US20160259947A1 - Method and apparatus for managing access to electronic content - Google Patents

Method and apparatus for managing access to electronic content Download PDF

Info

Publication number
US20160259947A1
US20160259947A1 US15/143,408 US201615143408A US2016259947A1 US 20160259947 A1 US20160259947 A1 US 20160259947A1 US 201615143408 A US201615143408 A US 201615143408A US 2016259947 A1 US2016259947 A1 US 2016259947A1
Authority
US
United States
Prior art keywords
content
drm
content item
access rights
recited
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/143,408
Inventor
Alex Negrea
Dan Alexandru Gentea
Clement Cazalot
Uli P. Mittermaier
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intralinks Inc
Original Assignee
Intralinks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US15/143,408 priority Critical patent/US20160259947A1/en
Application filed by Intralinks Inc filed Critical Intralinks Inc
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DOCTRACKR, INC.
Assigned to DOCTRACKR, INC. reassignment DOCTRACKR, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GENTEA, DAN ALEXANDRU, CAZALOT, CLEMENT, MITTERMAIER, ULI P., Negrea, Alex
Publication of US20160259947A1 publication Critical patent/US20160259947A1/en
Assigned to GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT reassignment GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTRALINKS, INC., AS GRANTOR
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: GOIDMAN SACHS BANK USA
Assigned to ROYAL BANK OF CANADA, AS COLLATERAL AGENT reassignment ROYAL BANK OF CANADA, AS COLLATERAL AGENT FIRST LIEN SECURITY AGREEMENT Assignors: INTRALINKS, INC.
Assigned to ROYAL BANK OF CANADA, AS COLLATERAL AGENT reassignment ROYAL BANK OF CANADA, AS COLLATERAL AGENT SECOND LIEN SECURITY AGREEMENT Assignors: INTRALINKS, INC.
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. CORRECTIVE ASSIGNMENT TO CORRECT THE CONVEYING PARTY NAME PREVIOUSLY RECORDED ON REEL 044123 FRAME 0110. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST. Assignors: GOLDMAN SACHS BANK USA
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE OF 2ND LIEN SECURITY INTEREST Assignors: ROYAL BANK OF CANADA
Assigned to INTRALINKS, INC. reassignment INTRALINKS, INC. RELEASE OF 1ST LIEN SECURITY INTEREST Assignors: ROYAL BANK OF CANADA
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • Digital content sharing is a convenient and easy way to exchange information between people, organizations, companies, or any other entities.
  • sharing content over digital media such as the Internet, may expose the content to untrusted users.
  • Many digital rights management (DRM) technologies provide solutions to limit access to shared content to trusted users.
  • a typical digital rights management (DRM) system includes a rights issuer configured to create and provide access policies, or permissions, associated with corresponding content items, and a DRM engine that typically encrypts content items and manages users and access policies.
  • the typical DRM system also includes DRM clients, or agents, for enforcing access policies, associated with content items, within a client device.
  • the corresponding rights issuer, DRM engine, and DRM agents are expected to comply with proprietary, or standardized, specification requirements that are specific to the DRM system. As such, DRM systems employing distinct DRM technologies are not interoperable.
  • Dynamically modifying the rights policies once they are delivered to a client device is either impossible, or calls for an active role by the rights issuer to synchronize with the DRM engine and/or the DRM agents in order to revoke previous access policies and provide new ones.
  • DRM engines do not perform encryption, user management, nor access policies' management.
  • a protected content item is opened on a client device, corresponding access policies are requested from a corresponding DRM engine.
  • the DRM engine forwards the request to a content protection server.
  • the content protection server retrieves the access policies from the rights issuer, and provides the retrieved access policies to the DRM engine in a format readable by the DRM engine.
  • the access policies are then provided to the DRM client, or agent, to be enforced in the client device.
  • the rights issuer is enabled to dynamically modify access policies at any time.
  • the most recent access policies are retrieved from the rights issuer and enforced at the client device.
  • a method and corresponding content protection server for managing access to electronic content comprise retrieving access policies, or permissions, associated with a content item from a corresponding content sharing application, or rights issuer.
  • the access policies are translated into a format recognizable by a digital rights management (DRM) engine, and forwarded to the DRM engine.
  • DRM digital rights management
  • the translated access policies are then provided by the DRM engine to a client device where the translated access policies are enforced in managing any potential access to the content item.
  • the content protection server receives information identifying the content item from the client device.
  • the content server requests from the corresponding content sharing application, or rights issuer, the access policies associated with the content item based on the received information identifying the content item.
  • the rights issuer, or the content sharing application sends the requested access policies to the content protection server.
  • Retrieving the access policies includes receiving the access policies in a format recognizable by the content protection server.
  • the access policies are translated into the format recognizable by the content protection server by an interface associated with the content sharing application, or rights issuer.
  • the access policies in the format recognizable by the content protection server are then translated, by the content protection server, into a format readable, or recognizable, by the DRM engine.
  • the content protection server Prior to retrieving the access policies, the content protection server receives, from the DRM engine, user credentials for authentication.
  • the content protection server may handle the authentication of user credentials locally.
  • the content protection server forwards the user credentials to the content sharing application for authentication.
  • the content protection server receives information identifying the content item.
  • the content sharing application, or system is identified based on the received information identifying the content item.
  • the content item is encrypted by the content protection server.
  • Encrypting the content item includes receiving the content item from the content sharing application. An encryption protocol is then determined based on a type of the received content item. The received content item may be preprocessed based on the content item format. The content item is then encrypted based on the determined encryption protocol. The content item may further be post-processed based on the content item format. The encrypted content item is provided the to the user/client device. The content protection server also causes the encrypted content item to be registered at the DRM engine.
  • the access policies are dynamic. That is, on a subsequent attempt to access the content item at user device, the access policies are automatically retrieved again from the content sharing application, translated and provided to the DRM engine by the content protection server. So, any modification of the access policies by the content sharing application, or rights issuer, are included in the access policies retrieved by the content protection server upon a subsequent attempt to access the content item.
  • the content protection server is coupled to two or more DRM engines.
  • the content protection server is also coupled to two or more content sharing applications, or systems.
  • FIG. 1 is a block diagram illustrating a digital rights management (DRM), or Information Rights Management (IRM), system 100 , according to at least one example embodiment;
  • DRM digital rights management
  • IRM Information Rights Management
  • FIG. 2 is a signaling flowchart illustrating communications between different entities of the DRM system during a publishing phase, according to at least one example embodiment
  • FIG. 3 is a signaling flowchart illustrating communications between different entities of the DRM system during a consumption phase, according to at least one example embodiment.
  • Digital rights management (DRM) technologies provide solutions for secure content sharing, electronic content protection, and user access control to electronic content. With such solutions, an entity may be able to manage who has the right to access content circulated over the Internet or other digital media, and what kind of rights are granted to each potential user.
  • Electronic content herein refers to one or more media objects, such as, music files, images, video files, text documents, or the like.
  • a rights issuer issues access rights, or permissions, associated with a content item, or object, and provides the access rights to a user device.
  • the DRM rights are enforced at the receiving user device through a DRM client, or agent.
  • a DRM engine coupled to the DRM clients is configured to encrypt content items and manage users and access policies.
  • Each DRM engine typically has proprietary, or standardized, architecture, protocols, encryption methods, policy management and processing methods.
  • the corresponding DRM agents and Rights issuer are expected to be compliant with the specificities of the DRM engine and the DRM technology employed by the DRM system in general. As such, DRM system employing distinct DRM technologies are not interoperable.
  • the user device is expected to have a complying DRM agent.
  • FIG. 1 is a block diagram illustrating a digital rights management (DRM), or Information Rights Management (IRM), system 100 , according to at least one example embodiment.
  • the DRM system 100 includes a content sharing system, or application, 110 , a content protection server 150 , one or more rights management services (RMS), servers, also known as DRM engines, e.g., 160 ⁇ 1 - 160 - n , and a content rendering system, or application, 180 .
  • the content sharing system 110 is configured to share content 115 with client users.
  • the content sharing system is configured to circulate protected content 185 to user/client devices 180 through the content protection server 150 and a RMS server, or a DRM engine, e.g., 160 - 1 , 160 - 2 , . . . , or 160 - n.
  • a RMS server or a DRM engine, e.g., 160 - 1 , 160 - 2 , . . . , or 160 - n.
  • the content protection server 150 is coupled to one or more content sharing systems 110 and one or more RMS servers, or DRM engines, e.g., 160 - 1 - 160 - n .
  • the content protection server 150 represents an intermediate layer, between the DRM engines 160 - 1 - 160 - n and the content sharing system(s) 110 , that is agnostic to the DRM engines 160 - 1 - 160 - n and the content sharing system(s) 110 .
  • the middle layer is configured to normalize content processing, irrespective of the content type, and handle content encryption instead of the DRM engines 160 - 1 - 160 - n .
  • the content protection server 150 is configured to encrypt the content 115 , irrespective of the corresponding content type, and provide a corresponding protected, or encrypted, copy 185 of the content to the content sharing system 110 .
  • the content sharing system 110 may then share the encrypted content 185 with client users.
  • the content protection server 150 provides an interoperability interface between fundamentally different DRM technologies, at the protection layer. That is, the format and/or language employed in creating the access rights, or permissions, by the rights issuer 118 and the DRM technologies supported by a given DRM engine may be fundamentally different and non-compliant to each other's requirements, yet, the content protection server 150 provides an interface that enables interoperability between the given content sharing system 110 and a given DRM engine.
  • the content protection server 150 is configured to support multiple DRM technologies and corresponding DRM engines 160 - 1 - 160 - n .
  • the RMS servers, or DRM engines, 160 - 1 - 160 - n include a “LiveCycle” server from Adobe, a Microsoft RMS server, and/or other proprietary or standardized DRM engines.
  • the content protection server 150 is also configured to support multiple content sharing systems 110 .
  • the DRM engines 160 - 1 - 160 - n are used to register documents and reroute access requests from client devices to the content protection server 150 .
  • the DRM engines 160 - 1 160 - n do not perform content encryption, user management, nor policy management.
  • the content protection server 150 may employ software development kits (SDKs) to match the particular DRM technology for that DRM engine. Encryption is done at the content protection server side, yet the employed encryption techniques are expected to be compliant with the techniques supported by the DRM engines.
