Method of encrypting information for remote access while maintaining access control
First Claim
1. A method of controlling distribution of electronic information comprising the steps of:
- retrieving, at a user location, a segment of encrypted electronic information;
receiving, from a key server, (a) a copy of a decryption key for the segment, and (b) at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control distribution of the electronic information; and
destroying the copy of the decryption key at the user location after accessing the segment.
10 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for encrypting electronic information such as a document so that only users with permission may access the document in decrypted form. The process of encrypting the information includes selecting a set of policies as to who may access the information and under what conditions. A remote server stores a unique identifier for the information and associates an encryption/decryption key pair and access policies with the information. Software components residing on the author'"'"'s computer retrieve the encryption key from the remote server, encrypt the information, and store the encrypted information at a location chosen by the author. A user wishing to access the information acquires the encrypted information electronically. Software components residing on the viewing user'"'"'s computer retrieve the associated decryption key and policies, decrypt the information to the extent authorized by the policies, and immediately delete the decryption key from the viewing user'"'"'s computer upon decrypting the information and rendering the clear text to the viewing user'"'"'s computer screen. The software components are also capable of prohibiting functional operations by the viewing user'"'"'s computer while the clear text is being viewed.
-
Citations
3 Claims
-
1. A method of controlling distribution of electronic information comprising the steps of:
-
retrieving, at a user location, a segment of encrypted electronic information;
receiving, from a key server, (a) a copy of a decryption key for the segment, and (b) at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control distribution of the electronic information; and
destroying the copy of the decryption key at the user location after accessing the segment. - View Dependent Claims (2)
-
-
3. A method of accessing first and second encrypted segments of an electronic document comprising the steps of:
-
retrieving, at the user location, a first encrypted segment of the electronic document;
receiving, from a key server, (a) a copy of a first decryption key for the first segment and (b) at least one user limitation assigned to the first segment and associated with the first decryption key;
accessing the first segment using the copy of the first decryption key for the first segment; and
at the user location, destroying the copy of the first decryption key for the first segment as a precondition to receiving a decryption key for accessing a second segment of the electronic document.
-
Specification