USRE45047E1 - Media device access control mechanism - Google Patents
Media device access control mechanism Download PDFInfo
- Publication number
- USRE45047E1 USRE45047E1 US13/935,447 US201313935447A USRE45047E US RE45047 E1 USRE45047 E1 US RE45047E1 US 201313935447 A US201313935447 A US 201313935447A US RE45047 E USRE45047 E US RE45047E
- Authority
- US
- United States
- Prior art keywords
- data
- storage device
- recipient
- media storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 230000007246 mechanism Effects 0.000 title abstract description 11
- 238000003860 storage Methods 0.000 claims abstract description 171
- 238000000034 method Methods 0.000 claims abstract description 53
- 238000012384 transportation and delivery Methods 0.000 claims description 57
- 238000012986 modification Methods 0.000 claims description 20
- 230000004048 modification Effects 0.000 claims description 20
- 230000002123 temporal effect Effects 0.000 claims description 13
- 230000004044 response Effects 0.000 abstract description 4
- 238000012550 audit Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 229920001690 polydopamine Polymers 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
Definitions
- the present invention relates to a method and system for controlling access to media devices and is particularly, but not exclusively, suitable for controlling access to media storage devices such as an optical discs, laptops, PDAs, mobile phones, and other such devices, for which assembly of data on and/or parts of a device is specified by one party for receipt by another party.
- media storage devices such as an optical discs, laptops, PDAs, mobile phones, and other such devices, for which assembly of data on and/or parts of a device is specified by one party for receipt by another party.
- Businesses are becoming increasingly focussed in deriving value from information, that is to say, meaning that has been extracted from data.
- businesses are increasingly becoming distributed, geographically, which means that there is a need to transfer data and/or information between different companies (or between operating units of a given company), and thus between sites that are physically distinct from the source of the data.
- Transfer of data can occur via several different channels, such as electronically (e.g. via the file transfer protocols, via email or other messaging mechanism), or by copying data onto a storage media and transporting the storage media to the site associated with the recipient. Whilst these channels provide a convenient way of transferring information between parties, they also introduce problems, mainly relating to security and data loss. For example, in the case of transportation of the storage media, there are issues associated with the reliability of the transportation service, both in terms of delivery (will the media reach the recipient?), security (will the media have been tampered with prior to reaching the recipient?), and related thereto, data loss (will the content of the media have been modified or deleted?).
- a method and system according to the appended claims More specifically, there is provided a method of controlling access to a media storage device, the media storage device storing a plurality of media objects, the method comprising:
- the list of recipients can updated on the basis of data received from a user identification system after the media storage device has been dispatched.
- This method conveniently provides a means for controlling access to the media storage device by means of changing the authorized recipients in response to, e.g. employees leaving or changing jobs, in which case their access to the storage device should be disallowed. More specifically, a media storage device has been delivered, access to the device is provided on the basis of the updated recipient list: recipients request authentication for access to the data on the media storage device, and only if the recipient is one listed in the second data (updated or original) will access to the media items be allowed.
- Embodiments are particularly well suited to arrangements in which the media storage device is physically transported between different geographical locations, since changes to recipients are more likely to occur within the timescales associated with transportation. However, embodiments are also well suited to arrangements in which a given media storage device becomes misplaced or lost, in an office, in which case it may be desirable to block access to the data on the device.
- the method provides a particularly convenient mechanism for safeguarding against loss of a media storage device, e.g. those for which the delivery mechanism is regular mail, and in the cases in which the device goes missing.
- the user identification system can be coupled with a corporation associated with recipients of the issued media storage device; accordingly in the event that internal changes within the corporation necessitate changes to recipients of the issued device, the user identification system can transmit the necessary instructions so as to trigger a change to the second data, and thus recipients that can access a given issued media storage device.
- the instructions comprise cancellation instructions for cancelling the delivery session identifier for the issued media storage device; when the instructions are received, the second data are modified so as to prohibit access to the issued media storage device.
- the instructions comprise one or more temporal values for use in controlling temporal access to the issued media storage device. The temporal values can be associated with one or more said recipients, and the second data are updated so as to allow access to the issued media device by the affected recipients for a specified period.
- the instructions comprise instructions to modify at least one recipient by way of addition or replacement to a recipient previously listed in the second data.
- the delivery session identifier can be embodied as a link between data structures managed by the user identification system and the second data, for example as a combination of a unique identifier corresponding to the issued media storage device and recipients of the issued device, so that any updates to recipients of an issued media storage device can be made to the set of second data corresponding to a specific issued media storage device.