  • SDKs software development kits
  • the DRM engine forwards the request to the content protection server 150 , which requests the DRM policies, or permissions, from the content sharing system 110 , e.g., from the policy issuer 118 .
  • the content server 150 Upon receiving the requested access policies, the content server 150 provides the access policies to the DRM engine, which provides them to the user device to be enforced.
  • the same process is repeated and access policies are obtained again from the content sharing application 110 , or the rights issuer 118 .
  • Such scheme enables the content sharing application 110 , or the rights issuer 118 to dynamically manage and control the access policies with the certainty that the latest updated version of the access policies is employed by a user device attempting to access the content item.
  • the content sharing application 110 may update access policies associated with content items once the content items and the corresponding policies have been distributed.
  • the access to already distributed content items may also be revoked by the content sharing application 110 , or rights issuer 118 .
  • FIG. 2 is a signaling flowchart illustrating communications between different entities of the DRM system 100 during a publishing phase, according to at least one example embodiment.
  • the publishing phase refers to the protection and circulation, or sharing, of a content item.
  • the content item is sent 210 to the content protection server 150 .
  • Initiating the process of sharing, or circulating, a content item includes, for example, attempting to attach the content item to an email, attempting to upload or send the content item to a non-secure device, or the like.
  • the content protection server 150 determines an encryption protocol based on the type and/or format of the content item.
  • the content protection server selects an encryption protocol that is supported by Microsoft rights management services (MS RMS). However, for a PDF document, an encryption protocol supported by Adobe LiveCycle RMS.
  • the content item 115 is then encrypted according to the determined encryption protocol by the content protection server 150 at 215 .
  • the content protection server causes the encrypted content item 185 to be registered at a corresponding DRM engine at 220 . For example, if the content item 115 is a Microsoft Office document, then the corresponding DRM engine is a Microsoft RMS server. If the content item 115 is a PDF document, then the corresponding DRM engine is an Adobe RMS server.
  • the content protection server 150 sends a publishing license identification (ID) and information indicative of existence access policies associated with content item to the DRM engine for registering the content item.
  • ID publishing license identification
  • the encrypted content item 185 is sent to the content sharing application 110 .
  • the content sharing application 110 or the content issuer 112 , shares the encrypted content item 185 with one or more user device 180 .
  • the content sharing application 110 may send the encrypted content item 185 to the one or more user devices 180 .
  • the content sharing application 110 may, alternatively, make the encrypted content item 185 available to the one or more user devices 180 , for example, by uploading the encrypted content item 185 on the Internet.
  • FIG. 3 is a signaling flowchart illustrating communications between different entities of the DRM system during a consumption phase, according to at least one example embodiment.
  • information identifying the encrypted content item 185 is sent at 310 to a corresponding DRM engine 160 .
  • the corresponding DRM engine 160 may be determined based on a rendering application used to open the encrypted content item 185 or DRM agent associated with the encrypted content item 185 . For example, Microsoft Office will automatically contact a MS RMS server.
  • the corresponding DRM engine 160 responds to the user 180 , at 320 , with authentication information that is determined, for example, based on the information identifying the encrypted content item 185 .
  • the authentication information indicates what kind of authentication is required for the encrypted document item 185 .
  • the user device 180 provides an authentication window or session for the user, and the user is requested to enter his user credentials.
  • the user credentials are then sent to the content protection server 150 for authentication.
  • the content protection server 150 may handle the authentication locally if, for example, the content protection server 150 maintains a database of authentic user credentials for each user.
  • the user credentials received by the content protection server are sent to the content sharing application 110 for authentication.
  • an indication of successful authentication is sent to the user device 180 .
  • the user device 180 sends, at 330 , the information identifying the encrypted content item 185 to the DRM engine 160 again.
  • the user device 180 may also send a notification to the DRM engine 160 indicating that user credentials are successfully authenticated.
  • the DRM engine 160 forwards the information identifying the encrypted content item 185 to the content protection server 150 .
  • the content protection server 150 sends a request, at 350 , to the content sharing application 110 requesting access policies, or permissions, based on the information identifying the encrypted content item 185 .
  • the content protection server 150 stores, for example, a database mapping information identifying content items to corresponding content sharing applications 110 , rights issuers, or corresponding plug-in modules 120 .
  • the plugin module 120 translates the requested access policies into a format, or language, recognizable by the content protection server 150 , and the translated access policies are sent at 360 to content protection server 150 .
  • the translation to a format, or language, recognizable by the content protection server 150 may be performed by a translation module within, or associated with, the content protection server 150 .
  • the plug-in module 120 resides at the content sharing application 110 .
  • the plug-in module 120 is implemented, for example, as an application on top, a plug-in, an extension of the content sharing application 110 , or the like.
  • the plug-in module 120 translates 355 permissions, or DRM policies, specific to the content sharing application 110 , or the corresponding rights issuer 118 , into a format, or language, recognizable by the content protection server 150 .
  • the content protection server 150 stores information that enables mapping the encrypted content item 185 to a corresponding content sharing application 110 , or plug-in module 120 .
  • the content protection server 150 translates, at 365 , the access policies into a format, or language, recognizable by the DRM engine 160 , and sends 370 the access policies in the format, or language, recognizable by the DRM engine 160 to the DRM engine 160 .
  • the DRM engine forwards 380 the access policies received to the user device 180 .
  • the access policies are enforced 385 in the user device 180 , for example, by a corresponding DRM agent.
  • the process described with respect to FIG. 3 is performed again with each subsequent attempt to access the encrypted content item 185 in the user device 180 , and each time, the latest version of the access policies is obtained from the content sharing application and enforced at the user device 180 , therefore enabling dynamic access policies that are managed by the content sharing application 110 , or the rights issuer.
  • the content protection server 150 includes a set of application programming interfaces (APIs), which provide to third parties a public interface for accessing functionalities associated with the content protection server.
  • APIs include analytics APls, policy management APIs, document management APIs, and user management APIs.
  • Analytics APls provide third parties with access to a set of functions that upon use by a developer of a content sharing application 110 return a set of data which represents the information that a user device conveyed to a DRM system regarding usage of a content item.
  • Policy management APIs provide a third party with access to a set of functions that enables the developer of a content sharing application to manage local policies or access rights.
  • Document management APIs provide access to a third party to a set of functions that enables a developer of a content sharing application through a customization module to encrypt content items.
  • the user management APIs provide access to the a third party to a set of functions that helps a developer of a content sharing application to implement functionality related to managing users in a DRM system 100 .
  • the content protection server 150 has queuing services built-in that enable processing one or more content items, received for encryption, asynchronously and in a scalable fashion.
  • the content protection server 150 also provides encryption services including algorithms and DRM specific protocols for encrypting content items received by the content protection server 150 .
  • the content protection server 150 is also configured to process documents. Specifically, the content protection server 150 is configured to provide logic and algorithms to pre-process or post-process content items that are received by the content protection server 150 before or after encryption.
  • the content protection server 150 is computer cloud server.
  • the content protection server 150 is a computer server residing on the same network as the content sharing application 110 .
  • some modules of the content protection server e.g., an encryption module for performing encryption, is implemented within the same computer network as the content sharing application 110 , while other modules are implemented on a cloud computer server.
  • the various methods and machines described herein may each be implemented by a physical, virtual or hybrid general purpose or application specific computer having a central processor, memory, disk or other mass storage, communication interface(s), input/output (I/O) device(s), and other peripherals.
  • the general purpose or application specific computer is transformed into the machines that execute the methods described above, for example, by loading software instructions into a data processor, and then causing execution of the instructions to carry out the functions described, herein.
  • such a computer may contain a system bus, where a bus is a set of hardware lines used for data transfer among the components of a computer or processing system.
  • the bus or busses are essentially shared conduit(s) that connect different elements of the computer system, e.g., processor, disk storage, memory, input/output ports, network ports, etc., that enables the transfer of information between the elements.
  • One or more central processor units are attached to the system bus and provide for the execution of computer instructions.
  • I/O device interfaces for connecting various input and output devices, e.g., keyboard, mouse, displays, printers, speakers, etc., to the computer.
  • Network interface(s) allow the computer to connect to various other devices attached to a network.
  • Memory provides volatile storage for computer software instructions and data used to implement an embodiment.
  • Disk or other mass storage provides non-volatile storage for computer software instructions and data used to implement, for example, the various procedures described herein.
  • Embodiments may therefore typically be implemented in hardware, firmware, software, or any combination thereof.
  • the procedures, devices, and processes described herein constitute a computer program product, including a computer readable medium, e.g., a removable storage medium such as one or more DVD-ROM's, CD-RAM's, diskettes, tapes, etc., that provides at least a portion of the software instructions for the system.
  • a computer program product can be installed by any suitable software installation procedure, as is well known in the art.
  • at least a portion of the software instructions may also be downloaded over a cable, communication and/or wireless connection.
  • Embodiments may also be implemented as instructions stored on a non-transitory machine-readable medium, which may be read and executed by one or more processors.
  • a non-transient machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine, e.g., a computing device.
  • a non-transient machine-readable medium may include read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; and others.
  • firmware, software, routines, or instructions may be described herein as performing certain actions and/or functions of the data processors. However, it should be appreciated that such descriptions contained herein are merely for convenience and that such actions in fact result from computing devices, processors, controllers, or other devices executing the firmware, software, routines, instructions, etc.

