WO2002041554B1 - Dynamic file access control and management - Google Patents

Dynamic file access control and management

Info

Publication number
WO2002041554B1
WO2002041554B1 PCT/US2001/043289 US0143289W WO0241554B1 WO 2002041554 B1 WO2002041554 B1 WO 2002041554B1 US 0143289 W US0143289 W US 0143289W WO 0241554 B1 WO0241554 B1 WO 0241554B1
Authority
WO
WIPO (PCT)
Prior art keywords
file
content
user
client
files
Prior art date
Application number
PCT/US2001/043289
Other languages
French (fr)
Other versions
WO2002041554A2 (en
WO2002041554A3 (en
WO2002041554A9 (en
Inventor
Todd D Graham
Jonathan C Hudson
Original Assignee
Aereous Inc
Todd D Graham
Jonathan C Hudson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aereous Inc, Todd D Graham, Jonathan C Hudson filed Critical Aereous Inc
Priority to AU2002239274A priority Critical patent/AU2002239274A1/en
Publication of WO2002041554A2 publication Critical patent/WO2002041554A2/en
Publication of WO2002041554A3 publication Critical patent/WO2002041554A3/en
Publication of WO2002041554B1 publication Critical patent/WO2002041554B1/en
Publication of WO2002041554A9 publication Critical patent/WO2002041554A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/25Flow control; Congestion control with rate being modified by the source upon detecting a change of network conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A dynamic file access control and management system and method in accordance with the present invention may be a proxy file management system that includes one or more file system proxy servers (110) that provide selective access and usage management to files available from one or more file systems (160) or sources. The present invention may embody a secure transport protocol that tunnels distributed file systems, application independent usage controls connected to files on end-user computers, dynamically merging secondary content to a requested file, and applying bandwidth management to any of the foregoing. Embodied in the various implementations of the present invention is enhanced file security. Preferably, the proxy file management system is transparent to an end-user. A dynamic content management system may also be included that selectively adds content to requested files.