- a distributed access control system for controlling access to a media storage device.
- the system preferably comprises distributed server and database components, which interoperate so as to provide the afore-mentioned functionality.
- software for execution on the distributed components which, when run, provide the afore-mentioned functionality.
- FIG. 1 is a schematic diagram showing an overview of an environment in which embodiments of the invention operate
- FIG. 2 is a schematic diagram showing an arrangement of the server system of FIG. 1 ;
- FIG. 3 is a schematic diagram showing an arrangement of the database system of FIG. 1 in conjunction with the server system shown in FIG. 2 ;
- FIG. 4 is a schematic diagram showing an exemplary record in the database system of FIG. 3 according to an embodiment of the invention.
- FIG. 5 is a schematic diagram showing an arrangement of a terminal system of FIG. 1 ;
- FIG. 6 is a schematic diagram showing an alternative arrangement of the server system of FIG. 2 .
- embodiments of the invention are concerned with a method and system for controlling access to a media storage device which has been custom built to store a plurality of multimedia objects.
- a detailed description of the infrastructure, components and methods required to effect the access control will be described in detail below, but first an overview of an environment in which embodiments of the invention can operate will be described with reference to FIGS. 1 and 2 .
- FIG. 1 shows a server S 1 operatively connected to a database system DB 1 , this being arranged to hold data indicative of a set of objects that has been written to a given media storage device such as an optical disc.
- a given media storage device such as an optical disc.
- various audit reports that relate to the set of objects can be held in the database system DB 1 , specifically file system database 303 , together with the identities of intended recipients of the media and individuals authorized to create the media storage device.
- the optical disc is created under control of a client terminal T 1 (three exemplary terminals are shown in the Figure); the terminal T 1 is accordingly equipped with bespoke software arranged to enable a user to select and specify objects to be stored on the media, to control writing of the specified objects to the media and to enable the user to specify recipients of the media. Further details of the client software are provided below, with reference to FIG. 5 .
- the server S 1 can conveniently be embodied as a web server, and accordingly comprises standard web server and application server 221 , 223 components, together with conventional operating system and storage components (system bus connecting the central processing unit (CPU) 205 , hard disk 203 , random access memory (RAM) 201 , I/O and network adaptors 207 facilitating connection to user input/output devices interconnection with other devices on the network N 1 ).
- the Random Access Memory (RAM) 201 contains operating system software 231 which control, in a known manner, low-level operation of the server S 1 .
- the server RAM 201 also contains the application server software 223 and the web server software 221 , and an access software component 211 , which comprises an authentication engine 225 and a message routing component 227 .
- the access software component 211 facilitates communication between any given client T 1 , T 2 , T 3 and the various parts of the database system DB 1 .
- the client T 1 and server S 1 communicate via Simple Object Access Protocol (SOAP) formatted messages, and these are processed and security checked by the access software component 211 , then dispatched to the appropriate sub system of the database system DB 1 for further auctioning, as will be described in more detail below.
- SOAP Simple Object Access Protocol
- the database DB 1 comprises a creator database 301 , which holds data relating to all client terminals T 1 , T 2 , T 3 and/or users thereof, which are entitled to create media using a system according to embodiments of the invention.
- the authentication engine 225 in response to communications received from any given terminal T 1 , T 2 , T 3 , the authentication engine 225 is arranged to communicate with the creator database 301 in order to verify, or otherwise, the identity of the client terminal and/or user/creator from which communications are received.
- the user/creator is assigned a ticket which is valid for the duration of the session between the terminal T 1 and the server S 1 and accompanies each successive communication associated with the session. This conveniently avoids the need for the access component 211 to authenticate the user/creator at every interaction (which is costly in CPU terms), and instead requires the component 211 to simply verify the ticket.
- the message routing component 227 is arranged to route communications received from the terminal T 1 on the basis of the content of the communication and prestored rules which map type of request to a sub system of the database system DB 1 .
- the sub systems cooperate with various software components, collectively labelled as part 307 in the Figure, so as to process the data in the request and store data in, or retrieve from, a particular store of the database system DB 1 .
- the user/creator can specify a set of objects to be written to an optical disc connected locally to the terminal T 1 ; this step can be accompanied by the sending of data to the server S 1 so as to maintain a log of events associated with the objects, their subsequent assignment to a tangible media storage device and recipients authorized to access the media storage device.