Abstract

According to at least one example embodiment, a method and corresponding content protection server for managing access to electronic content comprise retrieving access policies, or permissions, associated with a content item from a corresponding content sharing application, or rights issuer. The access policies are translated into a format recognizable by a digital rights management (DRM) engine, and forwarded to the DRM engine. The translated access policies are then provided by the DRM engine to a client device where the translated access policies are enforced in managing any potential access to the content item.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of U.S. patent application Ser. No. 14/044,765 (INTR-0018-U01), filed Oct. 2, 2013, which is hereby incorporated by reference in its entirety.
    • BACKGROUND OF THE INVENTION
  • Digital content sharing is a convenient and easy way to exchange information between people, organizations, companies, or any other entities. However, sharing content over digital media, such as the Internet, may expose the content to untrusted users. Many digital rights management (DRM) technologies provide solutions to limit access to shared content to trusted users.
    • SUMMARY OF THE INVENTION
  • A typical digital rights management (DRM) system includes a rights issuer configured to create and provide access policies, or permissions, associated with corresponding content items, and a DRM engine that typically encrypts content items and manages users and access policies. The typical DRM system also includes DRM clients, or agents, for enforcing access policies, associated with content items, within a client device. Within each DRM system, the corresponding rights issuer, DRM engine, and DRM agents are expected to comply with proprietary, or standardized, specification requirements that are specific to the DRM system. As such, DRM systems employing distinct DRM technologies are not interoperable.
  • Also, once access policies are provided to a DRM client device, management of the access policies is handled by the DRM engine. Dynamically modifying the rights policies once they are delivered to a client device is either impossible, or calls for an active role by the rights issuer to synchronize with the DRM engine and/or the DRM agents in order to revoke previous access policies and provide new ones.
  • In the following embodiments of a DRM system with a middle layer enabling support of, and interoperability between, different DRM technologies are presented by applicants. In the DRM system presented, DRM engines do not perform encryption, user management, nor access policies' management. Each time, a protected content item is opened on a client device, corresponding access policies are requested from a corresponding DRM engine. The DRM engine forwards the request to a content protection server. The content protection server retrieves the access policies from the rights issuer, and provides the retrieved access policies to the DRM engine in a format readable by the DRM engine. The access policies are then provided to the DRM client, or agent, to be enforced in the client device. As such, the rights issuer is enabled to dynamically modify access policies at any time. At each attempt to access the content item, the most recent access policies are retrieved from the rights issuer and enforced at the client device.
  • According to at least one example embodiment, a method and corresponding content protection server for managing access to electronic content comprise retrieving access policies, or permissions, associated with a content item from a corresponding content sharing application, or rights issuer. The access policies are translated into a format recognizable by a digital rights management (DRM) engine, and forwarded to the DRM engine. The translated access policies are then provided by the DRM engine to a client device where the translated access policies are enforced in managing any potential access to the content item.
  • In order to retrieve the access policies, the content protection server receives information identifying the content item from the client device. The content server then requests from the corresponding content sharing application, or rights issuer, the access policies associated with the content item based on the received information identifying the content item. In response to the request, the rights issuer, or the content sharing application, sends the requested access policies to the content protection server.
  • Retrieving the access policies includes receiving the access policies in a format recognizable by the content protection server. The access policies are translated into the format recognizable by the content protection server by an interface associated with the content sharing application, or rights issuer. The access policies in the format recognizable by the content protection server are then translated, by the content protection server, into a format readable, or recognizable, by the DRM engine.
  • Prior to retrieving the access policies, the content protection server receives, from the DRM engine, user credentials for authentication. The content protection server may handle the authentication of user credentials locally. Alternatively, the content protection server forwards the user credentials to the content sharing application for authentication. Once user credential are successfully authenticated, the content protection server receives information identifying the content item. The content sharing application, or system, is identified based on the received information identifying the content item.
  • Also, prior to retrieving the access policies, the content item is encrypted by the content protection server. Encrypting the content item includes receiving the content item from the content sharing application. An encryption protocol is then determined based on a type of the received content item. The received content item may be preprocessed based on the content item format. The content item is then encrypted based on the determined encryption protocol. The content item may further be post-processed based on the content item format. The encrypted content item is provided the to the user/client device. The content protection server also causes the encrypted content item to be registered at the DRM engine.
  • The access policies are dynamic. That is, on a subsequent attempt to access the content item at user device, the access policies are automatically retrieved again from the content sharing application, translated and provided to the DRM engine by the content protection server. So, any modification of the access policies by the content sharing application, or rights issuer, are included in the access policies retrieved by the content protection server upon a subsequent attempt to access the content item.
  • According to at least one example implementation, the content protection server is coupled to two or more DRM engines. The content protection server is also coupled to two or more content sharing applications, or systems.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The foregoing will be apparent from the following more particular description of example embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments of the present invention.
  • FIG. 1 is a block diagram illustrating a digital rights management (DRM), or Information Rights Management (IRM), system 100, according to at least one example embodiment;
  • FIG. 2 is a signaling flowchart illustrating communications between different entities of the DRM system during a publishing phase, according to at least one example embodiment; and
  • FIG. 3 is a signaling flowchart illustrating communications between different entities of the DRM system during a consumption phase, according to at least one example embodiment.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • A description of example embodiments of the invention follows.
  • Digital rights management (DRM) technologies provide solutions for secure content sharing, electronic content protection, and user access control to electronic content. With such solutions, an entity may be able to manage who has the right to access content circulated over the Internet or other digital media, and what kind of rights are granted to each potential user. Electronic content herein refers to one or more media objects, such as, music files, images, video files, text documents, or the like.
  • In a typical DRM system, a rights issuer issues access rights, or permissions, associated with a content item, or object, and provides the access rights to a user device. The DRM rights are enforced at the receiving user device through a DRM client, or agent. A DRM engine coupled to the DRM clients is configured to encrypt content items and manage users and access policies. Each DRM engine typically has proprietary, or standardized, architecture, protocols, encryption methods, policy management and processing methods. The corresponding DRM agents and Rights issuer are expected to be compliant with the specificities of the DRM engine and the DRM technology employed by the DRM system in general. As such, DRM system employing distinct DRM technologies are not interoperable. In order for a user device to consume protected content by a given DRM system, the user device is expected to have a complying DRM agent.
  • Some typical DRM systems do not enable dynamic access policies, and, as such, access policies may not be modified once they are distributed to DRM agents. Other DRM systems require synchronization between the rights issuer and the DRM engine.
