EP1302019A1 - Procede de gestion d'acces et d'utilisation de ressources par verification des conditions et conditions d'utilisation - Google Patents

Procede de gestion d'acces et d'utilisation de ressources par verification des conditions et conditions d'utilisation

Info

Publication number
EP1302019A1
EP1302019A1 EP02739696A EP02739696A EP1302019A1 EP 1302019 A1 EP1302019 A1 EP 1302019A1 EP 02739696 A EP02739696 A EP 02739696A EP 02739696 A EP02739696 A EP 02739696A EP 1302019 A1 EP1302019 A1 EP 1302019A1
Authority
EP
European Patent Office
Prior art keywords
conditions
resource
access
during
protected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP02739696A
Other languages
German (de)
English (en)
Other versions
EP1302019A4 (fr
Inventor
Thahn Ta
Thomas Demartini
Joseph Z. Fung
Guillermo Lao
Mai Nguyen
Bijan Tadayon
Vincent Tieu
Duc Tran
Xin Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Contentguard Holdings Inc
Original Assignee
Contentguard Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=27569619&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP1302019(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Contentguard Holdings Inc filed Critical Contentguard Holdings Inc
Publication of EP1302019A1 publication Critical patent/EP1302019A1/fr
Publication of EP1302019A4 publication Critical patent/EP1302019A4/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • IPRM Intelligent Property Rights Management
  • DPRM Digital Property Rights Management
  • IPM Intelligent Property Management
  • RM Remote Lights Management
  • ECM Electronic Copyright Management
  • U.S. patent 5,634,012 discloses a system for controlling the distribution of digital documents.
  • Each rendering device has a repository associated therewith.
  • a predetermined set of usage transaction steps define a protocol used by the repositories for enforcing usage rights associated with a document.
  • Usage rights persist with the document content.
  • the usage rights specify various manners of use of the content such as, viewing only, use once, distribution, and the like.
  • Pre-conditions such as payment of a fee, proof of identity or other conditions can be required prior to permitting access to the content in accordance with the usage rights. Once the pre-conditions are satisfied access to the content is granted.
  • the concept of conditional access is well known in access control applications also. For example, it is known to grant access to network resources upon entry of login name and password.
  • a typical pre-condition i.e. a condition for granting access, defines a list of authorized users along with a set of access rights and conditions to a given resource.
  • Pre-conditions associated with a given resource can be defined as resources associated with certain users. This is known as "role-based" access control.
  • Pre-conditions can also be defined by rules in a process known as "rule-based” access control. Both types of preconditions are expressed as an access control list, which is a set of resources or rules defined in some language or data structure.
  • Conditional access is typically implemented by most systems as an authorization process in which a principal (e.g., a person, a system or a process) is allowed access to a protected resource after certain conditions are met and/or verified.
  • a principal e.g., a person, a system or a process
  • a first aspect of the invention is a method for managing use of protected resources within a system of resources.
  • the method comprises granting access to a protected resource by a principal when pre-conditions associated with the protected resource and the principal are satisfied, permitting the principal to continue to access the protected resource while during-access conditions associated with the protected resource and the principal are satisfied, and terminating access to the protected resource by the principal when a termination event occurs.
  • the termination event can be either the satisfaction of post conditions distinct from the during-access conditions or a failure to continue satisfaction of the during-access conditions.
  • a second aspect of the invention is a method for managing use of protected resources within a system of resources.
  • the method comprises preparing pre-conditions that must be satisfied to obtain access to a protected resource, and preparing during-access conditions that must be satisfied to continue access to said protected resource.
  • said protected resource is inactive, enforcing said preconditions until said preconditions are satisfied; and rendering said protected resource active and enforcing said during- access conditions when said pre-conditions have been satisfied.
  • a third aspect of the invention is a condition specification adapted to associate a condition with a protected resource to control the protected resource within a system for managing protected resources.
  • the specification comprises a resource designation indicating the protected resource that the condition is associated with, a state variable indicating a status of the resource with respect to the condition, a method specification indicating a manner by which the value of the state variable can be obtained form a device.
  • FIG. 1 is a block diagram of a computer architecture of the preferred embodiment
  • FIG. 2 is a schematic illustration of the states of a conventional access control model
  • FIG. 3 is a schematic illustration of the states of the preferred embodiment
  • Fig. 4 is a flow chart of the authorization process of the preferred embodiment
  • FIG. 5 is a schematic illustration of a condition of the preferred embodiment.
