PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Instantiation of tiered software applications running on an Internet or Intranet computer system, including a method of instantiation and a program product for instantiation. The method, and program product are particularly useful in instantiation of multi-tiered applications having a user interface tier on the client, browser, or remote computer, from a meta data repository containing attributes and values of the attributes.

Application instantiation based upon attributes and values stored in a meta data repository, including tiering of application layers objects and components

Rights management information is used at least in part in a matching, narrowcasting, classifying and/or selecting process. A matching and classification utility system comprising a kind of Commerce Utility System is used to perform the matching, narrowcasting, classifying and/or selecting. The matching and classification utility system may match, narrowcast, classify and/or select people and/or things, non-limiting examples of which include software objects. The Matching and Classification Utility system may use any pre-existing classification schemes, including at least some rights management information and/or other qualitative and/or parameter data indicating and/or defining classes, classification systems, class hierarchies, category schemes, class assignments, category assignments, and/or class membership. The Matching and Classification Utility may also use at least some rights management information together with any artificial intelligence, expert system, statistical, computational, manual, or any other means to define new classes, class hierarchies, classification systems, category schemes, and/or assign persons, things, and/or groups of persons and/or things to at least one class.

Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information

Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI).

Trusted and secure techniques, systems and methods for item delivery and execution

A descriptive data structure provides an abstract representation of a rights management data structure such as a secure container. The abstract representation may describe, for example, the layout of the rights management data structure. It can also provide metadata describing or defining other characteristics of rights management data structure use and/or processing. For example, the descriptive data structure can provide integrity constraints that provide a way to state rules about associated information. The abstract representation can be used to create rights management data structures that are interoperable and compatible with one another. This arrangement preserves flexibility and ease of use without compromising security.

Techniques for defining, using and manipulating rights management data structures

Apparatus for an integrated architecture for an extended multilevel secure database management system. The multilevel secure database management system processes security constraints to control certain unauthorized inferences through logical deduction upon queries by users and is implemented when the database is queried through the database management system, when the database is updated through the database management system, and when the database is designed using a database design tool.

System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification

A tool for assisting an operator to detect security violations in a multilevel secure database. The database stores data classified at a plurality of security levels, where the different users of the database are cleared to different security levels and access the database through a multilevel secure database management system. Security constraints are represented in conceptual structures, rules, or frames, and operator communication with the constraint representation is provided by a user interface. An inference engine uses reasoning strategies on the security-constraint representations base to detect security violations in the database by inference.

Apparatus and method for the detection of security violations in multilevel secure databases

In a multilevel secure distributed database management system, users cleared at different security levels access and share a distributed database consisting of data at different sensitivity levels. An approach to assigning sensitivity levels, also called security levels, to data is one which utilizes constraints or classification rules. Security constraints provide an effective classification policy. They can be used to assign security levels to the data based on content, context, and time. We extend our previous work on security constraint processing in a centralized multilevel secure database management system by describing techniques for processing security constraints in a distributed environment during query, update, and database design operations. >

Security constraint processing in a multilevel secure distributed database management system

The Inference Problem compromises database systems which are usually considered to be secure. here, users pose sets of queries and infer unauthorized information from the responses that they obtain. An Inference Controller is a device that prevents and/or detects security violations via inference. We are particularly interested in the inference problem which occurs in a multilevel operating environment. In such an environment, the users are cleared at different security levels and they access a multilevel database where the data is classified at different sensitivity levels. A multilevel secure database management system (MLS/DBMS) manages a multilevel database where its users cannot access data to which they are not authorized. However, providing a solution to the inference problem, where users issue multiple requests and consequently infer unauthorized knowledge is beyond the capability of currently available MLS/DBMSs. This paper describes the design and prototype development of an Inference Controller for a MLS/DBMS that functions during query processing. To our knowledge this is the first such inference controller prototype to be developed. We also describe some extensions to the inference controller so that an integrated solution can be provided to the problem.

/pdf/design-and-implementation-of-a-database-inference-controller-1ro2i0duzu.pdf

Design and implementation of a database inference controller

In a multilevel secure database management system (MLS/DBMS), users cleared at different security levels access and share a database consisting of data at different sensitivity levels (also called security levels) to data is one which utilizes security constraints or classification rules. Security constraints provide an effective and versatile classification policy. They can be used to assign security levels to the data depending on the content, context, and time. Security constraints are a special form of integrity constraints enforced in a MLS/DBMS. As such, they can be handled during query processing, during database updates or during database design. The authors describe in detail the design and implementation of a secure update processor which handles security constraints in a multilevel secure database management system. >

W. Ford

Papers

System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification

Apparatus and method for the detection of security violations in multilevel secure databases

Security constraint processing in a multilevel secure distributed database management system

Design and implementation of a database inference controller

Security constraint processing during the update operation in a multilevel secure database management system