FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
METHOD AND SYSTEM FOR PROVIDING PERSISTENT PROTECTION FOR DOCUMENTS OFFLINE USING ENTERPRISE DIGITAL MANAGEMENT
Applicant:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India
The following specification particularly describes the invention and the manner in which it is to be performed. 2

TECHNICAL FIELD
[001] The present disclosure generally relates to digital rights management for documents. Particularly, the disclosure discloses a method and system to provide persistent protection to a document for external users in an offline mode using cryptography.

BACKGROUND
[002] Enterprise digital rights management (eDRM) is highly desirable in connection with the digital content of the documents, where such document is to be distributed to one or more users. The owner, such as an employee of an enterprise, wishes to share such document to one or more other employees in the enterprise and also to other individuals outside the enterprise. In addition, the owner would like to provide various users with different level of accessing rights. For example, the owner wishes to allow protected document to be viewable and not printable with respect to one class of users, and viewable and printable with respect to another class of users.

[003] However, the owner would like to ensure that the document must not be rendered by unauthorized individuals. In the current scenario the eDRM provides persistent protection to documents, which has been shared within the enterprise using strong cryptography. The user can decrypt contents in the eDRM secure viewer which restricts operations that can be performed on the content. For outside users this is a challenge because such users are not connected to the enterprise systems. Enabling access to the eDRM system, which is deployed in the enterprise, for outsiders could lead to security issues.

[004] Hence, a need exists for providing a persistent protection to outsiders and method that allows the controlled accessing rights of document. More specifically, a need exists for such a mechanism that allows and facilitates offline mode for persistent protection of document, especially to outside users.

SUMMARY
[005] Before the present methods, systems, and hardware enablement are described, it is to be understood that this invention is not limited to the particular systems, and methodologies described, as there can be multiple possible embodiments of the present invention which are not expressly illustrated in the present disclosure. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or
3

embodiments only, and is not intended to limit the scope of the present invention which will be limited only by the appended claims.

[006] The present application provides a method and system for providing persistent protection of one or more rights of a document. The system and method for providing persistent protection of rights of a document, which has been shared with a user outside of the enterprise environment, hereafter referred as client, is developed to perform in offline mode. In this process, the owner encrypts the document by using symmetric keys and generates an authorization policy for the document. The enterprise digital rights management (eDRM) server evaluates the authorization policy and generates an identifier in accordance to the authorization policy. In this process, the client installs an eDRM lite application from a given link by the owner. Further, the eDRM lite application fetches offline database comprising the client’s encrypted document meta-data, keys, access rights, offline database meta data comprising access type, refresh period, expiry time, refresh flag and stores as an offline cache on the client device. The owner can modify the access rights or can revoke these rights on any unauthorized operation performed by the client. The eDRM lite application is also eligible to lock the document for unauthorized operation carried by client.

[007] The present application provides a computer implemented method for providing persistent protection of one or more rights of a document. The method comprises encrypting, at an enterprise digital rights management (eDRM) device, the digital content using a symmetric key, generating, at the enterprise digital rights management (eDRM) device, an authorization policy for the encrypted document, wherein the authorization policy includes one or more details of encrypted document, at least one identification feature of the owner of the encrypted document, one or more rights of the document, a document access type, an expiry time and a refresh period to define the offline validity time period for access type “Unlimited”, sending an encrypted request to the eDRM server by the eDRM device, wherein the encrypted request includes the symmetric key and the authorization policy, evaluating, at eDRM server, one or more attributes of the generated authorization policy corresponding with one or more attributes of encrypted document, one or more details of the owner of the document, storing, at enterprise digital rights management (eDRM) server database, the generated authorization result and the symmetric key, and generating, at enterprise digital rights management (eDRM) server, a document identifier, wherein the document identifier associates with the authorization policy and the encrypted document on the eDRM device. In
4

addition, the method further comprises installing, at the client device, an enterprise digital rights management (eDRM) lite application from at least one source, wherein installation of the eDRM lite application generates a client certificate data comprises of a private key and a public key of eDRM lite application, an eDRM server certificate data and an access token, wherein the private key and public key using MAC address of the client device, fetching, at the client device, an enterprise digital rights management (eDRM) lite application, user’s document meta data, keys, access rights and storing as an offline cache in encrypted form, opening the encrypted document in the installed eDRM lite application at the client device, wherein the eDRM lite application checks offline cache of the client device for symmetric key, and exercising, at the eDRM client, the one or more rights and verifying document access type, expiry time, refresh period and refresh flag according to predefined attributes of the document identifier.

