Trusted Information Exchange Based On Trust Agreements
Abstract
Techniques are provided for allowing organizations to preserve the trust and allow this trust to be propagated across multiple agencies and/or enterprises. A technology is provided that allows (mutually) trusted entities to share content (information, digital assets) over any protocol-based network such as the Internet based on granted rights and agreed conditions. In one embodiment, Trusted Information Exchange (TIE) systems have a Service Oriented Architecture (SOA) and use content (information, asset) repositories to store and forward content to trusted entities on the Internet. Techniques are provided to permit source TIE systems to manage the specific disposition and management of their assets to receiving TIE systems through directions conveyed in licenses that reflect a priori agreements.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A machine-executed method of exchanging digital information, comprising:
sending over a network system, from a first system controlled by a first party, to a second system controlled by a second party, an agreement that is digitally signed by the first party and includes the digital identity of the second party; wherein the agreement provides rights to the second party to perform operations relating to at least one digital asset, wherein the operations include at least one of:
(a) using the at least one digital asset under terms specified in the agreement; and
(b) distributing the at least one digital asset to third-parties under terms specified in the agreement;
(c) distributing the rights to use or distribute the asset to third-parties under terms specified in the agreement;
wherein the agreement includes translation/mapping rules between a first vocabulary used by the first party and a second vocabulary used by the second party; wherein sending the agreement to the second party enables the second party to validate the agreement, at the second system, prior to the second party digitally signing the agreement, using said translation/mapping rules, to ensure the rights provided to the second party meet the second party's criteria for such rights; receiving at the first system, from the second system, an agreement confirmation that is digitally signed by the second party; and after receiving the agreement confirmation, providing the at least one at least one digital asset to the second party.
2 . The method of claim 1 wherein:
before the second system sends the agreement confirmation to the first system, the second system invokes an approval workflow to obtain approval confirmation from a user; and
the second system sends the agreement confirmation to the first system only after the approval workflow obtains approval confirmation from the user.
3 . The method of claim 1 further comprising:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the agreement or asset distribution to third parties; and
sending the audit information to the first system.
4 . The method of claim 3 wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the agreement.
5 . The method of claim 1 further comprising:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the agreement between the first party and the second party;
sending the audit information to the first system.
6 . The method of claim 1 further comprising:
generating audit information at the second system;
wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the agreement.
7 . The method of claim 1 wherein the agreement allows the second party to distribute the asset to third parties under terms specified in the agreement, and the method further includes:
sending over a network system, from the second system to a third system controlled by a third party, a second agreement that is digitally signed by the second party including the digital identity of the third party;
wherein the second agreement provides rights to the third party to perform operations relating to at least one at least one digital asset, wherein the operations include at least one of
(a) using the at least one at least one digital asset under terms specified in the second agreement; and
(b) distributing the at least one at least one digital asset to other third-parties under terms specified in the second agreement;
wherein the second agreement includes translation/mapping rules between the second vocabulary used by the second party and a third vocabulary used by the third party;
wherein sending the second agreement to the third party enables the third party to validate the second agreement, at the third system, prior to the third party digitally signing the agreement, using said translation/mapping rules, to ensure the rights provided to the third party meet the third party's criteria for such rights;
receiving at the second system, from the third system, a second agreement confirmation that is digitally signed by the third party; and
after receiving the second agreement confirmation, the second system providing the at least one digital asset to the third party.
8 . The method of claim 7 wherein
the second agreement is nested in the agreement; and
the agreement allows the second party to distribute the at least one digital asset to third parties only if the second party first binds the third parties to the terms of the second agreement.
9 . The method of claim 7 wherein:
the second agreement includes one or more restrictions on third party usage of the at least one digital asset;
at least one of the one or more restrictions is a restriction that cannot be monitored by the second party; and
the agreement allows the second party to distribute the at least one digital asset to third parties only if the second party first binds the third parties to the terms of the second agreement.
10 . The method of claim 7 further comprising:
generating audit information at the third system, wherein the audit information reflects events that occurred at the third system during mediation of the second agreement between the second party and the third party;
sending the audit information to the second system.
11 . The method of claim 7 further comprising:
generating audit information at the third system;
wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the second agreement.
12 . The method of claim 1 wherein the agreement allows the second party to distribute the asset to third parties under terms specified in the agreement without allowing the second party to internally consume the asset.
13 . The method of claim 1 wherein said agreement is a Rights Expression Language (REL) document.
14 . The method of claim 1 wherein the agreement includes a definition of the at least one digital asset.
15 . The method of claim 1 wherein providing the at least one digital asset to the second party includes:
the first system receiving a query from the second system; and
the first system providing said at least one digital asset in response to said query.
16 . The method of claim 15 further comprising:
the first system receiving a second query from the second system;
the first system determining that the second query asks for information that includes assets not covered by said agreement; and
the first system responding to said second query with an error message or instructions, services, etc. to acquire requested asset agreement.
