Dynamic evaluation of access rights

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the area of protecting data in an enterprise environment, and more particularly, relates to processes, systems, methods and software products for evaluating access rights to a protected system or secured digital assets.

2. Description of Related Art

The Internet is the fastest growing telecommunications medium in history. This growth and the easy access it affords have significantly enhanced the opportunity to use advanced information technology for both the public and private sectors. It provides unprecedented opportunities for interaction and data sharing among businesses and individuals. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. The Internet is a widely open, public and international network of interconnected computers and electronic devices. Without proper security means, an unauthorized person or machine may intercept any information traveling across the Internet and even get access to proprietary information stored in computers that interconnect to the Internet, but are otherwise generally inaccessible by the public.

There are many efforts in progress aimed at protecting proprietary information traveling across the Internet and controlling access to computers carrying the proprietary information. Cryptography allows people to carry over the confidence found in the physical world to the electronic world, thus allowing people to do business electronically without worries of deceit and deception. Every day hundreds of thousands of people interact electronically, whether it is through e-mail, e-commerce (business conducted over the Internet), ATM machines, or cellular phones. The perpetual increase of information transmitted electronically has lead to an increased reliance on cryptography.

One of the ongoing efforts in protecting the proprietary information traveling across the Internet is to use one or more cryptographic techniques to secure a private communication session between two communicating computers on the Internet. The cryptographic techniques provide a way to transmit information across an insecure communication channel without disclosing the contents of the information to anyone eavesdropping on the communication channel. Using an encryption process in a cryptographic technique, one party can protect the contents of the data in transit from access by an unauthorized third party, yet the intended party can read the data using a corresponding decryption process.

A firewall is another security measure that protects the resources of a private network from users of other networks. However, it has been reported that many unauthorized accesses to proprietary information occur from the inside, as opposed to from the outside. An example of someone gaining unauthorized access from the inside is when restricted or proprietary information is accessed by someone within an organization who is not supposed to do so. Due to the open nature of the Internet, contractual information, customer data, executive communications, product specifications, and a host of other confidential and proprietary intellectual property remains available and vulnerable to improper access and usage by unauthorized users within or outside a supposedly protected perimeter.

A governmental report from General Accounting Office (GAO) details “significant and pervasive computer security weaknesses at seven organizations within the U.S. Department of Commerce, the widespread computer security weaknesses throughout the organizations have seriously jeopardized the integrity of some of the agency's most sensitive systems.”Further it states: “Using readily available software and common techniques, we demonstrated the ability to penetrate sensitive Commerce systems from both inside Commerce and remotely, such as through the Internet,” and “Individuals, both within and outside Commerce, could gain unauthorized access to these systems and read, copy, modify, and delete sensitive economic, financial, personnel, and confidential business data . . . ” The report further concludes “[i]ntruders could disrupt the operations of systems that are critical to the mission of the department.”

In fact, many businesses and organizations have been looking for effective ways to protect their proprietary information. Typically, businesses and organizations have deployed firewalls, Virtual Private Networks (VPNs), and Intrusion Detection Systems (IDS) to provide protection. Unfortunately, these various security means have been proven insufficient to reliably protect proprietary information residing on private networks. For example, depending on passwords to access sensitive documents from within often causes security breaches when the password of a few characters long is leaked or detected. Therefore, there is a need to provide more effective ways to secure and protect digital assets at all times.

SUMMARY OF INVENTION

This section is for the purpose of summarizing some aspects of the present invention and to briefly introduce some preferred embodiments. Simplifications or omissions may be made to avoid obscuring the purpose of the section. Such simplifications or omissions are not intended to limit the scope of the present invention.

The present invention is related to a process, a system, a method and a software product for evaluating access rights to a protected system or secured electronic data or digital assets. In one aspect of the present invention, a protected system employs one or more levels of access policy. When a user attempts to access the system, the access policy is dynamically evaluated against the user's access privilege. Unless the evaluation is successful, the user would not be permitted to access the system. In another aspect of the present invention, the digital assets are in a form that only those with granted access rights can access. To grant or deny access rights to a user attempting to access a secured file, an access right evaluation process is carried out among all applicable policies including those embedded in the secured file. In a preferred embodiment, the access right evaluation process is invoked only when a file being accessed is detected secured. Further, the access right evaluation process is configured to operate transparently to the user.

Rules exist as part of a policy to guard a protected system or secured electronic data. According to one embodiment of the present invention, all applicable system rules as well as access rules embedded in a secure file are individually evaluated in the access right evaluation process. If there is a single logic failure from the evaluation of each of items in the system rules as well as the access rules, an access right to the secured file is denied. On the other hand, if each of the items in the system rules as well as the access rules is respectively evaluated and all produce a logic pass, an access right to the secured file is granted.

Depending on implementation and application, the present invention may be employed in a client machine and/or a server machine. Typically, if a user's access right to a secured file is locally determined in a client machine, the present invention may be implemented as an executable module configured to operate in an operating system running in the client machine. If a user's access right to a secured file is remotely determined in a server machine, the present invention may be implemented as an executable module configured to operate in the server machine. Alternatively, the access right evaluation process may be implemented in a distributed manner, namely, one part of the access right evaluation process is carried out in one computing device for one policy and another part of the access right evaluation process is carried out in another computing device for another policy. The evaluation results are subsequently and logically combined in a computing device to determine if a user is ultimately permitted to access a protected system or a secured file. Typically, the user is associated with the computing device from which the user can access the protected system or the secured file, if granted the access.

One of the objects in the present invention is to provide a dynamic access rights evaluation mechanism that can protect a system or secured digital assets at all times.

Other objects, features, and advantages of the present invention will become apparent upon examining the following detailed description of an embodiment thereof, taken in conjunction with the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features, aspects, and advantages of the present invention will become better understood with regard to the following description, appended claims, and accompanying drawings where:

FIG. 1A shows an illustration diagram of securing a created document according to one exemplary secured file form used in the present invention;

FIG. 1B illustrates an exemplary structure of a secured document including a header and an encrypted data portion;

FIG. 1C illustrates another exemplary structure of a secured document including a header and an encrypted portion, wherein the header permits four different entities to access the secured document;

FIG. 1D illustrates another exemplary structure of a secured document including a header and an encrypted portion, wherein the header further includes a user block and a rules block;

FIG. 1E shows an exemplary header corresponding to that of the secured document structure in FIG. 1D, wherein the header includes a number of segments, some are encrypted as the security information for the secured document structure.

FIG. 2 shows an exemplary implementation of how the access right test may be carried out, in particular, a client module includes an access test or evaluation module representing an executable version of the present invention and is configured to interact with and operate within an operating system to ensure that a document is made secured and a secured document can be accessed only by an authorized user;

FIG. 3 shows a flowchart of process of accessing a secured document according to one embodiment of the present invention and may be understood in conjunction with FIG. 2; and

FIG. 4 shows a flowchart of process of carrying out the access evaluation test according to one embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention pertains to a process, a system, a method and a software product for evaluating access rights to a protected system or secured electronic data or digital assets. As used herein, an access right or access rights are a permit, or a right to proceed forward. For example, a user may seek an access right to enter a protected system (e.g., a device, a database, a directory) or to request an act on a secured item (e.g., to print a file or delete a folder). In one aspect of the present invention, a protected system employs one or more levels of access policy. When a user attempts to access the system, the access policy is dynamically evaluated against the user's access privilege. Unless the evaluation is successful, the user would not be permitted to access the system. In another aspect of the present invention, the digital assets are in a form that only those with granted access rights can access. To grant or deny access rights to a user attempting to access a secured file, an access right evaluation process is carried out among all applicable policies including those embedded in the secured file. In a preferred embodiment, the access right evaluation process is invoked only when a file being accessed is detected to be in a secured format. Further, the access right evaluation process is configured preferably to operate transparently to the user. The present invention may be advantageously used in a system in which electronic data is secured and can be restrictively accessed by those who are authenticated and have the access privilege.

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will become obvious to those skilled in the art that the present invention may be practiced without these specific details. The description and representation herein are the common means used by those experienced or skilled in the art to most effectively convey the substance of their work to others skilled in the art. In other instances, well-known methods, procedures, components, and circuitry have not been described in detail to avoid unnecessarily obscuring aspects of the present invention.

Reference herein to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Further, the order of blocks in process flowcharts or diagrams representing one or more embodiments of the invention do not inherently indicate any particular order nor imply any limitations in the invention.

Embodiments of the present invention are discussed herein with reference to FIGS. 1A-4. However, those skilled in the art will readily appreciate that the detailed description given herein with respect to these figures is for explanatory purposes as the invention extends beyond these limited embodiments.

Generally, content created by a creator for the purpose of an entity is an intellectual property belonging to the creator or the entity. In an enterprise, any kind of information or intellectual property can be content, though it is commonly referred to as “information” instead of “content”. In either case, content or information is independent of its format, it may be in a printout or an electronic document. As used herein, content or information exists in a type of electronic data that is also referred to as a digital asset. A representation of the electronic data may include, but not be limited to, various types of documents, multimedia files, streaming data, dynamic or static data, executable code, images and texts.

To prevent contents in electronic data from unauthorized access, the electronic data is typically stored in a form that is as close to impossible as possible to read without a priori knowledge. Its purpose is to ensure privacy by keeping the content hidden from anyone for whom it is not intended, even those who have access to the electronic data. Example of a priori knowledge may include, but not be limited to, a password, a secret phrase, biometric information or one or more keys.

Relying upon a priori knowledge to guard a system or a secured file is not always secure. For example, when a password or a secret phrase is leaked to or hacked by an intruder, the security of a system or a secured file can be breached. To provide pervasive security to protected systems or secured files, it is desirable to employ at least one level of access rules that measure against a user's access privilege. Together with one or more levels of system rules, preferably imposed implicitly, protected systems or secured files can be secured at all times.

FIG. 1A shows an illustration diagram of securing a created document 100 according to one exemplary secured file form used in the present invention. One of the purposes is to ensure that the contents in the document 100 can be only accessed by an authorized user. As used herein, the user may mean a human user, a software agent, a group of users, a device and/or application(s). Besides a human user who needs to access a secured document, a software application or agent sometimes needs to access the secured document in order to proceed forward. Accordingly, unless specifically stated, the “user” as used herein does not necessarily pertain to a human being.

After the document 100 is created with an application or authoring tool (e.g., Microsoft WORD), upon an activation of a “Save,” “Save As” or “Close” command or automatic saving invoked by an operating system, the application itself, or an application that is previously registered with the server, the created document 100 is caused to undergo a securing process 101. The securing process 101 starts with an encryption process 102, namely the document 100 that has been created or is being written into a store is encrypted by a cipher with a file key. In other words, the encrypted document could not be opened without the file key (i.e., a cipher key). For the purpose of controlling the access to the document, the file key or keys may be the same or different keys for encryption and decryption and are preferably included in the security information contained in or pointed to by the header and, once obtained, can be used to decrypt the encrypted document.

A set of access rules 104 for the document 100 is received and associated with a header 106. In general, the access rules 104 determine or regulate who and/or how the document 100, once secured, can be accessed. In some cases, the access rules 104 also determine or regulate when or where the document 100 can be accessed. Typically, a header is a file structure, small in size and includes, or perhaps links to, security information about a resultant secured document. Depending on an exact implementation, the security information can be entirely included in a header or pointed to by a pointer that is included in the header. According to one embodiment, the access rules 104, as part of the security information, is included in the header 106. The security information further includes the file key and, in some cases, an off-line access permit (e.g. in the access rules) should such access be requested by an authorized user. The security information is then encrypted by a cipher with a user key associated with an authorized user to produce encrypted security information 110. The encrypted header 106, if no other information is added thereto, is attached to the encrypted document 112 to generate a secured document 108.

It is understood that a cipher may be implemented based on one of many encryption/decryption schemes. Examples of such schemes may include, but not be limited to, Data Encryption Standard algorithm (DES), Blowfish block cipher and Twofish cipher. Therefore, the operations of the present invention are not limited to a choice of those commonly-used encryption/decryption schemes. Any encryption/decryption scheme that is effective and reliable may be used. Hence, the details of encryption/decryption schemes are not further discussed herein so as to avoid obscuring aspects of the present invention.