- the identities of the objects are stored as a structure and the structure is transmitted to the server S 1 in a data message.
- the message routing component 227 is arranged to determine the content of the message and route the message accordingly: in this case the message is routed to a sub database 305 and the structure is stored in association with the session ticket and the user/creator identity (these having been identified by a software component residing in part 307 ).
- the message routing component 227 is arranged to retrieve data indicative of the previously defined structure from the sub database 305 for display to the user/creator at the terminal T 1 and enable the user/creator to modify, by way of addition or deletion, to the set of objects prior to the burning of the objects to a media storage device.
- an audit log is created at the terminal T 1 and this audit log, together with the updated or otherwise data structure, are transmitted to the server.
- the message routing component 227 is arranged to route the data structure content of the message to the sub database 305 for storage of the content therein, again in association with the session ticket and the user/creator identity, while the content of the audit log is transmitted to the sub database 303 .
- the audit log record in sub database 303 is linked to the entry in sub database 305 via an audit log ID to as to enable the corresponding audit logs to be retrieved for any given session ID.
- the recipients in relation to recipients of a media storage device to which the selected objects have been written, can be specified (and/or amended) before and/or at the time of creation of the media storage device, and/or after creation of the media storage device, and/or after dispatch of the media storage device to a specified recipient.
- the user/creator can retrieve, from one of the database sub systems associated with the database system DB 1 , a list of identities of recipients in respect of whom the user/creator is entitled to send media storage devices, and select from the list.
- any given user/creator may only be entitled to create media storage devices for individuals holding certain positions within certain corporations requesting the device.
- This may be specified via media creation rights, which, as is known in the art, may be configured according to a hierarchical structure defining access rights in accordance with a given creating user/creator's position within the hierarchy; these data are stored in the user/creator database 301 .
- the structure of a given corporation Z can be used to define access to media objects.
- FIG. 4 shows an exemplary record R 1 in the sub database 305 according to an embodiment of the invention, the record R 1 having been populated after a media storage device has been created for a given recipient: as can be seen, the identity of the user/creator is stored, together with the structure defining the media objects selected by the user/creator and the identity of the media storage device containing these selected objects.
- the recipient identity is also appended to the record R 1 , this preferably being linked by means of a link L 1 to an entry of recipients stored in the sub database 305 via their position within the corporation Z with which the recipient is associated.
- the entry in Record R 1 will automatically change.
- the record R 1 additionally keeps a record of the access attempts in respect of a given media storage device, so as to track the access history for a given media storage device.
- the record R 1 stores a date on which the media storage device was issued and a time to live (TTL) parameter, which can be specified by the user/creator and serves to specify a period of time for which the media objects stored on the media storage device are considered to be valid. If the recipient attempts to read the media storage device after the TTL period has expired, these attempts will be rejected owing to the fact that the creator considers its content to be out of date.
- FIG. 4 shows one set of data for one structure of media objects, it will be appreciated that there may be many such sets of data for a given set of objects (one per storage device and recipient).
- a delivery session identifier 41 that uniquely relates an issued media storage device to (a) recipient(s); that is to say, in the event that an individual has a particular position in corporation Z at the time of media creation that entitles the employee to receive a media storage device, and that individual subsequently changes position, this update to the company structure will be mirrored in the database 305 .
- recipient ML is employed at administrator level 2 and is selected by the user/creator as a recipient of the media storage device, this recipient will be linked to the record R 1 .
- ML will be unable to access the data on the media storage device when the device is delivered to her. Consequently, when the media storage device is delivered to employee ML, any attempts by ML to access the device will be refused.
- this already-dispatched device can instead be accessed by KJ.
- the record R 1 in the database 305 is marked as having no valid recipients; as a result the already dispatched media storage device is simply unreadable.
- a new record is created in the database system for employee KJ, while a new device, with a commensurate new identifier, is burnt for delivery to employee KJ and the new record is updated accordingly.
- each record maintains a log of attempted access attempts. This provides a means of tracking attempts by unauthorized recipients and/or failed authorization attempts on the part of an authorized recipient, whether that be access attempts after expiry of the TTL period or incorrectly entered recipient identifier and password details.
- FIG. 5 shows components of an exemplary terminal T 1 , configured to enable a user/creator to select media objects to be written to a particular media storage device and to select recipients of the media storage device.