[008] The present application provides a system for providing persistent protection for a document in offline mode, the system comprises an eDRM device, an eDRM server and an eDRM lite application installed within a client device. The eDRM device encrypts the document by using symmetric keys, creates authorization policy for the document that includes one or more access rights of a document. The eDRM server facilitates request of the web portal, eDRM device and eDRM lite applications, wherein the eDRM server further evaluates the authorization policy, and responds to one or more API services, and the eDRM lite application verifies and updates the symmetric key, user’s document metadata, and access rights in the offline cache. Further, the eDRM lite application verifies presence of an identity of the document in the offline cache and chooses to interact with the eDRM server if the identity of the document is not present in the offline cache database. In addition to, the eDRM lite application can revoke one or more document access rights permission and can lock the document if the client attempts for document access rights that are not applicable according to authorization policy.

BRIEF DESCRIPTION OF THE DRAWINGS
[009] The foregoing summary, as well as the following detailed description of preferred embodiments, are better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there is shown in the drawings exemplary constructions of the invention; however, the invention is not limited to the specific methods and system disclosed. In the drawings:
5

[0010] Fig. 1 illustrates a network implementation of a system 100 for providing persistent protection for a document in offline mode in accordance with an embodiment of the disclosure;

[0011] Fig. 2(a) and 2(b) is a flowchart illustrating the process 200 for providing persistent protection for a document in offline mode in accordance with an embodiment of the disclosure;

[0012] Fig. 3(a) and 3(b) illustrates an exemplary embodiment of installation of an eDRM lite application within the client device in accordance with an embodiment of the disclosure;

[0013] Fig. 4 illustrates an exemplary embodiment of modification of accessing rights for a document in offline mode by the owner in accordance with an embodiment of the disclosure;

[0014] Fig. 5 illustrates an exemplary embodiment of revocation of accessing rights for a document or to lock the document in offline mode by the owner in accordance with an embodiment of the disclosure;

[0015] Fig. 6 illustrates an exemplary embodiment to check accessing rights for a document in offline mode by the eDRM lite in accordance with an embodiment of the disclosure; and

[0016] Fig. 7(a) and 7(b) illustrates an exemplary embodiment to update status of revocation of accessing rights for a document or lock status of the document to the eDRM server, by the eDRM lite application through eDRM sync plugin.

DETAILED DESCRIPTION
[0017] Some embodiments of this invention, illustrating all its features, will now be discussed in detail.

[0018] The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.
6

[0019] It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred, systems and methods are now described.

[0020] The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.

[0021] The elements illustrated in the Figures inter-operate as explained in more detail below. Before setting forth the detailed explanation, however, it is noted that all of the discussion below, regardless of the particular implementation being described, is exemplary in nature, rather than limiting. For example, although selected aspects, features, or components of the implementations are depicted as being stored in memories, all or part of the systems and methods consistent with the attrition warning system and method may be stored on, distributed across, or read from other machine-readable media.

[0022] The techniques described above may be implemented in one or more computer programs executing on (or executable by) a programmable computer including any combination of any number of the following: a processor, a storage medium readable and/or writable by the processor (including, for example, volatile and non-volatile memory and/or storage elements), plurality of input units, and plurality of output devices. Program code may be applied to input entered using any of the plurality of input units to perform the functions described and to generate an output displayed upon any of the plurality of output devices.

[0023] Each computer program within the scope of the claims below may be implemented in any programming language, such as assembly language, machine language, a high-level procedural programming language, or an object-oriented programming language. The programming language may, for example, be a compiled or interpreted programming language. Each such computer program may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a computer processor.
7

[0024] In another implementation, the functions may be stored as one or more instructions or code on a non-transitory computer-readable medium to be performed by one or more computer processors. The one or more computer processors include, by way of example, both general and special purpose microprocessors. Generally, the processor receives (reads) instructions and data from a memory (such as a read-only memory and/or a random access memory) and writes (stores) instructions and data to the memory. Storage devices suitable for tangibly embodying computer program instructions and data include, for example, all forms of non-volatile memory, such as semiconductor memory devices, including EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROMs. Any of the foregoing may be supplemented by, or incorporated in, specially-designed ASICs (application-specific integrated circuits) or FPGAs (Field-Programmable Gate Arrays). A computer can generally also receive (read) programs and data from, and write (store) programs and data to, a non-transitory computer-readable storage medium such as an internal disk (not shown) or a removable disk.

[0025] Any data disclosed herein may be implemented, for example, in one or more data structures tangibly stored on a non-transitory computer-readable medium. Embodiments of the invention may store such data in such data structure(s) and read such data from such data structure(s).

[0026] The present application provides a computer implemented method and system for providing persistent protection of one or more rights of a document.

[0027] Referring now to Fig. 1, a system 100 for providing persistent protection for a document in offline mode. The system comprises an enterprise digital rights management (eDRM) device (104) for the Owner, an eDRM server (106) and an eDRM lite application (110), for the client outside the enterprise, which is installed in a client device (112). Owners, one who would like to share their confidential documents to the clients outside of the enterprise environment (102), encrypts the document by generating symmetric key. While encrypting the document the eDRM device (104) generates an authorization policy. The authorization policy includes one or more details of encrypted document, at least one identification feature of the owner of the encrypted document, one or more rights of the document, a document access type, an expiry time and a refresh period to define one or more
8

document access rights of the encrypted document. Further, the eDRM device (104) sends an encrypted request to the eDRM server (106). The eDRM server (106) evaluates the one or more attributes of the authorization policy and details of the owner and stores the evaluated information and symmetric key in the database. When the client registers in the registration web portal by providing his/her details and the document’s owner details. If the verification of these details is successful the client receives a login certificate and the link for eDRM lite application (110) installation.

[0028] In the preferred embodiment, while evaluating the one or more attributes of the generated authorization policy the eDRM server (106) generates a document identifier. The document identifier associates with the authorization policy and the encrypted document. The owner can modify in the authorization policy. Further, the eDRM server (106) evaluates changes such as access rights, access type, expiry time, and refresh period then the eDRM server (106) stores these changes in the database. Furthermore, the eDRM server (106) updates refresh flag to “True”. A refresh flag is set to “true” that indicates offline database needs to refresh on the client device. The client is allowed to access the encrypted document till the expiry of the refresh period. After expiry, eDRM lite application (110) needs to update the offline cache data related to the document by connecting through API (108). The owner sets access type to limited or unlimited. The owner specifies refresh period only for access type “unlimited”. Refresh period indicates the time period till when the offline cache for document will be valid. The owner also sets “expiry time” for access type “limited”. The “expiry time” indicates the time until the document can be accessed.

[0029] In another embodiment, the eDRM lite application (110) installation process generates the client certificate containing private key and public key associated with the MAC address of the client device by interacting with the eDRM server (106). The eDRM lite application (110) private key is stored on the client device and the public key is stored on the eDRM server (106) database. The eDRM lite application (110) also stores the eDRM server’s (104) certificate that contains public key. Further, the eDRM lite application (110) also creates an access token, which will be used in communication with the eDRM server (106).

[0030] In the preferred embodiment, after the installation the eDRM lite application (110), the eDRM lite application (110) fetches client’s document meta-data, keys, and one or more access rights and stores them in the offline cache in the encrypted form. While opening the
9

encrypted document in the installed eDRM lite application (110), the eDRM lite application (110) checks whether the document identifier exists in the offline cache. If it exists then it will open the document in offline. Otherwise, if client is online the eDRM lite application (110) sends an API (108) request, encrypted by eDRM server (106) public key and signed by the eDRM lite application (110) private key. The API (108) request contains eDRM lite application (110) id, client’s device (112) MAC address, and the client details and document ids, and access token. The API gateway (108) verifies the access token, if valid, forwards the request to the eDRM server (106). The eDRM server (106) decrypts the request and verifies the signature using the eDRM lite application (110) public key. Therefore, the eDRM server (106), based on verification, sends the response back to the eDRM lite application (110) and also updates the offline cache. The eDRM server (106) generates response by encrypting initialization vector (IV) part of symmetric key with eDRM lite application (110) public key and key part is encrypted with client’s public key and the meta-data containing document id, access rights, access type and refresh period is encrypted with eDRM lite application (10) public key. Therefore Finally, the eDRM lite application (110) and updates the eDRM server (106) encrypted response in the offline cache.

[0031] In the preferred embodiment, the eDRM lite application (110) installs a plugin. The plugin interacts with the eDRM server (106) at a predefined interval to update lock status of the document. Further, the plugin checks whether access rights have been modified or not since the last update. The eDRM lite application (110) sends an encrypted update request to the API Gateway (108). The API Gateway (108) validates the access token and forwards the request to the eDRM server (106). The eDRM server (106) decrypts the request, evaluates the authorization policy and updates access rights or lock status accordingly. Further, the eDRM server (106) sets the refresh flag to “true” and sends response to the client.

[0032] In the preferred embodiment, the eDRM lite application (110) can revoke access permissions completely and lock the document whenever client attempts to access rights those are not applicable on the shared document. The eDRM lite application (110) monitors audit logs and checks for any attempt to perform unauthorized operations. If there is any unauthorized operation exist the eDRM lite application (110) will lock the document and create an event to trigger sync plugin. In the sync plugin the eDRM lite application (110) checks whether predefined time period has been elapsed or not. If the eDRM lite application (110) finds the time period has elapsed, the eDRM lite application (110) will verify the client
10

connection. According to the client connection with the eDRM server (106), the eDRM lite application (110) will forward request to the eDRM server (106) through the API gateway (108) to update lock status and refresh flag. The eDRM server (106) verifies the request and accordingly updates the lock status and informs to the owner with the reasoning for action. Further, the eDRM server (106) encrypts a response and sends the response to the eDRM lite application (110).

[0033] Referring now to Fig. 2(a) and 2(b) a flowchart illustrating the steps of a method (200) for providing persistent protection for a document in offline mode. The process starts at step 202 where the owner encrypts, at eDRM device (104), a document using a symmetric key. At the step 204, while encrypting the document the owner generates, at the eDRM device (104), an authorization policy for the encrypted document. The authorization policy includes one or more details of encrypted document, at least one identification feature of the owner, one or more rights of the document, the document access type, an expiry time and a refresh period to define the offline validity time period for access type “Unlimited”. At the step 206, the owner sends an encrypted request, by the eDRM device (104), to the eDRM server (106). The request comprises the symmetric key and the authorization policy.

[0034] In the referred embodiment, at step 208, the eDRM server (106) receives the eDRM device (104) request and evaluates one or more attributes of the authorization policy corresponding with one or more attributes of encrypted document and one or more details of the owner. At step 210, the eDRM server (106) stores the received authorization policy and symmetric key at the eDRM server database. Further, at step 212, the eDRM server (106) generates a document identifier which is associated with the authorization policy and the encrypted document on the eDRM device (104).

[0035] At step 214, the client installs an eDRM lite application (110) from at least one of the given sources at the client device. In addition to, the installation of the eDRM lite application (110), the process generates a certificate data for the client, a certificate data for eDRM server (106) and an access token. The certificate data for client comprises a private key and a public key of the eDRM lite application (110). The public key and private key of the eDRM lite application (110) is using the MAC address of the client device. At step 216, the eDRM lite application fetches the the offline database that comprises meta-data of client’s document, symmetric keys, access rights, offline database meta data comprising access type, refresh
11

period, expiry time, refresh flag and stores as an the offline cache in encrypted form on the client device (112).

[0036] At step 218 when the client opens the encrypted document in the installed eDRM lite application (110), the eDRM lite application (110) checks offline cache of the client device (112) for symmetric key. Finally at step 220, the client can exercise one or more rights and can verify the document access type, expiry time, and refresh period and refresh flag according to the predefined attributes of the document identifier.

