摘要:
A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.
摘要:
Disclosed is a method for dynamically applying a rights management policy to a message by allowing an administrator to associate certain rights management policies with certain senders and recipients of messages, with groups of users possessing certain common criteria which define the users and groups of users, with certain attributes of the message, and with certain environmental attributes. Also disclosed is a method for allowing an administrator to automatically update a rights management protected message as it passes through a message transfer agent. The administrator may determine either on a regular interval or an ad-hoc basis that the message transfer agent scan the messages stored to determine whether or not the content has expired. If the content has indeed expired the administrator may take steps to have the expired content deleted entirely, refreshed with more current content, or replaced with a tombstone indicating that the original content has expired.
摘要:
A method is disclosed for rendering content encrypted according to a cryptographic key, where the content has corresponding rights data including a decryption key (KD) for decrypting the encrypted content, and where (KD) in the rights data is encrypted according to a public key of a rights management (RM) server (PU-RM) to result in (PU-RM(KD)). The RM server normally delivers (KD) within a license, but upon being decommissioned can no longer issue such license. In the method, a notification is received that the RM server has been decommissioned, and thereafter an attempt is made to render a piece of content. Such content is determined to be protected to the decommissioned RM server, and a request is sent to the decommissioned RM server for the content key (KD) for the content rather than any license. Thereafter (KD) is received from the decommissioned RM server.
摘要:
The present invention allows for a pre-licensing process for content that is subject to rights management in order to allow a principal access to the content when the principal does not have access to the rights management server. Rather than requiring the principal to submit a rights account certificate and request for a use license to the rights management server, the present invention allows the message server to obtain a use license on behalf of the principal. Accordingly, the principal can access the use license from the message server and decrypt protected content without having to request the use license from the rights management server.
摘要:
A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.
摘要:
A server receives a request and identifies a corresponding task with core and peripheral components. The server performs the core components and collects relevant context data. The server returns a result to the requester based on having performed the core components, and constructs a message including the collected context data and sends same to an asynchronous message collector. An asynchronous message processor takes up and processes the message from the collector to perform the peripheral components. Thus, the message processor performs less-time-sensitive peripheral work independent of the server and allows the server to attend to more-time-sensitive core work.
摘要:
Disclosed is a method for dynamically applying a rights management policy to a message by allowing an administrator to associate certain rights management policies with certain senders and recipients of messages, with groups of users possessing certain common criteria which define the users and groups of users, with certain attributes of the message, and with certain environmental attributes. Also disclosed is a method for allowing an administrator to automatically update a rights management protected message as it passes through a message transfer agent. The administrator may determine either on a regular interval or an ad-hoc basis that the message transfer agent scan the messages stored to determine whether or not the content has expired. If the content has indeed expired the administrator may take steps to have the expired content deleted entirely, refreshed with more current content, or replaced with a tombstone indicating that the original content has expired.
摘要:
The present invention provides the ability to compare and enforce policies between trusted entities within a rights management system. For example, policies between the two entities may be received by either entity. They may then be compared to determine the compatibility of the two policies. If compatible, or maybe even without the comparison, other embodiments provide for message server use license, which allows access to the protected portion of a message, thereby permitting an entity to enforce its message policies.
摘要:
The present invention provides the ability to compare and enforce policies between trusted entities within a rights management system. For example, policies between the two entities may be received by either entity. They may then be compared to determine the compatibility of the two policies. If compatible, or maybe even without the comparison, other embodiments provide for message server use license, which allows access to the protected portion of a message, thereby permitting an entity to enforce its message policies.