  • FIG. 6 is a schematic illustration of a condition state of the preferred embodiment
  • conditions are part of the entire lifecycle of protected resources. This means that conditions are not just evaluated prior to allowing access, but are also evaluated during the actual consumption of the resource. Additionally, conditions are associated with both the protected resource and the state of the protected resource. Associating conditions with various states of a protected resource provides content owners or service providers a flexible way to protect different types of resources. Resources can be digital content, hardware, software programs, memory space, goods, services (including web services), time, fees, usage rights or a license.
  • Usage rights specify manners of use.
  • a manner of use can include the ability to use an item in a specified way for a specified period of time.
  • usage rights can specify transfer rights, such as distribution rights and can permit granting of usage rights to others or the derivation of usage rights.
  • the preferred embodiment verifies and validates conditions prior, during and after the usage or consumption of protected resources.
  • Conditions can be represented as a condition state so that the current state and history of each condition can be logged and later used.
  • State variables track potentially dynamic conditions. State variables are variables having values that represent status of a resource or other dynamic conditions. State variables can be tracked, and the value of state variables can be used in a condition. For example, a usage right, as a resource, can be the right to view content and a condition can be that no other users are logged into the network when the usage right is exercised. In this example, when the value of the appropriate state indicates that other users are logged in, the condition is no longer satisfied and the content can not be viewed, or viewing is terminated.
  • Fig. 1 illustrates computer architecture 10 of the preferred embodiment.
  • Conditions 80 are described in detail below and can be prepared with preparation application 70 associated with the distributor of an item, a content service provider, an enterprise manager or any other party wishing to control access to resources, such as digital content.
  • a grammar such as XrMLTM can be used to specify conditions 80.
  • conditions 80 can be specified in any manner.
  • a user operates within client environment 30, including a computer or other device associated with the user.
  • Software application 20, such as a rendering engine or other application can be installed in client environment 30.
  • Access manager 40 controls access to protected resource(s) 100 and derived resource(s) 100a in the manner set forth below.
  • Access manager 40 addresses security aspects of access to resource 100 and derived resource 100a.
  • access manager 40 may authenticate messages by verifying and validating signatures, such as a cryptographic signature, or other identifying characteristics of the messages in a known manner.
  • Access manager 40 includes two primary components, resource manager 42 and condition validator 44.
  • Resource manager 42 is responsible for resource registration, resource transformation, and resource termination.
  • Transformation refers to deriving derived resource 100a from resource 100. For example, in the case where the resource is an encrypted file which represents an image or the like, the derived resources 100a could include the clear image itself and the address of the memory that holds the image.
  • the memory address that holds the image is recorded by resource repository 46 of resource manager 42, so that any access to that memory, i.e. derived resource 100a, can be tracked.
  • tracking marks (such as a watermark) can be inserted into the image, so that it can be tracked at any time.
  • Condition validator 44 monitors the set conditions and manages the current state of the system. Condition validator 44 interacts with the resource manager 46, as described in greater detail below, to control derived resource 100a. When the current system state is no longer valid, condition validator 44 requests resource manager 42 to delete (or disable) all the derived resources 100a or to notify application 20 that the use of derived resources 100a is no longer allowed as described in greater detail below.
  • Access to protected resource 100 is based on conditions 80.
  • This type of condition is referred to as an access condition or "pre-condition.”
  • pre-condition This type of condition is referred to as an access condition or "pre-condition.”
  • Conditions 80 that are associated with the entire lifecycle of the protected resource can be expressed by use of a grammar including data structures, sets of rules or a language such as XrMLTM. The preferred embodiment uses of XrMLTM as the language to express conditions.
  • conditions 80 can be imposed on resource 100 itself, or any other resources - either tangible or intangible - including those resources that make up any executing environments, such as a application 20 of client environment 30, from which protected resource 100 is accessed and used.
  • Conditions 80 can be the identity of a user or a group of users who is/are granted access as principals and who use protected resource 100. Examples of conditions 80 are set forth below as expressed in the XrMLTM language.
  • Example A expresses a condition associated with a principal "Edgar” who is granted the right to "view” the protected digital content "XrML Book”.
  • Example B expresses a condition associated with a group of principals, i.e. all persons that fall under the category "ContentGuard employee" who are granted the right to print the protected digital work "XrML Book”.
  • Conditions 80 can be conditions on principals who must possess certain properties, such as a certain title, or rights, such as a security clearance.
  • Example C expresses the condition that principals must possess a manager's badge.
  • Conditions 80 can be conditions on the time interval for access to the protected item.
  • Example D below expresses conditions that key holder "Edgar", as a principal, can view the content "XrML book” not before 05/29/2002 and not after 05/29/2003.
  • Conditions 80 can be related to the physical location of the principal or resource used to access content.
  • Example E below expresses the condition that anyone currently in US can print the content "XrML Book”
  • Conditions 80 can specify a fee that the principal must pay for access.
  • Example F below expresses the condition that anyone can print the content "XrML book” upon payment of a fee of $3.10.
  • Example G below expresses the condition that anyone can print the content "XrML book” upon payment of a fee of $3.10 for each print.
  • Example H below expresses the condition that anyone can view the content "XrML book upon payment of a fee of $10.00 per hour of viewing time.
  • Example I below expresses the condition that anyone can print the content but the exercise of the print right will be tracked by a tracking service before printing.
  • Conditions 80 may also be conditions on the system in which resource 100 is consumed.
  • condition 80 may require that the system has an authorized security mechanism or other specific hardware or software, or only a specific maximum number of users are logged on.
  • Conditions 80 can specify the repository or other device in which resource 100, such as content, resides. Conditions 80 can relate to the approval notice that the principal must obtain before using the protected resources 100. Conditions 80 can require notification before or after using resource 100. Conditions 80 can specify the previous rights related to the protected resource 100 or other resources. Conditions 80 can also be imposed on other conditions 80 such as how to verify a condition.
  • conditions 80 are not limited to the above examples, but can be any restriction, obligation or requirement that is associated with protected resource 100 as pre-conditions, during-access conditions and postconditions. Also, even though the examples above are expressed using XrMLTM conditions are not limited to or by XrML and can be expressed in any manner.
  • Condition 80 includes resource designation 42 which can be expressed either implicitly or explicitly.
  • resource designation 42 is indicated by the attribute "licensePartlD" of the "digitalWork” elements .
  • Condition 80 also includes state variables 44, and method specification 46 indicating how values of state variables 44 can be obtained.
  • Method specification 46 can include the location(s) where values of state variables 44 are stored (such as a remote server that manages a condition), the communication protocol to communicate with the server where the condition is managed, and any parameters needed to obtain the value (such as service parameters, etc).
  • the method can be hard-coded in the system and method specification 46 can be omitted.
  • state variables 44 represent the status of condition 80.
  • the collection of all state variables 44 for a given right is referred to herein and a "state of rights".
  • Each state variable 44 has a corresponding value at any moment in time for the principal, right, and resource.
  • the collection of all state variables 44 of a condition 80 is referred to simply as a "condition state” herein.
  • Fig. 6 illustrates condition state 50 which includes condition 80, and current values 52 for state variables 44 of condition 80.
  • Method specification 56 indicates the method used to obtain current values 52 of state variables 44, including potentially a source from which the value is obtained, the digital signature of a credential, the session ID of the request and any other appropriate information. Note that method specification 56 can be considered redundant with method specification 46 and can merely be a reiteration thereof. However, in some cases, method specification 56, used to actually obtain values 52, can be different than method specification 46, which is suggested for use in condition 80.
  • condition state 50 to represent condition 80 for a right simplifies the process of verifying conditions 80 because all the information needed to verify condition 80 is readily accessible.
  • Condition state 50 is constructed and then used whenever the corresponding condition 80 is evaluated and verified.
  • Each condition state 50 can contain all information needed to verify values 52 of state variables 44.
  • a collection of condition states 50 for a given right associated with an authenticated principal and protected resource 100 is referred to as a "system state" herein.
  • An authenticated principal is a user that has been processed by a system which validates the authenticity of that user, for example when a user successfully logs-in with a user name and a password, the user becomes an authenticated principal or just "principal".
  • condition 80 for a given set of rights is defined as a set of required system states under which a principal is allowed to access to protected resource 100.
  • the principal is then able to access the protected resource 100 for an authorized operation.