[0037] Referring to fig. 3(a) and 3(b), a flow chart (300) illustrating the steps of installing an application on the client device (112). The process starts at step 302 where the client clicks on the link to install the eDRM lite application (110). At step 304, while installation, the process generates private and public keys, which are binding with MAC address of the client device. Further, at step 306, the eDRM lite application (110) public key is updated in the eDRM server (106). In the next step 308, the eDRM lite application (110) fetches the eDRM server (106) public certificate and then stores the same in the client device (112). At step 310, the eDRM server (106) generates an access token and stores the access token on the client device (112) and eDRM server (106). Furthermore, at step 312, the eDRM lite application (110) fetches the offline database from the eDRM server (106) and creates an encrypted cache on the client device. Finally at step 314, the eDRM lite application (110) exercises assigned rights according to the document identifier.

[0038] Referring to fig. 4, it illustrates an exemplary embodiment (400) of modification of accessing rights for a document by the owner. The process starts at step 402 where the owner makes some modification in the authorization policy. These modifications are pertaining to the access rights assigned to client under the authorization policy. At step 404, the owner sends an encrypted request update request to the eDRM server (106) to update the same to the client. At step 406, the eDRM server (106) decrypts the update request and evaluates the modification in the authorization policy. Further, the eDRM server (106) updates access rights and document meta-data. At step 408, the eDRM server (106) updates the refresh flag ‘true’ which signifies a refresh is needed to the client. At step 410, the eDRM server (106) encrypts a response and sends back to the owner at the eDRM device (104).
12

[0039] Referring now to fig. 5, a flow chart (500) illustrating an exemplary embodiment of revocation of accessing rights for a document or to lock the document in offline mode by the owner. Where at step 502, the owner modifies the authorization policy to revoke access rights or to lock the document shared with the client. At step 504, the owner sends an encrypted request to the eDRM server (106). Further, at step 506, where the eDRM server (106) decrypts the request and evaluates the modified authorization policy. The eDRM server (106) updates the status of access rights or the status of the document shared with the client. At step 508, the eDRM server (106) updates refresh flag ‘true’, which signifies a refresh is needed to the client. Finally at step 510, the eDRM server (106) encrypts a request and sends to the owner at the eDRM device (104).

[0040] Referring to fig. 6, a flow chart (600) illustrating an exemplary embodiment to check accessing rights for a document in offline mode by the eDRM lite application (110). While installation of the eDRM lite application (110), an eDRM sync plugin is also installed at the client device. The eDRM sync plugin continuously interacts with the eDRM server (106) at a predefined interval to update lock status of the document and to verify the status of document access rights as compared to last offline update. At step 602, the eDRM sync plugin sends an encrypted request and access token to eDRM server (106) to check status of the refresh flag. At step 604, the API Gateway (108) receives and verifies the access token. After completing the verification the API Gateway (108) forwards request to the eDRM server. At step 606, the eDRM server (106) verifies one or more attributes of the encrypted request and checks the flag whether any update in the authorization policy needs to inform to the client. At step 608, the eDRM server (106) encrypts a response about the status of the authorization policy and sends to the eDRM lite application (110). Finally at step 610, the eDRM lite application (110) receives the response and updates the status in offline cache.

[0041] Referring to fig. 7(a) and 7(b), a flow chart (700) illustrating an exemplary embodiment to update status of revocation of accessing rights for a document or lock status of the document to the eDRM server (106), in offline mode by the eDRM lite application (110) through eDRM sync plugin. In this process at step 702, the eDRM lite application (110) monitors audit logs at a predefined interval and verifies unauthorized operation has been carried over the shared document. At step 704, if the eDRM lite application (110) finds any unauthorized attempt made by the client, the eDRM lite application (110) will lock the document with immediate effect. Further, at step 706, the eDRM lite application (110) creates
13

an event to trigger eDRM sync plugin with a predefined interval. At step 708, when predefined time interval for event has elapsed, the eDRM lite application (110) verifies user’s connection with the eDRM server (106). At step 710, the eDRM lite application (110) finds the client is online the eDRM sync plugin get details about lock events pertaining to the shared documents with the client.

