispute, and therefore it is necessary to save data about the object, events associated with the object and rights to it ensuring the accuracy of the stored data. Such information, within the scope of the present invention, can be metadata, including information sufficient to identify an object, information necessary to gain access to an object, information about rights, as well as information including, but not limited to, information about disputes related to an object, cost and revaluation of the value of the object, various examinations, including those allowing to establish the novelty, applicability, originality of the object. At the same time, the specified information must be stored unchanged with a guaranteed possibility of access to it by various market participants, as well as persons resolving disputes.

The well-known technology described in the US patent application US2019236562 discloses a technology for maintaining a distributed registry of intellectual property objects, made on a client-server architecture. The known technology implies the need to use centralized means of access control to registry information, and therefore the reliability of the entire system is limited, it becomes possible to transfer control of the registry to unauthorized users or fake servers.

The technology disclosed in the international application WO2020123464 describes the maintenance of a distributed ledger without the use of centralized management and data storage tools, however, the registration of transactions refers to the movement of funds, with a one-time payment for the change of ownership for one object and does not imply the use of one object in the multiple financing mode.

In addition, the known system does not imply the free entry of participants into the process of disposing of rights.

To achieve a technical result that consists in eliminating the above disadvantages of the prior art, increasing the reliability, reliability and continuity of the process of registering transactions, that is, records relating to significant events in the life cycle of a protected object or the right to it, as well as reducing storage and protection costs data, with the disposal of intellectual property rights, the proposed invention is intended. Each transaction, in the understanding of the essence of the present invention, is a block of data that refers to a minimal, logically meaningful operation that makes sense and can only be completed in full. In terms of the invention, a transaction is carried out as an atomic action, that is, an action that is performed in whole or not performed at all and is related to the rights to the object, the mode of use of the object, the presentation or modification of the intellectual property object, for example, copyright changes to the object, including, leading to the emergence of a new object, as well as to similar actions or information. The transaction is registered or rejected in its entirety if the result of its registration for at least one participant differs from the results of other participants to whom information about the transaction was sent for confirmation.

In addition, the invention provides the possibility of multilateral interaction in order to form transactions for two or more parties in real time, checking the validity of transactions that have not yet been registered, for example, real-time “purity of rights” control with composite and complex objects, automated protection against violations and the formation of transactions, the essence which is described in an arbitrary format, for example, regardless of the country and protection regime.

The specified technical result is achieved in the system for managing access to the metadata of intellectual property objects, containing a distributed data storage, made with software, for each intellectual property object:

formation of distributed data blocks, the totality of which contains a digital description of the intellectual property object;

wherein the system is implemented using client computing devices belonging to users, forming the main metadata block for the corresponding intellectual property object, containing a description of the rules for restoring information about the object from distributed data blocks;

the system also contains a means for generating additional metadata blocks, made in the form of a distributed registry containing a list of users from the system user community, indicating, for each of the users, a set of access rights to data blocks and metadata;

where the access rights to data blocks and metadata include the right to view, the right to edit, the right to change and the right to grant access rights to data blocks and metadata blocks of the corresponding intellectual property object to other users;

the system is additionally implemented for each source data block and source metadata block, forming changing blocks with the formation of a continuous sequential chain of blocks, so that with each change by the changing block of the data block and metadata block, for the corresponding block, a subsequent block of the chain is formed containing the changed data of the corresponding block the chain, as well as the hash sum of the previous block of the chain and the hash sum of the subsequent block of the chain, calculated taking into account the hash sum of the previous block of the chain, and the storage of blocks is carried out in the form of a redundant set of data;

at the same time, the system is configured to form branched chains of blocks, and with each formation of a subsequent block of the chain, users having access rights to the previous block of the chain and users having the right to grant access rights to the corresponding intellectual property object are notified about the formation of the corresponding subsequent block of the chain, And

the system is additionally configured to check the validity of data for all users such that for each user, with each change of the corresponding block by the changing block, identical subsequent blocks of the chain are formed for all users; And

confirming block changes by changing blocks upon successful data validation on a predetermined number of client computing devices.

In a particular case of implementation, client computing devices are software and hardware systems that perform the functions of clients, in a particular case, of a peer-to-peer computer network, that is, providing access to remote services or remote computers of the specified network. Client computing devices can be made in the form of computing devices (computers) with client software installed on them.