  • it is not the authenticated principal itself that actually accesses protected resource 100.
  • the access can be delegated to another authenticated principal such as a rendering application, service, or the like.
  • the set of pre- access conditions 80 for granting the initial access may no longer be applicable for authorizing continued access.
  • consuming protected resource 100 may transform the resource into a set of temporary, .i.e., derived, resources 100a from which the access conditions 80 imposed on the original resources are also not applicable.
  • the preferred embodiment uses a concept for authorization and protection called "during- access conditions" which is described in detail below.
  • resources are in one of two states.
  • Fig. 2 when resource 100 is inactive, the system is in original state 102 until pre-conditions are satisfied. At that time, resource 100 becomes active and the system enters the authorized or active state 104.
  • the preferred embodiment defines two additional states in addition to the "original state” and "authorized state”. As illustrated in Fig. 3, during the use or access of protected resource 100, the system state will change through the following states: original state 102, authorized state 104, usage state 106 and end state 108.
  • Conditions 80 can be defined, for each state, that must be met in order to move to the next state or continue within the same state. As note above with respect to Fig.
  • conditions 80 can be defined and prepared using preparation application 70 including any necessary user interface and editing capabilities. Conditions 80 that need to be satisfied to enter the Authorized State are called “preconditions”. Conditions 80 that need to be satisfied during the use of resource 100 are called “during-access conditions” and conditions 80 that are required at the end of the use are called “post-conditions”. Condition validator 44 can invoke the requisite conditions 80 for each state.
  • During-access conditions are conditions 80 that are transferred from the original resource 100 to itself and any of derived resources 100a while they are being accessed and consumed by an authenticated principal.
  • resource 100 is a document which is displayed on a screen of client environment 30 during the authorized operation "view”
  • derived resources 100a may include the memory that contains the data from the document, the presentation format of the document, and the displayed windows respectively.
  • Derived resources 100a will all be protected by the set of during-access conditions. In other words, the principal will only have access to derived resources 100a as long as the during-access conditions are satisfied.
  • During-access conditions can be defined in the same manner as other conditions 80.
  • an application such as a application 20
  • the application that executes the service may be considered as a derived resource and is subjected to the set of during-access conditions while the service is being executed.
  • During-access conditions continuously change the system state until the derived resources are no longer used or the system state becomes unauthorized.
  • all derived resources 100a protected by during-access conditions are deleted (or disabled) and the system state is then transferred to the final state by the set of post-access conditions.
  • Conditions 80 after or during the use or access of a resource may or may not change. Those conditions with unchanged state are called “stateless conditions", while conditions that change after or during the use of the resource are called “stateful conditions”.
  • Pre-conditions 80 are usually stateless conditions 80 and are used to control the access to the protected document.
  • During-access conditions and post-conditions are usually stateful conditions 80. They are used to control the lifetime of protected resource 100. (For example, protected resource 100 can no longer be accessed once a specific number of users logged into a network has been exceeded.) With these expanded types of conditions 80 associated with different stages of protected resource 100, the preferred embodiment provides a mechanism to authorize the use of protected resource 100 and to protect and track resource 100 while it is being used.
  • Access Authorization stage 302 is a stage in which access manager 40 authorizes an authenticated principal to access protected resource 100 for an authorized operation through verifying that pre-conditions are satisfied.
  • Resource protection stage 304 is a stage in which access manager 40 protects resource 100 and its derived resources 100a while they are being used by verifying that the during-access conditions remained satisfied.
  • Operation termination stage 306 is a stage in which access manager 40 terminates the use of protected resource 100 and derived resources 100a for a given operation when post-access conditions are satisfied or during-access conditions otherwise cease being satisfied.
  • the post-condition can be the same as the pre-condition of the next cycle.
  • a non-static parameter can be used in order to prevent infinite loop situations. For example a time-dependent condition or a condition modified or imposed by an external entity, such as human intervention.
  • FIG. 4 illustrates an access authorization procedure in accordance with the preferred embodiment which includes collecting the current system state based on the list of conditions 80 associated with the authenticated principal, operation, and protected resource 100 in step 400.
  • Each state condition 50 can be obtained either from the local system or remote system, from a device, an application, a repository or a service by access manager 40.
