| 主权项 |
1. A computer-implemented method for creating a rights management system (RMS) with superior layers and subordinate layers, comprising:
establishing a separate trust network for each of a plurality of layers of the RMS, wherein each trust network comprises one or more computing nodes within each of the plurality of layers, wherein a first layer comprises an enterprise rights management (ERM) layer to manage access rights associated with a ciphertext data object, and wherein a second layer comprises an object storage rights management (OSRM) layer to manage storage attributes of the ciphertext data object; obtaining a document on a computing node that is a member of a first trust network in the first layer of the plurality of layers; encrypting the document to the ciphertext data object; creating a publishing license for each of the plurality of layers of the RMS, wherein each publishing license lists rights and attributes associated with the ciphertext data object for a respective layer, each layer including an authentication mechanism to validate users of a respective layer and to manage the data access rights for each user; encrypting each publishing license according to an encryption scheme, the encryption scheme based at least in part on the respective layer; sending, from the first trust network in the first layer, the ciphertext data object to a second trust network in the second layer, wherein the second layer is subordinate to the first layer; and decrypting the publishing license for the second layer to access the rights and attributes assigned to the second layer, wherein the publishing license for the OSRM layer specifies at least one of a minimum number of separate storage sites where the ciphertext data object is stored within the OSRM layer, a maximum number of copies of the ciphertext data object allowed in the OSRM layer, and a duration of time after which the ciphertext data object may be deleted. |