In a particular implementation case, the system is configured to mark unique properties of intellectual property objects and metadata of intellectual property objects, containing comparison tools that provide an alarm signal when an attempt is made to create an object with unique properties of another object. In this case, a quotation (fragment) from an intellectual property object can be a unique property. When using the system, it is also possible to block the registration of transactions that violate the rights of participants, go beyond the scope of the existing rights or contradict the current legislation.

Additionally, each of the users may have a complete list of client computing devices of the users of the system, indicating, for each of the devices, a permanent network address of access to the corresponding device. Additionally, each of the intellectual property objects can be associated with the address of one of the client devices related to the management of the metadata of the corresponding intellectual property object, while the address of one of these client devices can be stored in the public domain on public data storage facilities. Additionally, the address of said client device may be embedded in an intellectual property object.

Additionally, the distributed storage is made in the form of a collection of data storages of client devices, wherein each of the client devices is configured to completely restore the data of the distributed storage without recourse to other client devices, and additionally, the system contains transaction registration means, such that each new transaction is registered upon confirmation of the possibility of registration by a predetermined, for each block of metadata, number of client computing devices, and the final registration of the transaction is carried out when changes are made to the data stores of all relevant client computing devices.

At the moment, the network of transactions with intellectual property rights and objects, implemented, for example, in the form of a platform for managing rights to the results of intellectual activity and the IPChain individualization tool, makes it possible to record in the form of transactions the facts of managing intellectual property rights that are most significant for all market participants, to organize storage of digitized objects and provide access to them using "smart" (self-executing) contracts. The IPChain network is an infrastructure that allows you to build services and platforms for effective interaction between authors, copyright holders, individuals and legal entities that create and use intellectual property, provide services for the management, legal protection and protection of rights to it.

By agreement between participants in one transaction chain, local data storages of user computing devices can store digitized versions of objects or information necessary and sufficient to identify objects. The proposed system is an infrastructure that allows you to build services and platforms for effective interaction between authors, copyright holders, individuals and legal entities that create and use intellectual property, provide services for the management, legal protection and protection of rights to it.

In FIG. 1 is an illustrative simplified block diagram of a computing device;

In FIG. 2 shows an example implementation of the system;

In FIG. 3 schematically shows the process of registering transactions in the system.

The system works as follows.

In the proposed system, the following sequence of registration and processing of transactions is carried out:

One of the computing devices of the user of the system receives a request to register a transaction in the system formed by the computing devices of users connected to the network. The request may be generated directly by the user using I/O facilities, or may come from other remote computers, for example, when the user's computing device is an organization's server.

When forming a request, an encryption key is used that identifies the user and corresponds to the user's rights to carry out and register certain types of transactions. Due to the fact that each transaction chain is associated with a set of addresses of users' computing devices, a request for transactions can be sent to any of these devices available at the time the request was generated. In a particular case, user devices may use a black or white list of available connections, that is, addresses or identifiers of remote devices from which the corresponding client computing device can receive information or to which information can be transmitted. Such information may be a request to register a transaction or information about the transaction. In the proposed system, all computing devices of users are equal and have the ability to process a request after receiving it.

Upon receipt of the request, the client computing device that received the request verifies the presence and validity of the key to operate the start of the transaction registration. If the key is missing or invalid, the request is rejected.

Next, the received transaction registration request is checked against the specification or data model of the transaction. The data models for each type of transaction and each type of data model object may differ. For example, the differences may correspond to the type of license or the type of intellectual property, or the way the parties perform their obligations, or a rights event. If the data model and the set of data presented for registering a transaction meet predetermined conditions, for example, a certain number of parties to the contract and their details are specified, the transaction registration begins, that is, the transaction content is written to the distributed database. If the request does not meet the specification, there is not enough information, the information is not presented in a machine-readable form, the data and data types do not match, the request is rejected.

Information about the transaction for which execution has begun is transmitted to all available computing devices of users that store information about the chain in which the transaction must be registered in order to check the validity of the transaction and receive the results of the validity check (assertion) from the participants to whom the requests were sent.

Approval is a verification of the possibility of the result of a transaction being written to its own registry by each of the registry holders. The results of the entry by each participant must match, which proves that the state of the registry for each participant is the same and consensus has been reached.