  • the result of step 400 is the original state.
  • current values 52 of each state variable 44 in the pre-conditions are collected by access manager 40.
  • Current values 52 can be assembled into a record, an XML document for example. Information used to construct the record can be authenticated (for example, authentication of the principal or the resource 100).
  • the pre-conditions are evaluated, i.e., enforced, against the record.
  • the information stored in the record which contains current value 52 for each state variable 44 of the preconditions, can be accepted and/or subjected to various processing, such as verifying a signature of the record or reevaluating all pre-condition values. If enforcement is successful, resource 100 and any derived resources 100a enter the authorized state in step 406.
  • condition validator 42 can be classified as "voluntary” or "mandatory".
  • a process that accepts the values of the state variables 44 stored in the record discussed above is called a “voluntary” process and a system that challenges those values is called a “mandatory” process.
  • protected resource 100 and all its derived resources 100a are disabled as soon as any condition 80, including pre-conditions, during-access conditions or post-conditions, cannot be satisfied.
  • resources 100 or derived resources 100a are disabled (or become invalid) application 20 is no longer able to access protected resource 100.
  • application 20 is notified if any condition 80 cannot be satisfied and becomes invalid.
  • Application 20 is then responsible for disabling protected resource 100 and derived resources 100a .
  • the decision on whether to disable could be done automatically or with human intervention.
  • Enforcement step 404 will change the system from its original state to either an authorized state (step 406) or a rejected state (step 404).
  • an authorized state protected resource 100 is released to either the requested principal or its delegated principal and during conditions begin to be enforced. Note that during access conditions can be distinct from preconditions to provide flexible control of resources 100.
  • resource protection protects both the initial protected resource 100 and its derived resources, 100a by enforcing the set of during-access conditions.
  • the authorized state returned from the access authorization state contains the list of during-access conditions to be enforced during the authorized operation.
  • all derived resources 100a can be registered with resource repository 46 of resource manager 42 when derived resources 100a are generated and used. If any during-access condition becomes invalid resource manager 42 will disable access to protected resource 100 and derived resources 100a by application 20.
  • a tracking system a tracking object, such as special mark or ID, is inserted into derived resource 100a during the resource registration and transformation. This enables tracking of the resources by the resource protection component.
  • the insertion mark can be in a format transparent to the application that processes the derived resource 100a. Tracking systems can be either mandatory or voluntary systems.
  • the termination of an authorized operation executes the set of post conditions (if any are present). Executing post-conditions permanently change the system state and affects the next request for access to resource 100. For example, if a post condition is the removal of access to the resource 100 after an exercise limit has been reached, when the limit is reached the resource 100 is deleted or some other action is taken which disables or prevents access.
  • Operation termination can include resource termination.
  • Resource manager 42 can delete (disable) derived resources 100a when the operation is being terminated, whether or not the operation is forced to terminate, or the application is voluntarily terminating the operation. Deletion (or disabling) of derived resource 100a is important in the process of protection of resource 100.
  • Condition validator 44 commits the use of protected resource 100 and enforce the set of post-conditions. Condition validator 44 will invalidate (disable) protected resource 100 if resource 100 becomes invalid as a result of the change in the system state.
  • the preferred embodiment can utilize various devices, such as a personal computers, servers, workstations, PDA's, thin clients and the like.
  • the client environment can be a handheld device such as a mobile phone or a PDA.
  • Various channels for communication can be used.
  • the various functions can be integrated in one device.
  • the disclosed functional devices and modules are segregated by function for clarity. However, the various functions can be combined or segregated as hardware and/or software modules and devices in any manner.
  • the various functions modules and devices have utility separately or in combination.
  • the various records, messages, elements and portions thereof can be stored on the same device or on different devices. Various links, references, specifications, and the like can be used to associate the elements. Access to any type of resource can be controlled. Any mechanism for tracking values of state variables can be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Exchange Systems With Centralized Control (AREA)
  • Selective Calling Equipment (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
EP02739696A 2001-06-07 2002-06-07 Procede de gestion d'acces et d'utilisation de ressources par verification des conditions et conditions d'utilisation Ceased EP1302019A4 (fr)

