Abstract: A method and system for protecting digital objects transmitted over a network. A sender creates a notification specifying an object to be delivered to a recipient as well the object's security policy and any authentication information required to access the object. The notification is sent to an object server which creates an identifier associated with the object and sends an e-mail message with the identifier to the recipient. The recipient may access the object by referencing the identifier. The object server authenticates the request for the object and redirects the request to a security server. The security server protects the object in accordance with the security policy designated by the sender and combines the object with mobile code to enforce the security policy at the recipient's computer. The protected object is sent to the recipient.

Abstract: A method and system for protecting objects stored on network servers are presented. An object server runs computer software that designates which objects are to be protected and the security policy for that object. If the object server receives a request for a protected object, the object server creates an enhanced request containing cryptographically protected data related to the request and to the requested object; this enhanced request is redirected to a security server. The security server authenticates the request, retrieves the requested object from the object server, a file server associated with the security server, or a local cache, encrypts the object, and combines the encrypted object with mobile code, the security policy, and object controls to implement the policy. This package is then sent to the requester, which executes the mobile code, resulting in the installation of the security policy and object controls on the requester computer.

Abstract: A system and method for establishing a log file which may be used to create an audit trail are presented. A security server maintains a log file of actions performed by a requester and the security server which are related to protected objects. Object controls instantiated with the object on the requester device transmit an encrypted descriptor of the action to the security server and may prevent the requester device from taking any action (viewing, editing, printing, etc.) if there is no secure connection to the security server. The security server will record the information received from the requester device, along with other data, to the log file as well as recording a descriptor of any of the security server's actions taken which relate to the protection of objects.

Abstract: A method and system for protecting objects stored on network servers are presented. An object server runs computer software that designates which objects are to be protected and the security policy for that object. If the object server receives a request for a protected object, the object server creates an enhanced request containing encrypted data related to the request and the requested object; this enhanced request is redirected to a security server which authenticates the request, retrieves the requested object, encrypts the object using a one-time encryption key, and combines the encrypted object with mobile code, the security policy, and object controls to implement the policy. This package is then sent to the requester, which executes the mobile code, resulting in the instantiation of the security policy and object controls on the requester computer. The mobile code will execute tests to ensure proper instantiation of the object controls.