Protecting confidential and sensitive digital objects (for example, digitally stored and manipulated information such as software, applications. Internet of Things (“IoT”) devices and endpoints, and other mechanisms that may contain information in digital form) has become increasingly challenging due to threats both internal and external to an entity that owns such digital objects. To deliver their intended value, these digital objects must remain available to be edited, shared, viewed, archived, and replicated. At the same time, the integrity of these digital objects must be maintained and their disclosure and/or loss must be prevented.
While known solutions in the art of automated document management, word processing, and information display provide basic security features such as access restrictions, authentication, authorization and encryption, such measures do not provide effective security mechanisms to prevent theft and/or copying of digital objects by insiders (i.e., persons and/or systems authorized to access stored objects) or by outsiders (i.e., persons and/or systems accessing these digital objects without authorization). As conducted by either an insider or an outsider, malicious leaking of digital objects may occur in the following forms:
a) Copying digital objects on a USB drive
b) Emailing digital objects to third parties
c) Uploading digital objects to a cloud storage or an FTP server not trusted by the entity to whom the digital objects belong
d) Copying the contents of a digital object and pasting those contents into a new digital object (e.g., an email)
e) Printing the contents of digital objects
f) Tampering or breaking into a hosting device and stealing storage media upon which digital objects are stored
Maintaining confidentiality of information becomes even more difficult when digital objects are shared (in editable form) among multiple users authorized to work on the digital objects in a collaborative manner. Existing approaches for access control and digital object sharing do not have the flexibility to share digital objects, such as documents, for limited time duration. Once shared, known solutions allow digital objects to be accessed by the receivers without workable limits. For example, revoking access to shared digital objects is possible in solutions where a centralized or cloud-based access control and management system is used and digital objects are shared from that system. However, this approach does not prevent the receiver from saving a copy of the digital object locally, from copying the contents to a new digital object on the local machine, and/or from emailing the contents to a third party.
Known access control approaches based on Access Control Lists (ACLs) and Role-based Access Control (RBAC) systems also fail to provide an effective line of defense against leaking of digital objects by a malicious insider who has the necessary authorizations to access the digital objects, or by an outsider who illicitly gains access to the digital objects.
This background information is provided to reveal information believed by the applicant to be of possible relevance to the present invention. No admission is necessarily intended, nor should be construed, that any of the preceding information constitutes prior art against the present invention.