In essence, the secured document 108 includes two parts, the document itself and the corresponding security information therefor, both are in encrypted form. To access the document, one needs to obtain the file key that is used to encrypt the document and is now included in the encrypted security information. To obtain the file key, one needs to be authenticated to get a user or group key and pass an access test in which the access rules in the security information are measured against the user's access privilege (i.e. access rights).

FIG. 1B illustrates an exemplary structure of a secured document 120 including a header 122 and an encrypted data portion 124 in accordance with the secured document 108 in FIG. 1A. The header 122 includes a security information block 126 having encrypted security information that essentially controls the access to the encrypted data portion or document 124. In a certain implementation, the header 122 includes a flag 227 (e.g., a predetermined set of data) to indicate that the document 120 is secured. The security information block 126 includes one or more user IDs 128, access rules 129, at least one file key 130 and other information 131. The user IDs 128 maintain a list of authorized users who may be measured against by the access rules 129 before the file key 130 can be retrieved. The access rules 129 determine at least who and how the encrypted document 124 can be accessed. Depending on an implementation, the other information 131 may be used to include other information facilitating a secure access to the encrypted document 124, the example may include version numbers or author identifier.

To ensure that the key is not to be retrieved or accessed by anyone, the key itself is guarded by the access rights and rules. If a user requesting the document has the proper access rights that can be granted by the access rules, the key will be retrieved to proceed with the decryption of the encrypted document.

To ensure that the security information or the header (if no flag is implemented) is not readily revealed, the header itself is encrypted with a cipher. Depending on an exact implementation, the cipher for the header may or may not be identical to the one used for the document. The key (referred to as a user key) to decrypt the encrypted header can, for example, be stored in a local store of a client machine or in a server machine and activated only when the user associated with it is authenticated. As a result, only an authorized and authenticated user can access the secured document.

FIG. 1C illustrates an exemplary structure of a secured document 136 including a header 138 and an encrypted portion 139. The header 138 permits four different 140-143 entities to access the secured document 136. The four different entities 140-143 include two individual users and two group users, wherein the group users mean that everyone in a group could access the document with the same privileges. The two individual users have two different access privileges. User A can only read the document while user D can edit and read the document. While everyone in Group B can read and edit the document, everyone in Group C can only print the document. Each entity has a corresponding ID to be associated with the corresponding users and its own access rules. According to one embodiment, the header 138 in the secured document 136 is partitioned into corresponding four sub-headers 140-143, each designated to one user or group and keeping a file key therein and encrypted with a separate user key. In other words, when User A is requesting the secured document 136, only the header 140 designated to User A is decrypted with a user key (e.g., key A) belonging to the user A and authenticated with the user, the rest of the sub-headers 141-143 remain encrypted. In any case, once one of the sub-headers 141-143 is decrypted, the secured document can be decrypted with a key (e.g., file key) retrieved from the decrypted sub-header.

FIG. 1D illustrates another exemplary structure of a secured document 150 including a header 152 and an encrypted portion 154. The header 152 further includes a user block 156 and a rules block 158. The user block 156 includes a clear portion and an encrypted portion 160. The clear portion includes user/group ID(s) and block version number(s). The encrypted portion 160 is encrypted with a user key according to a cipher. If there are N number of distinctive groups/users with possible different access privileges, there will be N such encrypted portions, each encrypted with a corresponding user key. The encrypted portion 160 includes, among other things, the file key that, once retrieved, can be used to decrypt the encrypted data portion 154. In addition, the encrypted portion 160 includes the cipher information to facilitate the encryption/decryption of the encrypted portion 154.

The rules block 158 can be encrypted individually or with the encrypted document 154 using the file key that is eventually stored in the user block 156. One of the advantages of using the file key instead of the individual user key to encrypt the rules block 158 is to provide a mechanism for all authorized users/groups to view who has what access rules and rights. According to one embodiment, a random number or a result from an initialization process (e.g. a vector) may be added in the beginning of the rules block 158 to prevent an attack against the rules block 158.

FIG. 1E shows an exemplary header 166 corresponding to that of the secured document structure in FIG. 1D. The header 166 includes a number of segments. In addition to those segments in clear mode, segments 167-169 are encrypted. Specifically, the secured file is configured to be accessed by two groups: marketing and engineering. All users in the two groups are supposed to be able to access the file with an authenticated user key. According to one embodiment, the segment 167 is encrypted with a user key specifically designated to marketing users, while the segment 168 is encrypted with a user key specifically designated to engineering. However, both of the segments 167 and 168 could be respectively encrypted with a single user key. In any event, the encrypted segments in the header 166 include a file key 170 in addition to corresponding cipher information about the cipher being used.

The rules block (i.e., a segment) 169 includes two sets 171 and 172 of access rules (details on rules not shown), one for each of the two user groups. The rules block 169 is encrypted with a key, such as the file key 170 or some other key depending on what cipher is used. According to one embodiment, one of the encrypted segments in the user blocks 167 and 168 shall be decrypted 169 with an authenticated user key to retrieve the file key 170. Before the file key 170 is applied to the decryption of the encrypted data portion, the rules block 169 is decrypted with the file key 170. The access rules are then measured against the access privilege of the user. If the user is not permitted to access the secured document, the file key 170 will not be applied to the decryption of the encrypted data portion. If the user is permitted to access the secured document, the file key 170 will then be applied to the decryption of the encrypted data portion.

Depending on implementation and application, a rule set (e.g. the block 171 or 172) may be described in many ways and in binary data or texts. According to one embodiment, a rule set is expressed in a descriptive language such as a markup language (e.g., XML as shown in FIG. 1E). The following shows an exemplary simplified rule:

<ruleStatement ruleId=“rule_001” >

<comment>This rule just demonstrates the structure of an

XACML rule</comment>

<target>

<subjects>

... specify a set of users, e.g. members of Marketing

</subjects>

<resources>

... specify a set of resources, e.g. *.doc files

</resources>

<actions>

... specify what to do if this rule passes, e.g. allow access

</actions>

</target>

<effect>permitIf</effect>

<condition>

<and>

... nested boolean expressions

</and>

</condition>

</ruleStatement>

There are certain parameters that control the outcome of the evaluation of the rule set:

Target: The target of a rule specifies sets of subjects, resources and actions to which this rule applies by giving values for attributes of the subject, resource and action. For a rule to apply, the attribute values given in the target subject, target resource, and target action must all match the attributes given directly or indirectly in the request. The target has subject, resource and action components. A target must match the request in all three components to be applicable.
Subject: in one embodiment, the subject is a list of users or groups of users or memberships. An authorized or validated user must be a member of at least one of these groups for the rule to apply with respect to the subject.
Resource: one attribute type in the resource is a resource type, e.g., names.doc.
Action: according to one embodiment, a list of actions may include:
- Access—right to access the contents of the encrypted file.
- GrantAccess—right to grant Access to other groups and the right to grant GrantAccess
- Protect—“right” to protect the specific file
- Offline—“right” to keep keys to work while offline
- Effect—meaning of passing the condition on this rule, at least three types of effects:
  - permitIf: at least one rule of this type must pass.
  - permitOnlyIf: all of these rules must be true.
  - denylf: any rule of this type being true causes the request to be denied.
Condition: This is a boolean expression using operators such as AND, OR, NOT with some additional predicates listed below.
- DocumentSuffix (<extension>):
  - TRUE if the document type matches the <extension>
  - Extension is a three letter suffix to the document following a period.
- ServerAccessible (<list of URL's>):
  - TRUE if one of the URL's on the list is accessible
- DocumentClearance (<clearance>):
  - TRUE if the document clearance level matches <clearance>
  - Clearance must be one of classified, Classified, secret, Secret, TopSecret or topsecret
- TimeOfDayInRange (start, stop):
  - TRUE if the current time of day is between start and stop,
  - Start and stop are given in terms of a 24 hour clock in the form hh:mm:ss
- DayOfWeekRestriction (<list of allowed days in week>):
  - TRUE if the day of the week is in the list.
  - Days are given by their names in English or by integers in the range 1 to 7, 1 indicating Monday.
- DayOfMonthRestriction (<list of allowed days in month>):
  - TRUE if the day in the month is in the list.
  - Day in the month is given by an integer in the range 1 to 31.
- MonthRestriction (<list of months>):
  - TRUE if the month is in the list
  - Months are given by their names in English or by integers in the range 1 to 12, 1 indicating January.
- MemberOfGroup (<group>):
  - True if the user is a member of the specified group

In an alternative implementation, the file key necessary to decrypt the document may be encrypted alone and kept in a separate block in the header. The file key becomes retrievable when one of the sub-headers (no longer keeping the file key) is decrypted. In still another alternative implementation, one or more flags or messages may be included in the security information of a secured document, the flags or messages indicate how secure the secured document can be. For example, a secured document can be classified as a normal, confidential, secret or a top-secret document, requiring different level of access. Accordingly, multiple-levels of encryption on the file key and/or access rules may be employed to ensure that only an authorized user or users are permitted to access the secured document.

It should be noted that FIGS. 1B, 1C, 1D and 1E are only exemplary structures of a secured document employing access rules. One of the features in the present invention is an evaluation mechanism (i.e. an access test) that dynamically evaluates system rules and the access rules in a secured item against the access privilege (i.e. rights) associated with a user requesting the secured item. With the description herein, those skilled in the art will understand that the technique can be equally applied to other implementations of secured items (e.g. various types of documents, multimedia files, streaming data, dynamic or static data, executable code, images and texts).

FIG. 2 shows an exemplary implementation 200 of how the access right test may be carried out. A client module 202 includes an access test or evaluation module representing an executable version of the present invention and is configured to interact with and operate within an operating system 204 (e.g., WINDOWS 2000/NT/XP) to ensure that a document is made secured and a secured document can be accessed only by an authorized user. One of the features of the client module 202 is that the operations thereof are transparent to the user. In other words, the user is not made aware of the operations of the client module 202 when accessing a secured document.

An application 206 (e.g. a registered application, such as Microsoft Word) operates over operating system (OS) 204 and may be activated to access a document stored in a store 208. The store 208 may be a local storage place (e.g., hard disk) or remotely located (e.g., another device). Depending on the security nature (secured vs. non-secured) of the document being accessed, the client module 202 may activate an access test module 209 and a cipher module 210. According to one embodiment, the client module 202 is analogous in many ways to a device driver that essentially converts more general input/output instructions of an operating system to messages that a device/module being supported can understand. Depending on the OS in which the present invention is implemented, DSM may be implemented as a VxD (virtual device driver), a kernel or other applicable format. The access test module 209 and the cipher module 310 are included in or controlled by the client module 202 and can be activated for operations when a secured document is involved.

In operation, a user selects a document that is associated with an application 206 (e.g., MS WORD, PowerPoint, or printing). The application 206 acts on the document and calls an API (e.g., createFile, a Common Dialog File Open Dialog with Win32 API in MS Windows) to access the installable file system (IFS) manger 212. If it is detected that an “Open” request is made from the application 206, the request is passed to an appropriate file system driver (FSD) 214 to access the requested document. When it is detected that the requested document is secured, the access test module 209 and the cipher module 210 are activated and an authenticated user (private) key is retrieved. It is assumed that the authenticated user key is from a local store. The encrypted security information in the header of the requested secure document is decrypted with the user key. Now the access rules in the secured document are available, the access test module 209 starts a rules measurement to determine if the user is permitted to access the selected secured document, assuming applicable system rules, if there are any, have been measured successfully. If the measurement is successful, that means the user is permitted to access the secured document, a file key is retrieved from the security information and the cipher module 210 proceeds to decrypt the encrypted document in the client module 202. The clear contents are then returned to the application 206 through the IFS manager 212. For example, if the application 206 is an authoring tool, the clear contents are displayed. If the application 206 is a printing tool, the clear contents are sent to a designated printer.

