Field of the Invention
This invention relates to document security and access control, and in particular, it relates to a method of access control of selected contents of a document.
Description of Related Art
Documents traditionally available only in hard copies are increasingly also available in digital copies. In fact many documents nowadays are prepared, generated, stored, distributed, accessed, read or otherwise used electronically in digital file formats such as the Portable Document Format (PDF™), Word™, PowerPoint™, Excel™, etc. With the wide use of digital documents and digital document processing, digital rights management systems (“DRM” or “RMS”) are increasingly implemented to control user access and prevent unauthorized use of digital documents. The rights involved in using a digital document may include the right to view (or “read”) the digital document, the right to edit (or “write”) the digital document, the right to print the digital document in hard copies, the right to copy the digital document, etc. A user may access a digital document by acquiring (or being assigned) one or more of these rights.
DRM systems are generally implemented for managing users' rights to the digital documents stored in the systems. In a current DRM system, each digital document is associated with a rights management policy (or simply referred to as policy in this disclosure) that specifies which user has what rights to the document, as well as other parameters relating to access rights. Many such policies are stored in a DRM server (also called RMS server). The server stores a database table that associates each document (e.g. by a unique ID, referred to as document ID or license ID) with a policy (e.g. by policy ID). Each digital document may also have metadata that contains the document ID. When a user attempts to access a document (either a document residing on a server or a document that has been downloaded or copied to the user's computer) using an application program such as Adobe™ Reader, the application program contacts the DRM server to request permission. The DRM server determines whether the requesting user has the right to access the document in the attempted manner (view, edit, print, etc.), by determining the policy associated with the document and then referring to the content of that policy. The DRM server then transmits an appropriate reply to the application program to grant or deny the access. If access is granted, the server's reply may contain a decryption key to decrypt the document.
Two existing types of DRM systems are Adobe™ LiveCycle™ and Microsoft™ Active Directory™ Rights Management. Adobe LiveCycle supports a broader range of devices and operating systems which can utilize DRM protected PDF documents compared to other vendors. Microsoft Active Directory supports a broader range of devices and operating systems which can utilize DRM protected document of certain digital format such as Microsoft Office™ (Word, PowerPoint and Excel) documents compared to other vendors.