Claims

AMENDED CLAIMS
[received by the International Bureau on 19 July 2002 (19.07.02); original claims 10-17 amended, new claims 18-24 added; remaining claims unchanged (5 pages)] 1. A system for providing content to a user having made a request for the content by way of a client computer, the system comprising: A. an intermediate server that receives the request for the content from the client computer, the intermediate server including: 1) a content component that interfaces with at least one content server to obtain the content in unmodified from the at least one content server; 2) a rules component that provides at least one rule with respect to usage of the content, the at least one rule being provided by an owner of the content; and 3) a wrap component that combines the at least one rule with the content to thereby provide a wrapped file to be output to the client computer; and B. the client computer including: 1) an operation system extension that detects the wrapped file being opened by the user and that allows the user to utilize the received content in the wrapped file in accordance with the at least one rule.
2. The system according to claim 1, wherein the at least one rule includes a maximum number of times that the content may be opened.
3. The system according to claim 1, wherein the at least one rule includes whether or not the content may be transferred to another computer.
4. The system according to claim 1, further comprising: C. a related information component that obtains information on the user and that provides additional content choices to be included with the wrapped file that are related to the content requested by the user or the information on the user.
5. The system according to claim 1, wherein the at least one rule includes whether or not the content may be transferred to another computer.
6. A method of providing content to a user having made a request for the content by way of a client computer, the method comprising:
67 AMENDED SHEET {ARTICLE 19) 3 A. receiving, by an intermediate server, the request for the content sent from the
4 client computer;
5 B. obtaining, by the intermediate server, the content from a content server;
6 C. determining, by the intermediate server, at least one rule to be included with the
7 content in a wrapped file to be sent to the client computer, the at least one rule
8 being based on the content and the at least one rule being stored in a memory at
9 the intermediate server;
10 D. combining, by the intermediate server, the rules with the content to thereby
11 provide the wrapped file;
12 E. outputting, by the intermediate server, the wrapped file to the client computer;
13 receiving the wrapped file at the client computer and storing the wrapped file;
14 detecting, by the client computer, an attempt to open the wrapped file by the user;
15 separating, by the client computer, the at least one rule and the content and storing
16 the at least one rule and the content; and
17 F. allowing the user to utilize the content subject to the at least one rule.
1 7. The method according to claim 6, wherein the at least one rule includes a maximum
2 number of times that the content maybe opened.
1 8. A method for changing from a first transmission rate to a second transmission in
2 transmitting information from a source to a destination, comprising:
3 A. transmitting a first file at a first data rate from the source to the destination;
4 B. detecting a change in available bandwidth for the destination;
5 C. buffering data from a second file that is identical in data content to the first file,
6 wherein the data is being buffered at a second data rate different from the first
7 data rate;
8 D. determining when in time data from the second file can be provided to the
9 destination instead of data from the first file so as to provide a substantially i o seamless transmission of data to the destination, the determining being done in li accordance with a forward-looking algorithm;
12 E. determining an exact location in the second file at which to start sending data to
13 the destination, in accordance with at least a frame rate for a video file or a
14 sampling rate for an audio file; and
68
AMENDED SHEET (ARTICLE 19} 5 F. providing data to the client from the buffered data of the second file, starting at 6 the exact location in the second file determined in the Part E.
1 9. A dynamic file access control and management system configured to access one or more
2 content sources including a set of files, said system comprising:
3 A a proxy system linked to said one or more content sources, said proxy system
4 comprising an access control module configured to selectively obtain a file from
5 said content sources as a function of an authorization of a user requesting said file
6 and a set of access policies;
7 B. a rights management module configured to generate a set of usage rights
8 associated with said file as a function of a set of predefined usage policies
9 associated with said file for said user; 0 C. at least one client device having a client module configured to interface to a client i operating system, said client module configured to selectively inhibit operating 2 system functions with respect to said file as a function of said usage rights; and 3 D. one or more communication means, via which said file and said usage rights are 4 provided to said client device.
1 10. The system according to claim 9, wherein said file and said usage rights are provided to
2 said client device via different communication means.
l 11. The system according to claim 9, wherein said files are static files.
l 12. The system according to claim 9, wherein said files are dynamic files.
1 13. The system according to claim 9, wherein said communication means includes a secure
2 transform configured to encrypt and encapsulate said file into a message as a function of a
3 session ID and said client is configured to extract said file from said message.
1 14. The system according to claim 9, wherein said proxy system further includes a user
2 interface, configured to facilitate creation and editing of said access policies and said usage
3 policies and association of said access policies and said usage policies with said files.
69 i 15. The system as in claim 9, wherein said client device is a device from a group comprising:
2 1) a personal computer;
3 2) a workstation;
4 3) a personal digital assistant;
5 4) an e-mail device;
6 5) a cellular telephone;
7 6) a Web enabled appliance; and
8 7) a server.
1 16. The system of claim 9, wherein said proxy system and at least one of said content sources
2 are hosted on the same computing device.
1 17. A method of dynamic file access control and management comprising:
2 A. to each of a set of files accessible from a set of content sources by a proxy system,
3 correlating one or more user and/or client device identifications and defining a set
4 of usage policies, wherein for a given file usage policies relate to selectively
5 enabling or disabling operations associated with said file;
6 B. by said proxy system, generating a set of usage rights associated with a target file
7 as a function of a set of usage policies associated with said target file and a user or
8 client device identification;
9 C. communicating said target file and said usage rights to a client device associated 0 with said identification; and i D. using a client module at said client device and configured to interface to a client 2 operating system, selectively inhibiting operating system functions with respect to 3 said target file as a function of said usage rights.
1 18. The method of claim 11, wherein in step C, said communicating is accomplished by
2 communicating said target file and said usage rights to said client device via different
3 communication means.
l 19. The method of claim 17, wherein said set of files include static files.
l
20. The method of claim 17, wherein said set of files include dynamic files.
70 D D SHEET ARTICLE 11
21. The method of claim 17, wherein said communicating is accomplished using a communication means that includes a secure transform, including encrypting and encapsulating said target file into a message as a function of a session ID and said client device is configured to extract said target file from said message.
22. The method of claim 17, wherein said proxy system further includes a user interface and step A include creating and/or editing said access policies and said usage policies and associating said access policies and said usage policies with said set of files using said user interface.
23. The method of claim 17, wherein said client device is a device from a group comprising: 1) a personal computer; 2) a workstation; 3) a personal digital assistant; 4) an e-mail device; 5) a cellular telephone; 6) a Web enabled appliance; and 7) a server. '
24. The method of claim 17, further comprising hosting said proxy system and at least one content source on the same computing device.
71 A ICLE 8
PCT/US2001/043289 2000-11-20 2001-11-20 Dynamic file access control and management WO2002041554A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002239274A AU2002239274A1 (en) 2000-11-20 2001-11-20 Dynamic file access control and management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US71747400A 2000-11-20 2000-11-20
US09/717,474 2000-11-20