In another embodiment, an operating system (OS) access, known as the ProcesslD property, can be used to activate an application (as an argument to the AppActivate method). The parameter ProcesslD identifies the application and an event handler thereof takes necessary parameters to continue the OS access to the Installable File System (IFS) Manager 212 that is responsible for arbitrating access to different file system components. In particular, the IFS Manager 312 acts as an entry point to perform various operations such as opening, closing, reading, writing files and etc. With one or more flags or parameters passed along, the access activates the client module 202. If the document being accessed by the application is regular (non-secured), the document will be fetched from one of the File System Driver (FSD) (e.g., FSD 214) and passed through the client module 202 and subsequently loaded into the application through the IFS Manager 212. On the other hand, if the document being accessed by the application is secured, the client module 202 activates the access test module 209 and the cipher module 210 and proceeds to obtain an authenticated user key to retrieve the access rules therein. Pending the outcome from the access test module 209, a file key may be retrieved to decrypt the encrypted data portion of the secured document by the cipher in the cipher module 210. As a result, the data portion or the document in clear mode will be loaded into the application through the IFS Manager 212.

In a system that facilitates restricted access to a protected system or secured items (i.e. digital data or assets), one or more levels of access rules may be employed, all shall be evaluated logically, mutually and, perhaps, jointly. Unless all access rules are evaluated to produce a logic pass or “true”, a protected system or a secured item would not be permitted to be accessed. Examples of the access rule sets include, but may not be limited to, one or more system access rule sets governing a user's access privilege, an access rules sets retrieved from a secured item. To facilitate the description of the access test module 209, an access rule set may be expressed in a tabular form as follows:

Type
Right
Resource
Principal
Condition
Action

According to one embodiment, the tabular form includes 6 types of items or parts, a rule type, a right set, a resource expression, a principal expression, a condition expression and an action. In general, each of the rule items in a rule or rule set shall be evaluated so that the rule is considered to have been evaluated. The rule type defines how the rules shall be treated in the overall evaluation. In this embodiment, the rule type includes Authorization, and Restriction. Among all rule sets, at least one Authorization type must be true to grant an access right. All applicable Restriction types must be true to grant the access right. According to one embodiment, a system rule set may be classified as Regular and Super. A system rule set being Regular means that the rule set is to be evaluated together with other system rules, if there are any. Likewise, a system rule set being Super means that the rule set is to be evaluated without considering Regular system rules. In other words, a Super rule or rule set is an override mechanism used to force either a grant or a denial of the access right regardless of the other Regular rule(s). Typically, a Super rule is used by a system administrator to grant a special access right to a user who otherwise would not get in a normal setting.

The right set indicates which rights are associated with this rule. It is a set of rights, multiple rights can be controlled with the same rule. The resource expression defines a set of documents on which the rules operate. The criteria for the documents include, but not limited to, type, creator and modifier. The principal expression defines a set of users to which the rule is applicable. The criteria for users may include a single user or a group membership. The condition expression validates global information such as: current date/time, login data/time, last authentication data/time, machine, network connection state, and possibly site-based variables. The action field is used to determine an execution of a certain activity when this rule returns true. It is typically used for rules involving changes in access rights but is generalized to allow future expansion.

For example, a document rule block in a secured document contains rules (i.e. implicit policies). In one case, these rules simply authorize an associated group for a decrypt right. Depending on implementation, the rule set could be more complex or include different rule types:

Type
Right
Resource
Principal
Condition
Action

Authorize
Decrypt
THIS
THIS
true

In particular, there are implicit arguments to the rules applicable to THIS (self) because of the tight coupling to a document and group.

To better understand the system level policies, it is assumed that the access (via document rule) has been granted in the following examples. A rule set that indicates that all .doc files are encrypted may be written as:

Ac-

Type
Right
Resource
Principal
Condition
tion

Author-
En-
Type.(DOC)
memberOf(Everyone)
true

ize
crypt

In this example, the encrypt right is authorized if the document type is .DOC and the user is a member of Everyone. It shall be noted that the “Encrypt” right is really treated as an enforcement of the encryption system. Any time the encrypt right is asserted, the system will encrypt the file.

To extend the above example to include .xls files, one possible way to create the resource expression is as follows:

Ac-

Type
Right
Resource
Principal
Condition
tion

Author-
En-
Type.(doc)
memberOf(Everyone)

ize
crypt
| Type(.xls)

Alternately this can be separated into two rules:

Ac-

Type
Right
Resource
Principal
Condition
tion

Author-
En-
Type.(doc)
memberOf(Everyone)

ize
crypt

Author-
En-
Type(.xls)
memberOf(Everyone)

ize
crypt

It should be noted that, in this form, only one of the rules can be optionally selected for evaluation because of the matching resource type (.doc or .xls).

A rule that can be only applied to documents created after a certain date could be written as:

Type
Right
Resource
Principal
Condition
Action

Authorize
Encrypt
Type(.doc)
memberOf(Marketing)
createDate >

date(1,9,2002)

It shall be noted that this rule only applies when the user is a member of the marketing group.

In general, the condition portion of the rule is useful for evaluating a global context in which the rule is being evaluated, for example whether the user is connected to the network or not:

Ac-

Type
Right
Resource
Principal
Condition
tion

Restric-
Decrypt
Type(any)
memberOf(Everyone)
connected

tion

This rule may prevent any document from being decrypted by anyone when a client machine is not connected to a specific network. Likewise, a policy that would allow only the Marketing group to work offline may be expressed something like:

Ac-

Type
Right
Resource
Principal
Condition
tion

Author-
Decrypt
Type(any)
memberOf(Everyone)
connected

ize

Author-
Decrypt
Type(any)
memberOf(Marketing)
!connected

ize

Essentially, it authorizes Everyone access while connected to a network in the first rule, and then it allows the Marketing group access when the condition is not connected. To limit the duration of how long someone could work offline, the condition could be extended to include a time limit from the lastLogin Date/Time, e.g. !connected & duration (lastLogin, now)<5 days

In addition, a series of functions can be provided for manipulations of time/date data types, duration (date, date), month (date), day (date), year (date), hour (date), minute (date), before (date, date), after (date, date).

As described above, the Action field in the rule is used to execute a procedure when a rule is involved in an evaluation that generates a positive (true) result. This field is targeted to be used in folder rules to allow the rule to grant access:

Type
Right
Resource
Principal
Condition
Action

Authorize
Assign
THIS
memberOf(Everyone)

Grant(Marketing)

folder

The “Assign” right is used by the client module to determine if assignments (e.g. rights changes) are to be done when this rule passes.

Rules exist as part of a policy to guard a protected system or secured electronic data. There may be many policies in use across a system at different levels. It is generally understood to those skilled in the art that various levels of rules may be employed and jointly evaluated to determine whether an access right to a selected secured item is granted or denied. Examples of the various levels of rules may include one or more system rule sets at a server machine and/or a client machine, a special (Super) rule set imposed by a system operator and the rule set associated with or embedded in a secured file.

To facilitate the description of the rule evaluation process, referring now to FIG. 3, there is shown a flowchart of process 300 of accessing a secured document according to one embodiment of the present invention and may be understood in conjunction with FIG. 2. At 302, an application is launched with a document being specified, for example, WINWORD.EXE is activated to open a file named xyz.doc. As explained above, a handler from the OS identifies the application and enters the OS wherein the IFS manger is called upon at 304. The IFS manger activates a client module at 306 and at the same time, the IFS manger passes the handler to receive at 308 the selected document from a store. As the selected document passes through the client module, the selected document is “intercepted” and determined whether it is secured or non-secured at 310. If the client module determines that the selected document is not secured, the process 300 goes to 320, namely, the selected document is allowed to pass through the client module and be loaded into the application from the IFS manger.

Now if it is determined at 310 that the selected document is secured, the process 300 goes to 312 wherein the header or security information therein is decrypted with an authenticated user key associated with the user attempting to access the selected document (it is assumed that the user has already been authenticated). At 314, the access rules in the decrypted security information are retrieved. At 316, an access measurement or evaluation is triggered to determine if the user has the access right to access the selected document given the access rules from the document. If the evaluation fails, which means that the user is not permitted to access this particular document, a notification or alert message may be generated by the client module to be displayed to the user at 317. Alternatively, the application itself can display an alerting message when it fails to open the selected document. If the evaluation passes successfully, which means that the user is permitted to access this particular document, a file key is retrieved from the security information at 318 and used to decrypt the encrypted data portion in the selected (secured) document by a cipher module activated by the client module. As a result, at 320 the decrypted document or clear contents of the selected document is loaded into the application from the IFS manger.

FIG. 4 shows a flowchart of process 400 of carrying out the access evaluation according to one embodiment of the present invention. The process 400 of FIG. 4B may be employed as 316 in process 300 of FIG. 3. At 402, applicable system rules are obtained. In general, there may be one or more system rule sets employed to control access to secured documents in an inter/intra enterprise environment or a protected system. The process 400 can be configured to obtain one or all applicable system rule sets. At 404, the obtained system rule sets are examined to determine if there is a “Super” rule set. As used herein, a “Super” system rule set may be a set of rules imposed by, perhaps, a system operator or a user with authorized network privilege and can overwrite all other system rule sets. For example, an end user is, by a system rule set, not permitted to edit a secured file and can be granted a special permission by a Super rule set to edit the secured file. Accordingly, if there is a Super rule set, the Super rules are evaluated at 406, otherwise, the obtained system rule sets are respectively evaluated at 408.

Depending on implementation, rules may be evaluated logically or mathematically. If a parameter describing a condition to be checked matches or falls in a range defined by an attribute in a rule, a logical pass is produced. For example, an attribute in a rule specifies that only users (or members) in an engineering group or a membership can access secured files in folder Engineering. When the attribute in the rule is evaluated, a parameter (e.g. a user ID) identifying a user attempting to access one of the secured files is retrieved and compared to the attribute. If the parameter matches what the attribute defines, a logic pass or success is produced, otherwise a logic failure is produced. At 410, each of the items in one or more system rules is respectively evaluated. If there is a logic failure, the process 400 goes to 420, no access right to a secured file is granted. On the other hand, if each of the items in one or more system rules is respectively evaluated and all produce a logic pass, the process 400 goes to 412 to continue an evaluation against an access rule set in a secured file being accessed.

It is assumed that a user attempting to access the secured file has been already authenticated. At 412, the access rules are retrieved from the secured file. The access rules are evaluated at 414, similar to 406. If there is a logic fail, the process 400 goes to 420, no access to the secured file is permitted. On the other hand, if each of the items in the access rules is respectively evaluated and all produce a logic pass, an access grant 418 is provided. As a result, the user is permitted to access the secured file. To follow the exemplary secured file format in FIG. 1B, the user is now able to retrieve the file key to decrypt the encrypted data portion 124.

Given the description herein, those skilled in the art can appreciate that there is no specific order of which rule set shall be evaluated first and the process 400 can be deployed in a client machine and/or a server machine (e.g. a local or central server responsible for overall access control management). The process 400 may be implemented as a system, a process, a method and a software product. In particular, it can be applied in conjunction with applications in which one or more levels of rules (e.g. access rules) are applied. The advantages and benefits of the present invention are numerous. One of them is that items in all rules are respectively evaluated and all rule sets, if there are any, are jointly or serially evaluated before an access right is granted. Another one of the advantages and benefits is that the rule evaluation process can be configured to operate only when a secured file is accessed and the operations thereof is transparently to a user. Other advantages and benefits may be appreciated from the foregoing description.

The present invention has been described in sufficient details with a certain degree of particularity. It is understood to those skilled in the art that the present disclosure of embodiments has been made by way of examples only and that numerous changes in the arrangement and combination of parts may be resorted without departing from the spirit and scope of the invention as claimed. Accordingly, the scope of the present invention is defined by the appended claims rather than the foregoing description of embodiments.