Upon confirmation of the validity of the transaction, the client computing device that initiated the transaction generates a transaction registration service to ensure completion of the registration of the transaction. A transaction is considered completed if the information about the transaction is recorded in the block chain and the storage of the specified block chain is ensured by all registry holders.

The transaction registration service, implemented by the hardware and software tools for modifying local data storages and distributed data storage, confirms the registration of the transaction, registers the transaction by writing data to the data block and creating a separate record with the transaction data in the distributed registry. Next, the registry holders are notified about the registration of the transaction in a specific block of the registry, and information about the block is sent to the holders.

Transactions contain the entire set of passed attributes and are placed in the block without changes. Blocks form an associated chain based on hashes from the contents of the transactions placed in the block and the hash of the previous block. Changing the content of transactions in order to compromise data on the network is impossible at the level of the underlying technology of its functioning.

Additionally, a search service can be formed that copies transaction information to a search cache to organize and enable human-centric searches of data in the ledger.

The search service can provide users with a full-text search mechanism, search in a natural language for data in a distributed registry, displays data about rights and objects, transactions with which are recorded in a distributed registry on the IPChain portal in a human-perceptible form, and also provide access to the original, machine-readable structures distributed ledger data.

The search service may be implemented as an instance of a set of instructions for automated control of the hardware of users' computing devices, or may be unique across user devices in accordance with the preferences of the respective users.

In the process of registering transactions, a single, logically separated chain of transactions is formed for actions with an object and rights to it. Information in transactions within one chain reflects the links between the links of the transaction chains. The loss or substitution of information in a separate transaction leads to the fact that the transactions following it and relying on it are not valid, a forgery is detected at the data model level.

Links between transactions on one object within the data model allow using various basic technologies for building the Registry and ensuring their synchronization, guaranteeing the immutability of data in transactions. Registers may be territorially and/or technically (technologically) independent.

Transactions related to the same object can be ordered by various parameters. For example, successive transfers of rights under one original license may be registered, as well as all registrations of rights relating to one object in a certain territory. At the same time, the same action related to an intellectual property object can be registered by various transactions of various chains, formed, including on a territorial basis.

The system, an example of which is shown in Fig. 2 contains an IP owner server 201 - 205, which may contain communication tools 206 used, for example, for technical support or pre-consultation prior to entering into agreements, the content of which is recorded by transactions. The system also includes system nodes 207 - 210 (green circles) or client computing devices, as well as a basic client computing device 211 used to deploy the system, as shown below.

All client computing devices have equivalent functions and are used to register transactions, as well as to store data on local storage devices. The system can be expanded by connecting to the system a new client computing device 212, which can be connected to the server 213 using the interface facilities of the new member of the system. The client computing device, the system member server, and the interface may be implemented on the same computing device by, for example, separating member functions over time and using a software interface as interface means.

Information exchange services, as well as data input-output devices provided by users, can be part of user computing devices or run as separate functional blocks.

As shown in FIG. 3, initially the transaction is registered 300 on one of the client computing devices in the form of a copy of the registry 301 containing a complete set of information, including in the form of a public part 302 of information, as well as a hash 303, and further blocks with information about the transaction 304 - 305 are replicated 306 and 307 in copies of registries 308 and 309 (two right columns) on the computing devices of all participants in the registry, ensuring that copies of the registries of all participants are identical.

Initially, a set of computing devices of users that form the system is created. In the initial state, the collection may contain one device, which stores a sequence of control commands that ensure the registration of successive transactions. The network address of the participant or the network addresses of the system participants are brought to the attention of users of the corresponding open or corporate networks. Other network users can connect to the system by downloading control commands to their local devices and generating transactions that describe the data of existing and joining system participants. In an alternative implementation, the control commands may be hosted on third-party servers with uninterrupted access and may be used on local computing devices of users as if said remote data stores were local data stores.

The client computing device places data about the fact of creating the result, for example, its name, a brief description and the hash code of the file itself in the distributed register of intellectual property objects. In the future, such information can be used as evidence of the priority of the author, confirmation of the fact of the creation of the object, and in some situations, if, for example, the object is design documentation or contracts for the supply of goods and services, the rights of prior use. As a user's computing device, for example, a user's terminal - an individual or a computer of a computer complex of an enterprise or organization, allocated to perform the functions of interacting with the system in terms of storing distributed data and exchanging data, including for confirming transactions, can be used. The user terminal, as well as the computer complex of the party participating in or joining the proposed system, for example, a public or corporate network for process control and data exchange, may contain means by which a result of intellectual activity or an object of intellectual property is created, or forms a digital form of representation object, as well as actions to manage the object with the formation of information, the totality of which is recorded in the form of transactions.