Publications (4)

Publication Number Publication Date
WO2002041554A2 WO2002041554A2 (en) 2002-05-23
WO2002041554A3 WO2002041554A3 (en) 2002-08-29
WO2002041554B1 true WO2002041554B1 (en) 2003-03-20
WO2002041554A9 WO2002041554A9 (en) 2003-05-30

Family

ID=24882168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/043289 WO2002041554A2 (en) 2000-11-20 2001-11-20 Dynamic file access control and management

Country Status (2)

Country Link
AU (1) AU2002239274A1 (en)
WO (1) WO2002041554A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040162900A1 (en) * 2002-12-17 2004-08-19 Tim Bucher Distributed content management system
US9118617B1 (en) * 2005-12-23 2015-08-25 Emc Corporation Methods and apparatus for adapting the protection level for protected content
US7991427B2 (en) * 2006-09-13 2011-08-02 Mformation Technologies, Inc. System and method to provide application management on wireless data terminals by means of device management agent and dynamic link libraries

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
JP3403298B2 (en) * 1996-10-25 2003-05-06 シャープ株式会社 Arithmetic processing unit and microprocessor
US5920861A (en) * 1997-02-25 1999-07-06 Intertrust Technologies Corp. Techniques for defining using and manipulating rights management data structures
US6199104B1 (en) * 1997-04-28 2001-03-06 Sabre Inc. Server-based host monitor

Also Published As

Publication number Publication date
WO2002041554A2 (en) 2002-05-23
WO2002041554A3 (en) 2002-08-29
AU2002239274A1 (en) 2002-05-27
WO2002041554A9 (en) 2003-05-30

Similar Documents

Publication Publication Date Title
EP1461720B1 (en) Dynamic file access control and management
US11675922B2 (en) Secure storage of and access to files through a web application
US7752272B2 (en) System and method for filter content pushed to client device
US6732277B1 (en) Method and apparatus for dynamically accessing security credentials and related information
JP2018160919A (en) Data security using request-supplied keys
US9992015B2 (en) Method and apparatus for providing a scalable service platform using a network cache
KR101085650B1 (en) Protected media path and refusal response enabler
CN1522516A (en) Secure header information for multi-content e-mail
US20160248734A1 (en) Multi-Wrapped Virtual Private Network
AU1924600A (en) Public key cryptosystem with roaming user capability
EP1680727A2 (en) Distributed document version control
EP1331752B1 (en) Module for personalizing content according to instruction contained in a voucher for mobile devices.
US20120278611A1 (en) Vpn-based method and system for mobile communication terminal to access data securely
CN113347206A (en) Network access method and device
WO2002043317A1 (en) Method and system for object encryption using transparent key management
US10097519B2 (en) Process and system for selectable data transmission
CN104348870A (en) Data management method and system of cloud storage system based on trusted timestamp
US9240978B2 (en) Communication system having message encryption
EP1480410B1 (en) System and method for dynamically enabling components to implement data transfer security mechanisms
US7051201B2 (en) Securing cached data in enterprise environments
Diaz-Sanchez et al. A privacy aware media gateway for connecting private multimedia clouds to limited devices
US20090157823A1 (en) Apparatus and method for facilitating secure email services using multiple protocols
WO2002041554B1 (en) Dynamic file access control and management
JP4000183B1 (en) File encryption management system and method for implementing the system
EP2700255B1 (en) Access control

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims
COP Corrected version of pamphlet

Free format text: PAGES 1/23-23/23, DRAWINGS, REPLACED BY NEW PAGES 1/23-23/23; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
122 Ep: pct application non-entry in european phase
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP