Monday, August 20, 2018

Copyright, Trademark, Patent, or License? Understanding the Differences


Copyrights, trademarks, patents, and licenses are each a different form of intellectual property (IP) rights protection recognized by U.S. law. The distinctions among them can be subtle and often the same product or service may involve more than one of these IP rights. How can you tell them apart when deciding how to protect your company’s assets? Here’s how.

Copyrights

Copyright protects the rights of “authors” in their original creative works. Copyrightable works include artistic creations, like novels, paintings, films, and songs, but also business-related works like software code, website designs, architectural drawings, marketing reports, and product manuals.
The author of a copyrighted work has the exclusive right to:
  • Reproduce (print or copy), publish, perform, display, film and/or record the creative content.
  • Create derivative works from the original work (for example, updates, revisions, summaries, translations, and adaptations).

Copyright protection arises automatically at the time the work is fixed in tangible form, either directly or through use of a machine, like a computer or a movie projector. Copyrights have a term equal to the life of the author plus 70 years. If a company is the owner of the copyright, it has a term equal to 95 years after the date the work is first made public.


Copyrighted works can be registered with the U.S. Copyright Office. Registration is optional but highly recommended. Registration provides legal benefits to the author, including the ability to enforce the copyright against infringers in court. Copyrighted works (registered and unregistered) can display the © symbol to provide notice that the author considers the work to be protected by copyright.

Trademarks

trademark is a symbol, word, slogan, design, color, or logo that identifies the source of a product or service, and distinguishes it from those made or provided by others. Trademarks can represent:
  • The product or service itself (ex. iPhone)
  • A feature or element of the product or service (ex. FaceTime)
  • The manufacturer or provider of the product or service (ex. Apple).
A “service mark” is a trademark that identifies a service instead of a tangible product.
The owner of a trademark has the right to prevent infringers from unfairly competing with the owner by using marks that are “confusingly similar.” In the United States, trademark rights can arise in two ways:
  • Automatically by use of the trademark in the marketplace in connection with a product or service (“common law” or unregistered trademarks).
  • By registration of the trademark with the U.S. Patent and Trademark Office (PTO) (“registered” trademarks).

Although not required by law, registering a trademark with the PTO confers many benefits on the trademark owner. For example, a U.S. trademark registration gives the owner nationwide rights to use the mark in connection with the goods and services included in the registration. Common law trademarks only create rights in the specific geographic territories where the owner is actually using it.

Common law trademarks can be used with the ℠ or ™ symbols. Registered trademarks can be used with the ® symbol. Both types of trademarks are valid so long as your business continues to use them. However, registered trademarks must be renewed periodically with the PTO.

Patents

Patents protect the rights of inventors. A patent is a 20-year exclusive property right granted by the PTO for an invention. 
A patent entitles you to exclude others from making, using or selling your invention. Once your patent is issued, you have an obligation to enforce it against unauthorized third parties violating your rights. If you don’t, a court can declare your patent “abandoned” and unenforceable.
Most patents are utility patents that protect “any new and useful process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof.” To obtain a utility patent, you will need to prove to the PTO, through claims in your patent application, that your invention is useful, novel and non-obvious. Other types of patents often sought by businesses include:
  • Design patents, which concern “new, original, and ornamental design embodied in or applied to an article of manufacture” not affecting the article’s function;
  • Business method patents, which protect new methods of doing business, such as those used in banking, tax compliance and e-commerce, for example; and
  • Plant patents, which protect invented or discovered asexually reproduced plants that are new and distinct.
Licenses

Licenses are contracts that transfer IP rights from the owner of the rights (the Licensor) to a third party who wants to use them (the Licensee). They can be exclusive (rights are granted to only one Licensee) or non-exclusive (rights are granted to multiple Licensees). A Licensee typically pays the Licensor a royalty in exchange for the right to use the IP rights. Royalties are usually based on a percentage of the revenue the Licensee generates from the sale of products using the licensed IP rights.
Licenses can be valuable assets for your business. For the Licensor, licenses can generate a significant revenue stream from royalty payments. For the Licensee, licenses can enable it to sell superior products in the marketplace.

Sunday, August 5, 2018

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC



Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization.

These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, which differs depending on the type of access control model embedded into the system. For every access attempt, before a subject can communicate with an object, the security kernel reviews the rules of the access control model to determine whether the request is allowed.

So let’s understand what do these models have to say about themselves:

1. Discretionary Access Control Model

If you have used any platform such as Windows, Mac or Linux, you can easily understand and appreciate this model. If you create a folder in any of these, you can easily add/delete/modify the permissions which you want to give to different subjects. Sounds confusing? Well, it isn’t. Let’s take an example to understand this.

                             



I have created a folder named “SSCP Video Course”. Now since I’m the owner, it is my discretion to assign various permissions for users. I can go to the”Security” Tab and “Edit” permissions and define what users need to be given “Full control” or which users can only be given “Read” Access.
A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources. This model is called discretionary because the control of access is based on the discretion of the owner.

There is another term which is used quite often with reference to the models. It is the Access Control List. An ACL for a file would list all the users and/or groups that are authorized access to the file and the specific access granted to each.

While all seems good in the world of DAC, there are some issues with this model. While this model offers the best flexibility amongst any of the model, it is also its weakest point. For example, if a user opens an attachment that is infected with a virus, the code can install itself in the background without the user being aware of this activity. This code basically inherits all the rights and permissions that the user has and can carry out all the activities a user can perform on the system. It can send copies of itself out to all the contacts listed in the user’s e-mail client, install a back door, attack other systems, delete files on the hard drive, and more. The user is actually giving rights to the virus to carry out its dirty deeds, because the user has very powerful discretionary rights and is considered the owner of many objects on the system. And the fact that many users are assigned local administrator or root accounts means that once malware is installed, it can do anything on a system.

2. Mandatory Access Control (MAC) Model

Do not confuse this with Apple MAC, this model is not even remotely related to it. This model is the complete opposite of the DAC model.  In a mandatory access control (MAC) model, users do not have the discretion of determining who can access objects as in a DAC model. An operating system that is based on a MAC model greatly reduces the number of rights, permissions, and functionality a user has for security purposes.