Method and system for securing digital assets using time-based security criteria

US 20050071657A1
Filed: 09/30/2003
Published: 03/31/2005
Est. Priority Date: 09/30/2003
Status: Abandoned Application

First Claim

Patent Images

1. A file security system for restricting access to electronic files, said file security system comprising:

a key store that stores a plurality of cryptographic key pairs, each of the cryptographic key pairs includes a public key and a private key, at least one of the cryptographic key pairs pertaining to a predetermined time; and

an access manager operatively connected to said key store, said access manager determines whether the private key of the at least one of the cryptographic key pairs pertaining to the predetermined time is permitted to be provided to a requestor based on a current time, wherein the requester requires the private key of the at least one of the cryptographic key pairs pertaining to the predetermined time to access a secured electronic file, and wherein the secured electronic file was previously secured using the public key of the at least one of the cryptographic key pairs pertaining to the predetermined time.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for utilizing time-based security criteria in a file security system are disclosed. At least a portion of the security criteria can have a time associated therewith (i.e., time-based security criteria) that serves as a time-based restriction on the ability to gain access to electronic files. If the time-based restriction is not satisfied, then the associated security criteria is not made available and thus access to a secured electronic file is prevented. In other words, access restrictions on electronic files can be dependent on the time at which access to the electronic files is attempted. The security criteria can pertain to keys (or ciphers) used by the file security system to secure (e.g., encrypt) electronic files to be secured, or to unsecure (e.g., decrypt) electronic files already secured.

Citations

28 Claims

1. A file security system for restricting access to electronic files, said file security system comprising:
- a key store that stores a plurality of cryptographic key pairs, each of the cryptographic key pairs includes a public key and a private key, at least one of the cryptographic key pairs pertaining to a predetermined time; and
  
  an access manager operatively connected to said key store, said access manager determines whether the private key of the at least one of the cryptographic key pairs pertaining to the predetermined time is permitted to be provided to a requestor based on a current time, wherein the requester requires the private key of the at least one of the cryptographic key pairs pertaining to the predetermined time to access a secured electronic file, and wherein the secured electronic file was previously secured using the public key of the at least one of the cryptographic key pairs pertaining to the predetermined time.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A file security system as recited in claim 1, wherein said access manager only provides the private key of the at least one of the cryptographic key pairs pertaining to the predetermined time to the requester if the predetermined time is greater than or equal to the current time.
  - 3. A file security system as recited in claim 1, wherein the requestor is a client module that operatively connects to said access manager over a network.
  - 4. A file security system as recited in claim 1, wherein said document security system further comprises:
    - at least one client module, said client module assists a user in selecting the predetermined time, and said client module secures the electronic file using the public key of the at least one of the cryptographic key pairs pertaining to the predetermined time so as to provide a time-based access restriction to the electronic file.
  - 5. A file security system as recited in claim 4, wherein said client module further assists in unsecuring the secured electronic file by acquiring the private key of the at least one of the cryptographic key pairs that pertaining to the predetermined time from said key store, and then unsecuring the secured electronic file using the private key of the at least one of the cryptographic key pairs that pertaining to the predetermined time.

6. A method for restricting access to an electronic document, said method comprising:
- identifying an electronic document to be secured, the electronic document having at least a data portion that contains data;
  
  obtaining a time-based access key;
  
  securing the electronic document through use of the time-based access key to produce a secured electronic document; and
  
  storing the secured electronic document.
- View Dependent Claims (7, 8, 9)
- - 7. A method as recited in claim 6, wherein the time-based access key has an access time associated therewith.
  - 8. A method as recited in claim 7, wherein said method further comprises:
    - storing the time-based access key at a remote key store, and wherein the time-based access key is subsequently retrievable from the remote key store only if the current time equals or exceeds the access time associated with the time-based access key.
  - 9. A method as recited in claim 8, wherein said method is performed on a client machine that operatively receives the time-based access key from the remote key store over a network.

