Abstract: Computer system and method enforces control policies including access and usage policies. A rules-based engine member or assembly is coupled between a rights-management (or similar) system and one or more target applications. The rules-based engine member centralizes data security determinations for the target applications. One or more agents are responsive to the rules-based engine member and target applications, and handle low-level details in interactions between the rules-based engine member and target applications. A generic engine framework serves as a normalizing factor and enables scalability.
Abstract: Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly or indirectly associated with a deleted key. Any number of levels of indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format.
Abstract: In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identification of a respective control policy. Each control policy comprises at least an indication of a subset of the users who may access the data object, an indication of the privileges granted to each subset of users able to access the data object, and an indication of a subset of users who may define or edit the control policy. The invention method and apparatus separate the management of the control policies of data objects from the creation and use of the data objects. The invention method and apparatus automate common policy changes, distribution of policy changes to the enforcement agents, and propagation of control policies to derivative works.
Type:
Grant
Filed:
May 28, 2004
Date of Patent:
September 8, 2009
Assignee:
Liquid Machines, Inc.
Inventors:
Norbert Leser, Fajen Kyne, Robert Morgan, Christopher B. Barclay, Edward J. Gaudet, James Schoonmaker, Arnold S. Epstein, Michael D. Smith
Abstract: A content processor application is loaded into memory from a master image to form a runtime content processor application image. An integration agent dynamically integrates a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality. Only the runtime content processor application image is extended with the protection agent—the application master image remains unaltered.
Abstract: A content processor application is loaded into memory from a master image to form a runtime content processor application image. An integration agent dynamically integrates a protection agent into the loaded runtime content processor application image to form a customized content processor application with extended functionality. Only the runtime content processor application image is extended with the protection agent—the application master image remains unaltered.
Abstract: An application module is rewritten by overwriting executable code at identified authorization points with control transfers to a managed challenge system such that a rewritten application module results. The managed challenge system is constructed to include the overwritten executable code, and performs an authorization check upon acquiring control from an authorization point. The managed challenge system is linked to the rewritten application module.
Abstract: In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identification of a respective control policy. Each control policy comprises at least an indication of a subset of the users who may access the data object, an indication of the privileges granted to each subset of users able to access the data object, and an indication of a subset of users who may define or edit the control policy. The invention method and apparatus separate the management of the control policies of data objects from the creation and use of the data objects. The invention method and apparatus automate common policy changes, distribution of policy changes to the enforcement agents, and propagation of control policies to derivative works.
Type:
Application
Filed:
May 28, 2004
Publication date:
February 3, 2005
Applicant:
Liquid Machines, Inc.
Inventors:
Norbert Leser, Fajen Kyne, Robert Morgan, Christopher Barclay, Edward Gaudet, James Schoonmaker, Arnold Epstein, Michael Smith
Abstract: In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identification of a respective control policy. Each control policy comprises at least an indication of a subset of the users who may access the data object, an indication of the privileges granted to each subset of users able to access the data object, and an indication of a subset of users who may define or edit the control policy. The invention method and apparatus separate the management of the control policies of data objects from the creation and use of the data objects. The invention method and apparatus automate common policy changes, distribution of policy changes to the enforcement agents, and propagation of control policies to derivative works.
Type:
Application
Filed:
June 1, 2004
Publication date:
January 13, 2005
Applicant:
Liquid Machines, Inc.
Inventors:
Norbert Leser, Fajen Kyne, Robert Morgan, Christopher Barclay, Edward Gaudet, James Schoonmaker, Arnold Epstein, Michael Smith
Abstract: An application module is rewritten by overwriting executable code at identified authorization points with control transfers to a managed challenge system such that a rewritten application module results. The managed challenge system is constructed to include the overwritten executable code, and performs an authorization check upon acquiring control from an authorization point. The managed challenge system is linked to the rewritten application module.