Composite document access
First Claim
Patent Images
1. A method performed by a system comprising a hardware processor, comprising:
- receiving a request to access a composite document;
fetching a key associated with a group;
using the key to decrypt a part of the composite document comprising an attribute;
verifying the attribute via an attribute verification service, the verifying of the attribute selected from among determining membership in a group of users, determining a location of a user, or determining whether the user is accessing the composite document from a specified network address; and
in response to the verifying of the attribute, providing access to the composite document and receiving a further key;
decrypting, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and
accessing a content-part of the composite document using the fetched content-part key.
1 Assignment
0 Petitions
Accused Products
Abstract
According to an example of accessing a composite document, a request to access a composite document is received. A key associated with a group is fetched, and the key is used to decrypt a part of the composite document comprising an attribute. In the event that the attribute is verified, access to the composite document is provided.
21 Citations
15 Claims
-
1. A method performed by a system comprising a hardware processor, comprising:
-
receiving a request to access a composite document; fetching a key associated with a group; using the key to decrypt a part of the composite document comprising an attribute; verifying the attribute via an attribute verification service, the verifying of the attribute selected from among determining membership in a group of users, determining a location of a user, or determining whether the user is accessing the composite document from a specified network address; and in response to the verifying of the attribute, providing access to the composite document and receiving a further key; decrypting, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and accessing a content-part of the composite document using the fetched content-part key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system comprising:
-
a processor; and a non-transitory storage medium storing an attribute verification service, when executed, cause the processor to; receive a request to access a composite document comprising an entry including an attribute to be verified, and attribute verification information comprising a reference to the attribute verification service, fetch a private key associated with a group stored on the attribute verification service, use the private key to decrypt the entry comprising the attribute, verify the attribute via an attribute verification service, and in response to verifying the attribute, provide access to the composite document and receive a symmetric key; decrypt, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and access a content-part of the composite document using the fetched content-part key. - View Dependent Claims (11, 12, 13)
-
-
14. A non-transitory computer readable storage medium comprising instructions that upon execution cause a system to:
-
receive a request to access a composite document an entry comprising an attribute to be verified; and
attribute verification information comprising a reference to an attribute verification service, the attribute selected from among a membership in a group of users, a location, or a network address;fetch a key associated with a group; use the key to decrypt the entry in the composite document; verify, using the attribute verification service referenced by the reference in the attribute verification information of the composite document, the attribute stored in the decrypted entry; in response to verifying the attribute, provide access to the composite document and receive a symmetric key; decrypt, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and access a content-part of the composite document using the fetched content-part key. - View Dependent Claims (15)
-
Specification