Claims

1. A method for evaluating an access right of a user to an encrypted data portion of a secured electronic file, the method comprising: obtaining a system rule set stored separate from the secured electronic file and an access rule set specific to the secured electronic file, wherein the system and access rule sets comprise a plurality of access rules applicable to the user that control access to the secured electronic file in an enterprise environment and that regulate at least a duration of access to the secured electronic file, wherein each access rule includes: a rule type defining whether the rule is an authorization rule or a restriction rule;a right attribute indicating a set of rights controlled by the access rule;a resource attribute indicating a system or set of electronic files on which the access rule operates; anda principal attribute indicating a user or group of users to which the access rule applies,wherein each access rule is obtained based on matching at least one of the right attribute to the access right of the user, the resource attribute to the secured electronic file, and the principal attribute to the user;evaluating the plurality of access rules of the system rule set to determine whether the user is allowed to access a protected system containing the secured electronic file, wherein the evaluation of the plurality of access rules of the system rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the system rule set;evaluating the plurality of access rules of the access rule set, in response to determining that the user is allowed to access the protected system, to determine whether the user has a type of access required to access the secured electronic file for the duration, wherein the evaluation of the plurality of access rules of the access rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the access rule set;decrypting the encrypted data portion of the secured electronic file in response to determining that the user has permission to access the secured electronic file; andproviding the decrypted data portion to the user.
2. The method of claim 1, wherein the system rule set is obtained from a server.
3. The method of claim 1, wherein obtaining the access rule set comprises: activating a user key associated with a user attempting to access the secured electronic file after the user has been authenticated; anddecrypting the access rule set with the user key.
4. The method of claim 1, wherein the plurality of access rules are expressed in a markup language.
5. The method of claim 4, wherein the markup language is selected from a group consisting of XACML, HTML, XML, SGML.
6. The method of claim 1, wherein an access rule of the access rule set defines how the secured electronic file is permitted to be accessed.
7. The method of claim 1, wherein an access rule of the access rule set defines when the secured electronic file is permitted to be accessed.
8. The method of claim 1, wherein an access rule of the access rule set defines an application or type of application the secured electronic file is permitted to be accessed with.
9. The method of claim 1, wherein an access rule of the system rule set defines a group the secured electronic file is permitted to be accessed by.
10. The method of claim 1, wherein the plurality of access rules are evaluated using parameters.
11. The method of claim 10, wherein the parameters include a user identifier, an application identifier, a group identifier, and a current time.
12. The method of claim 1, further comprising: obtaining a super system rule set that is distinct from the system rule set in response to determining that the user is not allowed to access the protected system containing the secured electronic file, wherein the super system rule set comprises access rules that override the access rules of the system rule set; andevaluating the super system rule set to determine whether the user is allowed to access the protected system containing the secured electronic file.
13. The method of claim 1, wherein the access rule set is obtained from a header portion of the secured electronic file.
14. The method of claim 1, wherein each access rule further includes: a condition expression defining evaluation criteria for the access rule.
15. The method of claim 1, wherein evaluating each access rule further comprises: determining whether each access rule is an authorization rule or a restriction rule;evaluating each access rule to determine whether the user meets evaluation criteria defined by the rule; anddetermining that the user has permission to access the secured electronic file when the user meets the evaluation criteria defined by each restriction rule and at least one authorization rule.
16. An article of manufacture including a computer-readable medium having computer-executable instructions stored thereon that, in response to execution by a computing device, cause the computing device to perform operations to evaluate access rights of a user to an encrypted data portion of a secured electronic file, the operations comprising: obtaining a system rule set stored separate from the secured electronic file and an access rule set specific to the secured file, wherein the system and access rule sets comprise a plurality of access rules applicable to the user that control access to the secured electronic file in an enterprise environment and that regulate at least a duration of access to the secured electronic file, wherein each access rule includes: a rule type defining whether the rule is an authorization rule or a restriction rule;a right attribute indicating a set of rights controlled by the access rule;a resource attribute indicating a system or set of electronic files on which the access rule operates; anda principal attribute indicating a user or group of users to which the access rule applies,wherein each access rule is obtained based on matching at least one of the right attribute to the access right of the user, the resource attribute to the secured electronic file, and the principal attribute to the user;evaluating the plurality of access rules of the system rule set to determine whether the user is allowed to access a protected system containing the secured electronic file, wherein the evaluation of the plurality of access rules of the system rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the system rule set;evaluating the plurality of access rules of the access rule set, in response to detei mining that the user is allowed to access the protected system, to determine whether the user has a type of access required to access the secured electronic file for the duration, wherein the evaluation of the plurality of access rules of the access rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the access rule set;decrypting the encrypted data portion of the secured electronic file in response to determining that the user has permission to access the secured electronic file; andproviding the decrypted data portion to the user.
17. The article of manufacture of claim 16, wherein the system rule set is obtained from a server.
18. The article of manufacture of claim 16, wherein obtaining the access rule set comprises: activating a user key associated with a user attempting to access the secured electronic file; anddecrypting the access rule set with the user key.
19. The article of manufacture of claim 16, wherein the plurality of access rules are expressed in a markup language.
20. The article of manufacture of claim 19, wherein the markup language is selected from a group consisting of XACML, HTML, XML, SGML.
21. The article of manufacture of claim 16, wherein an access rule of the access rule set defines how the secured electronic file is permitted to be accessed.
22. The article of manufacture of claim 16, wherein an access rule of the access rule set defines when the secured electronic file is permitted to be accessed.
23. The article of manufacture of claim 16, wherein an access rule of the access rule set defines what application or type of application the secured electronic file is permitted to be accessed with.
24. The article of manufacture of claim 16, wherein an access rule of the system rule set defines a group the secured electronic file is permitted to be accessed by.
25. The article of manufacture of claim 16, wherein the plurality of access rules are evaluated using parameters.
26. The article of manufacture of claim 25, wherein the parameters include a user identifier, an application identifier, a group identifier, and a current time.
27. The article of manufacture of claim 16, the operations further comprising: obtaining a super system rule set that is distinct from the system rule set in response to determining that the user is not allowed to access the protected system containing the secured electronic file, wherein the super system rule set comprises access rules that override the access rules of the system rule set; andevaluating the super system rule set to determine whether the user is allowed to access the protected system containing the secured electronic file.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation-in-part of U.S. patent application Ser. No. 10/076,254, filed Feb. 12, 2002, now U.S. Pat. No. 7,260,555 and entitled “Method and Architecture for Providing Pervasive Security to Digital Assets”, which claims the benefits of U.S. Provisional Application No. 60/339,634, filed Dec. 12, 2001, and entitled “Pervasive Security Systems,” both are hereby incorporated by reference for all purposes.

US Referenced Citations (715)

