FR2910665A1 - DIGITAL RIGHTS MANAGEMENT SYSTEM - Google Patents

Abstract

A method for managing action rights on a digital document, comprising issuing a license associated with a digital object necessary to use to perform an action on the document, the license defining a right restricting a use the object to a type of person identifier that may require action on the document or to a type of action that can be implemented on the document; characterized in that the issuing of the license comprises a selection of the type of identifier in a list of identifier types or the type of action in a list of action types, each type, action type or action type. identifier, being associated with a recognizable supplier.The invention also relates to a device for implementing such a method, and a method and a terminal for determining whether a required action on a digital document received is permitted or no, and a digital document distribution system.

Description

The invention relates to a method, a device and a management system

  rights on a digital document (or DRM). DRM systems can protect a document or digital content for distribution on a user's digital device. Proven protection mechanisms are used to ensure the confidentiality and integrity of the contents both during transport, storage and consumption. In order to protect the content, a content provider, and possibly downstream content distributors in the distribution chain, defines a license specifying that a user, carrying a certain identity, has a certain right of action over the contents. To request action on such protected content, a user will use a specific DRM application, embedded on its terminal and dedicated to the DRM system considered. This app will first evaluate the license associated with the content. If the license grants the user a right to the required action, the application will actually perform that action on the content. The DRM application must therefore be trusted and resistant to changes intended either to override the process of verifying the license or to extract the content of its protection. To this end, the DRM system is designed to constrain the definition of the user's identity and the definition of actions. In particular, the only accepted identities may be those associated with the instance of each DRM application in order to guarantee their authenticity and to identify them individually, and the only accepted actions are those provided by the DRM system in a dictionary of Rights (still named RDD of the English acronym Rights Data Dictionary). The right that the content provider defines in its license, typically expressed by the <Identity <triplet; Action; Document>, so is 2910665 2 limited by the information defined by the identity associated with each application and the dictionary of rights. An object of the invention is to open the rights defined by the content provider to other identities and actions other than those defined by the DRM system. Another objective of the invention is to make identity and action providers benefit from the DRM system according to the invention, while also enabling them to protect the distribution and consumption of their identities and their respective actions. To this end, the invention proposes, according to a first aspect, a rights management method of executing an action on a digital document, the method comprising issuing at least one license associated with a digital object necessary to use. to perform the action on the document, the at least one license defining at least one right restricting use of the object to: (a) a type of person identifier that may require action on the document; or (b) a type of action that may be carried out on the document; characterized in that the issuing of the license comprises the constitution of the at least one right comprising, as the case may be (a) or (b), a selection of: 20 - type of identifier in a list of identifier types, each type of identifier being associated with a distinct identifier provider recognizable by provider recognition means when the use of the object is required; or the type of action in a list of action types, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required . Other optional features of this rights management method are: 2910665 3 - the digital object is the action, or document, or identifier used to perform the action on the document, and the at least one right is restricted according to (a) whether the object is the action or the document and the at least one right is restricted according to (b) whether the object is the identifier or the document; 5 -the object is the document, and said at least one restricted right at a time according to (a) and according to (b); the object is the action to be performed, said at least one restricted right according to (a) and also restricted to a type of document; the object is an identifier used to execute the action on the document, in that said at least one restricted right according to (b) and also restricted to a type of document; the type of document is selected from a list of document types on which an action is likely to be required, each type of document being associated with a distinct document provider recognizable by provider recognition means when the use the object is required; the license or licenses are encapsulated with the object in a content; alternatively, the issued license or licenses are stored in a memory capable of communicating with an action request mechanism, and the licenses are associated with the object by links encapsulated with the object in a content, each link constituting an address to a storage area of a license associated with it; the licenses are stored on a remote server of said query mechanism; The suppliers also each affix a digital mark identifying them in the object itself or encapsulated with the object in a content or in the licenses they issue, the supplier recognition means when the use the object is required being able to identify a supplier from that brand; 2910665 4 - alternatively or in combination, the supplier recognition means when an action is required are able to identify a provider only from the type of identifier used to request the action to be performed (in order to identify a provider identifier), the type of action to be performed (in order to identify an action provider) or possibly the type of document on which one wishes to act (in order to identify a document provider); - each right is defined by at least the following triplet: <Identity; Action; Document>, Identity identifying the person or a group of persons to 10 who the right is associated, Action identifying the nature of the action required by that person or group of persons, and Document identifying the document to which the request relates action. According to a second aspect, the invention proposes an electronic device enabling a supplier or a distributor to create rights of use of a digital object to enable an action to be implemented on a digital document, the device comprising means for: writing and issuing a license defining digital rights comprising at least one right restricting the use of the object to a type of identifier or a type of action, selecting: a type of identifier among a list of person identifier types that may require action on the document, each type of identifier being associated with a distinct identifier provider recognizable by provider recognition means when the use of the object is 25 required; and / or: an action type from a list of action types that may be required, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required, where to create an association between the license and the object, to issue an identifier specific to the distributor and to encapsulate it with the object in a content and / or in the license, to redistribute the content. Other optional features of the latter electronic device are: the device further comprises means for writing and issuing the license so that said at least one right can also be restricted to a type of document on which an action is likely and further comprising means for selecting the type of document from a list of document types, each type of document being recognizable by vendor recognition means when a use of the document type is detected. object is required; the device further comprises means for transmitting the license to a server for storage, and in that said association between the license and the object comprises the creation of a link encapsulated with the object in said content, a link constituting an address to a storage area in the server; - alternatively, the association between the license and the document includes the encapsulation of the license with the object in the content; The device is an automated information processing system. According to a third aspect, the invention proposes a method for determining whether a required action on a digital document received is allowed or not, the action being required necessarily using a digital object associated with at least one license defining at least one restriction of use of the object to: (a) a type of person identifier capable of requesting action on the document, the type of identifier being associated with a recognizable authorized credential provider; or (b) a type of action that can be implemented on the document, the action type being associated with a recognizable authorized action provider; characterized in that the method comprises the following steps: - requiring the execution of the action on the document by calling the object; 5 - consult the license (s) associated with the object so as to identify each restriction on the use of the object; if there is a restriction according to (a), identifying the type of an identifier used to request the action and determining whether or not it is associated with said action provider; 10 - if there is a restriction according to (b), identify the type of action required and determine whether or not it is associated with the said action provider; - determine whether the use of the object is permitted by the license (s); -execute the action only if an authorized supplier has been associated with each restriction and there are no further restrictions. Other optional features of the latter method are: the digital object is the identifier, the action or the document, and there is at least one restriction according to (a) whether the object is the action or the document and at least one restriction according to (b) whether the object is the identifier or the document; Said vendor determination comprises reading digital mark (s) encapsulated with the object in a content, a digital mark including an identifier of a particular provider; alternatively, said provider determination comprises an identification of a provider only from the type of identifier used to request the action (in order to identify an identifier provider) or the type of action required ( to identify an action provider). According to a fourth aspect, the invention proposes an electronic terminal comprising means for putting said method to determine whether a required action on a digital document received is allowed or not.

