Field of the Invention
This invention relates to digital rights management for emails (electronic mails), and in particular, it relates to a method for applying digital rights management policies to MIME format emails including its attachments.
Description of Related Art
With the wide use of digital documents and digital document processing, digital rights management systems (“DRM” or “RMS”) are increasingly implemented to control user access to and prevent unauthorized use of digital documents. The rights involved in using a digital document may include the right to view (or “read”), edit (or “write”), print, or copy the digital document, the right to transmit the document by email, etc. A user may access a digital document by acquiring or being assigned one or more of these rights. DRM systems are generally implemented for managing users' rights to the digital documents managed by the systems. DRM systems can be used to protect various types of documents, such as .PDF (Portable Document Format), .DOC (Microsoft™ Word™), .XSL (Microsoft™ Excel™), .MSG (Microsoft™ Outlook™) files, etc.
In a current DRM system, each digital document is associated with a digital rights management policy that specifies which user has what rights to the document, as well as other parameters relating to access rights. Many such policies are stored in am RMS server (also called DRM server). The server stores a database table that associates each document (e.g. by a unique ID, referred to as document ID or license ID) with a policy (e.g. by a policy ID). Each digital document may also have metadata that contains the document ID. When a user attempts to access a document using an application program such as Adobe™ Reader, the application program contacts the RMS server to request access permission. The server determines whether the requesting user has the right to access the document in the attempted manner (view, edit, print, etc.), by determining the policy associated with the document and then referring to the content of that policy. The server then transmits an appropriate reply to the application program to grant or deny the access. If access is granted, the server's reply may contain a decryption key to decrypt the document.
Most current email systems use the MIME (Multi-Purpose Internet Mail Extensions) standard. In existing DRM protection for emails, typically one DRM policy is applied to the entire MIME format email document to control access permissions. In other words, if a MIME email is protected with a certain DRM policy, the digital documents that are attachments to the email are controlled by the same DRM policy as the email. In one example, U.S. Pat. No. 7,966,375 describes “a method for restricting access to one or more email attachments [which] includes receiving an email addressed to a first recipient and including at least a first attachment. The email is processed to determine whether a valid authorization code is associated with the email (and/or the attachment (s)). The valid authorization code identifies the email (and/or the attachment(s)) as an authorized communication. Access by the recipient to the first attachment is prevented if the processing of the email determined that no valid authorization code is associated with the email (and/or the attachment(s)).” (Abstract.) U.S. Pat. No. 7,454,778 describes a method “for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. [The method] utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.” (Abstract.)