Number	Name	Date	Kind
4203166	Eshram et al.	May 1980	A
4238854	Ehrsam et al.	Dec 1980	A
4423287	Zeidler	Dec 1983	A
4423387	Sempel	Dec 1983	A
4734568	Watanabe	Mar 1988	A
4757533	Allen et al.	Jul 1988	A
4796220	Wolfe	Jan 1989	A
4799258	Davies	Jan 1989	A
4827508	Shear	May 1989	A
4887204	Johnson et al.	Dec 1989	A
4888800	Marshall et al.	Dec 1989	A
4912552	Allison et al.	Mar 1990	A
4972472	Brown et al.	Nov 1990	A
5032979	Hecht et al.	Jul 1991	A
5052040	Preston et al.	Sep 1991	A
5058164	Elmer et al.	Oct 1991	A
5144660	Rose	Sep 1992	A
5204897	Wyman	Apr 1993	A
5212788	Lomet et al.	May 1993	A
5220657	Bly et al.	Jun 1993	A
5235641	Nozawa et al.	Aug 1993	A
5247575	Sprague et al.	Sep 1993	A
5267313	Hirata	Nov 1993	A
5276735	Boebert et al.	Jan 1994	A
5301247	Rasmussen et al.	Apr 1994	A
5319705	Halter et al.	Jun 1994	A
5369702	Shanton	Nov 1994	A
5375169	Seheidt et al.	Dec 1994	A
5404404	Novorita	Apr 1995	A
5406628	Beller et al.	Apr 1995	A
5414852	Kramer et al.	May 1995	A
5434918	Kung et al.	Jul 1995	A
5461710	Bloomfield et al.	Oct 1995	A
5467342	Logston et al.	Nov 1995	A
5495533	Linehan et al.	Feb 1996	A
5497422	Tysen et al.	Mar 1996	A
5499297	Boebert	Mar 1996	A
5502766	Boebert et al.	Mar 1996	A
5535375	Eshel et al.	Jul 1996	A
5557765	Lipner et al.	Sep 1996	A
5570108	McLaughlin et al.	Oct 1996	A
5584023	Hsu	Dec 1996	A
5600722	Yamaguchi et al.	Feb 1997	A
5606663	Kadooka	Feb 1997	A
5619576	Shaw	Apr 1997	A
5638501	Gough et al.	Jun 1997	A
5640388	Woodhead et al.	Jun 1997	A
5655119	Davy	Aug 1997	A
5661668	Yemini et al.	Aug 1997	A
5661806	Nevoux et al.	Aug 1997	A
5671412	Christiano	Sep 1997	A
5673316	Auerbach et al.	Sep 1997	A
5677953	Dolphin	Oct 1997	A
5680452	Shanton	Oct 1997	A
5682537	Davies et al.	Oct 1997	A
5684987	Mamiya et al.	Nov 1997	A
5689688	Strong et al.	Nov 1997	A
5689718	Sakurai et al.	Nov 1997	A
5693652	Barrus et al.	Dec 1997	A
5699428	McDonnal et al.	Dec 1997	A
5708709	Rose	Jan 1998	A
5715314	Payne et al.	Feb 1998	A
5715403	Stefik	Feb 1998	A
5717755	Shanton	Feb 1998	A
5719941	Swift et al.	Feb 1998	A
5720033	Deo	Feb 1998	A
5729734	Parker et al.	Mar 1998	A
5732265	Dewitt et al.	Mar 1998	A
5745573	Lipner et al.	Apr 1998	A
5745750	Porcaro	Apr 1998	A
5748736	Mittra	May 1998	A
5751287	Hahn et al.	May 1998	A
5757920	Misra et al.	May 1998	A
5765152	Ericson	Jun 1998	A
5768381	Hawthorne	Jun 1998	A
5778065	Hauser et al.	Jul 1998	A
5778350	Adams et al.	Jul 1998	A
5781711	Austin et al.	Jul 1998	A
5787169	Eldridge et al.	Jul 1998	A
5787173	Seheidt et al.	Jul 1998	A
5787175	Carter	Jul 1998	A
5790789	Suarez	Aug 1998	A
5790790	Smith et al.	Aug 1998	A
5796825	McDonnal et al.	Aug 1998	A
5813009	Johnson et al.	Sep 1998	A
5821933	Keller et al.	Oct 1998	A
5825876	Peterson	Oct 1998	A
5832518	Mastors	Nov 1998	A
5835592	Chang et al.	Nov 1998	A
5835601	Shimbo et al.	Nov 1998	A
5850443	Van Oorschot et al.	Dec 1998	A
5857189	Riddle	Jan 1999	A
5862325	Reed et al.	Jan 1999	A
5870468	Harrison	Feb 1999	A
5870477	Sasaki et al.	Feb 1999	A
5881287	Mast	Mar 1999	A
5884031	Ice	Mar 1999	A
5892900	Ginter et al.	Apr 1999	A
5893084	Morgan et al.	Apr 1999	A
5898781	Shanton	Apr 1999	A
5922073	Shimada	Jul 1999	A
5923754	Angelo et al.	Jul 1999	A
5933498	Schneck	Aug 1999	A
5944794	Okamoto et al.	Aug 1999	A
5953419	Lohstroh et al.	Sep 1999	A
5968177	Batten-Carew et al.	Oct 1999	A
5970502	Salkewicz et al.	Oct 1999	A
5978802	Hurvig	Nov 1999	A
5987440	O'Neil et al.	Nov 1999	A
5991402	Jia et al.	Nov 1999	A
5991879	Still	Nov 1999	A
5999907	Donner	Dec 1999	A
6011847	Follendore, III	Jan 2000	A
6012044	Maggioncalda et al.	Jan 2000	A
6014730	Ohtsu	Jan 2000	A
6023506	Ote et al.	Feb 2000	A
6031584	Gray	Feb 2000	A
6032216	Schmuck et al.	Feb 2000	A
6035404	Zhao	Mar 2000	A
6038322	Harkins	Mar 2000	A
6044155	Thomlinson et al.	Mar 2000	A
6055314	Spies et al.	Apr 2000	A
6058424	Dixon et al.	May 2000	A
6061790	Bodnar	May 2000	A
6061797	Jade et al.	May 2000	A
6069057	Wu	May 2000	A
6070244	Orchier et al.	May 2000	A
6081840	Zhao	Jun 2000	A
6085323	Shimizu et al.	Jul 2000	A
6088717	Reed et al.	Jul 2000	A
6088805	Davis et al.	Jul 2000	A
6098056	Rusnak et al.	Aug 2000	A
6101507	Cane et al.	Aug 2000	A
6105131	Carroll	Aug 2000	A
6122630	Strickler et al.	Aug 2000	A
6134327	Van Oorschot	Oct 2000	A
6134658	Multerer et al.	Oct 2000	A
6134660	Boneh et al.	Oct 2000	A
6134664	Walker	Oct 2000	A
6141754	Choy	Oct 2000	A
6145084	Zuili	Nov 2000	A
6148338	Lachelt et al.	Nov 2000	A
6158010	Moriconi et al.	Dec 2000	A
6161139	Win et al.	Dec 2000	A
6167358	Othmer et al.	Dec 2000	A
6170060	Mott et al.	Jan 2001	B1
6182142	Win et al.	Jan 2001	B1
6185612	Jensen et al.	Feb 2001	B1
6185684	Pravetz et al.	Feb 2001	B1
6192408	Vahalia et al.	Feb 2001	B1
6199070	Polo-Wood et al.	Mar 2001	B1
6205549	Pravetz et al.	Mar 2001	B1
6212561	Sitaraman et al.	Apr 2001	B1
6223285	Komuro et al.	Apr 2001	B1
6226618	Downs et al.	May 2001	B1
6226745	Wiederhold	May 2001	B1
6240188	Dondeti et al.	May 2001	B1
6249755	Yemini et al.	Jun 2001	B1
6249873	Richard et al.	Jun 2001	B1
6253193	Ginter et al.	Jun 2001	B1
6260040	Kauffman et al.	Jul 2001	B1
6260141	Park	Jul 2001	B1
6263348	Kathrow et al.	Jul 2001	B1
6266420	Langford et al.	Jul 2001	B1
6272631	Thomlinson et al.	Aug 2001	B1
6272632	Carman et al.	Aug 2001	B1
6282649	Lambert et al.	Aug 2001	B1
6289450	Pensak et al.	Sep 2001	B1
6289458	Garg et al.	Sep 2001	B1
6292895	Baltzley	Sep 2001	B1
6292899	McBride	Sep 2001	B1
6295361	Kadansky et al.	Sep 2001	B1
6299069	Shona	Oct 2001	B1
6301614	Najork et al.	Oct 2001	B1
6308256	Folmsbee	Oct 2001	B1
6308273	Goertzel et al.	Oct 2001	B1
6314408	Salas et al.	Nov 2001	B1
6314409	Schneck et al.	Nov 2001	B2
6317777	Skarbo et al.	Nov 2001	B1
6332025	Takahashi et al.	Dec 2001	B2
6336114	Garrison	Jan 2002	B1
6339423	Sampson et al.	Jan 2002	B1
6339825	Pensak et al.	Jan 2002	B2
6341164	Dilkie et al.	Jan 2002	B1
6343316	Sakata	Jan 2002	B1
6347374	Drake et al.	Feb 2002	B1
6349337	Parsons et al.	Feb 2002	B1
6351813	Mooney et al.	Feb 2002	B1
6353859	McKeehan et al.	Mar 2002	B1
6356903	Baxter et al.	Mar 2002	B1
6356941	Cohen	Mar 2002	B1
6357010	Viets et al.	Mar 2002	B1
6363480	Perlman	Mar 2002	B1
6366298	Haitsuka et al.	Apr 2002	B1
6370249	Van Oorschot	Apr 2002	B1
6381698	Devanbu et al.	Apr 2002	B1
6385644	Devine et al.	May 2002	B1
6389433	Bolosky et al.	May 2002	B1
6389538	Gruse et al.	May 2002	B1
6393420	Peters	May 2002	B1
6405315	Burns et al.	Jun 2002	B1
6405318	Rowland	Jun 2002	B1
6408404	Ladwig	Jun 2002	B1
6421714	Rai et al.	Jul 2002	B1
6442688	Moses et al.	Aug 2002	B1
6442695	Dutcher et al.	Aug 2002	B1
6446090	Hart	Sep 2002	B1
6449721	Pensak et al.	Sep 2002	B1
6453353	Win et al.	Sep 2002	B1
6453419	Flint et al.	Sep 2002	B1
6466476	Wong et al.	Oct 2002	B1
6466932	Dennis et al.	Oct 2002	B1
6477544	Bolosky et al.	Nov 2002	B1
6487662	Kharon et al.	Nov 2002	B1
6490680	Scheidt et al.	Dec 2002	B1
6505300	Chan et al.	Jan 2003	B2
6510349	Schneck et al.	Jan 2003	B1
6519700	Ram et al.	Feb 2003	B1
6529956	Smith et al.	Mar 2003	B1
6530020	Aoki	Mar 2003	B1
6530024	Proctor	Mar 2003	B1
6542608	Scheidt et al.	Apr 2003	B2
6549623	Scheidt et al.	Apr 2003	B1
6550011	Sims	Apr 2003	B1
6557039	Leong et al.	Apr 2003	B1
6567914	Just et al.	May 2003	B1
6571291	Chow	May 2003	B1
6574733	Langford	Jun 2003	B1
6584466	Serbinis et al.	Jun 2003	B1
6587878	Merriam	Jul 2003	B1
6587946	Jakobsson	Jul 2003	B1
6588673	Chan et al.	Jul 2003	B1
6591295	Diamond et al.	Jul 2003	B1
6594662	Sieffert et al.	Jul 2003	B1
6598161	Kluttz et al.	Jul 2003	B1
6601170	Wallace, Jr.	Jul 2003	B1
6603857	Batten-Carew et al.	Aug 2003	B1
6608636	Roseman	Aug 2003	B1
6609115	Mehring et al.	Aug 2003	B1
6611599	Natarajan	Aug 2003	B2
6611846	Stoodley	Aug 2003	B1
6615349	Hair	Sep 2003	B1
6615350	Schell et al.	Sep 2003	B1
6625650	Stelliga	Sep 2003	B2
6625734	Marvit et al.	Sep 2003	B1
6629140	Fertell et al.	Sep 2003	B1
6629243	Kleinman et al.	Sep 2003	B1
6633311	Douvikas et al.	Oct 2003	B1
6640307	Viets et al.	Oct 2003	B2
6646515	Jun et al.	Nov 2003	B2
6647388	Numao et al.	Nov 2003	B2
6678835	Shah et al.	Jan 2004	B1
6683954	Searle	Jan 2004	B1
6687822	Jakobsson	Feb 2004	B1
6693652	Barrus et al.	Feb 2004	B1
6698022	Wu	Feb 2004	B1
6711683	Laczko et al.	Mar 2004	B1
6718361	Basani et al.	Apr 2004	B1
6735701	Jacobson	May 2004	B1
6738908	Bonn et al.	May 2004	B1
6751573	Burch	Jun 2004	B1
6754657	Lomet	Jun 2004	B2
6754665	Futagami et al.	Jun 2004	B1
6775779	England et al.	Aug 2004	B1
6779031	Picher-Dempsey	Aug 2004	B1
6782403	Kino et al.	Aug 2004	B1
6801999	Vankatesan et al.	Oct 2004	B1
6807534	Erickson	Oct 2004	B1
6807636	Hartman et al.	Oct 2004	B2
6810389	Meyer	Oct 2004	B1
6810479	Barlow et al.	Oct 2004	B1
6816871	Lee	Nov 2004	B2
6816969	Miyazaki et al.	Nov 2004	B2
6826698	Minkin et al.	Nov 2004	B1
6834333	Yoshino et al.	Dec 2004	B2
6834341	Bahl et al.	Dec 2004	B1
6842825	Geiner et al.	Jan 2005	B2
6845452	Roddy et al.	Jan 2005	B1
6851050	Singhal et al.	Feb 2005	B2
6862103	Miura et al.	Mar 2005	B1
6865555	Novak	Mar 2005	B2
6870920	Henits	Mar 2005	B2
6874139	Krueger et al.	Mar 2005	B2
6877010	Smith-Semedo et al.	Apr 2005	B2
6877136	Bess et al.	Apr 2005	B2
6882994	Yoshimura et al.	Apr 2005	B2
6961855	Rich et al.	Apr 2005	B1
6889210	Vainstein	May 2005	B1
6891953	DeMello et al.	May 2005	B1
6892201	Brown et al.	May 2005	B2
6892306	En-Seung et al.	May 2005	B1
6898627	Sekiguchi	May 2005	B1
6907034	Begis	Jun 2005	B1
6909708	Krishnaswamy et al.	Jun 2005	B1
6915425	Xu et al.	Jul 2005	B2
6915434	Kuroda et al.	Jul 2005	B1
6915435	Merriam	Jul 2005	B1
6920558	Sames et al.	Jul 2005	B2
6922785	Brewer et al.	Jul 2005	B1
6924425	Naples et al.	Aug 2005	B2
6931450	Howard et al.	Aug 2005	B2
6931530	Pham et al.	Aug 2005	B2
6931597	Prakash	Aug 2005	B1
6938042	Aboulhosn et al.	Aug 2005	B2
6938156	Wheeler et al.	Aug 2005	B2
6941355	Donaghey et al.	Sep 2005	B1
6941456	Wilson	Sep 2005	B2
6941472	Moriconi et al.	Sep 2005	B2
6944183	Iyer et al.	Sep 2005	B1
6947556	Matyas, Jr. et al.	Sep 2005	B1
6950818	Dennis et al.	Sep 2005	B2
6950936	Subramaniam et al.	Sep 2005	B2
6950941	Lee et al.	Sep 2005	B1
6950943	Bacha et al.	Sep 2005	B1
6952215	Devins et al.	Oct 2005	B1
6952780	Olsen et al.	Oct 2005	B2
6954753	Jeran et al.	Oct 2005	B1
6957261	Lortz	Oct 2005	B2
6959308	Gramsamer et al.	Oct 2005	B2
6961849	Davis et al.	Nov 2005	B1
6968060	Pinkas	Nov 2005	B1
6968456	Tripathi et al.	Nov 2005	B1
6971018	Witt et al.	Nov 2005	B1
6976259	Dutta et al.	Dec 2005	B1
6978366	Ignatchenko et al.	Dec 2005	B1
6978376	Giroux et al.	Dec 2005	B2
6978377	Asano et al.	Dec 2005	B1
6987752	Falco et al.	Jan 2006	B1
6988133	Zavalkovsky et al.	Jan 2006	B1
6988199	Toh et al.	Jan 2006	B2
6990441	Bolme et al.	Jan 2006	B1
6993135	Ishibashi	Jan 2006	B2
6996718	Henry et al.	Feb 2006	B1
7000150	Zunino et al.	Feb 2006	B1
7003116	Riedel et al.	Feb 2006	B2
7003117	Kacker et al.	Feb 2006	B2
7003560	Mullen et al.	Feb 2006	B1
7003661	Beattie et al.	Feb 2006	B2
7010689	Matyas et al.	Mar 2006	B1
7010809	Hori et al.	Mar 2006	B2
7013332	Friedel et al.	Mar 2006	B2
7013485	Brown et al.	Mar 2006	B2
7020645	Bisbee et al.	Mar 2006	B2
7024427	Bobbitt et al.	Apr 2006	B2
7035854	Hsiao et al.	Apr 2006	B2
7035910	Dutta et al.	Apr 2006	B1
7043637	Bolosky et al.	May 2006	B2
7046807	Hirano et al.	May 2006	B2
7047404	Doonan et al.	May 2006	B1
7051213	Kobayashi et al.	May 2006	B1
7058696	Phillips et al.	Jun 2006	B1
7058978	Feuerstein et al.	Jun 2006	B2
7062642	Langrind et al.	Jun 2006	B1
7073063	Peinado	Jul 2006	B2
7073073	Nonaka et al.	Jul 2006	B1
7076063	Kuroiwa	Jul 2006	B2
7076067	Raike et al.	Jul 2006	B2
7076312	Law et al.	Jul 2006	B2
7076469	Schreiber et al.	Jul 2006	B2
7076633	Tormasov et al.	Jul 2006	B2
7080077	Ramamurthy et al.	Jul 2006	B2
7095853	Takuya	Aug 2006	B2
7096266	Lewin et al.	Aug 2006	B2
7099926	Ims et al.	Aug 2006	B1
7103911	Spies et al.	Sep 2006	B2
7107185	Yemini et al.	Sep 2006	B1
7107269	Arlein et al.	Sep 2006	B2
7107416	Stuart et al.	Sep 2006	B2
7113594	Boneh et al.	Sep 2006	B2
7116785	Okaue	Oct 2006	B2
7117322	Hochberg et al.	Oct 2006	B2
7120635	Bhide et al.	Oct 2006	B2
7120757	Tsuge	Oct 2006	B2
7124164	Chemtob	Oct 2006	B1
7126957	Isukapalli et al.	Oct 2006	B1
7130964	Ims et al.	Oct 2006	B2
7131071	Gune et al.	Oct 2006	B2