Applications Claiming Priority (15)

Application Number Priority Date Filing Date Title
US29611301P 2001-06-07 2001-06-07
US29611701P 2001-06-07 2001-06-07
US29611801P 2001-06-07 2001-06-07
US296113P 2001-06-07
US296118P 2001-06-07
US296117P 2001-06-07
US33162501P 2001-11-20 2001-11-20
US33162301P 2001-11-20 2001-11-20
US33162101P 2001-11-20 2001-11-20
US33162401P 2001-11-20 2001-11-20
US331624P 2001-11-20
US331621P 2001-11-20
US331625P 2001-11-20
US331623P 2001-11-20
PCT/US2002/017753 WO2002101975A1 (fr) 2001-06-07 2002-06-07 Procede de gestion d'acces et d'utilisation de ressources par verification des conditions et conditions d'utilisation

Publications (2)

Publication Number Publication Date
EP1302019A1 true EP1302019A1 (fr) 2003-04-16
EP1302019A4 EP1302019A4 (fr) 2004-06-09

Family

ID=27569619

Family Applications (2)

Application Number Title Priority Date Filing Date
EP02739696A Ceased EP1302019A4 (fr) 2001-06-07 2002-06-07 Procede de gestion d'acces et d'utilisation de ressources par verification des conditions et conditions d'utilisation
EP02739695.1A Expired - Lifetime EP1399796B2 (fr) 2001-06-07 2002-06-07 Procede et dispositif de suivi de l'etat d'une ressource dans un systeme pour une gestion de l'utilisation des ressources

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP02739695.1A Expired - Lifetime EP1399796B2 (fr) 2001-06-07 2002-06-07 Procede et dispositif de suivi de l'etat d'une ressource dans un systeme pour une gestion de l'utilisation des ressources

Country Status (12)

Country Link
EP (2) EP1302019A4 (fr)
JP (5) JP4520736B2 (fr)
KR (2) KR100604715B1 (fr)
CN (2) CN1656778B (fr)
AT (1) ATE332527T1 (fr)
AU (2) AU2002312333B2 (fr)
BR (1) BR0211184A (fr)
CA (2) CA2432283A1 (fr)
DE (1) DE60212969T3 (fr)
ES (1) ES2266513T5 (fr)
MX (1) MXPA03011332A (fr)
WO (2) WO2002101493A2 (fr)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7805371B2 (en) 2002-03-14 2010-09-28 Contentguard Holdings, Inc. Rights expression profile system and method
US20030229593A1 (en) * 2002-03-14 2003-12-11 Michael Raley Rights expression profile system and method
WO2004077911A2 (fr) * 2003-03-03 2004-09-16 Sony Ericsson Mobile Communications Ab Procede de demande de droits
KR101254209B1 (ko) 2004-03-22 2013-04-23 삼성전자주식회사 디바이스와 휴대용 저장장치간에 권리 객체를 이동,복사하는 방법 및 장치
JP4543773B2 (ja) * 2004-06-22 2010-09-15 ソニー株式会社 ライセンス評価装置,コンピュータプログラム,ライセンス評価方法
JP4576901B2 (ja) * 2004-06-22 2010-11-10 ソニー株式会社 ライセンス評価装置,コンピュータプログラム,ライセンス評価方法
US7921452B2 (en) 2005-08-23 2011-04-05 The Boeing Company Defining consistent access control policies
US8056114B2 (en) 2005-08-23 2011-11-08 The Boeing Company Implementing access control policies across dissimilar access control platforms
US9565191B2 (en) 2005-08-23 2017-02-07 The Boeing Company Global policy apparatus and related methods
US8271418B2 (en) 2005-08-23 2012-09-18 The Boeing Company Checking rule and policy representation
KR100983793B1 (ko) 2007-04-18 2010-09-27 한국전자통신연구원 상호운용적 디지털저작권관리 장치 및 그 방법
US9274847B2 (en) 2007-05-04 2016-03-01 Microsoft Technology Licensing, Llc Resource management platform
CN101661281B (zh) * 2008-08-28 2011-10-26 上海宝信软件股份有限公司 分布式监控系统中控制权限移交的方法
US8903783B2 (en) * 2010-04-23 2014-12-02 Bridgepoint Education System and method for publishing and displaying digital materials
CN102866909B (zh) * 2012-08-27 2018-02-27 北京奇虎科技有限公司 一种控制对接口资源访问的资源锁的系统和方法
CN104461738B (zh) * 2014-12-11 2018-02-13 珠海金山网络游戏科技有限公司 资源管理器中资源复用的方法、对应系统及设备
US11574621B1 (en) * 2014-12-23 2023-02-07 Amazon Technologies, Inc. Stateless third party interactions
JP7186043B2 (ja) * 2018-09-21 2022-12-08 株式会社日本総合研究所 管理装置、システム及びプログラム
WO2021046777A1 (fr) * 2019-09-11 2021-03-18 阿里巴巴集团控股有限公司 Procédé, dispositif et système de planification de ressources, procédé, dispositif et système d'application de ressources, procédé, dispositif et système de tarification de ressources, et support de stockage

