1. Field of the Invention
This invention relates in general to an electronic library network, and, in particular, to delayed secure data retrieval over an electronic library network.
2. Description of the Related Art
With the advent of network technologies, such as the Internet and the World Wide Web (WWW), new systems such as digital libraries have appeared. These libraries contain a wide variety of information in various forms stored as digital data entities. Such libraries require the management of the digital contents of the library and of content distribution. Often, the digital entities must be distributed over networks, between servers, and to client machines. The wide distribution of the digital contents requires protection of the contents, i.e. limiting who gets access to the data entities and how the data entities can be accessed. For example, terms and conditions may be imposed, which must be satisfied before a user can obtain access to the data entities. Further, the integrity and authenticity of data entities must be maintained.
In other words, there must be an access control mechanism which limits access to the data entities. Further, there must be a secure method of transmitting the data entities.
To provide such protection, past systems have used schemes such as secured socket layer (SSL) transmission. Under this scheme, the two parties to the transmission agree on one session key, which is used from then on to encrypt the data entity. Under such a scheme, both parties are trusted. However, this scheme may not be practical when dealing with a publisher of information, maintaining a digital library which can be accessed by many unknown users and when dealing with rights associated with the information in the library, such as copyright protection. A publisher will want to limit access to data entities to those users who have met imposed conditions, without having to establish a session key for each user, which can be cumbersome.
Another scheme for protecting the distribution of data entities is for an information supplier, e.g. a publisher, to distribute data entities in encrypted form along with an encryption key, such as with IBM Corporation""s CRYPTOLOPE scheme. In this manner, information can be distributed freely using any means without loss of protection. Under this scheme, a clearance center must verify that the user has satisfied the criteria to receive the data entity according to the terms and conditions (TandCs) associated with that data entity (e.g., by paying a fee), before providing the user with the corresponding decryption key. Any business transaction (e.g., payment) can be handled by yet another party.
The cryptolope scheme will now be described in further detail. The cryptolope is a secure data container which contains a collection of data items, and is digitally signed, so that the container is tamper detectable. A digital signature is an encryption of a message digest by a private key from a public and private key pair. The private key is kept secretly, while the public key is known to the public. A text encrypted by a private key can only be decrypted by its corresponding public key. A message digest is a result from a one-way function of a piece of data (also called a hash function). It is used to authenticate the piece of data in that if the data is changed, it will have a different message digest. Therefore, when a data package with a digital signature is sent from A to B, B can use A""s public key to decrypt the signature to make sure that the package is from A and that nobody has changed the content. The data items in the cryptolope can have terms and conditions, such as pay $1.00 for viewing, enter a password or present a digital certificate, in which case, the data items are encrypted. Thus, the user must indirectly obtain the corresponding decryption key using a cryptolope player, a special opener application, to unlock the data items. When an end-user receives and then opens the cryptolope using the cryptolope player, the end user must then present information to meet the terms and conditions to a clearance center. The clearance center can be run by the information supplier, an authorized agent of the supplier, or a mutually trusted third party who provides the clearing service. The clearance center must verify that the user has met the terms and conditions before providing the user with the decryption key. The clearance center then tells the cryptolope player used by the end user to open the cryptolope. The cryptolope player then opens the cryptolope and the program can then control actions which the end user is allowed to perform on the data entity, e.g. view, save or print.
Under this traditional cryptolope scheme, the encrypted data entities are packed in the cryptolope itself along with the encryption key, encrypted by a key of the clearance center. However, this cryptolope scheme presents a problem with modern day data entities. Such data entities, which may represent video, audio, software, etc. can be quite large. Transmission of such large data entities can be very slow, and inefficient. The inefficiency is especially evident when the user may be interested in only a portion of the data entity, or the user may decide that he/she is not interested in any of the data entity after all.
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method, apparatus and article of manufacture for a computer-implemented method of delayed secure data retrieval scheme.
In accordance with the present invention, the actual data entities are not packed into the cryptolope itself. Rather, the data entities are only retrieved upon request. Instead, the cryptolope, in accordance with the present invention, is an information entity, containing, inter alia, a delayed retrieval description, used to retrieve a data entity when requested. Further, the data entities which are eventually to be retrieved are encrypted to enforce the terms and conditions imposed upon accessing the entities. Also; the encryption or content key, used to encrypt the data item is determined when the cryptolope, or information entity, is packed and is stored in the cryptolope in an encrypted form. Only the publisher can unlock the content key. Therefore the end user cannot unlock the content in any way without satisfying the terms and conditions imposed. Finally, the content key is only stored in the cryptolope. Thus, the publisher does not need to maintain a database to store content keys and information regarding which content key has been used to encrypt which data entity.
Thus, an object of the present invention is to avoid the unnecessary transmission of large volumes of data.
Another object of the present invention is to separate delivery of an information entity and the real content, the data entities. This allows the initial transmission of information about the data, i.e. description data or meta data, without having to transmit the data entity itself.
Another object of the present invention is to reduce key management and storage requirements by eliminating the need to maintain a database containing content keys and information regarding how the keys are related to the data entity.