APPARATUS AND METHOD FOR FORMING A PACKAGED- OBJECT PRODUCT AND A PACKAGED-OBJECT PRODUCT FORMED THEREFROM
The present invention relates generally to object-oriented communication techniques and constructs. More particularly, the present invention relates to a packaged-object product. The present invention also relates to a method and apparatus for packaging a data payload with executable code to form the packaged-object product. The executable code defines at least one policy, and a set of capabilities is associated with each policy. The policy responds to events which are associated with the capabilities.
The packaged-object product created according to an embodiment of the present invention forms an encapsulated object having active, self- enforcing policies. When an encapsulated object is received at a receiving station, such as a computer, requests are made of the capability at the receiving station. The encapsulated object responds to the requests in a manner such that the policy, or policies, defined by the executable code are enforced.
In an exemplary implementation, the data payload forms a digital data file, such as an e-mail document or facsimile document. The executable code packaged together defines at least one policy with which a capability is associated. The policy embodied by the executable code defines who. when, or how a capability can be performed upon the data file. An exemplary policy embodied by the executable code comprises a restriction to access to the data file, and arr exemplary capability includes a read capability to permit reading of the data file if compliance with the policy is achieved.
BACKGROUND OF THE INVENTION Advancements in digital technologies have permitted the development of. and practical implementation of. a wide array of devices for performing
tasks which can be carried out at rates dramatically more quickly than that which can be performed manually Devices utilizing digital technologies are typically able to perform repetitive functions at significant speeds Because of the speed at which such functions can be performed, activities preuousl} considered impractical can now be readily implemented
Devices used in a digital communication system are exemplar) of devices which make use of some of such advancements in digital technologies A communication system includes a sending station and a receiving station interconnected by way of a communication channel When the communication system is a digital communication system, the information which is to be transmitted between the sending and receiving stations is typically in the form of. or is represented by. binary bits The binary bits are transmitted upon the communication channel to be received b\ the receiving station Depending upon the characteristics of the communication channel, binary bits forming the information might first be converted into a form to permit their transmission upon the communication channel And. the receiving station must be able to receive and re-convert the converted-bits into a form to permit the informational content thereof to be recreated at the recemng station Ad\ ancements in digital technologies have also permitted the creation of. and
of. personal computers Personal computers increasingly are used as communication devices to form portions of a digital communication system Separate computers are connected together by way of private networks as well as by way of the internet Data generated, or stored. at one computer can readιl\ be transmitted to another computer by way of network interconnections E-mail documents, text documents, picture documents, and audio documents are all exemplary of information communicated between computers, or other digital processing devices
Many other types of communication systems similarly make use of digital technologies to communicate information between a sending station
and a receiving station. For example, facsimile machines also permit the communication of information between a sending-facsimile machine and a receiving-facsimile machine, typically connected together by way of a PSTN (public-switched telephonic network). A document which is to be transmitted is converted into digital form and a binary representation of the document is transmitted by the sending-facsimile machine to a receiving-facsimile machine. Digitized information can analogously be communicated between a sending and a receiving station of other types of communication systems.
Security issues relating to data communicated between a sending and a receiving station is sometimes of concern. Security of the communications is sometimes of concern, not only during transmission of information upon a communication channel but also subsequent to its reception at a receiving station. Encryption techniques, for example, are sometimes utilized to encrypt information prior to its transmission upon a communication channel to a receiving station. Encryption of the information reduces the possibility that a recipient, other than an intended recipient, shall be able to recover the informational content of the information. When received at a receiving station, the received information is de-encrypted, and thereafter, the informational content of the information is recovered. Once the information has been de-encrypted, the sender of the information no longer controls access to the information.
More generally, once the information is sent by a sender, the sender loses use-control over the information. If, however, the sender were able to maintain use-control over the information, the sender would be able to limit access to. and use of. the information.
A manner by which better to provide a sender of information greater use-control over the information subsequent to its communication to a receiving station would be advantageous.
It is in light of this background material related to the communication of information that the significant improvements of the present invention have evolved.
SUMMARY OF THE INVENTION The present invention, accordingly, advantageously provides apparatus, and an associated method, for packaging a data payload together with executable code to form a packaged-object product. The executable code defines a policy with which compliance must be achieved to permit a capability, such as a read or copy operation, to be performed upon the data payload.
The present invention further advantageously provides a packaged- object product formed of a data payload and executable code which defines a policy and with which a capability is associated. The policy responds to events which are associated with the capability. In one aspect of the present invention, the packaged-object product forms an encapsulated object having active, self-enforcing policies. When such an encapsulated object is provided to an appropriate receiving station, requests are made of the capability associated with the executable code forming a policy and which is included as a portion of the encapsulated object. The encapsulated object responds to the requests made of the encapsulated object at the receiving station. The responses are made in a manner such that the policy defined by the executable code is enforced. The executable code forming the policy defines who. when or how a capability can be performed. And. the capability associated with the policy defines an act which can be carried out upon the object.
