Document security in enterprise content management systems

US 10,380,352 B2
Filed: 02/04/2014
Issued: 08/13/2019
Est. Priority Date: 02/04/2014
Status: Active Grant

First Claim

Patent Images

1. A computer program product for a records management system, comprising a computer readable storage medium having program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program code being executable by a processor to perform operations comprising:

generating a unique encryption key for each document in a plurality of documents stored on a first server in a records management system, wherein each unique encryption key is generated in accordance with an assigned classification level for each document;

encrypting each document in the plurality of documents at the first server, using the unique encryption key for each document and a set of encryption parameters for each document; and

storing the unique encryption key and the set of encryption parameters for each document on a second server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for enhancing the security of content in a records management system. A document is received to be stored as a record in the records management system. A unique combination of an encryption key and encryption parameters is selected for the document. The encryption key and encryption parameters are stored on a server that is different from a server upon which the document is to be stored in the records management system. The document is encrypted using the selected unique combination of encryption key and encryption parameters. The encrypted document is stored in the records management system.

Citations

12 Claims

1. A computer program product for a records management system, comprising a computer readable storage medium having program code embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program code being executable by a processor to perform operations comprising:
- generating a unique encryption key for each document in a plurality of documents stored on a first server in a records management system, wherein each unique encryption key is generated in accordance with an assigned classification level for each document;
  
  encrypting each document in the plurality of documents at the first server, using the unique encryption key for each document and a set of encryption parameters for each document; and
  
  storing the unique encryption key and the set of encryption parameters for each document on a second server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer program product of claim 1, wherein the first server and the second server are located in different physical locations.
  - 3. The computer program product of claim 1, wherein the program code is executable by the processor to perform the following additional operations:
    - in response to receiving a user request to access a document in the plurality of documents stored on the first server;
      
      decrypting the document using the unique encryption key for the document; and
      
      providing access to the document.
  - 4. The computer program product of claim 1, wherein the encryption parameters include one or more of:
    - an encryption algorithm, a block cipher mode, and a key length.
  - 5. The computer program product of claim 3, wherein the program code is executable by the processor to perform the following additional operations:
    - encrypting the document at the first server, using a different unique encryption key for the document and a different set of encryption parameters for the document; and
      
      storing the different unique encryption key and the different set of encryption parameters for the document on the second server.
  - 6. The computer program product of claim 1, wherein the first server and the second server have different security settings and are managed by different administrators.

7. A records management system, comprising:
- a first server storing a plurality of documents;
  
  a second server being configured to store one or more encryption keys and one or more sets of encryption parameters for the one or more documents that are stored on the first server;
  
  a processor; and
  
  a memory storing instructions that when executed by the processor causes the processor to;
  
  generate a unique encryption key for each document in the plurality of documents stored on the first server, wherein each unique encryption key is generated in accordance with an assigned classification level for each document;
  
  encrypt each document in the plurality of documents at the first server, using the unique encryption keys for each document and a set of encryption parameters for each document; and
  
  store the unique encryption keys and the sets of encryption parameters for each document on the second server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the first server and the second server are located in different physical locations.
  - 9. The system of claim 7, wherein the one or more encryption parameters include one or more of:
    - an encryption algorithm, a block cipher mode, and a key length.
  - 10. The system of claim 7, wherein the first server and the second server have different security settings and are managed by different administrators.
  - 11. The system of claim 7, wherein the memory stores instructions that when executed by the processor causes the processor to:
    - in response to receiving a user request to access a document in the plurality of documents stored on the first server;
      
      decrypt the document using the unique encryption key for the document; and
      
      provide access to the document.
  - 12. The system of claim 11, wherein the memory stores instructions that when executed by the processor causes the processor to:
    - encrypt the document at the first server, using a different unique encryption key for the document and a different set of encryption parameters for the document; and
      
      store the different unique encryption key and the different set of encryption parameters for the document on the second server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Avery, Kenytt D., Costecalde, Jean-Marc, Harnick-Shapiro, David B.
Primary Examiner(s)
King, John B

Application Number

US14/172,029
Publication Number

US 20150220743A1
Time in Patent Office

2,016 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

Document security in enterprise content management systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Document security in enterprise content management systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links