Information Rights Management (IRM) is used in many organizations to protect corporate sensitive information (such as financial data, intellectual property and executive communications) from unauthorized access and usage. IRM mainly includes enforcement of access and usage rights, in order to determine which user will be able to perform actions on data, such as copy, drag/drop, print, print screen, save as, save and view operations. In order to be IRM enabled, each application that consumes encrypted data should be able to receive a decryption key, decrypt the data and to render the decrypted data for allowing access to the user. For this purpose, all the usage rights capabilities should be integrated into the application including encryption/decryption and data exchange with the key management, such that the set of permissions of each data item will be analyzed, in order to enable or disable functionalities within the application and enforce the usage rights. This leads to a situation where IRM implementation strongly dependent of the application type, and therefore, varies from application to application.
One of the existing solutions for implementing IRM to an application is to use an IRM Software Development Kit (SDK—which is a software development tool that allows the creation of applications for a certain software development platform) which is usually provided by the IRM vendor. By doing this, the code for IRM is developed as part of the application's inherent code. However, this solution is cumbersome and costly, since it requires modifications in the inherent code of each application, especially in enterprises that use many applications from many software providers, most of the readymade of the shelf applications. In this case, this solution requires the cooperation of those many different application vendors. Also, sometimes the relationship between the application vendors and the IRM vendors renders the IRM implementation by the 3rd party vendor impossible. In addition, not all IRM vendors provide usable SDK usable in all development technologies, and not all applications vendors will integrate such SDK, while 3rd party modifications of their source or binaries are forbidden by the application vendor licensing.
A similar problem arises when it is required to display, add, and modify the classification of data items by the user via the application that renders the data. Sometimes classification of data is mandatory, due to security reasons. For example, if the data contains sensitive content (e.g., credit card numbers), it must be classified.
One of the main difficulties is the fact that each application has a different UI, different layout of UIs and different technology, which impose usability problems. One of the problems is that it is desired to provide to each user of an application a uniform usability experience, even though the UI layout is different from application to application. One of the conventional solutions to the uniformity problem is to use the SDK for implementing classification capabilities, for example using a toolbar. However, this requires modifying the UI layout in each application to get such uniformity. Another solution is to use an add-on (a piece of software which enhances another software application), but this also requires integrating a different add-on to each application.
Another way to integrate classification capability is to use a generic location, such as the title bar (a graphical control element which is a part of the window decoration—normally located at the top of the window as a horizontal bar). However, there are some applications with no title bar and in any case, using a title bar in the middle to gain classification capability interrupts the user's natural workflow (i.e., the natural sequence which the user performs while using almost any application). For example, in order to save a created data item the user will be required to use the title bar. Similar interruption appears while using popups (which are external to the application) to provide classification capability. It is also possible to use right clicking through a file explorer (such as Windows Explorer) to offer classification capability but this also interrupts the user's natural workflow, as the user should close the application and use a different tool.
It is an object of the present invention to provide a method for enabling data classification and enforcement of Information Rights Management (IRM) capability in software applications, which does not interrupt the user's natural workflow.
It is another object of the present invention to provide a method for enabling data classification and enforcement of Information Rights Management (IRM) capabilities in software applications, which will be generic for all applications.
It is a further object of the present invention to provide a method for enabling data classification and enforcement of Information Rights Management (IRM) capability in software applications, which does not require integration with the specific application, and doesn't require any development effort, tailored to the targeted application.
It is a further object of the present invention to provide a method for allowing a user to enable classification and IRM within its ecosystem without the requirement to upgrade or modify his existing applications (binaries).
Other objects and advantages of the invention will become apparent as the description proceeds.