- the terminal T 1 comprises standard operating system and storage components (system bus connecting the central processing unit (CPU) 505 , hard disk 503 , random access memory (RAM) 201 , I/O and network adaptors 507 facilitating connection to user input/output devices interconnection with other devices on the network N 1 ).
- the Random Access Memory (RAM) 501 contains operating system software 531 which control, in a known manner, low-level operation of the terminal T 1 .
- the terminal RAM 501 also contains a media creating component 511 , which comprises a communications module 523 for controlling communications with the server S 1 , a media definition engine 525 , for enabling the user/creator to select media objects, and a media creation engine 527 , which cooperates with the media writing device 541 so as to create a media storage device according to the selected media objects.
- a media creating component 511 which comprises a communications module 523 for controlling communications with the server S 1 , a media definition engine 525 , for enabling the user/creator to select media objects, and a media creation engine 527 , which cooperates with the media writing device 541 so as to create a media storage device according to the selected media objects.
- the media creating component 511 can be embodied as a self-contained executable software component, which can be retrieved from the server S 1 or from a tangible media, and run on the terminal T 1 under control of the operating system 531 in a conventional manner.
- the communications module 523 is configured to pass authentication data to the server so as to enable the user/creator to access from, and request the storage of data within, the database DB 1 in the manner described above.
- the media definition engine 525 is arranged to enable the user/creator to select individual media objects and to create a structure identifying these objects, this structure being stored in the database DB 1 as described above. In many cases the media objects may be selected from disparate sources, such as a USB storage device, a private network (i.e.
- the audit data transmitted from the terminal T 1 to the server S 1 at the point of creation of the media storage device accordingly include a disc map, which would allow an administrator to make sense of the audit information stored in the database system DB 1 .
- the step of specifying media objects occurs prior to, and can be decoupled from, the steps of specifying recipients and creating a media storage device.
- This enables the user/creator to change the selection of objects—for example according to changing requirements from corporation Z—without the need to re-write data onto the media storage device.
- the user/creator can retrieve a previously specified structure of media objects from the server S 1 and amend the specification of objects, resulting in definition of an amended structure, which is subsequently transmitted to the server S 1 for storage in the database system DB 1 ; this process can be repeated as many times as is necessary prior to finalizing the set of objects and creation of the media storage device.
- the recipients for any given media storage device can be modified by the user/creator independently of the media creation and specification of objects. It is to be understood that these changes to the recipients can be made independently from changes that are made to the company structure of corporation Z, which automatically take effect by virtue of the link L 1 shown in FIG. 4 .
- the authentication engine 225 is provided by a standalone authentication service, which communicates with the server S 1 via the message routing component 227 and various components of the database system DB 1 in the manner described above.
- the second configuration includes a further server 601 , which is embodied as a web server and comprises a web application enabling user/creators and corporations (i.e. associated with recipients) to create, update, and delete user/creators, media and access policies. This has the advantage of enabling these types of entries in the database DB 1 to be managed from any browser-enabled terminal.
- the user/creator data stored in sub database system 301 can be stored in the Active Directory Application mode (ADAM), which is available via the WindowsTM 2003 R2 Web Edition.
- ADAM Active Directory Application mode
- the audit information can be stored in sub database 303 embodied as a file system database arranged to enable searches to be performed in a reasonable amount of time; the file system 303 can be indexed by Lucene.NETTM and have a searchable interface.
- the media creation data can be stored in sub database 305 , embodied as a MicrosoftTM SQL database. As described above, this sub database 305 can also be configured to store the recipient data, in response to internal employee information received from corporations
- recipients could be specified and input to the server system S 1 according to the following exemplary, non-exhaustive mechanisms:
- embodiments relate to the writing of media objects to a media storage device such as an optical disc
- devices such as laptops, PDAs, mobile phones, and other such devices, for which assembly of data on and/or parts of a device is specified by one party for receipt by another party.
- embodiments of the invention could be applied to data that are distributed via an electronic medium, such as via email or file transfer, rather than being dispatched by means of a physical carrier.
- embodiments of the invention could apply to an individual media object, or a collection of media objects rather than to a device holding the object(s).
- access is described in relation to a given media storage device, access can be enabled or disabled in relation to individual media objects written to the storage device on the basis of identities of respective media objects, as defined in the object structure stored in sub database 305 .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
-
- Mass import of recipients from a CSV file or some other data interchange format.
- Defined by users via one of the terminals T1, T2, T3 as “request for communication channel for data exchange”.