10. A method for restricting access to an electronic document, said method comprising:
- identifying an electronic document to be secured, the electronic document having at least a data portion that contains data;
  
  obtaining a document key;
  
  encrypting the data portion of the electronic document using the document key to produce an encrypted data portion;
  
  obtaining a time-based access key;
  
  encrypting the document key using the time-based access key to produce an encrypted document key;
  
  forming a secured electronic document from at least the encrypted data portion and the encrypted document key; and
  
  storing the secured electronic document.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A method as recited in claim 10, wherein the time-based access key is a public time-based access key.
  - 12. A method as recited in claim 10, wherein the time-based access key has an access time associated therewith.
  - 13. A method as recited in claim 12, wherein the time-based access key is available from a remote key store only if the current time equals or exceeds the access time associated with the time-based access key.
  - 14. A method as recited in claim 13, wherein the access time is a day of a year, and the time-based access keys are unique for each day of the year.
  - 15. A method as recited in claim 13, wherein said method is performed on a client machine that operatively receives the time-based access key from the remote key store over a network.

16. A method for accessing a secured electronic document by a requester, the secured electronic document having at least a header portion and a data portion, said method comprising:
- obtaining a time-based access key;
  
  obtaining an encrypted document key from the header portion of the secured electronic document;
  
  decrypting the encrypted document key using the time-based access key to produce a document key;
  
  decrypting an encrypted data portion of the secured electronic document using the document key to produce a data portion; and
  
  supplying the data portion to the requestor.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. A method as recited in claim 16, wherein the time-based access key is identified by an indicator within a header portion of the secured electronic document.
  - 18. A method as recited in claim 16, wherein the time-based access key is a private time-based access key.
  - 19. A method as recited in claim 18, wherein the time-based access key being obtained is acquired from a server.
  - 20. A method as recited in claim 16, wherein said obtaining of the time-based access key is dependent on the current time.
  - 21. A method as recited in claim 16, wherein the time-based access key is associated with an access time, and wherein said obtaining of the time-based access key is permitted only when the current time is greater than or equal to the access time.
  - 22. A method as recited in claim 21, wherein, if permitted, said obtaining obtains the time-based access key being obtained from a server.

23. A method for distributing cryptographic keys used in a file security system, said method comprising:
- receiving a request for a time-based key;
  
  identifying an access time associated with the time-based key;
  
  comparing the current time with the access time; and
  
  refusing to distribute the time-based key in response to the request when said comparing indicates that the current time is prior to the access time.
- View Dependent Claims (24, 25)
- - 24. A method as recited in claim 23, wherein the time-based key is a private time-based key.
  - 25. A method as recited in claim 23, wherein said method is performed at a server, and wherein the request for the time-based key is from a client module that is connectable to the server via a network.

26. A computer readable medium including at least computer program code for restricting access to an electronic document, said computer readable medium comprising:
- computer program code for identifying an electronic document to be secured, the electronic document having at least a data portion that contains data;
  
  computer program code for obtaining a time-based access key;
  
  computer program code for securing the electronic document through use of the time-based access key to produce a secured electronic document; and
  
  computer program code for storing the secured electronic document.
- View Dependent Claims (27, 28)
- - 27. A computer readable medium as recited in claim 26, wherein the time-based access key has an access time associated therewith.
  - 28. A computer readable medium as recited in claim 27, wherein said computer readable medium further comprises:
    - computer program code for storing the time-based access key at a remote key store, and wherein the time-based access key is subsequently retrievable from the remote key store only if the current time equals or exceeds the access time associated with the time-based access key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardian Data Storage LLC (Intellectual Ventures LLC)
Original Assignee
PSS Systems, Inc. (International Business Machines Corporation)
Inventors
Ryan, Nicholas M.

Application Number

US10/676,850
Publication Number

US 20050071657A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2151   Time stamp

H04L 9/083   involving central third par...

Method and system for securing digital assets using time-based security criteria

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing digital assets using time-based security criteria

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links