17 . The method of claim 15 further comprising:
the first system receiving a second query from the second system;
the first system determining that the second query asks for information that includes assets not covered by said agreement; and
the first system responding to said second query with information that does not include said assets that are not covered by said agreement.
18 . A machine-executed method of exchanging digital information, comprising:
sending over a network system, from a first system controlled by a first party, to a second system controlled by a second party, a first agreement that is digitally signed by the first party and includes the digital identity of the second party; wherein the first agreement provides rights to the second party to distribute rights relating to at least one digital asset to third-parties under terms specified in the agreement; receiving at the first system, from the second system, a first agreement confirmation that is digitally signed by the second party; after the first agreement confirmation is received by the first system, sending over a network system, from the second system to a third system controlled by a third party, a second agreement that is digitally signed by the second party and includes the digital identity of the third party; wherein the second agreement provides rights to the third party to use the at least one digital asset under terms specified in the second agreement; receiving at the first system, from the third system, a second agreement confirmation that indicates that the third system validated and accepted the second agreement, wherein the second agreement confirmation is digitally signed by the third party; and after receiving the second agreement confirmation at the first system, the first system providing the at least one digital asset to the third system.
19 . The method of claim 18 further comprising:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the first agreement between the first party and the second party;
sending the audit information to the first system.
20 . The method of claim 18 further comprising:
generating audit information at the second system;
wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the first agreement.
21 . The method of claim 18 further comprising:
generating audit information at the third system, wherein the audit information reflects events that occurred at the third system during mediation of the second agreement between the second party and the third party;
sending the audit information to the second system.
22 . The method of claim 18 further comprising:
generating audit information at the third system;
wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the second agreement.
23 . The method of claim 18 wherein the third system sends the second agreement confirmation to the first system without sending any confirmation to the second system that the third system validated and accepted the second agreement.
24 . The method of claim 18 wherein the first system provides the at least one digital asset to the third system without providing the at least one digital asset to the second system.
25 . The method of claim 18 wherein the first agreement includes translation/mapping rules between a first vocabulary used by the first party and a second vocabulary used by the second party; and
wherein sending the first agreement to the second party enables the second party to validate the first agreement, at the second system, prior to the second party digitally signing the first agreement, using said translation/mapping rules, to ensure the rights provided to the second party meet the second party's criteria for such rights.
26 . The method of claim 18 wherein the second agreement includes translation/mapping rules between the second vocabulary used by the second party and a third vocabulary used by the third party; and
wherein sending the second agreement to the third party enables the third party to validate the second agreement, at the third system, prior to the third party digitally signing the second agreement, using said translation/mapping rules, to ensure the rights provided to the third party meet the third party's criteria for such rights.
27 . A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, causes:
sending over a network system, from a first system controlled by a first party, to a second system controlled by a second party, an agreement that is digitally signed by the first party and includes the digital identity of the second party; wherein the agreement provides rights to the second party to perform operations relating to at least one digital asset, wherein the operations include at least one of:
(a) using the at least one digital asset under terms specified in the agreement; and
(b) distributing the at least one digital asset to third-parties under terms specified in the agreement;
(c) distributing the rights to use or distribute the asset to third-parties under terms specified in the agreement;
wherein the agreement includes translation/mapping rules between a first vocabulary used by the first party and a second vocabulary used by the second party; wherein sending the agreement to the second party enables the second party to validate the agreement, at the second system, prior to the second party digitally signing the agreement, using said translation/mapping rules, to ensure the rights provided to the second party meet the second party's criteria for such rights; receiving at the first system, from the second system, an agreement confirmation that is digitally signed by the second party; and after receiving the agreement confirmation, providing the at least one digital asset to the second party.
28 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein:
before the second system sends the agreement confirmation to the first system, the second system invokes an approval workflow to obtain approval confirmation from a user; and the second system sends the agreement confirmation to the first system only after the approval workflow obtains approval confirmation from the user.
29 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the agreement or asset distribution to third parties; and sending the audit information to the first system.
30 . The non-transitory computer-readable storage medium as recited in claim 29 , wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the agreement.
31 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the agreement between the first party and the second party; sending the audit information to the first system.
32 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the second system; wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the agreement.
33 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the agreement allows the second party to distribute the asset to third parties under terms specified in the agreement, wherein the instructions which, when executed by one or more processors, further cause:
sending over a network system, from the second system to a third system controlled by a third party, a second agreement that is digitally signed by the second party including the digital identity of the third party; wherein the second agreement provides rights to the third party to perform operations relating to at least one digital asset, wherein the operations include at least one of
(a) using the at least one digital asset under terms specified in the second agreement; and
(b) distributing the at least one digital asset to other third-parties under terms specified in the second agreement;
wherein the second agreement includes translation/mapping rules between the second vocabulary used by the second party and a third vocabulary used by the third party; wherein sending the second agreement to the third party enables the third party to validate the second agreement, at the third system, prior to the third party digitally signing the second agreement, using said translation/mapping rules, to ensure the rights provided to the third party meet the third party's criteria for such rights; receiving at the second system, from the third system, a second agreement confirmation that is digitally signed by the third party; and after receiving the second agreement confirmation, the second system providing the at least one digital asset to the third party.