Due to the fact that the participants of the distributed ledger are many organizations and individuals, a large number of participants are involved in the rights management. The more different actors involved in establishing and exercising rights, the greater is the number of persons interested in observing the legal rights related to the object. Accordingly, the risk of counterfeit copying or other illegal use of objects or the announcement of the fact that objects were created by the wrong person is reduced.

For newly created or published objects, operations with which the owner of the rights intends to register in the proposed system, the system generates an initial record that characterizes the network address of the owner and the identification data of the object, which can be the result of applying the hash function to the digital version of the object representation. In the future, the specified result can be used to search for an object.

The hash function and the network address of the owner are transferred to external systems for storage along with the description of the object.

If information about the fact of creating an object is successfully recorded in a distributed registry that initially exists on one user's computing device, then the person who posted this information can indicate who owns the rights and how you can get access to the object (information about the legal protection regime and accessibility).

In particular, this can fix the availability in the free license mode, the conditions for gratuitous or paid use of the object, or indicate that the conditions for granting the right to use must be agreed with the copyright holder (which makes it possible to conclude license agreements in digital form in the future).

If the legislation of a particular country obliges the right holder to provide a certain type of access to the object, for example, to provide an obligatory copy of the work to the library, then in a similar way a specific public place is fixed, including a network library, where you can get free access to the object for review.

The value of the hash function of the object allows you to determine the correspondence between the object presented in the public domain and the original object in respect of which it is proposed to register transactions. In addition, hashing objects according to certain rules makes it possible to form an effective anti-plagiarism subsystem with voluntary certification of objects by participants according to hash function values. The anti-plagiarism subsystem can be formed by computing devices of users, whose addresses are openly distributed on the network, or are indicated in the information about the corresponding objects. Participants of the anti-plagiarism subsystem can manage the creation of the initial transaction indicated above.

If, as a result of automated examination or examination of the essence of an object, a participant discovers that a similar object has already been created earlier and the rights to it have previously been assigned to another person, the relevant information about the conflict is placed in the distributed registry.

All other market participants see the relevant information and can suspend any actions with the object until the conflict is resolved. In addition, the algorithm itself for placing information in a distributed registry can automatically block the conclusion of transactions with such an object (not post information about the transfer of rights).

Information about granting and changing rights to an object, for example, granting a simple, exclusive license or complete alienation of rights, when making transactions using third-party information systems (exchanges, contracting platforms, stock services) can be recorded in a distributed ledger in the form of a chain of transactions.

Methods and volumes of use of an object, information that reflects or changes its consumer value, can be recorded in a distributed ledger, and information about changes to the specified properties of an object can be recorded in the form of transaction chains and displayed when accessing the object, for example, when viewing and downloading. The specified information can be used in the initial assessment of the value of the object for the purposes of transactions or statement on the balance sheet. If a new object is created on the basis of the object, for example, by adding new objects to the object, then the cost of the final object may increase.

An additional mechanism for rapid interaction between authorities and market participants can be applied to all types and forms of digital objects, whether they are phonograms, photographs, three-dimensional models, texts, programs or algorithms, as well as their complex combinations, collections. Since in a number of cases, determined by the laws of different countries, the participation of authorized bodies in the registration of an object and the reflection of objects in public registers is required, the invention makes it possible to implement these functions.

The invention also makes it possible to eliminate the "gap" between the circulation of protected objects in digital form and transactions with rights to them, ensures the impossibility of obtaining access to the object and, therefore, the impossibility of using it without obtaining rights to such use. Distributed registry information can be taken into account when allowing or denying access to an object located in a digital depository. The accumulation of "chains" of blocks with transactions about objects and rights at all stages of the "life cycle" of an object allows you to build complex systems and platforms for various market participants.

To deploy a node implemented on the basis of the user's computing device, hardware-implemented control commands are used that are written to the computing devices of users who wish to join the system. Sets of codes may have means of checking the validity of the codes used, for example, to prevent hacking of computer systems, and the initial distribution of codes may be carried out by special base servers of the system. In the future, codes can be transferred between system participants as connections are established between them, including using electronic signature tools to check the validity of codes.