One or more policies are defined by the executable code and each policy has associated therewith one or more capabilities. That is to say, a set of capabilities is associated with each policy. An act carried out upon an object is dependent upon the requests made upon the encapsulated object by
the receiving station. Thereby, separate acts might be performed upon the encapsulated object dependent upon the requests made of it by the receiving station. Through use of appropriate policies, access to the object can be made to be limited. Security problems associated with an object subsequent to its de-encryption are obviated due to the self-enforcing nature of the policies of the encapsulated object.
The executable code defining the policy of the encapsulated object is formed of objects-oriented codes, such as JAVA ™ code. An encapsulated object of an embodiment of the present invention is able to implement the specified policies which have associated therewith dynamics capabilities.
In an exemplary implementation, the packaged-object product includes a digital data file, such as an e-mail document, facsimile document, text file, picture file, or digitized audio file. The policy embodied by the executable code with which the data file is packaged defines who, when, or how a capability, such as a read capability, is performed upon the data file.
In another aspect of the present invention, the policy packager, and an associated method, packages data within at least one policy to form a packaged-object product. At least one policy is stored at a storage location of a storage element. Each policy has a set of capabilities associated therewith. Each capability of the set of capabilities is effectuable responsive to compliance with the policy to which the set of capabilities is associated. An adder is coupled to receive the data and to the storage element. The adder selectively accesses the storage location at which the policy is stored. The selected policy is retrieved and added to the data to package the data therewith. _The data, once packaged with the selected policy, forms the packaged-object product.
In these and other aspects, therefore, a packaged-object product, and an apparatus and method for producing such product, is provided. The packaged- object product includes a data payload. At least one policy is packaged together with the data payload. The at least one policy defines selected
criteria and has associated therewith a set of capabilities. Each capability of the set of capabilities defines an event capable of being performed upon the data payload when compliance with the selected criteria defined by the policy is achieved. A more complete appreciation of the present invention and the scope thereof can be obtained from the accompanying drawings which are briefly- summarized below, the following detailed description of the presently- preferred embodiments of the invention, and the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 illustrates a functional block diagram of a policy packager of an embodiment of the present invention.
Figure 2 illustrates a representation of an encapsulated object of an embodiment of the present invention formed during operation of the policy packager shown in Figure 1 . Figure 3 illustrates a representation of a portion of the encapsulation layer of the encapsulated object shown in Figure 2.
Figure 4 illustrates a functional block diagram of a communication system in which an encapsulated object, such as the encapsulated object shown in Figure 2. is generated and transmitted between a sending and a recei v ing station.
Figure 5 illustrates a method flow diagram listing the method acts of the method of operation of an embodiment of the present invention.
DETAI LED DESCRIPTION
Referring first to Figure 1 , a policy packager, shown generally at 10. is operable to package an object 12 forming a digital payload together with one or more policies to form an encapsulated object 14. In an exemplary implementation, the policy packager is formed of a digital processor, such as a personal computer or other computing device. In such an implementation, the
objects 12 may also be generated at the digital processing device. The object 12 is here represented as an input to the policy packager 10 as. in the exemplary implementation, the object 12 is separately created and then applied to the policy packager 10. The policy packager 10 is here shown to be coupled to a user interface.
In an implementation in which the policy packager 10 forms a portion of a personal computer, the user interface 16 forms a computer key board permitting a user to enter input commands to effectuate operation of the policy packager, as appropriate. A controller 18 is operable to control packaging operations of the packager 10 and is here shown to be coupled to receive commands generated by way of actuation of the user interface 16.
The policy packager 10 is further shown to include a storage element 22 having a plurality of storage locations 24. In the implementation in which the policy packager is embodied by a computer, the storage elements 22 is formed alternately of computer main memory or storage elements of a computer-peripheral, storage device. Data stored in the storage locations of the storage elements 22 form executable code defining policies. Each policy has associated therewith a set of one or more capabilities. Each policy defines who. when or how a capability can be performed. And. each capability defines an action.