34 . The non-transitory computer-readable storage medium as recited in claim 33 , wherein:
the second agreement is nested in the agreement; and the agreement allows the second party to distribute the at least one digital asset to third parties only if the second party first binds the third parties to the terms of the second agreement.
35 . The non-transitory computer-readable storage medium as recited in claim 33 , wherein:
the second agreement includes one or more restrictions on third party usage of the at least one digital asset; at least one of the one or more restrictions is a restriction that cannot be monitored by the second party; and the agreement allows the second party to distribute the at least one digital asset to third parties only if the second party first binds the third parties to the terms of the second agreement.
36 . The non-transitory computer-readable storage medium as recited in claim 33 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the third system, wherein the audit information reflects events that occurred at the third system during mediation of the second agreement between the second party and the third party; sending the audit information to the second system.
37 . The non-transitory computer-readable storage medium as recited in claim 33 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the third system; wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the second agreement.
38 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the agreement allows the second party to distribute the asset to third parties under terms specified in the agreement without allowing the second party to internally consume the asset.
39 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein said agreement is a Rights Expression Language (REL) document.
40 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein the agreement includes a definition of the at least one digital asset.
41 . The non-transitory computer-readable storage medium as recited in claim 27 , wherein providing the at least one digital asset to the second party includes:
the first system receiving a query from the second system; and the first system providing said at least one digital asset in response to said query.
42 . The non-transitory computer-readable storage medium as recited in claim 41 , the instructions which, when executed by one or more processors, further cause:
the first system receiving a second query from the second system; the first system determining that the second query asks for information that includes assets not covered by said agreement; and the first system responding to said second query with an error message or instructions, services, etc. to acquire requested asset agreement.
43 . The non-transitory computer-readable storage medium as recited in claim 41 , the instructions which, when executed by one or more processors, further cause:
the first system receiving a second query from the second system; the first system determining that the second query asks for information that includes assets not covered by said agreement; and the first system responding to said second query with information that does not include said assets that are not covered by said agreement.
44 . A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, causes:
sending over a network system, from a first system controlled by a first party, to a second system controlled by a second party, a first agreement that is digitally signed by the first party and includes the digital identity of the second party; wherein the first agreement provides rights to the second party to distribute rights relating to the at least one digital asset to third-parties under terms specified in the agreement; receiving at the first system, from the second system, a first agreement confirmation that is digitally signed by the second party; after the first agreement confirmation is received by the first system, sending over a network system, from the second system to a third system controlled by a third party, a second agreement that is digitally signed by the second party and includes the digital identity of the third party; wherein the second agreement provides rights to the third party to use the at least one digital asset under terms specified in the second agreement; receiving at the first system, from the third system, a second agreement confirmation that indicates that the third system validated and accepted the second agreement, wherein the second agreement confirmation is digitally signed by the third party; and after receiving the second agreement confirmation at the first system, the first system providing the at least one digital asset to the third system.
45 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the second system, wherein the audit information reflects events that occurred at the second system during mediation of the first agreement between the first party and the second party; sending the audit information to the first system.
46 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the second system; wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the first agreement.
47 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the third system, wherein the audit information reflects events that occurred at the third system during mediation of the second agreement between the second party and the third party; sending the audit information to the second system.
48 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the instructions which, when executed by one or more processors, further cause:
generating audit information at the third system; wherein the step of generating audit information includes invoking an audit manager for auditable events, wherein said auditable events include repository transactions and send/receive message completions that occurred during mediation of the second agreement.
49 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the third system sends the second agreement confirmation to the first system without sending any confirmation to the second system that the third system validated and accepted the second agreement.
50 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the first system provides the at least one digital asset to the third system without providing the at least one digital asset to the second system.
51 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the first agreement includes translation/mapping rules between a first vocabulary used by the first party and a second vocabulary used by the second party; and
wherein sending the first agreement to the second party enables the second party to validate the agreement, at the second system, prior to the second party digitally signing the agreement, using said translation/mapping rules, to ensure the rights provided to the second party meet the second party's criteria for such rights.
52 . The non-transitory computer-readable storage medium as recited in claim 44 , wherein the second agreement includes translation/mapping rules between the second vocabulary used by the second party and a third vocabulary used by the third party; and
wherein sending the second agreement to the third party enables the third party to validate the second agreement, at the third system, prior to the third party digitally signing the agreement, using said translation/mapping rules, to ensure the rights provided to the third party meet the third party's criteria for such rights.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.