7134041	Murray et al.	Nov 2006	B2
7136903	Phillips et al.	Nov 2006	B1
7139399	Zimmermann	Nov 2006	B1
7140044	Redlich et al.	Nov 2006	B2
7145898	Elliott	Dec 2006	B1
7146388	Stakutis et al.	Dec 2006	B2
7146498	Takechi et al.	Dec 2006	B1
7159036	Hinchliffe et al.	Jan 2007	B2
7165179	Maruyama	Jan 2007	B2
7168094	Fredell	Jan 2007	B1
7171557	Kallahalla et al.	Jan 2007	B2
7174563	Brownlie et al.	Feb 2007	B1
7177427	Komuro et al.	Feb 2007	B1
7177436	Dube	Feb 2007	B2
7177839	Claxton et al.	Feb 2007	B1
7178033	Garcia	Feb 2007	B1
7181017	Nagel et al.	Feb 2007	B1
7185196	Kuskin et al.	Feb 2007	B1
7185364	Knouse et al.	Feb 2007	B2
7187033	Pendharkar	Mar 2007	B2
7188181	Squier et al.	Mar 2007	B1
7194764	Martherus et al.	Mar 2007	B2
7197638	Grawrock et al.	Mar 2007	B1
7200747	Riedel et al.	Apr 2007	B2
7203317	Kallahalla et al.	Apr 2007	B2
7203968	Asano et al.	Apr 2007	B2
7219230	Riedel et al.	May 2007	B2
7224795	Takada et al.	May 2007	B2
7225256	Villavicencio	May 2007	B2
7227953	Shida	Jun 2007	B2
7233948	Shamoon et al.	Jun 2007	B1
7237002	Estrada et al.	Jun 2007	B1
7249044	Kumar et al.	Jul 2007	B2
7249251	Todd et al.	Jul 2007	B2
7260555	Rossmann et al.	Aug 2007	B2
7265764	Alben et al.	Sep 2007	B2
7266684	Jancula	Sep 2007	B2
7280658	Amini et al.	Oct 2007	B2
7281272	Rubin et al.	Oct 2007	B1
7287055	Smith et al.	Oct 2007	B2
7287058	Loveland et al.	Oct 2007	B2
7290148	Tozawa et al.	Oct 2007	B2
7308702	Thomsen et al.	Dec 2007	B1
7313824	Bala et al.	Dec 2007	B1
7319752	Asano et al.	Jan 2008	B2
7340600	Corella	Mar 2008	B1
7343488	Yadav	Mar 2008	B2
7353400	Folmsbee	Apr 2008	B1
7359517	Rowe	Apr 2008	B1
7362868	Madoukh et al.	Apr 2008	B2
7380120	Garcia	May 2008	B1
7383586	Cross et al.	Jun 2008	B2
7386529	Kiessig et al.	Jun 2008	B2
7386599	Piersol et al.	Jun 2008	B1
7401220	Bolosky et al.	Jul 2008	B2
7406596	Tararukhina et al.	Jul 2008	B2
7415608	Bolosky et al.	Aug 2008	B2
7434048	Shapiro et al.	Oct 2008	B1
7454612	Bolosky et al.	Nov 2008	B2
7461157	Ahlard et al.	Dec 2008	B2
7461405	Boudreault et al.	Dec 2008	B2
7478243	Bolosky et al.	Jan 2009	B2
7478418	Supramaniam et al.	Jan 2009	B2
7484245	Friedman et al.	Jan 2009	B1
7496959	Adelstein et al.	Feb 2009	B2
7509492	Boyen et al.	Mar 2009	B2
7512810	Ryan	Mar 2009	B1
7526657	Saneto et al.	Apr 2009	B2
7539867	Bolosky et al.	May 2009	B2
7555558	Kenrich et al.	Jun 2009	B1
7562232	Zuili et al.	Jul 2009	B2
7565683	Huang et al.	Jul 2009	B1
7631184	Ryan	Dec 2009	B2
7634433	Drummond et al.	Dec 2009	B1
7681034	Lee et al.	Mar 2010	B1
7698230	Brown et al.	Apr 2010	B1
7702909	Vainstein	Apr 2010	B2
7703140	Nath et al.	Apr 2010	B2
7707427	Kenrich et al.	Apr 2010	B1
7729995	Zheng et al.	Jun 2010	B1
7730543	Nath et al.	Jun 2010	B1
7748045	Kenrich et al.	Jun 2010	B2
RE41546	Vainstein	Aug 2010	E
7917938	Jacobson	Mar 2011	B2
8266674	Huang et al.	Sep 2012	B2
8327138	Nath et al.	Dec 2012	B2
8341406	Hildebrand	Dec 2012	B2
8341407	Kinghorn et al.	Dec 2012	B2
RE43906	Garcia	Jan 2013	E
8543827	Garcia et al.	Sep 2013	B2
8918839	Vainstein et al.	Dec 2014	B2
9129120	Garcia et al.	Sep 2015	B2
9542560	Garcia et al.	Jan 2017	B2
20010000265	Schreiber et al.	Apr 2001	A1
20010011254	Clark	Aug 2001	A1
20010014882	Stefik	Aug 2001	A1
20010018743	Takuya	Aug 2001	A1
20010021255	Ishibashi	Sep 2001	A1
20010021926	Schneck et al.	Sep 2001	A1
20010023421	Numao et al.	Sep 2001	A1
20010032181	Jakstadt et al.	Oct 2001	A1
20010033611	Grimwood et al.	Oct 2001	A1
20010034839	Karjoth et al.	Oct 2001	A1
20010042110	Furusawa et al.	Nov 2001	A1
20010044903	Yamamoto et al.	Nov 2001	A1
20010056541	Matsuzaki et al.	Dec 2001	A1
20010056550	Lee	Dec 2001	A1
20020003886	Hillegass et al.	Jan 2002	A1
20020007335	Millard et al.	Jan 2002	A1
20020010679	Felsher	Jan 2002	A1
20020013772	Peinado	Jan 2002	A1
20020016921	Olsen et al.	Feb 2002	A1
20020016922	Richards et al.	Feb 2002	A1
20020023208	Jancula	Feb 2002	A1
20020026321	Faris et al.	Feb 2002	A1
20020027886	Fischer et al.	Mar 2002	A1
20020029340	Pensak et al.	Mar 2002	A1
20020031230	Sweet et al.	Mar 2002	A1
20020035624	Kim	Mar 2002	A1
20020036984	Chiussi et al.	Mar 2002	A1
20020041391	Bannai	Apr 2002	A1
20020042756	Kumar et al.	Apr 2002	A1
20020046350	Lordemann et al.	Apr 2002	A1
20020050098	Chan	May 2002	A1
20020052981	Yasuda	May 2002	A1
20020056042	Van Der Kaay et al.	May 2002	A1
20020062240	Morinville	May 2002	A1
20020062245	Niu et al.	May 2002	A1
20020062451	Scheidt et al.	May 2002	A1
20020069077	Brophy et al.	Jun 2002	A1
20020069272	Kim et al.	Jun 2002	A1
20020069363	Winburn	Jun 2002	A1
20020073320	Rinkevich et al.	Jun 2002	A1
20020077986	Kobata et al.	Jun 2002	A1
20020077988	Sasaki et al.	Jun 2002	A1
20020078239	Howard et al.	Jun 2002	A1
20020078361	Giroux et al.	Jun 2002	A1
20020087479	Malcolm	Jul 2002	A1
20020089602	Sullivan	Jul 2002	A1
20020091532	Viets et al.	Jul 2002	A1
20020091745	Ramamurthy et al.	Jul 2002	A1
20020091928	Bouchard et al.	Jul 2002	A1
20020093527	Sherlock et al.	Jul 2002	A1
20020099947	Evans	Jul 2002	A1
20020112035	Carey	Aug 2002	A1
20020112048	Gruyer et al.	Aug 2002	A1
20020120851	Clarke	Aug 2002	A1
20020124180	Hagman	Sep 2002	A1
20020129158	Zhang et al.	Sep 2002	A1
20020129235	Okamoto et al.	Sep 2002	A1
20020133500	Arlein et al.	Sep 2002	A1
20020133699	Pueschel	Sep 2002	A1
20020138571	Trinon et al.	Sep 2002	A1
20020138726	Samson et al.	Sep 2002	A1
20020138762	Horne	Sep 2002	A1
20020143710	Uu	Oct 2002	A1
20020143906	Tormasov et al.	Oct 2002	A1
20020147746	Lee	Oct 2002	A1
20020150239	Carny et al.	Oct 2002	A1
20020152302	Motoyama et al.	Oct 2002	A1
20020156726	Kleckner et al.	Oct 2002	A1
20020157016	Russell et al.	Oct 2002	A1
20020162104	Raike et al.	Oct 2002	A1
20020165870	Chakraborty et al.	Nov 2002	A1
20020166053	Wilson	Nov 2002	A1
20020169963	Seder et al.	Nov 2002	A1
20020169965	Hale et al.	Nov 2002	A1
20020172367	Mulder et al.	Nov 2002	A1
20020174030	Praisner et al.	Nov 2002	A1
20020174109	Chandy et al.	Nov 2002	A1
20020174415	Hines	Nov 2002	A1
20020176572	Ananth	Nov 2002	A1
20020178271	Graham et al.	Nov 2002	A1
20020184217	Bisbee et al.	Dec 2002	A1
20020184488	Amini et al.	Dec 2002	A1
20020194484	Bolosky et al.	Dec 2002	A1
20020198798	Ludwig et al.	Dec 2002	A1
20030009685	Choo et al.	Jan 2003	A1
20030014391	Evans et al.	Jan 2003	A1
20030023559	Choi et al.	Jan 2003	A1
20030005168	Leerssen et al.	Feb 2003	A1
20030026431	Hammersmith	Feb 2003	A1
20030028610	Pearson	Feb 2003	A1
20030033528	Ozog et al.	Feb 2003	A1
20030037029	Holenstein et al.	Feb 2003	A1
20030037133	Owens	Feb 2003	A1
20030037237	Abgrall et al.	Feb 2003	A1
20030037253	Blank et al.	Feb 2003	A1
20030046176	Hynes	Mar 2003	A1
20030046238	Nonaka et al.	Mar 2003	A1
20030046270	Leung et al.	Mar 2003	A1
20030050919	Brown et al.	Mar 2003	A1
20030051039	Brown et al.	Mar 2003	A1
20030056139	Murray et al.	Mar 2003	A1
20030061482	Emmerichs	Mar 2003	A1
20030061506	Cooper	Mar 2003	A1
20030074580	Knouse et al.	Apr 2003	A1
20030078959	Yeung et al.	Apr 2003	A1
20030079175	Limantsev	Apr 2003	A1
20030081784	Kallahalla et al.	May 2003	A1
20030081785	Boneh et al.	May 2003	A1
20030081787	Kallahalla et al.	May 2003	A1
20030081790	Kallahalla et al.	May 2003	A1
20030088517	Medoff	May 2003	A1
20030088783	DiPierro	May 2003	A1
20030093457	Goldick	May 2003	A1
20030095552	Bernhard et al.	May 2003	A1
20030099248	Speciner	May 2003	A1
20030101072	Dick et al.	May 2003	A1
20030110131	Alain et al.	Jun 2003	A1
20030110169	Zuili	Jun 2003	A1
20030110266	Rollins et al.	Jun 2003	A1
20030110280	Hinchliffe et al.	Jun 2003	A1
20030110397	Supramaniam	Jun 2003	A1
20030115146	Lee et al.	Jun 2003	A1
20030115218	Bobbitt et al.	Jun 2003	A1
20030115570	Bisceglia	Jun 2003	A1
20030120601	Ouye	Jun 2003	A1
20030120684	Zuili et al.	Jun 2003	A1
20030126434	Lim et al.	Jul 2003	A1
20030132949	Fallon et al.	Jul 2003	A1
20030154296	Noguchi et al.	Aug 2003	A1
20030154381	Ouye	Aug 2003	A1
20030154396	Godwin et al.	Aug 2003	A1
20030154401	Hartman et al.	Aug 2003	A1
20030159048	Matsumoto et al.	Aug 2003	A1
20030159066	Staw et al.	Aug 2003	A1
20030163704	Dick et al.	Aug 2003	A1
20030165117	Garcia-Luna-Aceves et al.	Sep 2003	A1
20030172280	Scheidt et al.	Sep 2003	A1
20030177070	Viswanath et al.	Sep 2003	A1
20030177378	Wittkotter	Sep 2003	A1
20030182310	Charnock et al.	Sep 2003	A1
20030182579	Leporini et al.	Sep 2003	A1
20030182584	Banes et al.	Sep 2003	A1
20030191938	Woods et al.	Oct 2003	A1
20030196096	Sutton	Oct 2003	A1
20030197729	Denoue et al.	Oct 2003	A1
20030200202	Hsiao et al.	Oct 2003	A1
20030204692	Tamer et al.	Oct 2003	A1
20030208485	Castellanos	Nov 2003	A1
20030217264	Martin et al.	Nov 2003	A1
20030217281	Ryan	Nov 2003	A1
20030217282	Henry	Nov 2003	A1
20030217333	Smith et al.	Nov 2003	A1
20030220999	Emerson	Nov 2003	A1
20030222141	Vogler et al.	Dec 2003	A1
20030226013	Dutertre	Dec 2003	A1
20030233650	Zaner et al.	Dec 2003	A1
20040003293	Viets et al.	Jan 2004	A1
20040022390	McDonald et al.	Feb 2004	A1
20040025037	Hair	Feb 2004	A1
20040039781	LaVallee et al.	Feb 2004	A1
20040041845	Alben et al.	Mar 2004	A1
20040049702	Subramaniam et al.	Mar 2004	A1
20040064507	Sakata et al.	Apr 2004	A1
20040064710	Vainstein	Apr 2004	A1
20040068524	Aboulhosn et al.	Apr 2004	A1
20040068664	Nachenberg et al.	Apr 2004	A1
20040073660	Toomey	Apr 2004	A1
20040073718	Johannessen et al.	Apr 2004	A1
20040088548	Smetters et al.	May 2004	A1
20040098580	DeTreville	May 2004	A1
20040103202	Hildebrand et al.	May 2004	A1
20040103280	Balfanz et al.	May 2004	A1
20040117371	Bhide et al.	Jun 2004	A1
20040131191	Chen et al.	Jul 2004	A1
20040133544	Kiessig et al.	Jul 2004	A1
20040158586	Tsai	Aug 2004	A1
20040186845	Fukui	Sep 2004	A1
20040193602	Liu et al.	Sep 2004	A1
20040193905	Lirov et al.	Sep 2004	A1
20040193912	Li et al.	Sep 2004	A1
20040199514	Rosenblatt et al.	Oct 2004	A1
20040205576	Chikirivao et al.	Oct 2004	A1
20040215956	Venkatachary et al.	Oct 2004	A1
20040215962	Douceur et al.	Oct 2004	A1
20040243853	Swander et al.	Dec 2004	A1
20040254884	Haber et al.	Dec 2004	A1
20050021467	Franzdonk	Jan 2005	A1
20050021629	Smith et al.	Jan 2005	A1
20050028006	Leser et al.	Feb 2005	A1
20050039034	Doyle et al.	Feb 2005	A1
20050050098	Barnett	Mar 2005	A1
20050071275	Vainstein et al.	Mar 2005	A1
20050071657	Ryan	Mar 2005	A1
20050071658	Nath et al.	Mar 2005	A1
20050081029	Thornton et al.	Apr 2005	A1
20050086531	Kenrich	Apr 2005	A1
20050091289	Shappell et al.	Apr 2005	A1
20050091484	Thornton et al.	Apr 2005	A1
20050097061	Shapiro et al.	May 2005	A1
20050120199	Carter	Jun 2005	A1
20050138371	Supramaniam	Jun 2005	A1
20050138383	Vainstein	Jun 2005	A1
20050168766	Troyansky et al.	Aug 2005	A1
20050177716	Ginter	Aug 2005	A1
20050177858	Ueda	Aug 2005	A1
20050193397	Corenthin et al.	Sep 2005	A1
20050198326	Schlimmer et al.	Sep 2005	A1
20050223242	Nath	Oct 2005	A1
20050223414	Kenrich et al.	Oct 2005	A1
20050235154	Serret-Avila	Oct 2005	A1
20050256909	Aboulhosn et al.	Nov 2005	A1
20050268033	Ogasawara et al.	Dec 2005	A1
20050273600	Seeman	Dec 2005	A1
20050283610	Serret-Avila et al.	Dec 2005	A1
20050288961	Tabrizi	Dec 2005	A1
20060005021	Torrubia-Saez	Jan 2006	A1
20060011400	Thomas	Jan 2006	A1
20060075258	Adamson et al.	Apr 2006	A1
20060075465	Ramanathan et al.	Apr 2006	A1
20060093150	Reddy et al.	May 2006	A1
20060101285	Chen et al.	May 2006	A1
20060149407	Markham et al.	Jul 2006	A1
20060168147	Inoue et al.	Jul 2006	A1
20060184637	Hultgren et al.	Aug 2006	A1
20060230437	Boyer et al.	Oct 2006	A1
20060277316	Wang et al.	Dec 2006	A1
20070006214	Dubal et al.	Jan 2007	A1
20070067837	Schuster	Mar 2007	A1
20070083575	Leung et al.	Apr 2007	A1
20070192478	Louie et al.	Aug 2007	A1
20070193397	Corenthin et al.	Aug 2007	A1
20070294368	Bomgaars et al.	Dec 2007	A1
20080034205	Alain et al.	Feb 2008	A1
20080075126	Yang	Mar 2008	A1
20090100268	Garcia et al.	Apr 2009	A1
20090254843	Van Wie et al.	Oct 2009	A1
20090254972	Huang et al.	Oct 2009	A1
20100047757	McCurry et al.	Feb 2010	A1
20100199088	Nath	Aug 2010	A1
20110258438	Hildebrand	Oct 2011	A1
20110296199	Kinghorn et al.	Dec 2011	A1
20110307937	Hildebrand et al.	Dec 2011	A1
20120137130	Vainstein et al.	May 2012	A1
20140075206	Garcia et al.	Mar 2014	A1
20140201850	Garcia et al.	Jul 2014	A1