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4740890A (en) * 1983-12-22 1988-04-26 Software Concepts, Inc. Software protection system with trial period usage code and unlimited use unlocking code both recorded on program storage media
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US4937863A (en) * 1988-03-07 1990-06-26 Digital Equipment Corporation Software licensing management system
GB9205774D0 (en) * 1992-03-17 1992-04-29 Int Computers Ltd Computer security system
US5293422A (en) * 1992-09-23 1994-03-08 Dynatek, Inc. Usage control system for computer software
JPH06214862A (ja) * 1993-01-13 1994-08-05 Hitachi Ltd クライアント・サーバシステムにおける文書アクセス方法
US5386369A (en) * 1993-07-12 1995-01-31 Globetrotter Software Inc. License metering system for software applications
JPH0854951A (ja) * 1994-08-10 1996-02-27 Fujitsu Ltd ソフトウェア使用量管理装置
US5629980A (en) * 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5638443A (en) * 1994-11-23 1997-06-10 Xerox Corporation System for controlling the distribution and use of composite digital works
US5485577A (en) * 1994-12-16 1996-01-16 General Instrument Corporation Of Delaware Method and apparatus for incremental delivery of access rights
CN1312549C (zh) * 1995-02-13 2007-04-25 英特特拉斯特技术公司 用于安全交易管理和电子权利保护的系统和方法
US5632681A (en) * 1995-03-07 1997-05-27 International Business Machines Corporation Universal electronic video game renting/distributing system
US5708709A (en) * 1995-12-08 1998-01-13 Sun Microsystems, Inc. System and method for managing try-and-buy usage of application programs
CA2242596C (fr) * 1996-01-11 2012-06-19 Mrj, Inc. Systeme permettant d'agir sur l'acces a la propriete numerique et sur sa diffusion
JP2810033B2 (ja) * 1996-07-08 1998-10-15 村越 弘昌 稼働管理システム及び稼働管理方法
US6006332A (en) * 1996-10-21 1999-12-21 Case Western Reserve University Rights management system for digital media
ATE224124T1 (de) * 1997-01-27 2002-09-15 Koninkl Philips Electronics Nv Verfahren und vorrichtung zur übertragung von inhaltsinformation und darauf bezogener zusatzinformation
US6397333B1 (en) * 1998-10-07 2002-05-28 Infineon Technologies Ag Copy protection system and method
CA2256934C (fr) * 1998-12-23 2002-04-02 Hamid Bacha Systeme de depot electronique de donnees mettant en oeuvre le controle d'acces a l'extraction des donnees
US7024393B1 (en) * 1999-03-27 2006-04-04 Microsoft Corporation Structural of digital rights management (DRM) system
US6973444B1 (en) * 1999-03-27 2005-12-06 Microsoft Corporation Method for interdependently validating a digital content package and a corresponding digital license
JP2003507784A (ja) * 1999-08-13 2003-02-25 ヒューレット・パッカード・カンパニー 記憶されたデータの使用に対する強制的な制限

