Not applicable.
Not applicable.
This invention relates to systems and methods for storing, controlling and monitoring of digital data retrieval and presentation, and more particularly to processing of digital data to facilitate such.
With the popularity and economic frugality of disseminating information over wide area or local area networks (xe2x80x9cWANALANxe2x80x9d) continually expanding, designers of data repositories existing on such networks have employed various techniques to control access by their clients or users to the content provided in such repositories. In many instances, prior art content access by any particular client is an all-or-nothing affair. If a client submits the correct credentials or originates the connection from a specific locale, the repository will provide whatever content is available. If the client fails to identify him or herself properly, the repository denies all content. In the nothing response, the presenter loses the ability to display any content, potentially losing a client. In the all response, the presenter is faced with costly and sometimes impractical solutions for determining precisely what sensitive content was accessed, downloaded or viewed and by whom. For those repository applications that do qualify content after user validation, most request additional forms of identification, generally another all-or-nothing approach applied to a sub-set of the data or, they contain client/server cooperation dependencies in order to implement security. In some cases, additional hardware or physical discontinuity is employed to regulate content retrieval but this is highly restrictive and can be financially out of reach for some.
When such prior art repositories exist on networks that employ governmental or industrial data classifications, access infractions pose an even more serious threat to the well being of the community that relies on the integrity and exclusiveness of accessible data. In situations as these, multiple users may have sufficient authority to pass through access control but may lack the need to know such information although they are qualified from a permission standpoint, to view it. Environments that process extremely sensitive data are typically restricted to one repository with no external or shared access allowed. This is the outer fringe of content control requiring a major commitment from the presenter in order to be implemented.
To illustrate some of the problems previous prior art content control techniques have encountered; a cursory look at some of the better-known methods is required. The first of these, well-known as a xe2x80x9ccookie approachxe2x80x9d, requires the client to accept a data structure commonly referred to as a xe2x80x9ccookiexe2x80x9d from the repository and further, not modify or delete it once it has been accepted. The repository then requires the client to return the cookie for each request and based on some privilege value assigned to the cookie, permits content to be transmitted to the client. This method assumes that the client has the capacity to store the cookie, something not always possible with connections that do not possess non-volatile memory. Because the cookie is connection oriented rather than content oriented, it is difficult to control the access to specific items contained within the returned content.
The implementation of a prior art certificate process typically requires the participation of a third party to inspect and guarantee the certificate and data content issued by the repository. This type of control is for the benefit of the client in that it provides an assurance that the content originated from the repository. It provides little or no dissemination control from a repository standpoint, especially in open network environments such as the Internet.
Using a prior art re-direction method, the presenter instructs the user""s access mechanism to form a connection with a repository that is different from the initial. Although this method addresses content control, the method is weak for several reasons. It assumes the presenter has another location to which the connection can be re-directed and once this location is known, protecting it becomes as much of an issue as protecting the original site. Similar to cookies, re-direction is a connection-oriented mechanism and not an item oriented one.
Another common, prior art approach is data censure. In this method, the data content is examined for specific occurrences of certain terms or values. If the examination process encounters a censured term or value within the response of the repository, the content is denied to the client. When repository designers incorporate censure methods into content control schemes, problems multiply rather subside. Issues arise as to what standard should be applied for measuring the level of censure as well as how to regulate and administer those that apply the measures. In some cases, filtered material that should be available is excluded solely because it leads to irrelevant or unauthorized repositories. Censure may also have the undesired side effect of preventing proper data synchronization. Specifically, data that is censured may age or update at a rate different from that of its parent source. Lastly, censure methods are not discrete. By not discrete it is meant that prohibited values may innocuously occur in perfectly valid content; however, because the censure mechanism cannot distinguish the semantic difference, the content would be denied due, to the physical presence of the prohibited data.
What all of these previous prior art techniques share is the attribute that regulated content is assembled into a fixed form prior to its availability. This restriction requires multiple forms of the same content, with alterations to each construct made based on the level of sensitivity. This leads to the duplication of many elements used to implement the content since no mechanism exists to dynamically replace only the sensitive portions at the time of the request. With duplication, there are increased cost and service requirements.
It should be noted that other prior art access control techniques such as secure sockets, encryption, firewalls and proxy servers fall into separate categories distinct from those methods described above. Secure sockets and encryption are well-known methods that protect content during transmission while firewalls and proxy servers are well-known methods that limit direct connections with the repository.
In a protected transmission, anyone may view the connection but will lack the capacity to decipher the content. The issue then becomes controlling what content is exchanged to a privileged client rather than how it is protected during the exchange. Since encryption applies to the overall session, determining the accessibility of specific content typically requires an additional system. Again, the presenter is challenged by the same dilemma as before only now, all-or-nothing is presented over a secure channel.
By using prior art firewalls and proxy servers as software-based gateways, the repository itself is protected from unauthorized access but the ability of these technologies to selectively assign content to authorized users is relatively nil or non-existent.
All of the present prior art access control schemes for data on a repository fail to provide a simple, effective means to dynamically assign and assemble responses to users of no, equal, or disparate privilege at the time of the request.
Systems and methods are described for controlling the access, assemblage and presentation or transmission of data maintained in a computer system repository. The present invention has particular application to computer based servers that store or maintain data having varying permission, security or sensitivity requirements and which servers provide access to such data to a plurality of clients.
The present invention overcomes the deficiencies of prior schemes for controlling content dissemination by allowing the repository to dynamically construct responses. This is attained by including passive information, herein labeled as a xe2x80x9cforrestaxe2x80x9d, within the user""s request. Using the functionality provided by the forresta, each of the client requests and each of the server responses are individualized. This individualization prevents a client from obtaining a response requiring an authority level not held by the requestor or is intended for another.
This invention implements two information structures within a computer system. These structures are denoted herein as a xe2x80x9csession nodexe2x80x9d and a xe2x80x9cbuild code sequencexe2x80x9d. A unique session node exists at the repository for each client requesting controlled content and in conjunction with the forresta, implements the determination of applicability of content to a client. Construction of content appropriate for a particular client is achieved using one or more build code sequences, whose selection is dynamic and can vary with each client request.