  Other optional features of this electronic terminal are: the terminal stores one or more identifiers that can be used; said means for performing an action are such that they can be completed and / or updated by additional components (i.e. plugins), these additional components containing new actions that may be required; the terminal is an automated information processing system. According to a fifth aspect, the invention proposes a system for distributing and manipulating documents comprising a distribution chain comprising at least one digital object provider 10 necessary to use to execute an action on a document, characterized in that the system is arranged to: allow each provider to design and issue at least one own license associated with each digital object it provides, the at least one license defining at least one right restricting use of the object to: a) a type of person identifier that may require action on the document; or (b) a type of action that may be carried out on the document; the license design comprising the constitution of the at least one right 20 comprising, as the case may be (a) or (b), the selection of: the type of identifier in a list of types of identifiers, each type of identifier being associated with a distinct credential provider recognizable by vendor recognition means when the use of the object is required; or the: type of action in a list of action types, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required; To give the user of the document the ability to request and execute an action on the document, to use objects for this purpose, to consult the licenses associated with the objects, to recognize a provider of identifiers and to actions used; (5) whether to authorize the execution of the action according to whether, respectively, a supplier has been associated or not with each restriction right contained in said licenses consulted. Other optional features of this system are: the system is further arranged to allow each provider 10 to issue an own identifier and to embed it in the content; the system further comprises a server for storing the licenses and managing the exchanges with the user; an object is an identifier, and the system comprises at least one supplier and / or distributor of identifiers able to design and issue at least one own license associated with each identifier it provides, the license defining at least one right restricting use of the identifier to said selected type of action and / or a type of document on which an action is likely to be required; an object is an action, and the system comprises at least one supplier and / or share distributor able to design and issue at least one own license associated with each action it provides, the license defining at least one restricting right a use of the action at said selected identifier type and / or a type of document on which an action is likely to be required; The document type is selected by the at least one supplier and / or distributor in a list of document types, each type of document being associated with a distinct document provider recognizable by provider recognition means when the use the object is required; 2910665 9 - an object is a document, and the system includes at least one document provider capable of designing and issuing at least one own license associated with a document it provides, the license defining at least one right restricting a use of the document selected ID type audit; 5 and / or selected type of action. Other features, objects and advantages of the invention may be read in the description which follows, given here by way of non-limiting example, and illustrated by the following figures: FIG. 1 schematically represents the links of trust that may exist in a distribution system according to the invention, the latter comprising a content provider (Art'East), an action provider (Soft'Inc), an identity provider (Pop'Mag), a user (Gloria ) using a DRM application (Rendering Application). FIG. 2 shows an exemplary implementation of a DRM system according to the invention when an identified user requires an action on a received document. The DRM system according to the invention makes it possible to protect digital objects used when a user of the system requires and / or executes an action on a digital document by means of the application of DRM, the digital document containing the desired useful information. . In a nonlimiting manner, a digital object may be the digital document itself on which the action is required, the digital action required itself, or a numerical identifier used to execute the action on the document by the application. of DRM.