Foreign Referenced Citations (31)

Number	Date	Country
0 629 953	Dec 1994	EP
0 672 991	Sep 1995	EP
0 674 253	Sep 1995	EP
0 809 170	Nov 1997	EP
0 862 105	Sep 1998	EP
0 913 966	May 1999	EP
0 913 967	May 1999	EP
0 950 941	Oct 1999	EP
0 950 941	Oct 1999	EP
1 107 504	Jun 2001	EP
1 107504	Jun 2001	EP
1 130 492	Sep 2001	EP
1 143 665	Oct 2001	EP
1 154 348	Nov 2001	EP
1 320 012	Jun 2003	EP
1324565	Jul 2003	EP
2 328 047	Feb 1999	GB
2001-036517	Feb 2001	JP
2006-244044	Sep 2006	JP
2007257529	Oct 2007	JP
2009-020720	Jan 2009	JP
WO 9641288	Dec 1996	WO
WO 9853410	Nov 1998	WO
WO 0056028	Sep 2000	WO
WO 0079434	Dec 2000	WO
WO 0161438	Aug 2001	WO
WO 0163387	Aug 2001	WO
WO 0167705	Sep 2001	WO
WO 0177783	Oct 2001	WO
WO 0178285	Oct 2001	WO
WO 0184271	Nov 2001	WO

Non-Patent Literature Citations (104)