The policy packager further includes an adder 26 coupled to receive the object 12 and also to data stored in storage locations 24 of the storage element 22. Operation of the adder 26 is here shown to be controlled by the controller 1 8 which is also operable to control which of the data stored in the selected ones of the_storage locations is provided to the adder 26. The adder 26 is operable to package together the objects 12 and one or more policies formed of the data stored in the storage locations 24 of the storage element. The adder forms the encapsulated object 14 by packaging together the objects 12 together with the data forming the policies retrieved from the storage locations 24. Selection of which of the policies is added by the adder 26 together with
the object 12 is made by user actuation of the user interface 16 or can be automatically selected by way of an automated process. The adder 26 is operable, for example, to concatenate together an object 12 to the data forming the selected policies. In one implementation, the data payload forming the object 12 forms a facsimile document, and the policy packager 10 forms a portion of a facsimile machine. In another implementation, the data payload forming the object 1 2 comprises an e-mail document, such as that generated at a personal computer, and the policy packager 10 forms a portion of such personal computer. In an analogous manner, the data payload forming the object 12 can also be formed of any digital material, such as digitized text, digitized picture information, and digitized audio information. The policy packager 10 forms a portion of digital processing apparatus operable to receive and perform operations upon such digital data. Figure 2 illustrates an encapsulated object 14 of an embodiment of the present invention. The encapsulated object 14 forms a packaged-object product, such as that formed by the policy packager 10 shown in Figure 1 . The encapsulated object 14 is formed of a data payload. here the object 12. Exemplary objects 12 include facsimile documents, e-mail documents, text documents, digitized picture documents, digitized audio documents, and the like. The encapsulated object 14 also includes executable code forming one or more policies 32. While in an actual implementation, the executable code forming policies 32 are concatenated together with the objects 12. Policies 32 are here shown to be packaged about, or to encapsulate, the objects 12. Such encapsulation indicates that the access to the objects 1 2 is limited, and the policies 32 form a self-enforcing, content-control mechanism which limits the performance of actions upon the object unless compliance with at least one. more than one. or all of the policies 32 is achieved. The exemplary object 14 shown in Figure 2 includes N policies which encapsulate the object 12. N can be of anv selected number.
A set of capabilities is associated with each policy 32. A policy defines who, when or how. an action can be performed upon the objects 12. The capability defines the action which can be performed upon the object if the policy with which the capability is associated is complied with, the capability can be performed upon the objects 12.
Figure 3 illustrates the policies 32, and sets 34 of capabilities 36 associated with the policies 32. In an exemplary implementation, the executable code of which the policies 32 are formed comprise object-oriented code, such as JAVA ™ code. Exemplary capabilities 36 associated with various of the policies include, for example, a read capability, a forward capability, a change (or overwrite) capability, an append capability, an annotate capability, and a delete-object capability.
Both the policies and the capabilities associated with the policies are dynamically-selectable during creation of the object, such as by the policy packager 10 shown in Figure 1 . Each policy 32 forms a content-control mechanism controlling access to the objects 12 to have one or more capabilities performed thereon.
An exemplary encapsulated object includes a text document forming the object 12 and which includes a legal notice message. The document forming the object 12 is encapsulated with a policy of: a presentation of the legal notice to a prospective-accessor, and legal notice acknowledgment, or a failure to do so. A capability associated with such policy permits limited access to the document if the prospective-accessor acknowledges retrieval of the legal notice. Such an encapsulated object limits access to the document unless a prospective accesser acknowledges receipt of the legal notice associated with the document.
Figure 4 illustrates a communication system, shown generally at 52, having a transmitting station 54 and a receiving station 56, interconnected by way of a communication channel 58. In an exemplary implementation, the transmitting and receiving stations 54 and 56 form computer stations
connected together by way of a computer network which forms the communication channel 58. The transmitting station 54 includes a policy packager 10 and, here, also an object creator 62. The object creator 62 creates an object 12 (shown in Figure 1 ). The object created by the object creator 62 is provided to the policy packager 10 which packages the object together with one or more policies as above-described to form an encapsulated object 14 (shown in Figures 1 and 2). Additional portions (not shown) of the transmitting station 54 place the object 14 in a form to permit its communication upon the networked connection 58 for transmission to the receiving station 56.
The receiving station 56 receives the encapsulated object 14 transmitted upon the network 58. The encapsulated object is delivered to an area of the receiving station 56 at which requests are made of the capabilities associated with the at least one policy of the encapsulated object. The receiving station generates events, also referred to as method requests or messages, and the encapsulated object responds to such events. The object responds to the events in manners which enforce the policy or policies of the encapsulated object. When compliance is achieved with the policy or policies, performance of the one or more capabilities associated with such policy or policies is carried out at the receiving station.
Figure 5 illustrates a method, shown generally at 72. of an embodiment of the present invention. The method 72 packages a data payload within at least one policy to form a packaged-object product.
First, and as indicated by the block 74. at least one policy is stored. The policy_has a set of capabilities associated therewith. Each capability of a set of capabilities is effectuable responsive to compliance with the policy with which the set of capabilities is associated. Then, and as indicated by the block 76. one or more policies stored during the act of storing is selectively accessed.
Thereafter, and as indicated by the block 78. the policy accessed during the act of selectively accessing is retrieved. And. as indicated by the block 82, the policy retrieved during the act of retrieving is added to the data payload. Thereby, the data payload is packaged with the policy. The data payload, once packaged with the policy forms the packaged-object product.
Thereby, through operation of an embodiment of the present invention, self-enforcing content control is provided to an object. The creator and sender of the encapsulated object of an embodiment of the present invention thereby includes active, self-enforcing policies. When an encapsulated object is received at a receiving station, effective control over the object is maintained by the creator by virtue of the policies packaged together with the object.
The previous descriptions are of preferred examples for implementing the invention, and the scope of the invention should not necessarily be limited by this description. The scope of the present invention is defined by the followinc claims: