Composite document access

US 10,452,855 B2
Filed: 08/12/2014
Issued: 10/22/2019
Est. Priority Date: 08/12/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed by a system comprising a hardware processor, comprising:

receiving a request to access a composite document;

fetching a key associated with a group;

using the key to decrypt a part of the composite document comprising an attribute;

verifying the attribute via an attribute verification service, the verifying of the attribute selected from among determining membership in a group of users, determining a location of a user, or determining whether the user is accessing the composite document from a specified network address; and

in response to the verifying of the attribute, providing access to the composite document and receiving a further key;

decrypting, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and

accessing a content-part of the composite document using the fetched content-part key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an example of accessing a composite document, a request to access a composite document is received. A key associated with a group is fetched, and the key is used to decrypt a part of the composite document comprising an attribute. In the event that the attribute is verified, access to the composite document is provided.

21 Citations

15 Claims

1. A method performed by a system comprising a hardware processor, comprising:
- receiving a request to access a composite document;
  
  fetching a key associated with a group;
  
  using the key to decrypt a part of the composite document comprising an attribute;
  
  verifying the attribute via an attribute verification service, the verifying of the attribute selected from among determining membership in a group of users, determining a location of a user, or determining whether the user is accessing the composite document from a specified network address; and
  
  in response to the verifying of the attribute, providing access to the composite document and receiving a further key;
  
  decrypting, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and
  
  accessing a content-part of the composite document using the fetched content-part key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the key is a private key.
  - 3. The method according to claim 1, wherein the key is stored on a server used for verifying the attribute.
  - 4. The method according to claim 1, wherein providing the access to the composite document comprises providing access to at least one content-part of the composite document.
  - 5. The method according to claim 1, wherein providing the access to the composite document comprises sending a symmetric key to an access environment to decrypt a key-map and releasing a key from the key-map to decrypt a part of the composite document.
  - 6. The method according to claim 1, wherein providing the access to the composite document comprises requesting a key-map table from an access environment, using a symmetric key to decrypt the key-map table, and releasing a key from the key-map to the access environment.
  - 7. The method according to claim 1, wherein providing the access to the composite document comprises requesting the composite document from an access environment, using a symmetric key to decrypt a key-map table and access at least one content-part, and sending at least one decrypted content-part to the access environment.
  - 8. The method according to claim 1, wherein the composite document comprises a plurality of content-parts that are individually addressable, the key-map information comprising content-part keys, and attribute verification information comprising a reference to an attribute verification service to be used for attribute verification, the method further comprising:
    - identifying the attribute verification service using the attribute verification information in the composite document,wherein verifying the attribute uses the attribute verification service.
  - 9. The method according to claim 8, further comprising:
    - prompting, by the attribute verification service, user input to verify the attribute.

10. A computer system comprising:
- a processor; and
  
  a non-transitory storage medium storing an attribute verification service, when executed, cause the processor to;
  
  receive a request to access a composite document comprising an entry including an attribute to be verified, and attribute verification information comprising a reference to the attribute verification service,fetch a private key associated with a group stored on the attribute verification service,use the private key to decrypt the entry comprising the attribute,verify the attribute via an attribute verification service, andin response to verifying the attribute, provide access to the composite document and receive a symmetric key;
  
  decrypt, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and
  
  access a content-part of the composite document using the fetched content-part key.
- View Dependent Claims (11, 12, 13)
- - 11. The system according to claim 10, wherein the private key is generated by the attribute verification service.
  - 12. The system according to claim 10, wherein the composite document further comprises key-map information comprising content-part keys, wherein the attribute verification service is to use a symmetric key from the composite document to decrypt the key-map information and to retrieve a content-part key from the decrypted key-map information to decrypt a content-part of the composite document.
  - 13. The system according to claim 10, wherein the attribute is selected from among a membership in a group of users, a location, or a network address.

14. A non-transitory computer readable storage medium comprising instructions that upon execution cause a system to:
- receive a request to access a composite document an entry comprising an attribute to be verified; and
  
  attribute verification information comprising a reference to an attribute verification service, the attribute selected from among a membership in a group of users, a location, or a network address;
  
  fetch a key associated with a group;
  
  use the key to decrypt the entry in the composite document;
  
  verify, using the attribute verification service referenced by the reference in the attribute verification information of the composite document, the attribute stored in the decrypted entry;
  
  in response to verifying the attribute, provide access to the composite document and receive a symmetric key;
  
  decrypt, using the further key, key-map information of the composite document to fetch a content-part key from the decrypted key-map information; and
  
  access a content-part of the composite document using the fetched content-part key.
- View Dependent Claims (15)
- - 15. The non-transitory computer readable storage medium according to claim 14, wherein the composite document further comprises key-map information comprising content-part keys, wherein the attribute verification service is to use a symmetric key from the composite document to decrypt the key-map information and to retrieve a content-part key from the decrypted key-map information to decrypt a content-part the composite document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Ali, Vali, Balinsky, Helen
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US15/309,812
Publication Number

US 20170262642A1
Time in Patent Office

1,897 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/101   Collaborative creation, e.g...

Composite document access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Composite document access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others