摘要 |
A method of protecting a users' data comprises: <SL> <LI>a) wrapping data content to be sent to a third party 12 computing platform in a compound software wrapper; <LI>b) interrogating the third party computing platform for compliance with a trusted platform specification; <LI>c) on successful interrogation of the third party computing platform, transmitting the data content wrapped in the compound wrapper to the third party computing platform; <LI>d) unwrapping the compound software wrapper on the third party computing platform; <LI>e) wherein the third party computing platform treats the data content in conformity with a compound policy forming part of the software wrapper which specifies how the data content may be used. </SL> The compound policy may be stored on a security token (such as a smart card 10), and the compound policy may include a rights management policy (e.g. terms of purchase), an information flow policy (how the data may be manipulated) and/or a user privacy policy (e.g. the circumstances in which the data content may be used. In a second embodiment a compound software wrapper is described which comprises a header section, a data content, a key record section and includes a compound policy including one or more of a rights management policy, an information flow control policy and/or a user privacy policy.
|