[0042] At step 712, the eDRM sync plugin encrypts a request to update status of lock events. The eDRM sync plugin sends the encrypted request and access token to the API Gateway (108) of the enterprise environment (102). At step 714, the API Gateway (108) receives and verifies the access token and sends request further to the eDRM server (106). At step 716, the eDRM server (106) verifies one or more attributes of the request. And if the attributes are correct, the eDRM server (106) updates the status and inform the same status to the owner of the document over the eDRM device (104). At step 718, the eDRM server (106) encrypts a response and sends back to the eDRM lite application (110). Finally, the eDRM lite application (110) receives the response through API and updates refresh status in the offline cache.
14

WE CLAIM:
1. A computer implemented method for providing persistent protection for a document in offline mode, the method comprising processor implemented steps of:

encrypting the document, by owner of the document, at the enterprise digital rights management (eDRM) device using a symmetric key;
generating, at the eDRM device, an authorization policy for the encrypted document, wherein the authorization policy includes one or more details of encrypted document, at least one identification feature of the owner of the encrypted document, one or more rights of the document, a document access type, an expiry time and a refresh period to define one or more document access rights of the encrypted document;
sending, by the eDRM device, an encrypted request to an eDRM server wherein the encrypted request includes the symmetric key and the authorization policy;
evaluating, at the eDRM server, one or more attributes of the generated authorization policy corresponding with one or more attributes of encrypted document, one or more details of the owner of the document;
storing, at the eDRM server database, the generated authorization result and the symmetric key;
generating, at the eDRM server, a document identifier, wherein the document identifier associates with the authorization policy and the encrypted doument;
installing, at a client device, an eDRM lite application from at least one source, wherein installation of the eDRM lite application generates a client certificate data comprises of a private key and a public key of eDRM lite application, an eDRM server certificate data and an access token, wherein the private key and public key using MAC address of the client device;
fetching, at the client device, the eDRM lite application, user’s document meta data, keys, access rights and storing as an offline cache in encrypted form.
opening the encrypted document in the eDRM lite application at the client device, wherein the eDRM lite application checks offline cache of the client device for symmetric key; and 15

exercising, at the client device, the one or more rights and verifying document access type, expiry time, refresh period and refresh flag according to predefined attributes of the document identifier.
2. The method claimed in claim 1, wherein at the eDRM device, the one or more rights of the document can be modified by the owner of the document, wherein the modification of the one or more rights includes document access type, expiry time and refresh period for the one or more rights.

3. The method claimed in claim 1, wherein the offline cache, stored at the client device database, needs a continuous updation based on an API request to eDRM server.

4. The method claimed in claim 1, wherein the eDRM lite application can revoke the document access permission and can lock the document whenever the attempts for the rights that are not allowed to access.

5. The method claimed in claim 1, wherein the owner of the document can lock the document whenever the client attempts for the rights that are not allowed.

6. The method claimed in claim 1, wherein the opening of the encrypted document in the eDRM lite application at the client device, verifies refresh period and refresh flag to ensure the offline cache is recent.

7. A system for providing persistent protection for a document in offline mode, the system comprises:

an enterprise digital rights management (eDRM) device, wherein the eDRM device encrypts the document by using symmetric keys, creates authorization policy for the document, wherein the authorization policy includes one or more access rights of a document, one or more attributes of the document;
an eDRM server, wherein the eDRM server facilitates request of the web portal, eDRM device and eDRM lite applications, further wherein the eDRM server evaluates the authorization policy and one or more API services; and 16

an eDRM lite application, at a client device, wherein the eDRM lite application updates the symmetric key, document metadata, access rights in the offline cache database of the client device in encrypted form.
8. The system claimed in claim 7, wherein the eDRM lite application verifies presence of an identity of the document in the offline cache database and chooses to interact with the eDRM server if the identity of the document is not present in the offline cache database.

9. The system claimed in claim 7, wherein the eDRM lite application installs an eDRM sync plugin that interacts with the eDRM server at a predefined interval to update lock status of the document and to verify the status of document access rights as compared to last offline update.

10. The system claimed in claim 9, further the eDRM sync plugin interacts to the eDRM server at a predefined interval to get updated refresh flag in accordance to the modification informed by the eDRM device.

11. The system claimed in claim 7, wherein the eDRM lite application can revoke one or more document access rights permission and can lock the document if the client attempts unauthorized operation that are not applicable according to authorization policy.