Also Published As

Publication number Publication date
BR0211184A (pt) 2004-08-10
KR100621318B1 (ko) 2006-09-13
CN1656778B (zh) 2011-01-05
EP1302019A4 (fr) 2004-06-09
AU2002312334B2 (en) 2004-11-25
WO2002101493A3 (fr) 2003-03-27
JP4520737B2 (ja) 2010-08-11
JP2004530230A (ja) 2004-09-30
HK1063364A1 (en) 2004-12-24
KR20030096249A (ko) 2003-12-24
DE60212969D1 (de) 2006-08-17
JP4621790B2 (ja) 2011-01-26
CN1539217A (zh) 2004-10-20
JP2004530986A (ja) 2004-10-07
JP2009015875A (ja) 2009-01-22
JP4520736B2 (ja) 2010-08-11
JP5095854B2 (ja) 2012-12-12
JP2009199629A (ja) 2009-09-03
JP2012018701A (ja) 2012-01-26
MXPA03011332A (es) 2004-07-08
ES2266513T3 (es) 2007-03-01
KR20030096248A (ko) 2003-12-24
JP4878617B2 (ja) 2012-02-15
EP1399796A2 (fr) 2004-03-24
ES2266513T5 (es) 2015-03-26
EP1399796B2 (fr) 2015-02-25
EP1399796B1 (fr) 2006-07-05
ATE332527T1 (de) 2006-07-15
WO2002101493A2 (fr) 2002-12-19
WO2002101975A1 (fr) 2002-12-19
DE60212969T3 (de) 2015-06-03
CN100345408C (zh) 2007-10-24
DE60212969T2 (de) 2006-11-23
CA2432317C (fr) 2008-03-18
EP1399796A4 (fr) 2004-06-09
CA2432283A1 (fr) 2002-12-19
KR100604715B1 (ko) 2006-07-24
CN1656778A (zh) 2005-08-17
AU2002312333B2 (en) 2005-11-03
CA2432317A1 (fr) 2002-12-19

Similar Documents

Publication Publication Date Title
JP4621790B2 (ja) 派生リソースの使用を管理する装置
US7152046B2 (en) Method and apparatus for tracking status of resource in a system for managing use of the resources
US6006332A (en) Rights management system for digital media
AU2002312334A1 (en) Method for managing access and use of resources by verifying conditions and conditions for use therewith
EP1933522B1 (fr) Procédé et système destinés à l'authentification
US7290699B2 (en) Protected content distribution system
EP2316095B1 (fr) Concession de licence d'un contenu protégé pour des ensembles d'applications
US20060004588A1 (en) Method and system for obtaining, maintaining and distributing data
AU2002312333A1 (en) Method and apparatus for tracking status of resource in a system for managing use of the resources
US20030009424A1 (en) Method for managing access and use of resources by verifying conditions and conditions for use therewith
Ziebermayr et al. Web service authorization framework
AU2005200241A1 (en) Method for managing access and use of resources by verifying conditions and conditions for use therewith
Cha et al. From p3p to data licenses
HK1063364B (en) Method and apparatus for tracking status of resource in a system for managing use of the resources
Jeong et al. An xml-based security architecture for integrating single sign-on and rule-based access control in mobile and ubiquitous web environments
Xu et al. The implementation of role-based access control on the Web
Snyder et al. User Authentication, Authorization, and Logging
JP2006178699A (ja) セキュリティ設定システム及び方法並びにセキュリティ設定用プログラム

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20021105

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

A4 Supplementary search report drawn up and despatched

Effective date: 20040426

RIC1 Information provided on ipc code assigned before grant

Ipc: 7G 06F 1/00 B

Ipc: 7H 04L 9/00 A

17Q First examination report despatched

Effective date: 20040715

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20060129