  • FIG. 1 is a block diagram illustrating a digital rights management (DRM), or Information Rights Management (IRM), system 100, according to at least one example embodiment. The DRM system 100 includes a content sharing system, or application, 110, a content protection server 150, one or more rights management services (RMS), servers, also known as DRM engines, e.g., 160˜1-160-n, and a content rendering system, or application, 180. The content sharing system 110 is configured to share content 115 with client users. Specifically, the content sharing system is configured to circulate protected content 185 to user/client devices 180 through the content protection server 150 and a RMS server, or a DRM engine, e.g., 160-1, 160-2, . . . , or 160-n.
  • The content sharing system, or application, 110 is configured to act as a content issuer and a rights issuer. For example, the content sharing system 110 includes a content issuer module 112 and a rights issuer module 118. The content issuer module 112 is configured to circulate content 115 over the Internet, or any other communications medium, for sharing with potential users. The rights issuer module 118 is configured to issue permissions, or access rights, in association with content 115 for sharing by the content issuer module 112 with client users. The content issuer module 112 may include, or be coupled to, a content repository containing content 115 for sharing. The content issuer module 112 and the rights issuer module 118 may reside on the same device, e.g., enterprise server, personal computer, or the like, or on different devices.
  • According to at least one example embodiment, the content protection server 150 is coupled to one or more content sharing systems 110 and one or more RMS servers, or DRM engines, e.g., 160-1-160-n. The content protection server 150 represents an intermediate layer, between the DRM engines 160-1-160-n and the content sharing system(s) 110, that is agnostic to the DRM engines 160-1-160-n and the content sharing system(s) 110. The middle layer is configured to normalize content processing, irrespective of the content type, and handle content encryption instead of the DRM engines 160-1-160-n. Specifically, during a publishing phase, the content protection server 150 is configured to encrypt the content 115, irrespective of the corresponding content type, and provide a corresponding protected, or encrypted, copy 185 of the content to the content sharing system 110. The content sharing system 110 may then share the encrypted content 185 with client users.
  • Also, when the client user attempts to access the encrypted content 185, the content protection server 150 acts as an inter-operability layer between a RMS server, or a DRM engine, e.g., 160-1, 160-2, . . . , or 160-n, and the content sharing system 110 associated with the protected content 185. In other words, during a consumption phase of the protected content 185, the content protection server 150 translates policy objects received from the content sharing system 110, or the rights issuer module 118, into a format, or language, recognizable by the DRM engine, e.g., 160-1, 160-2, . . . , or 160-n.
  • According to at least one example embodiment, the content protection server 150 provides an interoperability interface between fundamentally different DRM technologies, at the protection layer. That is, the format and/or language employed in creating the access rights, or permissions, by the rights issuer 118 and the DRM technologies supported by a given DRM engine may be fundamentally different and non-compliant to each other's requirements, yet, the content protection server 150 provides an interface that enables interoperability between the given content sharing system 110 and a given DRM engine.
  • The content protection server 150 is configured to support multiple DRM technologies and corresponding DRM engines 160-1-160-n. For example, the RMS servers, or DRM engines, 160-1-160-n include a “LiveCycle” server from Adobe, a Microsoft RMS server, and/or other proprietary or standardized DRM engines. The content protection server 150 is also configured to support multiple content sharing systems 110.
  • According to at least one example embodiment, the DRM engines 160-1-160-n are used to register documents and reroute access requests from client devices to the content protection server 150. The DRM engines 160-1 160-n do not perform content encryption, user management, nor policy management. However, the content protection server 150 may employ software development kits (SDKs) to match the particular DRM technology for that DRM engine. Encryption is done at the content protection server side, yet the employed encryption techniques are expected to be compliant with the techniques supported by the DRM engines. When a client user attempts to open the protected content 185, the user device 180 sends a request for corresponding DRM policies, or permissions, is sent to a corresponding DRM engine. The DRM engine forwards the request to the content protection server 150, which requests the DRM policies, or permissions, from the content sharing system 110, e.g., from the policy issuer 118. Upon receiving the requested access policies, the content server 150 provides the access policies to the DRM engine, which provides them to the user device to be enforced. In response to each subsequent attempt to open the content item again, the same process is repeated and access policies are obtained again from the content sharing application 110, or the rights issuer 118. Such scheme enables the content sharing application 110, or the rights issuer 118 to dynamically manage and control the access policies with the certainty that the latest updated version of the access policies is employed by a user device attempting to access the content item. For example, the content sharing application 110, or rights issuer 118, may update access policies associated with content items once the content items and the corresponding policies have been distributed. The access to already distributed content items may also be revoked by the content sharing application 110, or rights issuer 118.
  • FIG. 2 is a signaling flowchart illustrating communications between different entities of the DRM system 100 during a publishing phase, according to at least one example embodiment. The publishing phase refers to the protection and circulation, or sharing, of a content item. Upon initiating a process of sharing a content item 115, at 205, the content item is sent 210 to the content protection server 150. Initiating the process of sharing, or circulating, a content item includes, for example, attempting to attach the content item to an email, attempting to upload or send the content item to a non-secure device, or the like. The content protection server 150 determines an encryption protocol based on the type and/or format of the content item. For example, for a Microsoft Office document, the content protection server selects an encryption protocol that is supported by Microsoft rights management services (MS RMS). However, for a PDF document, an encryption protocol supported by Adobe LiveCycle RMS. The content item 115 is then encrypted according to the determined encryption protocol by the content protection server 150 at 215. The content protection server causes the encrypted content item 185 to be registered at a corresponding DRM engine at 220. For example, if the content item 115 is a Microsoft Office document, then the corresponding DRM engine is a Microsoft RMS server. If the content item 115 is a PDF document, then the corresponding DRM engine is an Adobe RMS server. According to example implementation, the content protection server 150 sends a publishing license identification (ID) and information indicative of existence access policies associated with content item to the DRM engine for registering the content item. At 230, the encrypted content item 185 is sent to the content sharing application 110. At 240, the content sharing application 110, or the content issuer 112, shares the encrypted content item 185 with one or more user device 180. For example, the content sharing application 110 may send the encrypted content item 185 to the one or more user devices 180. The content sharing application 110 may, alternatively, make the encrypted content item 185 available to the one or more user devices 180, for example, by uploading the encrypted content item 185 on the Internet.
  • FIG. 3 is a signaling flowchart illustrating communications between different entities of the DRM system during a consumption phase, according to at least one example embodiment. Once the encrypted content item 185 is opened, at 305, in the user device 180, information identifying the encrypted content item 185 is sent at 310 to a corresponding DRM engine 160. In this case, the corresponding DRM engine 160 may be determined based on a rendering application used to open the encrypted content item 185 or DRM agent associated with the encrypted content item 185. For example, Microsoft Office will automatically contact a MS RMS server. The corresponding DRM engine 160 responds to the user 180, at 320, with authentication information that is determined, for example, based on the information identifying the encrypted content item 185. The authentication information indicates what kind of authentication is required for the encrypted document item 185.
  • At 325, the user device 180 provides an authentication window or session for the user, and the user is requested to enter his user credentials. The user credentials are then sent to the content protection server 150 for authentication. According to one example implementation, the content protection server 150 may handle the authentication locally if, for example, the content protection server 150 maintains a database of authentic user credentials for each user. Alternatively, the user credentials received by the content protection server are sent to the content sharing application 110 for authentication. Once user credentials are authenticated, an indication of successful authentication is sent to the user device 180. Once the user credentials are authenticated at 325, the user device 180 sends, at 330, the information identifying the encrypted content item 185 to the DRM engine 160 again. The user device 180 may also send a notification to the DRM engine 160 indicating that user credentials are successfully authenticated.