A protected digital object (document, identifier, action) is typically designed by a provider of these objects (document provider, credential provider, action provider). The object is then distributed in a distribution network, through distributors (document distributors, ID distributors, share distributors), or directly to the user.

A protected digital object is advantageously included in a digital content, this content may further include possible encryptions, codings, links, etc. To obtain the protection of a digital object, it is typically encrypted to using a key. In parallel, the provider of the object issues a license, associated with the object, containing the symmetric key for performing the decryption, and thus to act on the object. This key is distributed to the user through the license only if the latter authorizes it. In this way, only this license allows the application of DRM 10 to access the object. To obtain the key, the user must be authorized by the rights defined in the license. A right defines the conditions to allow or not an action required by a user, carrying a certain identifier, on a document. According to the invention, some of the conditions consist in conditions of use of an object by the user, this object being necessary for the execution of the action on the document. For example, a document provider may define a right in its license to use a document provided by it, provided that it is a specified person, i.e. having identifiable identifiers, who requires its use. A license groups one or more rights. A license may be issued by a document, identifier, action provider and / or a distributor. A license may be expressed using a rights language to 1) identify the user, 2) identify the action, and 3) identify the document associated with that license: <Identity; Action; Document>. One or more licenses are for example associated with an object by one and / or by the other of the following techniques: the license or licenses are encapsulated with the object in the content; the content contains links encapsulated with the object, each link constituting an address to a storage area of a license which is associated with it, the license or licenses being stored in a memory, such as for example a server remote, able to communicate with the DRM application used to request an action on a document. When a user wants to implement an action on a given document 5, he launches a dedicated DRM application dedicated to the considered DRM system, which is embedded on its electronic terminal. This app will first evaluate the license associated with the content. If the user has such a right on this content, the application will then perform the corresponding action on the document. Only this DRM application is capable of extracting the protected content and applying an action. This application must therefore be chosen with confidence and resistant to modifications intended either to override the process of verification of the license or to extract the content of its protection. 1. Content User Identity Rights 15 In known DRM systems, the only way for a document provider (also called content provider or content provider, also known as pi) to define who can use its document is limited by a unique identifier, this identifier being typically specific to the instance of the DRM application used.