Network participants can form their own standards for describing intellectual property objects, which can be stored on users' computing devices or additionally transferred for storage to local data storages, for example, to special dedicated system servers.

The system provides the ability to create closed channels that are used to store confidential, commercial, sensitive information, including financial. At the same time, only authorized nodes can have access to such channels, information about which can also be generated and updated in the form of transaction chains.

A key feature of the system is the guarantee of the immutability of the registered information recorded in the form of transactions. Transactions contain the entire set of passed attributes, which are placed in the block without changes. Blocks form a connected chain based on hashes from the contents of transactions and the hash of the previous block. Changing the content of transactions in order to compromise data on the network is not allowed at the level of the underlying technology of its functioning.

Thanks to this, transactions stored in the distributed data warehouse of the system can be used as evidence, both in courts and in out-of-court settlement of disputes, as well as to assess the attractiveness and effectiveness of investments in investment projects related to the use of intellectual property.

In FIG. 1 is an exemplary simplified block diagram of a computing system suitable for implementing the proposed system.

For example, computing device 1 may be configured for use as a data server, web server, portable computing device, personal computer, or any electronic computing device.

As shown in FIG. 1, the system includes client computing devices 12, 14, 16, 18, 20, and 36. The client computing devices 36 that are part of the proposed system may be logically combined, for example, may correspond to users managing licenses for a common intellectual property object, or may be computing devices of a subsystem 22 related, for example, to an intellectual rights management association.

The client computing devices are connected to perform their respective functions via data channels 40 indicated by arrows. Most devices use the public wide area network 24 for data transmission. Devices 16 and 14 may be connected via a dedicated link using local area network adapters 32 to perform special functions, such as using device 16 as a means of filtering dangerous traffic for device 14. Devices 18 and 20 may use VPN network adapters 33 networks to improve the security of network connections, devices 12 and 16 use general purpose network adapters 32. As shown, in relation to the device 12, the hardware of the client computing devices use for control of the computing units 26, operating under the control of control codes stored in the respective data storage units 34. As shown in the example of device 12, client computing devices can provide access via data network channels to data stored in data storage units 34 .

The exemplary system hardware organization shown in FIG. 1, allows you to implement the main functions of the proposed system, provides reliable data storage in case of temporary or permanent failure of one or more system nodes, provides long-term and reliable storage of data related to transactions recorded by the system unchanged.

Claims (12)

1. The system for managing access to metadata of intellectual property objects, containing a distributed data storage, made with software, for each intellectual property object: formation of data blocks stored in a distributed manner, the totality of which contains a digital description of the object and intellectual property rights to such an object; at the same time, the system is configured to form, for the corresponding intellectual property object, the main metadata block containing a description of the method for restoring the description of the object and the rights to it from the data blocks stored distributed among different participants; and contains a means of generating additional blocks of metadata, made in the form of a distributed registry containing information that allows you to identify users from the community of users of the system, indicating for each of the users a set of access rights to data blocks and metadata; where the access rights to data blocks and metadata include the right to view, the right to edit, the right to change and the right to grant access rights to data blocks and metadata blocks of the corresponding intellectual property object to other users; the system is additionally implemented for each source data block and source metadata block, forming changing blocks, such that with the formation of a continuous sequential chain of blocks, with each change by the changing block of the data block and metadata block, for the corresponding block, a subsequent block of the chain is formed containing the changed data of the corresponding block of the chain, as well as the hash sum of the previous block of the chain and the hash sum of the subsequent block of the chain, calculated taking into account the hash sum of the previous block of the chain, and the storage of blocks is carried out in the form of a redundant set of data; in addition, each time a subsequent block in the chain is generated, users who have access rights to the previous block in the chain and the users having the right to grant access rights to the relevant intellectual property object, and with the ability to check the validity of data for all users, such that for each user, with each change of the corresponding block by the changing block, identical subsequent blocks of the chain are formed for all users; And confirming block changes by modifying blocks on a successful data validation, or rejecting block changes on a failed data validation. 2. The system according to claim. 1, made containing comparison tools that provide an alarm when an attempt is made to create an object or rights to an object with unique properties of another object, with blocking the recording of the corresponding data. 3. The system according to claim 2, in which a unique property is a quote from an intellectual property object.

Images