Claims
- 1. An agent process for controlling access to digital assets in a data processing environment comprising:
sensing atomic level asset access events, the sensing step located within an operating system kernel within a user client device; aggregating multiple atomic level events to determine a combined event; and asserting an encryption policy if a at least one combined event has occurred that matches a predefined digital asset usage risk policy.
- 2. A process as in claim 1 wherein the step of asserting the encryption policy is implemented in an operating system kernel of the client user device.
- 3. A process as in claim 1 additionally comprising:
encrypting an associated digital asset.
- 4. A process as in claim 1 wherein the combined event is a time sequence of multiple atomic level events.
- 5. A process as in claim 2 that operates independently of application software.
- 6. A process as in claim 1 wherein the sensing, aggregating, and asserting steps operate in real time.
- 7. A process as in claim 1 additionally comprising:
determining a sensitivity of a particular digital asset in the asset access event; and adaptive encryption to the digital asset, optionally depending upon sensitivity of the particular digital asset.
- 8. A process as in claim 1 wherein the combined event specifies an action to be taken with the digital asset.
- 9. A process as in claim 2 additionally comprising:
at the client user device, applying encryption of the encryption policy specified the digital asset to be encrypted.
- 10. A process as in claim 9 additionally comprising:
forwarding the digital asset to a second client use device; and asserting an encryption policy at the second client use device.
- 11. A process as in claim 10 additionally comprising:
applying decryption at the second client user device.
- 12. A process as in claim 9 additionally comprising:
forwarding the digital asset to a second client user device; and not asserting an encryption policy at the second client user device, so that if the encryption policy specifies encryption, the digital asset cannot be read at the second client user device.
RELATED APPLICATION
[0001] This application claims the benefit of U.S. Provisional Application No. 60/442,464 entitled “Method and System for Adaptive Identification and Protection of Proprietary Electronic Information,” filed on Jan. 23, 2003. This application is also related to a co-pending U.S. Patent Application entitled “Managed Distribution of Digital Assets”, Ser. No. 10/706,871 filed Nov. 12, 2003, and is also related to co-pending U.S. Patent Application entitled “Digital Asset Usage Accountability Via Event Journaling” Ser. No. 10/716,336 filed Nov. 18, 2003. The entire teachings of the above-referenced application(s) are hereby incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60442464 |
Jan 2003 |
US |