However, the means of identifying a user (natural or legal person) are not necessarily unique in the digital world, but are rather multiple, and correspond to a collection of identifiers issued by different organizations for the same user. A user can therefore be identified by several identities such as, for example, a civil digital identity code issued by a government organization, a health code issued by a health organization, a bank identity (CB) issued by a financial institution or banking, an identity issued by a website (eg YahooTM ID, GoogleTM ID) or others. In order to open the DRM system to all these other identities, the invention provides a right restricting a use of the object (here a document) to a person identifier type 2910665 12 that may require action on the selected document in a list of possible identifier types, each identifier type being associated with a distinct identifier provider recognizable by provider recognition means when the use of the object 5 is required. Rather than being limited to using an identity specific to the DRM system, the system according to the invention allows a document provider to specify that a certain user can use his document if he carries an identity of a certain type issued by a particular identity provider.

As a result, the DRM system according to the invention no longer imposes which identity is considered trusted by the application, but rather it is the document provider who, through the license associated with the document, specifies which identity is trustworthy. Thus, the document provider can identify the user from an information set that is a priori richer than the identity considered in the existing applications. The DRM system according to the invention can also be arranged to allow a document distributor to issue a license similar to that of the provider, and associated with the distributed document, if the document provider authorizes it. The DRM system according to the invention can also be arranged to allow a supplier and / or a distributor of shares to issue a similar license. However, this license is associated with the action provided so that when the user calls the action, the license is evaluated. A supplier and / or distributor of actions may therefore only authorize one of their required actions on a document for those who identify themselves using an identifier provided for in the license, ie an identifier provided by a user. credential provider provided in the license. 2910665 13 2. Rights Related to the Action Required by the Content User Action is typically called a program or code. The result of an action may be of a nature to modify the document itself on which it has been applied and / or to modify the physical environment of the user through an output device of his digital terminal and / or to modify the distribution mode of the document. An action can for example be read, write, distribute, modify, copy, delete, etc. In known DRM systems, the set of actions that can be applied to a document is limited by the RDD of the DRM system 10 considered. Indeed, only the code issued by a certain organization (typically the one delivering the application of DRM) is considered to be trusted. A principle of this embodiment according to the invention is to open the DRM application to other types of codes. For this purpose, the invention provides a right restricting use of the object (here a document) to a type of action (or code), which can be executed on the document, selected from a list of types possible actions, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required.

These other types of action may be internal code or external code provided by an action provider (Rights Provider, also noted pr) - it should be noted that the word Right in computer syntax usually means an Action on a document but does not correspond to the law as it is understood in this application.

Advantageously, an external code is provided as additional components (plugins). The plugins approach is flexible, so we can plan to distribute to the user a minimum application of DRM, to which can be added various downloadable plugins.

