Method and system for providing cryptographic document retention with off-line access

US 20050223414A1
Filed: 03/30/2004
Published: 10/06/2005
Est. Priority Date: 03/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing automated document retention for electronic documents, said method comprising:

obtaining an electronic document;

assigning a document retention policy to the electronic document, the document retention policy being based on a recurring cut-off retention schedule; and

cryptographically imposing the document retention policy on the electronic document.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for utilizing security criteria to implement document retention for electronic documents are disclosed. The security criteria can also limit when, how and where access to the electronic documents is permitted. The security criteria can pertain to keys (or ciphers) used to secure (e.g., encrypt) electronic files (namely, electronic documents), or to unsecure (e.g., decrypt) electronic files already secured. At least a portion of the security criteria can be used to implement document retention, namely, a document retention policy. After a secured electronic document has been retained for the duration of the document retention policy, the associated security criteria becomes no longer available, thus preventing subsequent access to the secured electronic document. In other words, access restrictions on electronic documents can be used to prevent access to electronic documents which are no longer to be retained.

Citations

25 Claims

1. A method of providing automated document retention for electronic documents, said method comprising:
- obtaining an electronic document;
  
  assigning a document retention policy to the electronic document, the document retention policy being based on a recurring cut-off retention schedule; and
  
  cryptographically imposing the document retention policy on the electronic document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, wherein said method further comprises:
    - subsequently determining whether a document retention period for the electronic document has been exceeded; and
      
      cryptographically preventing access to the electronic document in accordance with the document retention policy when the document retention period for the electronic document has been exceeded.
  - 3. A method as recited in claim 1, wherein said imposing operates to utilize a cryptographic key to impose the document retention policy, and wherein the document retention policy specifies a document retention period and a cut-off period.
  - 4. A method as recited in claim 3, wherein the document retention policy specifies a document retention period that expires a predetermined period of time after the cut-off period.
  - 5. A method as recited in claim 3, wherein the cut-off period corresponds to a maximum off-line period of a client.
  - 6. A method as recited in claim 1, wherein said imposing comprises acquiring a cryptographic key from a server over a network, the cryptographic key being used to impose the document retention policy.
  - 7. A method as recited in claim 6, wherein said method further comprises:
    - determining whether the document retention period has expired; and
      
      deactivating the cryptographic key when said determining determines that the document retention period has expired, thereby preventing further access to the electronic document.
  - 8. A method as recited in claim 7, wherein said imposing operates to utilize a cryptographic key to impose the document retention policy, and wherein the document retention policy specifies a document retention period and a cut-off period.
  - 9. A method as recited in claim 8, wherein the document retention policy specifies a document retention period that expires a predetermined period of time after the cut-off period.

10. A method for periodically providing document retention keys to clients of a document retention system via a network, said method comprising:
- determining whether a cut-off period for a current or prior document retention key has been reached;
  
  generating a next document retention key to be used to encrypt electronic documents during a next cut-off period, the next document retention key having a document retention period associated therewith; and
  
  notifying any of the clients that are connected to the network of the next document retention key.
- View Dependent Claims (11, 12)
- - 11. A method as recited in claim 10, wherein said method further comprises:
    - subsequently determining whether the prior document retention key is to be deactivated based on the document retention period; and
      
      deactivating the prior document retention key when said determining determines that the prior document retention key is to be deactivated.
  - 12. A method as recited in claim 11, wherein the document retention period is a predetermined duration of time following the end of the next cut-off period.

13. A method for restricting access to an electronic document, said method comprising:
- identifying an electronic document to be secured, the electronic document having at least a data portion that contains data;
  
  obtaining a document key;
  
  encrypting the data portion of the electronic document using the document key to produce an encrypted data portion;
  
  obtaining a retention access key, the retention access key being used to enforce a document retention policy on the electronic document;
  
  encrypting the document key using the retention access key to produce an encrypted document key, the retention access key only being usable for said encrypting during a cut-off period;
  
  forming a secured electronic document from at least the encrypted data portion and the encrypted document key; and
  
  storing the secured electronic document.
- View Dependent Claims (14, 15)
- - 14. A method as recited in claim 13, wherein the retention access key is a public retention access key.
  - 15. A method as recited in claim 13, wherein the document retention policy specifies a document retention period that expires a predetermined period of time after the cut-off period.

16. A method for accessing a secured electronic document by a requestor, the secured electronic document having at least a header portion and a data portion, said method comprising:
- obtaining a retention access key, the retention access key being used to enforce a document retention period of a document retention policy on the electronic document, the retention access key being usable only during the document retention period following a cut-off period;
  
  obtaining an encrypted document key from the header portion of the secured electronic document;
  
  decrypting the encrypted document key using the retention access key to produce a document key;
  
  decrypting an encrypted data portion of the secured electronic document using the document key to produce a data portion; and
  
  supplying the data portion to the requestor.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A method as recited in claim 16, wherein the retention access key is identified by an indicator within a header portion of the secured electronic document.
  - 18. A method as recited in claim 16, wherein the retention access key is a private retention access key.
  - 19. A method as recited in claim 16, wherein, if permitted, said obtaining obtains the retention access key being obtained from a server.
  - 20. A method as recited in claim 16, wherein the document retention period is a predetermined period of time after the occurrence of the cut-off period.

21. A computer readable medium including at least computer program code for providing automated document retention for electronic documents, said computer readable medium comprising:
- computer program code for obtaining an electronic document;
  
  computer program code for assigning a document retention policy to the electronic document, the document retention policy being based on a recurring cut-off retention schedule; and
  
  computer program code for cryptographically imposing the document retention policy on the electronic document.
- View Dependent Claims (22, 23, 24)
- - 22. A computer readable medium as recited in claim 21, wherein said computer readable medium further comprises:
    - computer program code for subsequently determining whether a document retention period for the electronic document has been exceeded; and
      
      computer program code for cryptographically preventing access to the electronic document in accordance with the document retention policy when the document retention period for the electronic document has been exceeded.
  - 23. A computer readable medium as recited in claim 21, wherein said computer program code for cryptographically imposing operates to utilize a cryptographic key to impose the document retention policy, and wherein the document retention policy specifies a document retention period and a cutoff period.
  - 24. A computer readable medium as recited in claim 23, wherein the document retention policy specifies a document retention period that expires a predetermined period of time after the cut-off period.

25. A file security system for restricting access to electronic files, said file security system comprising:
- a key store that stores a plurality of cryptographic key pairs, each of the cryptographic key pairs including a public key and a private key, at least one of the cryptographic key pairs pertaining to a retention policy, the retention policy having a document retention period and a cut-off period; and
  
  an access manager operatively connected to said key store, said access manager makes available, for each of the cut-off periods, a different one of the public keys of the at least one of the cryptographic key pairs, and said access manager determines whether the private key of the at least one of the cryptographic key pairs pertaining to the retention policy is permitted to be provided to a requestor based on whether the document retention period following the cut-off period has expired, wherein the requestor requires the private key of the at least one of the cryptographic key pairs pertaining to the retention policy to access a secured electronic file, and wherein the secured electronic file was previously secured using the public key of the at least one of the cryptographic key pairs pertaining to the retention policy, and at the time the electronic file was so secured, the public key was within the cut-off period and available for use.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
PSS Systems, Inc. (International Business Machines Corporation)
Inventors
Gutnik, Yevgeniy, Kenrich, Michael Frederick

Granted Patent

US 7,748,045 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

Method and system for providing cryptographic document retention with off-line access

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing cryptographic document retention with off-line access

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links