  • At 340, the DRM engine 160 forwards the information identifying the encrypted content item 185 to the content protection server 150. The content protection server 150 sends a request, at 350, to the content sharing application 110 requesting access policies, or permissions, based on the information identifying the encrypted content item 185. The content protection server 150 stores, for example, a database mapping information identifying content items to corresponding content sharing applications 110, rights issuers, or corresponding plug-in modules 120. At 355 the plugin module 120 translates the requested access policies into a format, or language, recognizable by the content protection server 150, and the translated access policies are sent at 360 to content protection server 150. Alternatively, the translation to a format, or language, recognizable by the content protection server 150 may be performed by a translation module within, or associated with, the content protection server 150.
  • The plug-in module 120 resides at the content sharing application 110. The plug-in module 120 is implemented, for example, as an application on top, a plug-in, an extension of the content sharing application 110, or the like. The plug-in module 120 translates 355 permissions, or DRM policies, specific to the content sharing application 110, or the corresponding rights issuer 118, into a format, or language, recognizable by the content protection server 150. The content protection server 150 stores information that enables mapping the encrypted content item 185 to a corresponding content sharing application 110, or plug-in module 120. Upon receiving the be able to identify what content sharing application or plug-in to call for a specific document in the authorization phase
  • The content protection server 150 translates, at 365, the access policies into a format, or language, recognizable by the DRM engine 160, and sends 370 the access policies in the format, or language, recognizable by the DRM engine 160 to the DRM engine 160. The DRM engine forwards 380 the access policies received to the user device 180. The access policies are enforced 385 in the user device 180, for example, by a corresponding DRM agent.
  • The process described with respect to FIG. 3 is performed again with each subsequent attempt to access the encrypted content item 185 in the user device 180, and each time, the latest version of the access policies is obtained from the content sharing application and enforced at the user device 180, therefore enabling dynamic access policies that are managed by the content sharing application 110, or the rights issuer.
  • The content protection server 150 includes a set of application programming interfaces (APIs), which provide to third parties a public interface for accessing functionalities associated with the content protection server. Such APIs include analytics APls, policy management APIs, document management APIs, and user management APIs. Analytics APls provide third parties with access to a set of functions that upon use by a developer of a content sharing application 110 return a set of data which represents the information that a user device conveyed to a DRM system regarding usage of a content item. Policy management APIs provide a third party with access to a set of functions that enables the developer of a content sharing application to manage local policies or access rights. Document management APIs provide access to a third party to a set of functions that enables a developer of a content sharing application through a customization module to encrypt content items. The user management APIs provide access to the a third party to a set of functions that helps a developer of a content sharing application to implement functionality related to managing users in a DRM system 100.
  • The content protection server 150 has queuing services built-in that enable processing one or more content items, received for encryption, asynchronously and in a scalable fashion. The content protection server 150 also provides encryption services including algorithms and DRM specific protocols for encrypting content items received by the content protection server 150. The content protection server 150 is also configured to process documents. Specifically, the content protection server 150 is configured to provide logic and algorithms to pre-process or post-process content items that are received by the content protection server 150 before or after encryption.
  • According to at least one example embodiment, the content protection server 150 is computer cloud server. Alternatively, the content protection server 150 is a computer server residing on the same network as the content sharing application 110. According to yet another example embodiment, some modules of the content protection server, e.g., an encryption module for performing encryption, is implemented within the same computer network as the content sharing application 110, while other modules are implemented on a cloud computer server.
  • It should be understood that the example embodiments described above may be implemented in many different ways. In some instances, the various methods and machines described herein may each be implemented by a physical, virtual or hybrid general purpose or application specific computer having a central processor, memory, disk or other mass storage, communication interface(s), input/output (I/O) device(s), and other peripherals. The general purpose or application specific computer is transformed into the machines that execute the methods described above, for example, by loading software instructions into a data processor, and then causing execution of the instructions to carry out the functions described, herein.
  • As is known in the art, such a computer may contain a system bus, where a bus is a set of hardware lines used for data transfer among the components of a computer or processing system. The bus or busses are essentially shared conduit(s) that connect different elements of the computer system, e.g., processor, disk storage, memory, input/output ports, network ports, etc., that enables the transfer of information between the elements. One or more central processor units are attached to the system bus and provide for the execution of computer instructions. Also attached to the system bus are typically I/O device interfaces for connecting various input and output devices, e.g., keyboard, mouse, displays, printers, speakers, etc., to the computer. Network interface(s) allow the computer to connect to various other devices attached to a network. Memory provides volatile storage for computer software instructions and data used to implement an embodiment. Disk or other mass storage provides non-volatile storage for computer software instructions and data used to implement, for example, the various procedures described herein.
  • Embodiments may therefore typically be implemented in hardware, firmware, software, or any combination thereof.
  • In certain embodiments, the procedures, devices, and processes described herein constitute a computer program product, including a computer readable medium, e.g., a removable storage medium such as one or more DVD-ROM's, CD-RAM's, diskettes, tapes, etc., that provides at least a portion of the software instructions for the system. Such a computer program product can be installed by any suitable software installation procedure, as is well known in the art. In another embodiment, at least a portion of the software instructions may also be downloaded over a cable, communication and/or wireless connection.
  • Embodiments may also be implemented as instructions stored on a non-transitory machine-readable medium, which may be read and executed by one or more processors. A non-transient machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine, e.g., a computing device. For example, a non-transient machine-readable medium may include read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; and others.
  • Further, firmware, software, routines, or instructions may be described herein as performing certain actions and/or functions of the data processors. However, it should be appreciated that such descriptions contained herein are merely for convenience and that such actions in fact result from computing devices, processors, controllers, or other devices executing the firmware, software, routines, instructions, etc.
  • It also should be understood that the flow diagrams, block diagrams, and network diagrams may include more or fewer elements, be arranged differently, or be represented differently. But it further should be understood that certain implementations may dictate the block and network diagrams and the number of block and network diagrams illustrating the execution of the embodiments be implemented in a particular way.
  • Accordingly, further embodiments may also be implemented in a variety of computer architectures, physical, virtual, cloud computers, and/or some combination thereof, and, thus, the data processors described herein are intended for purposes of illustration only and not as a limitation of the embodiments.
  • While this invention has been particularly shown and described with references to example embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims (22)

