This invention relates to controlling access to stored information.
Data distribution media, such as a CD-ROM, can store a large number of files. The producer of the CD-ROM may wish to control access by users to particular files, either because they are confidential or because access is subject to payment by the user.
Access may be controlled by requiring a user to enter a password obtained from the CD-ROM producer. Different passwords may unlock different files or different subsets of files. The files may be cryptographically signed and for added protection, may be encrypted. In the scheme discussed in U.S. Pat. No. 5,646,992, incorporated herein by reference, each file is encrypted by the producer with a unique key known only to the producer. The user receives the encrypted items and, after his request for access is processed by the producer, also receives decryption keys, i.e., passwords, which are used to decrypt the respective encrypted files. The passwords unlock only those files for which access has been requested.
In general, in one aspect of the invention, the invention features controlling access to stored information by determining an actual geographic position where the stored information is located based on signals received at a receiver supplying reliable position information. The actual geographic position is then compared with a geographic region within which access to the stored information is authorized. The user is permitted access to the stored information if the actual geographic position is located within the authorized geographic region.
Embodiments of the invention include the following features. The receiver that supplies the position information can receive the position information from a satellite-based location determination system or an inertial navigation system. The information can be stored on a computer-readable medium, such as a high-capacity disk. The stored information includes files and each of these files has an associated geographic region within which access is permitted. The user has access to a specific file or files if the actual geographic position is located within the authorized geographic region for this file. The stored information can be encrypted, and the user has access to the decryption key only if the actual geographic position is located within the authorized geographic region. The stored information can also be divided into subsets of information and wherein at least one the subsets has a different authorized region from the other subsets. The association of the files with the authorized geographic regions can be stored as a policy file together with the stored information.
In general, in another aspect, the invention features determining an actual date or time at the location of the stored information based on signals received at a receiver supplying reliable time information. The actual date or time is compared with a predetermined date or time interval at which access to the stored information is authorized. The user can access the stored information if the actual date or time occurs within the authorized date or time interval.
In general, in another aspect, the invention includes a receiver supplying reliable position information for determining an actual geographic position where the stored information is located. A computer receives the position information with a geographic region within which access to the stored information is authorized and permits access to the stored information if the actual geographic position is located within the authorized geographic region.
Embodiments of the invention include the following features. The receiver includes a receiver encryption mechanism for cryptographically signing the actual geographic position with a receiver encryption key and verifying the receiver signature with a receiver decryption key before the actual geographic position is compared with the authorized geographic region.
In general, in yet another aspect, the invention includes a reader with a corresponding receiver decryption key for verifying the cryptographically signed actual position.
Embodiments of the invention include the following features. The reader generates an initialization vector providing a position offset which is transmitted to the receiver and added to the actual geographic position. The reader crytographically signs the position offset with a reader encryption key. The receiver verifies the position offset signature with a corresponding reader decryption key before the position offset is added to the actual geographic position.
In general, in another aspect, the invention features forming a policy associating the information with authorized geographic regions and authorized time intervals and cryptographically signing the policy and the information. The signed policy is stored together with the signed information. The user obtains from the producer a password for unlocking the policy and obtains access to the stored information if the actual geographic position and actual time falls within the authorized geographic regions and authorized time interval of the policy.
Among the advantages of the invention are one or more of the following.
A producer of stored information can restrict use of that information to designated geographic regions or can exclude designated regions where use is not permitted. For example, a service manual for an automobile stored on a CD-ROM may contain different sections of information which are applicable to corresponding specific countries and/or regions. A user may be permitted to see only the portion of the information which is applicable to his current geographic location. Likewiese, access to a sensitive corpoarte report may be limited to specific plant location. Access to time-sensitive information may be denied before or after a certain date or limited to a permitted period. By associating information about authorized geographic regions and time intervals with policy files stored on the CD-ROM and accessed with a user password, the CD-ROM producer can issue a new password to permit the user to access a particular set of policy files, and therefore the information authorized, for a corresponding region and date/time.
Other advantages and features will become apparent from the following description and from the claims.