Depending on its needs, the user will be able to add other plugins to his application. It will be able to complete or update it according to, for example, the latest technological advances. Nevertheless, only trusted plugins can be added to the minimal DRM application. For example, only the organization providing the minimal application could be empowered to issue so-called trusted plugins. A document provider can thus specify in its license that only the actions delivered by one or more action providers can be applied to its content. In practical terms, the document provider will restrict the share rights on a document to the shares of one or more specific types of shares, the shares of a certain type of stock being provided by a certain supplier of shares. particular action. The DRM system according to the invention may also be arranged to enable a content distributor to issue a similar license, if the document provider authorizes it. The DRM system according to the invention can also be arranged to allow a supplier and / or distributor of identifiers to issue a similar license. However, this license is associated with the provided identifier so that when the identifier is called, the license is evaluated. An identifier provider and / or distributor may therefore authorize the use of one of their identifiers only if the action required on a document is authorized by the license, ie if it is an action provided by an action provider. provided in the license. If the DRM application requires the identification of the user, then the user can remain in blocked mode, and not allow the action on the document. 3. Rights Related to the Document on Which an Action is Required by the Content User In addition to or as an alternative to the various rights set forth above, the DRM system according to the invention may be arranged to allow a provider and / or or a distributor of identifiers, and / or a supplier and / or a distributor of shares, to restrict in his license a right to a type of documents on which an action is likely to be required, such documents that may come from a particular document provider. 4. The principle of the trust relationship The DRM system of the invention enables providers of identifier, action and / or content to create trust relationships. The document provider can thus specify in his license that he trusts one or more identity providers to identify a user and / or that he trusts one or more action providers to use his document. The invention goes even further by considering identities and actions as objects in the same way as documents. Indeed, in existing approaches, only the document provider could define a valid license associated with the document. The invention makes it possible to extend this principle to identities and actions such that: an identifier provider may specify a license stating that only certain actions and / or certain documents may be used with the identifiers it distributes. It can thus restrict the use of its identifiers; and / or: - an action provider can restrict who can use his actions and / or with what type of document. He can thus restrict the use of his actions. The invention thus allows each provider, and each authorized distributor, to protect and distribute content, be it a document, an identity or an action. In the end, the application of DRM will interpret all the corresponding licenses to decide whether a user, carrying a certain identity, is authorized or not to perform a certain action on a specific document. If the three licenses issued by the different providers (identity, action, content) authorize the request, the DRM application can then execute the corresponding action 2910665 16 and thus deliver the result to the user, unless other rights are provided for in the same and / or other licenses. In the latter case, these other rights must also be consulted to authorize the action. 5. Implementation of a DRM application The application of DRM according to the invention can be implemented on an electronic terminal, such as an automated information processing system, eg a fixed or portable computer. , a mobile phone, a smart phone (better known as Smart-phones), a PDA, or a hi-fi, video, etc. This application determines whether an action required by the user on a digital document received is allowed or not, the action being required necessarily using a digital object (eg document, action, identifier) associated with at least one license defining at least one restriction according to the invention.

This application implements the following steps: (a) require the execution of the action on the document by calling the object; (b) consult the license (s) associated with the object so as to identify each restriction on the use of the object; (c) Different cases of figures: - if there is a restriction on a particular type of identifier, the DRM application then calls (or has already called) an identifier before the action can be executed. Optionally, this identifier is confirmed by authentication means. This step then consists in determining whether this identifier belongs to a type of identifier authorized by the license; and / or 25 - if there is a restriction on a particular type of action, identify the type of action required and then determine whether it is authorized by the license; and / or - if there is a restriction on a particular type of document, identify the type of document on which an action is required and determine whether it is authorized by the license; (D) determine whether the use of the object is permitted by the license (s); (e) perform the action only if an authorized supplier has been associated with each restriction and there are no further restrictions. To determine whether the use of the object is authorized by a restriction of the license, the provider (identifier, action or document) must be recognized in step (c). This provider recognition step comprises: 10 - the reading of digital mark (s) encapsulated (s) with the document in a content and / or in the licenses, a digital mark including an identifier of a particular provider; in this case, it is the different suppliers who have embedded their own signatures or identifiers in the content and / or in the licenses; and / or 15 - identification of a provider only from the type of identifier used to request the action (to identify an identifier provider) or type of action required (to identify the action provider) or the type of document on which action is required (to identify the document provider). 6. Example and Formalization Figure 1 illustrates an exemplary embodiment of the invention. In this example, Pop'Mag is an online music site. It issues PopMember identities to members of its site. Softlnc is the author of the PowerPlayer plugin for playing a certain format of music content.

Art'East is the author of the musical content Art-Song. The latter has a partnership with Pop'Mag so that his readers can read his music. To avoid unauthorized use of its content, it relies on the PowerPlayer plugin to read its content. Softlnc, meanwhile, does not issue any restrictions on the content that can be used with its plugin. Softlnc also has a partnership with Pop'Mag so that only these readers can use it without restriction. Pop'Mag, meanwhile, allows these licenses to be used to access any content, however it does not want any action to be used. Indeed, the action used must respect the privacy of the users and therefore keep confidential the information contained in these identities. For Pop'Mag, PowerPlayer is a trusted action. Gloria is a member of Pop'Mag, she downloaded the piece ArtSong and wants to read it with her application via the PowerPlayer plugin. According to the various licenses issued by Pop'Mag, Softlnc and Art'East, it is authorized to read such content as shown in Figure 2.