What is claimed is:
1. A method of updating digital rights management (DRM) access rights as applied to a DRM formatted content item, the method comprising:
receiving, by the content protection server from the DRM engine, a request for access rights for the DRM formatted content item when the user device requests access rights from the DRM engine;
retrieving, by a content protection server from a content sharing application, an updated indicator of access rights associated with the content item, wherein the updated access rights indicator is updated from a first access rights indicator when access rights to the content item are modified using the content sharing application;
translating, by one of the content protection server and the content sharing application, the updated indicator of access rights retrieved into a DRM format recognizable by a DRM engine; and used by the DRM engine to allow permission for access by a user device to the DRM formatted content item.
2. The method of claim 1 wherein the user device previously received access rights to the content item through the translation of the first access rights indicator by the DRM engine.
3. The method as recited in claim 1, wherein retrieving the updated indicator of access rights includes: receiving information identifying the content item; requesting, from the corresponding content sharing application, the updated indicator of access rights associated with the content item based on the received information identifying the content item; and receiving the access rights requested.
4. The method as recited in claim 3, further comprising determining the corresponding content sharing application based on information accessible to the content protection server, the accessible information mapping the information identifying the content item to the corresponding content sharing application.
5. The method as recited in claim 1, wherein translating the updated indicator of access rights retrieved into a DRM format recognizable by the DRM engine includes: first translating the updated indicator of access rights retrieved into a format associated with the content protection server; and translating the access rights in the format associated with the content protection server into the DRM format recognizable by the DRM engine.
6. The method as recited in claim 1 further comprising: receiving an instance of user credentials; and authenticating the received instance of user credentials based on stored information indicative of a corresponding authentic user of a user device.
7. The method as recited in claim 1 further comprising: receiving an instance of user credentials; and forwarding the received instance of user credentials to the content sharing application for authentication of a user of a user device.
8. The method as recited in claim 1, wherein the content protection server is a cloud server.
9. The method as recited in claim 1, wherein the content protection server resides in a same network as the content sharing application.
10. The method as recited in claim 1 wherein the DRM formatted content item is encrypted.
11. The method as recited in claim 10, wherein the DRM formatted content item is encrypted by: receiving the content item from the content sharing application; determining an encryption protocol based on a type of the received content item; pre-processing the content item by employing one or more pre-determined logic based on the content item format encrypting the content item based on the determined encryption protocol; and post-processing the content item by employing one or more pre-determined logic based on the content item format.
12. An apparatus for managing access to electronic content, the apparatus comprising: a processor; and a memory with computer code instructions stored thereon, the processor and the memory, with the computer code instructions stored thereon, being configured to: receive from the DRM engine, a request for access rights for the DRM formatted content item when the user device requests access rights from the DRM engine;
retrieve from a content sharing application, an updated indicator of access rights associated with a content item, wherein the updated access rights indicator is updated from a first access rights indicator when access rights to the content item are modified using the content sharing application;
translate the updated indicator of access rights retrieved into a DRM format recognizable by a DRM engine; and used by the DRM engine to a allow permission for access by a user device to the DRM formatted content item.
13. The apparatus of claim 12, wherein the user device previously received access rights to the content item through the translation of the first access rights indicator by the DRM engine.
14. The apparatus as recited in claim 12, wherein in retrieving the updated indicator of access rights, the processor and the memory, with the computer code instructions stored thereon, being further configured to: receive information identifying the content item; request, from the corresponding content sharing application, the updated indicator of access rights associated with the content item based on the received information identifying the content item; and receive the access rights requested.
15. The apparatus as recited in claim 14, wherein in retrieving the updated indicator of access rights, the processor and the memory, with the computer code instructions stored thereon, being further configured to determine the corresponding content sharing application based on information accessible to the content protection server, the accessible information mapping the information identifying the content item to the corresponding content sharing application.
16. The apparatus as recited in claim 12, wherein in translating the updated indicator of access rights into the DRM format recognizable by the DRM engine, the processor and the memory, with the computer code instructions stored thereon, being further configured to: first translate the updated indicator of access rights retrieved into a format associated with the apparatus; and translating the access rights in the format associated with the apparatus into the DRM format recognizable by the DRM engine.
17. The apparatus as recited in claim 12, wherein the apparatus is a cloud server.
18. The apparatus as recited in claim 12, wherein the apparatus resides in a same network as the content sharing application.
19. The apparatus as recited in claim 12, wherein the DRM formatted content item is encrypted.
20. The apparatus as recited in claim 19, wherein the processor and the memory, with the computer code instructions stored thereon, are configured to: receive the content item from the content sharing application; determine an encryption protocol based on a type of the received content item; and encrypt the content item based on the determined encryption protocol.
21. The apparatus as recited in claim 12, wherein the apparatus being coupled to two or more DRM engines.
22. The apparatus as recited in claim 12, wherein the apparatus being able to be coupled with two or more user devices or content sharing applications.
US15/143,408 2013-10-02 2016-04-29 Method and apparatus for managing access to electronic content Abandoned US20160259947A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/143,408 US20160259947A1 (en) 2013-10-02 2016-04-29 Method and apparatus for managing access to electronic content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/044,765 US9356936B2 (en) 2013-10-02 2013-10-02 Method and apparatus for managing access to electronic content
US15/143,408 US20160259947A1 (en) 2013-10-02 2016-04-29 Method and apparatus for managing access to electronic content

