The problem to be solved is to allow a client-based application to warn a user that by opening and performing other actions on content (such as printing it) that their actions may be recorded and viewed by others. This should ideally be done so that a Right's Management System can be configured to be consistent with local, national, and international privacy laws. Additionally, the same client application should ideally be usable on content originating from different sources, which may have different privacy requirements.
For example, a user may open a Rights Managed document that is managed against the company's Rights Management server. This server may only be used to support internal employees, and therefore, the company may not be required to warn the user that their actions may be audited. However, a user may open another document that came from an outside source (for example, a commercial site that sells research reports) with the same viewer application. In this case, the research report company may want to warn the user that their actions may be tracked (or may be required to do so by law).
One embodiment of the present invention allows an organization that distributes Right's Managed content to centrally specify whether the viewer application(s) for that content should show a privacy warning dialog and what type of semantics should be associated with the dialog. For example, the dialog may allow the user to choose whether to be audited, but will open the document regardless of which answer they choose (only auditing if the user agrees to it). The dialog may also warn the user that if they do choose to open the document, their actions will be audited and the application will refuse to open the document if the user does not agree to be audited. The embodiment also allows the privacy settings to be specified based on where the content came from, so that content from different sources may carry different privacy warnings.
Server-Configurable Privacy-Warning Dialog
FIG. 1 illustrates a system that facilitates a server-configurable privacy-warning dialog in accordance with an embodiment of the present invention. FIG. 1 includes network 102. Network 102 can generally include any type of wired or wireless communication channel capable of coupling together computing nodes. This includes, but is not limited to, a local area network, a wide area network, or a combination of networks. In one embodiment of the present invention, network 102 includes the Internet.
Client 104 and server 106 are coupled to network 102. Client 102 can generally include any type of computer system, including, but not limited to, a computer system based on a microprocessor, a mainframe computer, a digital signal processor, a portable computing device, a personal organizer, a device controller, and a computational engine within an appliance. In addition, client 102 can generally include any node on a network including computational capability and including a mechanism for communicating across the network. Server 106 can generally include any computational node including a mechanism for servicing requests from a client for computational and/or data storage resources.
When user 112 requests to open document 108 at client 104, client 104 sends a request to server 106 requesting the privacy settings for document 108. Note that these settings can be document specific, user specific, location specific, or any combination thereof. Also note that document 108 could also be any other form of digital content, such as a picture, an audio file, or a video file. Upon receiving the privacy settings from server 106, server 104 controls the access and auditing of document 108 based on the privacy settings. This may include displaying warning dialog 110 to user 112 and waiting for a confirmation from user 112 before proceeding. These actions are described in more detail in the following description of FIG. 2.
Process of Implementing a Server-Configurable Privacy-Warning
FIG. 2 presents a flowchart illustrating the process of providing a server-configurable privacy-warning in accordance with an embodiment of the present invention. The system starts by receiving a request from a user 112 to open digital content, such as document 108, at client 104 (step 202). In response to this request, client 104 requests the privacy settings from server 106 (step 204). As mentioned in the previous section, these privacy settings can be document-specific, user-specific, location-specific (which can include the current location of client 104 or the source of document 108), or any combination thereof. In addition, these settings can be stored in a Database Management System, a configuration file, or any other form of persistent storage.
Next, client 104 receives the privacy settings from server 106 (step 206). In one embodiment of the present invention, a copy of the privacy settings is cached in the digital content to facilitate compliance with privacy policies when server 106 is unreachable. Alternatively, a copy of the privacy settings could be cached on the client separate from the digital content. This is especially useful when client 104 does not have a network connection (which is common for mobile clients) or when network 102 (or server 106) is down.
In another embodiment of the present invention, default policies can be enforced in the absence of policy information. For example, client 104 can present user 112 with a default option, or can refuse to open document 108 until such a time when a privacy policy can be obtained from server 106.
Upon receiving the privacy settings, client 104 allows access to the digital content (document 108) based on the privacy settings (step 208). This step is described in more detail in the following section with reference to FIG. 3. In one embodiment of the present invention, steps 204 and 206 are transparent to user 112.
Allowing Access to Digital Content Based on Privacy Settings
FIG. 3 presents a flowchart illustrating the process of allowing access to digital content based on privacy settings in accordance with an embodiment of the present invention. The system operates by presenting user 112 with warning dialog 110 requesting permission to audit the actions of user 112 as they relate to the digital content (step 302). Note that the content of warning dialog 110 may be specified on server 106. Additionally, this content may include the text strings to be displayed and a Universal Resource Locator (URL) that user 112 may go to for more information. Upon receiving a response from user 112 (step 304), the system determines if user 106 agreed to be audited (step 306). If so, the system opens the digital content and audits the actions of user 112 as they pertain to the digital content (step 308).
If user 112 does not agree to be audited, the system can either deny access to the digital content outright, or open the digital content without auditing any actions of user 112 (step 310). These options depend on the privacy settings retrieved from server 106. A third option involves skipping steps 302-310, and auditing user 112 without notification if the policy dictates such.
In one embodiment of the present invention, administrators can modify the privacy settings on server 106 via a web interface.
The foregoing descriptions of embodiments of the present invention have been presented for purposes of illustration and description only. They are not intended to be exhaustive or to limit the present invention to the forms disclosed. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. Additionally, the above disclosure is not intended to limit the present invention. The scope of the present invention is defined by the appended claims.