In this example, Art'East will therefore create a content corresponding to the definition: [ArtSong] Art'East. He will then specify a license to allow Gloria to "read" ArtSong content. For this, Gloria must carry a certain identity provided by Pop'Mag. In order to read ArtSong, Gloria must use a certain plugin distributed by Softlnc. Art'East must therefore issue a license 15 corresponding to the definition: [<[Gloria] Pop'Mag, [Power Player] Soft'täo, [ArtSong] A, -r'East>] Art'East. In the same way, Soft'Inc will create a plugin corresponding to the right "to read". It will also define a license stipulating who and what content can use its plugin. Finally, Pop'Mag as an identity provider will create an identity for Gloria and define in its license what plugin and what content can use it. A license also defines a set of permission rights for a certain user to perform a certain action on a certain document. A license must therefore be expressed in a language which makes it possible to define such rights. The license expression language (also known by the abbreviation REL of the Anglo-Saxon acronym Rights Expression Language) is advantageously chosen to be unambiguous, understandable by a natural person, and interpretable by the 30-minute computer program. application of DRM.

The syntax of the license language used will not be detailed here: the invention being independent of the language and of the support application used, only the formalization of the types of assertion that such a language allows, in order to implement implement the rights management system as described above. A right defined in a license written in such a language is a triplet composed of a description of the identifier (Identity) of the user and the provider of that identifier, a description of the action (Action) and of the provider of this action, and a description of the content (Document) and 10 of the provider of that content. So we can formalize a license and a grant like this: Identity, Action, Document are basic types License :: = [setOf (Grant)] Grant Provider :: = <[Identity] provider, [ Action] provider, [Document] provider> 15 Provider :: = Identity In order to formalize the mechanism for interpreting licenses, an isPermitted predicate is defined to stipulate that a certain object provider (ie identity, action, content) authorizes a user, carrying a certain identity, to perform a certain action on a certain content. For that, he must have specified in his license a permission corresponding to the given triplet. The isPermitted predicate is formalized as follows: isPermitted :: = [Pro empty x Identity x Right x Content ù * Boolean] b [i: ID] Pi: Provider: Identity, [a: Action] Pr.Provider: Right, [d : Document] Pc: Provider Content 25 p E {pi, pr, pc}, [s: setOf (Grant)] p: License, g: Grant es 1 g = <[I] Pi [a] Pr •, [d ] Pc> ù> isPermitted (p, [i] pi, [a] Pr, [d] Pc.) According to the invention, the application of DRM must check all the licenses issued by the different providers involved in a given request . In this example, Gloria, as "PopMember", wants to read the content "ArtSong" using the plugin 2910665 20 "PowerPlayer" on its digital terminal. The DRM application will then check the three licenses issued respectively by Pop'Mag, Soft'Inc and Art'East. All must authorize the request so that Gloria can read its contents. This decision mechanism is formalized with the request, allow, and deny predicates defined as follows: 5 request :: = [Identity x Right x Content ù * Boolean] allow :: = [Identity x Right x Document ù * Boolean] deny :: = [Identity x Right x Document ù * Boolean] V [I: ID] pj: Provider: Identity, [a: Action] Pr.Provider: Right, [d: Document] Pc: Provider: Content p E {p; pr, pc} 1 request ([i] pj, [a] pr, [d] pr) A isPermitted (p, [i] pi, [a] pr, [d] Pc) 10 ù + allow ([i] Pj, [a] Pr, [d] Pc) V [i: ID] pj: Provider: Identity, [a: Action] Pr.Provider: Right, [d: Document] Pc: Provider: Content p E {pi, pr, pc} 1 request ([i] Pj, [a] pr, [d] pr) A -1 isPermitted (p, [i] pi, [a] pr, [d] Pc) ù deny ([i] Pj, [a] Pr, [d] Pc) The DRM system according to the invention thus makes it possible to contribute to improving interoperability.