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/044,765 Continuation US9356936B2 (en) 2013-10-02 2013-10-02 Method and apparatus for managing access to electronic content

Publications (1)

Publication Number Publication Date
US20160259947A1 true US20160259947A1 (en) 2016-09-08

Family

ID=52741574

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/044,765 Active 2034-04-26 US9356936B2 (en) 2013-10-02 2013-10-02 Method and apparatus for managing access to electronic content
US15/143,408 Abandoned US20160259947A1 (en) 2013-10-02 2016-04-29 Method and apparatus for managing access to electronic content

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/044,765 Active 2034-04-26 US9356936B2 (en) 2013-10-02 2013-10-02 Method and apparatus for managing access to electronic content

Country Status (3)

Country Link
US (2) US9356936B2 (en)
GB (1) GB2534470A (en)
WO (1) WO2015051017A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170004291A1 (en) * 2015-06-30 2017-01-05 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document access authorization method
US10614433B2 (en) 2015-06-30 2020-04-07 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document protection method
US10956732B2 (en) * 2014-11-21 2021-03-23 Guy Le Henaff System and method for detecting the authenticity of products
US11403354B2 (en) 2019-04-16 2022-08-02 International Business Machines Corporation Managing search queries of a search service
US11403356B2 (en) 2019-04-16 2022-08-02 International Business Machines Corporation Personalizing a search of a search service
US11436214B2 (en) * 2019-04-16 2022-09-06 International Business Machines Corporation Preventing search fraud

