| 摘要 |
Access to a digital asset by a user may be controlled by encrypting the digital asset, embedding the encrypted digital asset in a file, providing a file viewer to the user, responding to a request by the user to access the digital asset by sending a request from the file viewer to a server, the request including identification information related to the user and the file, processing the request from the file viewer, with information in a database related to authorization of the user to access the digital asset, to produce and send to the viewer an encrypted authorization key and responding to receipt of the encrypted authorization key by the viewer by decrypting the authorization key to permit the requested access to the digital asset via the file viewer. |
| 主权项 |
1. A method for controlling remote access to a digital asset, comprising:
protecting a digital asset in a protected digital asset file, said digital asset file containing the digital asset and a unique security wrapper, said unique security wrapper comprising open and protected information about the asset and asset decoding data for a particular copy of the digital asset; providing, on a remote computer system, a remote database, said remote database including a user identification, a digital asset file identification, a temporal specification, an access definition, and an access control for the digital asset file, said access control being set to one of a first state in which access is granted and a second state in which access is denied, and said temporal specification defining a temporal limitation for access to the digital asset, and said temporal specification and access control being settable and changeable by an administrator having access to the remote database; and at a first time, determining if the access control is set to the first state for the protected digital asset file; and if, at the first time, the access control is set to the first state for the protected digital asset file, then making the protected digital asset file, and a protected digital asset file viewer, available via network communication to a user on a user's computer, said remote database and remote computer being remote from the user's computer; after the protected digital asset file and the protected digital asset file viewer are made available to the user on the user's computer, then each time the user attempts to interact with the protected digital asset file using the the protected digital asset file viewer, generating a request and communicating the request from the digital asset file viewer on the user's computer via network communication to the remote computer, said request including the user identification, the digital asset file identification, a timestamp and the protected information from the security wrapper; after receipt of the request by the remote computer from the user's computer, determining from the remote database if the user is authorized to interact with the protected digital asset file as of the timestamp, based upon the corresponding temporal specification in the remote database as of the timestamp; and if, based upon the temporal specification, the user is authorized to interact with the protected digital asset file as of the timestamp, also determining from the access definition in the remote database a then-current extent to which that user is authorized to interact with the digital asset, and generating a key from the protected information of the security wrapper and providing the key to the protected digital asset file viewer on the user's computer, said key permitting the digital asset file viewer to decode the particular copy of the digital asset in accordance with the decoding data in the security wrapper and the user to interact with the protected digital asset on the user's computer only to the then-current extent authorized, without making an unprotected version of the protected digital asset available for use without the protected digital asset file viewer and the key. |