Claims (32)

  A method of managing rights to perform an action on a digital document, the method comprising issuing at least one license associated with a digital object necessary to use to perform the action on the document, the at least one license defining at least one right restricting use of the object to: (a) a type of person identifier that may require action on the document; or (b) a type of action that may be carried out on the document; characterized in that the issuing of the license comprises the constitution of the at least one right comprising, as the case may be (a) or (b), a selection of the: ù type of identifier in a list of identifier types, each an identifier type being associated with a distinct identifier provider recognizable by provider recognition means when the use of the object is required; or the: type of action in a list of action types, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required.   2. rights management method according to the preceding claim, characterized in that the digital object is the action, or the document, or an identifier used to perform the action on the document, and in that the at least one right is restricted according to (a) whether the object is the action or the document and the at least one right is restricted according to (b) whether the object is the identifier or the document. 2910665 22   3. rights management method according to claim 1, characterized in that the object is the document, and in that said at least one right restricted both by (a) and (b).   A rights management method according to claim 1, characterized in that the object is the action to be performed, and in that said at least one restricted right according to (a) and also restricted to a document type.   A rights management method according to claim 1, characterized in that the object is an identifier used to execute the action on the document, in that said at least one restricted right according to (b) and also restricted to a type of document.   6. Rights management method according to one of the two preceding claims, characterized in that the type of document is selected from a list of document types on which an action is likely to be required, each type of document being associated to a separate document provider recognizable by vendor recognition means when the use of the object is required.   7. Rights management method according to one of the preceding claims, characterized in that the license or licenses are encapsulated with the object in a content. 20   8. rights management method according to one of claims 1 to 6, characterized in that the issued license or licenses are stored in a memory capable of communicating with an action request mechanism, and in that the licenses are associated with the object by links encapsulated with the object in a content, each link constituting an address to a storage area of a license associated therewith.   9. Rights management method according to the preceding claim, characterized in that the licenses are stored on a remote server of said query mechanism. 2910665 23   10. Rights management method according to one of the preceding claims, characterized in that the suppliers additionally affix each a digital mark identifying them in the object itself or encapsulated with the object in a content or in the licenses they issue, 5 the means of recognition of the supplier when the use of the object is required being able to identify a supplier from this brand.   11. Rights management method according to one of the preceding claims, characterized in that the supplier recognition means when an action is required are able to identify a provider 10 only from the type of the identifier used to request the action to be performed (in order to identify an identifier provider), the type of action to be performed (in order to identify an action provider) or possibly the type of document on which one wishes to act (in order to identify an action provider); identify a document provider). 15   12. rights management method according to one of the preceding claims, characterized in that each right is defined by at least the following triplet: <Identity; Action; Document>, Identity identifying the person or group of persons to whom the right is associated, Action identifying the nature of the action required by that person or group of persons, and 20 Document identifying the document to which the request relates. action.   An electronic device enabling a supplier or a distributor to create rights of use of a digital object to enable an action to be taken on a digital document, the device comprising means for: writing and issuing a document license defining digital rights having at least one right restricting the use of the object to an identifier type or action type, ù selecting: 2910665 24 a type of identifier from a list of identifier types a person likely to require action on the document, each type of identifier being associated with a distinct credential provider recognizable by vendor recognition means when the use of the object is required; and / or: an action type from a list of action types that may be required, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required, to create an association between the license and the object, to issue an identifier specific to the distributor and to encapsulate it with the object in a content and / or in the license, to redistribute the content. 15   14. Electronic device according to the preceding claim, characterized in that it further comprises means for writing and issuing the license so that said at least one right can also be restricted to a type of document on which an action is likely to and further comprising means for selecting the type of document from a list of document types, each type of document being recognizable by vendor recognition means when a use of the object is required.   15. Electronic device according to one of the two preceding claims, characterized in that it further comprises means for transmitting for storage the license to a server, and in that said association between the license and the object comprises the creating a link encapsulated with the object in said content, a link constituting an address to a storage area in the server. 2910665 25   16. Electronic device according to claim 13 or 14, characterized in that the association between the license and the document includes the encapsulation of the license with the object in the content.   17. Electronic device according to one of the four preceding claims, characterized in that it is an automated data processing system.   