Claims (47)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/935,447 USRE45047E1 (en) | 2008-04-09 | 2013-07-03 | Media device access control mechanism |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0806429A GB2450197B (en) | 2008-04-09 | 2008-04-09 | Media device access control mechanism |
GB0806429.7 | 2008-04-09 | ||
US12/353,390 US7975311B2 (en) | 2008-04-09 | 2009-01-14 | Media device access control mechanism |
US13/935,447 USRE45047E1 (en) | 2008-04-09 | 2013-07-03 | Media device access control mechanism |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/353,390 Reissue US7975311B2 (en) | 2008-04-09 | 2009-01-14 | Media device access control mechanism |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE45047E1 true USRE45047E1 (en) | 2014-07-22 |
Family
ID=39433346
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/353,390 Ceased US7975311B2 (en) | 2008-04-09 | 2009-01-14 | Media device access control mechanism |
US13/935,445 Active 2029-01-24 USRE45046E1 (en) | 2008-04-09 | 2013-07-03 | Media device access control mechanism |
US13/935,447 Active 2029-01-24 USRE45047E1 (en) | 2008-04-09 | 2013-07-03 | Media device access control mechanism |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/353,390 Ceased US7975311B2 (en) | 2008-04-09 | 2009-01-14 | Media device access control mechanism |
US13/935,445 Active 2029-01-24 USRE45046E1 (en) | 2008-04-09 | 2013-07-03 | Media device access control mechanism |
Country Status (2)
Country | Link |
---|---|
US (3) | US7975311B2 (en) |
GB (1) | GB2450197B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7673135B2 (en) | 2005-12-08 | 2010-03-02 | Microsoft Corporation | Request authentication token |
US8332952B2 (en) * | 2009-05-22 | 2012-12-11 | Microsoft Corporation | Time window based canary solutions for browser security |
US9191405B2 (en) * | 2012-01-30 | 2015-11-17 | Microsoft Technology Licensing, Llc | Dynamic cross-site request forgery protection in a web-based client application |
US20150350352A1 (en) * | 2014-05-30 | 2015-12-03 | Jonathan J. Valliere | System and Method for Implementing Device Identification Addresses to Resist Tracking |
US10754968B2 (en) * | 2016-06-10 | 2020-08-25 | Digital 14 Llc | Peer-to-peer security protocol apparatus, computer program, and method |
US10462152B2 (en) * | 2016-11-15 | 2019-10-29 | Microsoft Technology Licensing, Llc | Systems and methods for managing credentials used to authenticate access in data processing systems |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6185684B1 (en) | 1998-08-28 | 2001-02-06 | Adobe Systems, Inc. | Secured document access control using recipient lists |
EP1085444A2 (en) | 1999-09-20 | 2001-03-21 | Microsoft Corporation | Thread based e-mail |
EP1170910A2 (en) | 2000-07-06 | 2002-01-09 | Fujitsu Limited | Method and device for managing mail addresses |
US20050066009A1 (en) | 2003-09-18 | 2005-03-24 | International Business Machines Corporation | System, apparatus and method of rescinding previously transmitted e-mail messages |
US20050114896A1 (en) | 2003-11-21 | 2005-05-26 | Hug Joshua D. | Digital rights management for content rendering on playback devices |
US6952697B1 (en) | 2002-06-21 | 2005-10-04 | Trust Licensing, Llc | Media validation system |
US20060218643A1 (en) | 2005-03-24 | 2006-09-28 | Xerox Corporation | Systems and methods for manipulating rights management data |
WO2007078502A2 (en) | 2005-12-29 | 2007-07-12 | Pitney Bowes Inc. | Changing the contents of physical mail |
-
2008
- 2008-04-09 GB GB0806429A patent/GB2450197B/en active Active
-
2009
- 2009-01-14 US US12/353,390 patent/US7975311B2/en not_active Ceased
-
2013
- 2013-07-03 US US13/935,445 patent/USRE45046E1/en active Active
- 2013-07-03 US US13/935,447 patent/USRE45047E1/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6185684B1 (en) | 1998-08-28 | 2001-02-06 | Adobe Systems, Inc. | Secured document access control using recipient lists |
EP1085444A2 (en) | 1999-09-20 | 2001-03-21 | Microsoft Corporation | Thread based e-mail |
EP1170910A2 (en) | 2000-07-06 | 2002-01-09 | Fujitsu Limited | Method and device for managing mail addresses |
US6952697B1 (en) | 2002-06-21 | 2005-10-04 | Trust Licensing, Llc | Media validation system |