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9251360B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
US9148417B2 (en) 2012-04-27 2015-09-29 Intralinks, Inc. Computerized method and system for managing amendment voting in a networked secure collaborative exchange environment
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
DE102012211639A1 (en) * 2012-07-04 2014-01-09 Siemens Aktiengesellschaft Cloud computing infrastructure, procedures and application
US9356936B2 (en) 2013-10-02 2016-05-31 Intralinks, Inc. Method and apparatus for managing access to electronic content
WO2015073708A1 (en) 2013-11-14 2015-05-21 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9613190B2 (en) 2014-04-23 2017-04-04 Intralinks, Inc. Systems and methods of secure data exchange
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
US10108809B2 (en) * 2015-10-30 2018-10-23 Airwatch Llc Applying rights management policies to protected files
US10977361B2 (en) * 2017-05-16 2021-04-13 Beyondtrust Software, Inc. Systems and methods for controlling privileged operations
US20200034515A1 (en) * 2018-07-27 2020-01-30 Comcast Cable Communications, Llc Digital rights management interface
US20220309181A1 (en) * 2021-03-25 2022-09-29 Kyndryl, Inc. Unstructured data access control
CN117436065B (en) * 2023-12-20 2024-03-19 中建三局集团有限公司 Unified authorization management method, system and medium for multiple BIM design software

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080250508A1 (en) * 2007-04-06 2008-10-09 General Instrument Corporation System, Device and Method for Interoperability Between Different Digital Rights Management Systems

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2822185C (en) 2009-08-14 2014-04-22 Azuki Systems, Inc. Method and system for unified mobile content protection
US9117055B2 (en) 2010-10-12 2015-08-25 Samsung Electronics Co., Ltd Method and apparatus for downloading DRM module
KR20120102450A (en) 2011-03-08 2012-09-18 삼성전자주식회사 Method and apparatus for managing contents to sharing contents among devices
KR20120122616A (en) 2011-04-29 2012-11-07 삼성전자주식회사 Method and apparatus for providing service
US20120284802A1 (en) 2011-05-02 2012-11-08 Authentec, Inc. Method for playing digital contents protected with a drm (digital right management) scheme and corresponding system
US9356936B2 (en) 2013-10-02 2016-05-31 Intralinks, Inc. Method and apparatus for managing access to electronic content

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080250508A1 (en) * 2007-04-06 2008-10-09 General Instrument Corporation System, Device and Method for Interoperability Between Different Digital Rights Management Systems

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10956732B2 (en) * 2014-11-21 2021-03-23 Guy Le Henaff System and method for detecting the authenticity of products
US11256914B2 (en) 2014-11-21 2022-02-22 Guy Le Henaff System and method for detecting the authenticity of products
US20170004291A1 (en) * 2015-06-30 2017-01-05 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document access authorization method
US9959395B2 (en) * 2015-06-30 2018-05-01 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document access authorization method
US10409965B2 (en) 2015-06-30 2019-09-10 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document access authorization method
US10614433B2 (en) 2015-06-30 2020-04-07 Konica Minolta Laboratory U.S.A., Inc. Hybrid digital rights management system and related document protection method
US11403354B2 (en) 2019-04-16 2022-08-02 International Business Machines Corporation Managing search queries of a search service
US11403356B2 (en) 2019-04-16 2022-08-02 International Business Machines Corporation Personalizing a search of a search service
US11436214B2 (en) * 2019-04-16 2022-09-06 International Business Machines Corporation Preventing search fraud

Also Published As

Publication number Publication date
GB201522630D0 (en) 2016-02-03
WO2015051017A1 (en) 2015-04-09
US20150096053A1 (en) 2015-04-02
US9356936B2 (en) 2016-05-31
GB2534470A (en) 2016-07-27

Similar Documents

Publication Publication Date Title
US9356936B2 (en) Method and apparatus for managing access to electronic content
US10735202B2 (en) Anonymous consent and data sharing on a blockchain
US8505084B2 (en) Data access programming model for occasionally connected applications
US10515227B2 (en) Encrypted collaboration system and method
US11290446B2 (en) Access to data stored in a cloud
US11645369B2 (en) Blockchain digital rights management streaming library
US11595384B2 (en) Digital identity network interface system
EP3537684A1 (en) Apparatus, method, and program for managing data
US10095848B2 (en) System, method and apparatus for securely distributing content
US9615116B2 (en) System, method and apparatus for securely distributing content
KR102125042B1 (en) Node device constituting a block-chain network and an operation method of the node device
US11044079B2 (en) Enhanced key availability for data services
US20140019758A1 (en) System, method and apparatus for securely distributing content
US10546142B2 (en) Systems and methods for zero-knowledge enterprise collaboration
US10049222B1 (en) Establishing application trust levels using taint propagation
CN106575341B (en) Compound document access
US20200125752A1 (en) Method and system for anonymous information rights management to allow tracking of downloaded documents without authentication
US20150269357A1 (en) Method and apparatus for digital rights management that is file type and viewer application agnostic
US10044685B2 (en) Securing enterprise data on mobile devices
US20220092193A1 (en) Encrypted file control
US20220004599A1 (en) Content encryption
TR2023006911T2 (en) ENCRYPTED FILE CONTROL
US9825821B2 (en) System and method for a facet security model
NZ618683B2 (en) Access control to data stored in a cloud

Legal Events

Date Code Title Description
AS Assignment

Owner name: DOCTRACKR, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NEGREA, ALEX;GENTEA, DAN ALEXANDRU;CAZALOT, CLEMENT;AND OTHERS;SIGNING DATES FROM 20131120 TO 20131230;REEL/FRAME:038458/0904

Owner name: INTRALINKS, INC., NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DOCTRACKR, INC.;REEL/FRAME:038459/0081

Effective date: 20140617

AS Assignment

Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW Y

Free format text: SECURITY INTEREST;ASSIGNOR:INTRALINKS, INC., AS GRANTOR;REEL/FRAME:041046/0919

Effective date: 20170119

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:GOIDMAN SACHS BANK USA;REEL/FRAME:044123/0110

Effective date: 20171114

AS Assignment

Owner name: ROYAL BANK OF CANADA, AS COLLATERAL AGENT, CANADA

Free format text: FIRST LIEN SECURITY AGREEMENT;ASSIGNOR:INTRALINKS, INC.;REEL/FRAME:044455/0479

Effective date: 20171114

AS Assignment

Owner name: ROYAL BANK OF CANADA, AS COLLATERAL AGENT, CANADA

Free format text: SECOND LIEN SECURITY AGREEMENT;ASSIGNOR:INTRALINKS, INC.;REEL/FRAME:044477/0445

Effective date: 20171114

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE CONVEYING PARTY NAME PREVIOUSLY RECORDED ON REEL 044123 FRAME 0110. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST;ASSIGNOR:GOLDMAN SACHS BANK USA;REEL/FRAME:044566/0919

Effective date: 20171114

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE OF 1ST LIEN SECURITY INTEREST;ASSIGNOR:ROYAL BANK OF CANADA;REEL/FRAME:047587/0828

Effective date: 20181116

Owner name: INTRALINKS, INC., MASSACHUSETTS

Free format text: RELEASE OF 2ND LIEN SECURITY INTEREST;ASSIGNOR:ROYAL BANK OF CANADA;REEL/FRAME:047587/0836

Effective date: 20181116