| 主权项 |
1. A method for securing data distributed by a first user to at least one recipient user, comprising the steps of:
(A) providing a client application and a receiver application; (B) using said client application on a first computer:
(B)(1) authenticating said first user using a secure objects server, said secure objects server being distinct from said first computer, and(B)(2) said first user selecting data to be distributed as a secure data object, said selected data comprising multiple data items;(B)(3) forming a single data object from said selected data comprising said multiple data items, wherein all of the selected data are integrated and referenced as said single data object;(B)(4) said first user describing at least one manner in which said data object can be manipulated by a recipient user;(B)(5) assigning one or more permissions specific to said data object to control said at least one manner in which said data object can be manipulated by a recipient user, as described by said first user;(B)(6) creating an access control list (ACL) for said data object;(B)(7) saving said permissions and said ACL on said secure objects server;(B)(8) encrypting the data object formed in (B)(3) with an encryption key obtained from said secure objects server to form said secure data object;(B)(9) recording the encryption key in a database associated with said secure objects server; (C) distributing said secure data object to at least one arbitrary recipient user; and (D) upon receipt of said secure data object by a particular recipient user,
(D)(1) using said receiver application on a second computer associated with said particular recipient user, connecting to said secure objects server, said secure objects server being distinct from said second computer, said second computer being distinct from said first computer;(D)(2) upon connection of said receiver application to said secure objects server, said secure objects server authenticating said particular recipient user;(D)(3) upon successful authentication of said particular recipient user by said secure objects server, said receiver application querying said secure objects server for rules and permissions relating to said secure data object and to said particular recipient user, as assigned by the first user;(D)(2) said receiver application obtaining from said secure objects server said rules and permissions relating to said secure data object as assigned by the first user;(D)(3) said receiver application obtaining from said database associated with said secure objects server a decryption key for said secure data object, said decryption key corresponding to said encryption key that was used to encrypt the data object to form said secure data object;(D)(4) upon successfully obtaining said decryption key from said secure objects server, said receiver application decrypting said secure data object and providing said particular recipient user with access to said data items in said secure data object, said access being subject to constraints established by said first user as specified in said rules and permissions specific to said data object; and(D)(5) said receiver application recording particular log information about said particular recipient user's access to said data items in said secure object, and(D)(6) said receiver application providing said particular log information to said secure objects server. |