Entry
Donald et al. (2001). MCSE: Windows® 2000 Professional Study Guide Second Edition. Retrieved online Jan. 31, 2018. http://142.177.80.139/darlene_redmond/MCP/70-210%20MCSE%20Windows%202000%20Professional%20Study%20Guide%202nd%20ed%20Sybex.pdf.
Microsoft Windows 2000 Server. Windows 2000 Group Policy White Paper, 2000.
Symantec. Norton Antivirus Corporate Edition Implementation Guide, 1999.
Stallings, William, “Cryptography and Network Security: Principles and Practice,” 1999, pp. 333-337, Second Edition, Prentice Hall, Upper Saddle River, New Jersey.
U.S. Appl. No. 10/076,254, Alain Rossmann, Method and Architecture for Providing Pervasive Security to Digital Assets, filed Feb. 12, 2002.
U.S. Appl. No. 10/159,537, Denis Jacques Paul Garcia, Method and Apparatus for Securing Digital Assets, filed May 31, 2002.
U.S. Appl. No. 10/159,220, Gary Mark Kinghorn, Method and System for Protecting Electronic Data in Enterprise Environment, filed May 31, 2002.
U.S. Appl. No. 10/259,075, Steven Toye Crocker, Effectuating Access Policy Changes to Designated Places for Secured Files, filed Sep. 27, 2002
U.S. Appl. No. 10/325,013, Alain Rossmann, Hybrid Systems for Securing Digital Assets, filed Dec. 20, 2002.
U.S. Appl. No. 10/325,102, Nalini J. Prakash, Method and Apparatus for Securing/Unsecuring Files by File Crawling, filed Dec. 20, 2002
U.S. Appl. No. 10/259,078, Michael Michio Ouye, Managing File Access Via a Designated Place, filed Sep. 27, 2002
U.S. Appl. No. 10/404,566, Steven Toye Crocker, Multi-Level Cryptographic Transformations for Securing Digital Assets, filed Mar. 31, 2003.
U.S. Appl. No. 10/405,587, Satyajit Nath, Method and System for Securing Digital Assets Using Content Type Designations, filed Apr. 1, 2003.
U.S. Appl. No. 10/677,049, Satyajit Nath, Method and System for Securing Digital Assets Using Process-Driven Security Policies, filed Sep. 30, 2003.
U.S. Appl. No. 10/676,474, Klimenty Vainstein, Method and Apparatus for Transitioning Between States of Security Policies Used to Secure Electronic Documents, filed Sep. 30, 2003.
U.S. Appl. No. 10/676,850, Nicholas M. Ryan, Method and System for Securing Digital Assets Using Time-Based Security Criteria, filed Sep. 30, 2003.
U.S. Appl. No. 10/690,243, Michael Frederick Kenrich, Method and System for Proxy Approval of Security Changes for a File Security System, filed Oct. 20, 2003.
U.S. Appl. No. 10/815,251, Satyajit Nath, Method and System for Providing Document Retention Using Cryptography, filed Mar. 30, 2004.
U.S. Appl. No. 10/815,229, Michael Frederick Kenrich, Method and System for Providing Cryptographic Document Retention with Off-Line Access, filed Mar. 30, 2004.
U.S. Appl. No. 10/894,493, Michael Frederick Kenrich, Multi-Level File Digests, filed Jul. 19, 2004.
“Inside Encrypting File System,” Part 1, from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“Inside Encrypting File System,” Part 2, from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“Security with Encrypting File System,” from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“How EFS Works,” from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“Encrypting File System,” from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“Features of EFS,” from MSDN Oct. 2001 version, exact publication date is unknown but believed to be prior to Dec. 12, 2001.
“Windows 2000 EFS,” in the Apr. 1999 issue of Windows NT Magazine.
“Expiration Mechanism for Chipcards,” ibm Technical Disclosure Bulletin, Oct. 1, 2001, UK.
McDaniel et al., “Antigone: A Flexible Framework for Secure Group Communication,” Proceedings of the 8th USENIX Security Symposium, Aug. 23, 1999.
Expiration Mechanism for Chipcards, IBM Technical Disclosure Bulletin, Oct. I, 2001, UK.
McDaniel et al. “Antigone: A Flexible Framework for Secure Group Communication,” Proceedings of the 8th USENIX Security Symposium, Aug. 23, 1999.
Crocker, Steven Toye, “Multi-level cryptographic transformations for securing digital assets,”U.S. Appl. No. 10/404,566, filed Mar. 31, 2003.
Crocker, Steven Toye, “Effectuating access policy changes to designated places for secured files,” U.S. Appl. No. 10/259,075, filed Sep. 27, 2002.
Kenrich, Michael Frederick, “Multi-Level File Digest”, U.S. Appl. No. 10/894,493, filed Jul. 19, 2004.
Kinghorn, Gary Mark, “Method and system for protecting electronic data in enterprise environment,”U.S. Appl. No. 10/159,220, filed May 31, 2002.
Nath, Satyajit, “Method and system for securing digital assets using content type designations,” U.S. Appl. No. 10/405,587, filed Apr. 1, 2003.
Prakash, Nalini J., “Method and apparatus for securing/unsecuring files by file crawling,” U.S. Appl. No. 10/325,102, filed Dec. 20, 2002.
Rossmann, Alain, “Hybrid systems for securing digital assets,” U.S. Appl. No. 10/325,013, filed Dec. 20, 2002.
A Real-Time Push-Pull Communications Model for Distributed Real-Time and Multimedia Systems, Jan. 1999, School of Computer Sciences Carnegie Mellon University, Kanaka Juvva, Raj Rajkumar.
U.S. Appl. No. 10/889,685, entitled “Method and Apparatus for Controlling the Speed Ranges of a Machine” inventor Thomas, Jul. 13, 2004, 18 pgs.
U.S. Appl. No. 10/028,397, entitled “Method and system for restricting use of a clipboard application,” inventor Zuili, Dec. 21, 2001, 38 pgs.
U.S. Appl. No. 10/368,277, entitled “Method and apparatus for uniquely identifying files,” inventor Ouye, Feb. 18, 2003, 25 pgs.
U.S. Appl. No. 10/327,320, entitled “Security system with staging capabilities” inventor Vainstein, Dec. 20, 2002, 39 pgs.
U.S. Appl. No. 10/286,524, entitled “Security system that uses indirect password-based encryption,” inventor Gutnik, Nov. 1, 2002, 38 pgs.
U.S. Appl. No. 10/242,185, entitled “Method and system for protecting encrypted files transmitted over a network” inventor Ryan, Sep. 11, 2002, 33 pgs.
U.S. patent application, Ser No. 10/642,041, entitled “Method and system for fault-tolerant transfer of files across a network ” inventor Kenrich, Aug. 15, 2003, 32 pgs.
U.S. Appl. No. 10/610,832, entitled “Method and system for enabling users of a group shared across multiple file security systems to access secured files” inventor Ryan, Jun. 30, 2003, 33 pgs.
U.S. Appl. No. 10/448,806, entitled “Method and System for Using Remote Headers to Secure Electronic Files ” inventor Ryan, May 30, 2003, 35 pgs.
U.S. Appl. No. 10/074,194, entitled “Methods for idnetifying compunds that inhibit or reduce PTP1B expressions” inventor Rondinone, Feb. 12, 2002, 69 pgs.
U.S. Appl. No. 10/074,804, entitled “Secured Data Format for Access Control,” inventor Garcia, Feb. 12, 2002, 108 pgs.
U.S. Appl. No. 10/075,194, entitled “System and Method for Providing Multi-location Access Management to Secured Items,” inventor Vainstein et al., Feb. 12, 2002, 110 pgs.
U.S. Appl. No. 10/074,996, entitled “Method and Apparatus for Securing Electronic Data,” inventor Lee et al., Feb. 12, 2002, 1 1 1 pgs.
U.S. Appl. No. 10/074,825, entitled “Method and Apparatus for Accessing Secured Electronic Data Off-line,” inventor Lee et al., Feb. 12, 2002, 108 pgs.
U.S. Appl. No. 10/105,532, entitled “System and Method for Providing Different Levels of Key Security for Controlling Access to Secured Items,” inventor Hildebrand et al., Mar. 20, 2002, 86 pgs.
U.S. Appl. No. 10/186,203, entitled “Method and System for Implementing Changes to Security Policies in a Distributed Security System,” inventor Huang, Jun. 26, 2002, 65 pgs.
U.S. Appl. No. 10/201,756, entitled “Managing Secured Files in Designated Locations,” inventor Alain, Jul. 22, 2002, 121 pgs.
U.S. Appl. No. 10/206,737, entitled “Method and System for Updating Keys in a Distributed Security System,” inventor Hildebrand, Jul. 26, 2002, 60 pgs.
U.S. Appl. No. 10/246,079, entitled “Security System for Generating Keys from Access rules in a Decentralized Manner and Methods Therefor,” inventor Hildebrand, Sep. 17, 2002, 78 pgs.
U.S. Appl. No. 10/259,075, entitled “Effectuating Access Policy Changes to Designated Places for Secured Files,” inventor Crocker, Sep. 27, 2002, 60 pgs.
U.S. Appl. No. 10/286,575, entitled “Method and Architecture for Providing Access to Secured Data from Non-Secured Clients,” inventor Vainstein, Nov. 1, 2002, 46 pgs.
U.S. Appl. No. 10/295,363, entitled “Security System Using Indirect Key Generation from Access Rules and Methods Therefor,” inventor Vainstein, Nov. 15, 2002, 70 pgs.
U.S. Appl. No. 11/889,310, entitled “Methods and Systems for Providing Access Control to Electronic Data,” inventor Rossmann, Aug. 10, 2007, 90 pgs.
U.S. Appl. No. 11/797,367, entitled “Method and System for Managing Security Tiers,” inventor Vainstein, May 2, 2007, 11 pgs.
Adobe Acrobat 5.0 Classroom in a Book, Adobe Press, Jun. 26, 2001, pp. 1-4.
Adobe Acrobat Security Settings, Acrobat 7.0, Nov. 15, 2004, pp. I-4.
“Security Options”. Dec. 20, 2001. DC & Co. pages 1-2.
Microsoft Press Computer Dictionary, 1997, Microsoft Press, Third Edition, p. 426.
Search Report, completion date May 8, 2003, for European Patent Application No. EP 02 25 8530, 2 pages.
Search Report, completion date Oct. 2, 2003, for European Patent Application No. EP 02 25 8531, 2 pages.
Search Report, completion date Apr. 14, 2005, for European Patent Application No. EP 02 25 8533, 2 pages.
Search Report, completion date Mar. 16, 2005, for European Patent Application No. EP 02 25 8534, 2 pages.
Search Report, completion date Mar. 2, 2005, for European Patent Application No. EP 02 25 8535, 2 pages.
Search Report, completion date Mar. 3, 2005, for European Patent Application No. EP 02 25 8537, 2 pages.
Search Report, completion date May 12, 2005, for European Patent Application No. EP 02 25 8539, 2 pages.
Search Report, completion date Jul. 6, 2005, for European Patent Application No. EP 02 25 8529, 4 pages.
Search Report, completion date Oct. 8, 2003, for European Patent Application No. EP 02 25 8536, 2 pages.
Search Report, completion date May 8, 2003, for European Patent Application No. EP 02 25 8540, 2 pages.
Examination Report, completion date Jun. 18, 2008, for European Patent Application No. EP 02 258 532.7-1244, 6 pgs.
Boneh et al., “Hierarchical Identity Based Encryption with Constant Size Ciphertext,” Advances in Cryptology—EUROCRYPT 2005, vol. 3493, Jun. 20, 2005, pp. 440-456.
Boneh et al., “IBE Secure E-mail,” Stanford University, Apr. 8, 2002, http://crypto.stanford.edu/ibe/.
Curtis et al., “Securing the Global, Remote, Mobile User,” 1999 John Wiley & Sons, Ltd., Int. J. Network Mgmt. 9, pp. 9-21.
“Secure Sockets Layer (SSL): How it Works,” Verisign, http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works, pp. 1-2.
“Column Archives,” Microsoft TechNet, Professor Windows, technet.microsoft.com/enus/library/bb878075.aspx, retrieved on Dec. 3, 2009.
“Columns,” Microsoft TechNet http://web.archive.org/web/20021014225142/www.microsoft.com/techneUcolumns/default.asp Oct. 14, 2002, Retrieved from web.archive.org on Dec. 3, 2009.
“eXPeriencing Remote Assistance” Microsoft TechNet—Professor Windows Oct. 2002 Oct. 15, 2002 http://web.archive.org/web/20021015165237/www.microsoft.com/technUcolumns/profwin/, Retrieved from web.archive.org on Dec. 3, 2009.
Juvva et al. “A Real-Time Push-Pull Communications Model for Distributed Real-Time and Multimedia Systems,” Jan. 1999, School of Computer Sciences Carnegie Mellon University.
“Migrating Accounts From Windows NT 4.0 Domains to Windows 2000,” Microsoft TechNet—Professor Windows Apr. 2002, http://web.archive.org/web/20020415004611/www. microsoft.com/tech netlcolu mns/profwin/, Apr. 15, 2002.
“Scripting Your Windows 2000 Network, Part 1” Microsoft TechNet—Professor Windows Jun. 2002, http://web.archive.org/web/20020622055532/www.microsoft.com/techneUcolumns/profwin/ Retrieved from web.archive.org on Dec. 3, 2009.
“WayBack Machine” web.archive.org, http://web.archive.org/web/*/http://www.microsoft.com/technetlcolumns/profwin/, Retrieved on Dec. 3, 2009.
English language translation (unverified, machine-generated) of Japanese Patent Publication No. JP 2006-244044, Japanese Patent Office, Patent & Utility Model Gazette DB, 2006.
English language translation (unverified, machine-generated) of Japanese Patent Publication No. 2009-020720, Japanese Patent Office, Patent & Utility Model Gazette DB, 2009.
Office Action, dated May 10, 2005, for European Patent Application No. 02258532.7, 5 pgs.
Office Action, dated Dec. 5, 2006, for European Patent Application No. 02258532.7, 5 pgs.
English language abstract for Japanese Appl. No. 2001-036517, filed Feb. 9, 2001, 1 pg.
Botha et al., “Access Control in Document-Centric Workflow Systems—An Agent-Based Approach,” Computers & Security, vol. 20:6, Sep. 2001, pp. 525-532.
Botha et al., “Separation of Duties for Access Control Enforcement in Workflow Environments,” IBM, 2001.
“Affect,” The American Heritage Dictionary of the English Language, Fourth Edition Houghton Mifflin Company, 2002. Retrieved on May 4, 2006 from http://dictionary.reference.com/search?q=affect.
U.S. Appl. No. 60/475,109, Leser et al., “Method for Enforcing and Managing Usage Rights of Digital Data Objects in Dynamic, Distributed and Collaborative Contexts”, filed Jun. 2, 2003.
Boneh, D., et al., “Identity-Based Encryption from the Weil Pairing”, CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, Springer-Verlag London, UK, Oct. 2001, 27 pages.
Office Action, dated Oct. 5, 2005, for European Patent Application No. 02258532.7, European Patent Office, 5 pages.
Office Action, dated May 12, 2006, for European Patent Application No. 02258532.7, European Patent Office, 5 pages.
U.S. Appl. No. 12/331,083, entitled “Method and Apparatus for Securing Digital Assets,” Garcia, filed Dec. 9, 2008, 32 pages.
Kahan J.: “WDAI: a simple World Wide Web distributed authorization infrastructure” Computer Networks, Elsevier Science Publishers B.V., vol. 31, No. 11-16, May 17, 1999, pp. 1599-1609.
Donald, L., “Windows 2000 Server Study Guide Passage” Windows 2000 Server Study Guide, Jun. 20, 2001, pp. 3, 345-346, 380.

Related Publications (1)

	Number	Date	Country
	20030120601 A1	Jun 2003	US

Provisional Applications (1)

	Number	Date	Country
	60339634	Dec 2001	US

Continuation in Parts (1)

	Number	Date	Country
Parent	10076254	Feb 2002	US
Child	10127109		US

Dynamic evaluation of access rights

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

International Classifications

Term Extension

Abstract