18. A method of determining whether a required action on a received digital document is permitted or not, the action being required necessarily using a digital object associated with at least one license defining at least one use restriction of the object to be : (a) a type of person identifier that may require action on the document, the type of identifier being associated with a recognizable authorized credential provider; or (b) a type of action that can be implemented on the document, the action type being associated with a recognizable authorized action provider; characterized in that the method comprises the steps of: requesting the execution of the action on the document by calling the object; -consult the license (s) associated with the object so as to identify each restriction on the use of the object; if there is a restriction according to (a), identifying the type of an identifier used to request the action and determining whether or not it is associated with said action provider; if there is a restriction according to (b), identify the type of action required and determine whether or not it is associated with said stock provider; - determine whether the use of the object is permitted by the license (s); 2910665 26 - perform the action only if an authorized supplier has been associated with each restriction and there are no further restrictions.   19. Determination method according to the preceding claim, characterized in that the digital object is the identifier, the action or the document, and in that there exists at least one restriction according to (a) if the object is the action or document and at least one restriction according to (b) whether the object is the identifier or the document.   20. Determination method according to one of the two preceding claims, characterized in that said supplier determination 10 comprises the reading of digital mark (s) encapsulated (s) with the object in a content and / or in the license, a digital mark with an identifier of a particular supplier.   21. A method of determining according to claim 18 or 19, characterized in that said provider determination comprises a provider identification only from the type of identifier used to request the action (in order to identify a provider identifier) or type of action required (to identify an action provider).   22. Electronic terminal comprising means for implementing the method according to one of claims 18 to 21.   23. Electronic terminal according to the preceding claim, characterized in that it stores one or more identifiers may be used.   24. Electronic terminal according to the preceding claim, characterized in that said means for performing an action are such that they can be completed and / or updated by additional components (ie plugins), these additional components containing new data. actions that may be required. 2910665 27   25. Electronic terminal according to one of the three preceding claims, characterized in that it is an automated information processing system.   A document distribution and handling system comprising a distribution chain comprising at least one digital object provider necessary for use in performing an action on a document, characterized in that the system is arranged to: enable each provider to design and issue at least one own license associated with each digital object it provides, the at least one license defining at least one right restricting use of the object to: (a) a type of identifier person likely to require action on the document; or (b) a type of action that may be carried out on the document; the license design comprising the constitution of the at least one right comprising, as the case may be (a) or (b), the selection of: the type of identifier in a list of types of identifiers, each type of identifier being associated with a distinct credential provider recognizable by vendor recognition means when the use of the object is required; or type of action in a list of action types, each action type being associated with a distinct action provider recognizable by provider recognition means when the use of the object is required; provide a user of the document with the ability to request and execute an action on the document, to use objects for this purpose, to consult licenses associated with the objects, to recognize a provider of identifiers and actions used , and whether or not to authorize the execution of the action 2910665 28 according to whether, respectively, a supplier has been associated or not with each restriction right contained in said licenses consulted.   27. System according to the preceding claim, characterized in that it is further arranged to allow each provider to issue a unique identifier 5 and embed it in the content.   28. System according to one of the two preceding claims, characterized in that it further comprises a server for storing licenses and manage exchanges with the user.   29. System according to one of the three preceding claims, characterized in that an object is an identifier, in that it comprises at least one supplier and / or an identifier distributor capable of designing and transmitting at least one own license associated with each identifier it provides, the license defining at least one right restricting use of the identifier to: said selected type of action; and / or to a type of document on which an action is likely to be required.   30. System according to one of the four preceding claims, characterized in that an object is an action, in that it comprises at least one supplier and / or distributor of actions able to design and issue at least one license. own associated with each action it provides, the license defining at least one right restricting a use of the action to: said type of selected identifier; and / or to a type of document on which an action is likely to be required. 25   31. System according to one of the two preceding claims, characterized in that the type of document is selected by at least one supplier and / or distributor in a list of document types, each type of document being associated with a supplier. separate document recognizable by vendor recognition means when the use of the object is required.   32. System according to one of the six preceding claims, characterized in that an object is a document, in that it comprises at least one document provider able to design and issue at least one own license associated with a document. it provides, the license defining at least one right restricting a use of the document to: - said type of identifier selected; and / or 10 - said selected type of action.