US20050066009A1 (en) | 2003-09-18 | 2005-03-24 | International Business Machines Corporation | System, apparatus and method of rescinding previously transmitted e-mail messages |
US20050114896A1 (en) | 2003-11-21 | 2005-05-26 | Hug Joshua D. | Digital rights management for content rendering on playback devices |
US20060218643A1 (en) | 2005-03-24 | 2006-09-28 | Xerox Corporation | Systems and methods for manipulating rights management data |
WO2007078502A2 (en) | 2005-12-29 | 2007-07-12 | Pitney Bowes Inc. | Changing the contents of physical mail |
Non-Patent Citations (3)
Title |
---|
GB Search Report, Application No. GB0806429.7, Jul. 21, 2008. |
International Search Report, Application No. PCT/EP2009/054268, Sep. 15, 2009. |
United Kingdom Search Report dated Jul. 22, 2008 for UK Application No. GB0806429.7. |
Also Published As
Publication number | Publication date |
---|---|
GB2450197A (en) | 2008-12-17 |
USRE45046E1 (en) | 2014-07-22 |
US7975311B2 (en) | 2011-07-05 |
GB2450197A8 (en) | 2009-02-18 |
GB2450197B (en) | 2009-07-08 |
GB0806429D0 (en) | 2008-05-14 |
US20090259512A1 (en) | 2009-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE46916E1 (en) | System and method for secure management of mobile user access to enterprise network resources | |
US8798579B2 (en) | System and method for secure management of mobile user access to network resources | |
USRE45047E1 (en) | Media device access control mechanism | |
US9569596B2 (en) | Secure workflow and data management facility | |
JP5420710B2 (en) | Method for updating data in accordance with a rights management policy | |
EP2404258B1 (en) | Access control using identifiers in links | |
US8245273B2 (en) | Sharing referenced content through collaborative business applications | |
US20070150299A1 (en) | Method, system, and apparatus for the management of the electronic files | |
US20060031351A1 (en) | Enforcing compliance policies in a messaging system | |
US8600912B2 (en) | Electronic business postal system | |
CN108629160A (en) | Document file management system and processing equipment | |
Alawneh et al. | Defining and analyzing insiders and their threats in organizations | |
US20010011354A1 (en) | Information provision control system, information provision control method and recording medium thereof | |
CN114679473A (en) | Financial account management system and method based on distributed digital identity | |
US20200327245A1 (en) | Secure data broker | |
US20170200170A1 (en) | Method for storing, delivering, and displaying documentation and credentials related to intrastate and interstate commerce | |
WO2009124986A1 (en) | Media Device Access Control Mechanism | |
US20200413252A1 (en) | Address retrieval systems and methods | |
US8718236B1 (en) | Systems and methods for secure on-line repositories | |
KR20060017129A (en) | Framework preventing unauthorized use of documents | |
EP2689377A1 (en) | System and method for user access management | |
US20240020679A1 (en) | Data assurance solution using verifiable credentials and blockchain | |
US11134047B2 (en) | System and method of communication between email plugins | |
KR100737646B1 (en) | Method and System for sharing for Email Address Box | |
Box40238 | ELECTRONIC MAIL |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: EGRESS SOFTWARE TECHNOLOGIES IP LIMITED, UNITED KI Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EGRESS SOFTWARE TECHNOLOGIES LIMITED;REEL/FRAME:049260/0667 Effective date: 20190319 Owner name: EGRESS SOFTWARE TECHNOLOGIES IP LIMITED, UNITED KINGDOM Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EGRESS SOFTWARE TECHNOLOGIES LIMITED;REEL/FRAME:049260/0667 Effective date: 20190319 |
|
AS | Assignment |
Owner name: CANADIAN IMPERIAL BANK OF COMMERCE, CANADA Free format text: SECURITY INTEREST;ASSIGNOR:EGRESS SOFTWARE TECHNOLOGIES IP LIMITED;REEL/FRAME:056483/0472 Effective date: 20210602 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |
|
AS | Assignment |
Owner name: EGRESS SOFTWARE TECHNOLOGIES IP LIMITED, UNITED KINGDOM Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CANADIAN IMPERIAL BANK OF COMMERCE;REEL/FRAME:067893/0232 Effective date: 20240629 |