Role-based access control for redacted content
First Claim
1. In a computing system environment, a method of providing access to redacted material, comprising:
- designating a portion of content as redacted, including establishing various users roles able to access the redacted portion, the establishing occurring by an author of the content;
upon electronically saving the content, encrypting the redacted portion;
identifying a role of a user attempting to thereafter interact with the content; and
if the role of the user attempting to interact with the content matches one of the established various user roles able to access the redacted portion, decrypting the encrypted redacted portion, otherwise preventing access to the encrypted redacted portions but showing portions of the content other than the encrypted redacted portions.
4 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are described for accessing redacted material based on user roles. An author designates portions of content as to-be-redacted. The author establishes various users roles able to access it and defines attributes or time constraints affecting the viewing/using. Upon electronically saving the content, the to-be-redacted portion is encrypted. An intermediary, such as a keytable service, mediates access between later users and the content. Upon identification of a role of a user attempting to interact with the content, and matching the role to one of the author-established roles, the encrypted redacted portion is decrypted. In this manner, users gain access to content based only on their role. The surrounding events are also loggable, traceable, and verifiable. A monitored connection between the user and the content, as well as various user interface options, are other noteworthy features. Computer program products and computing network interaction are also defined.
207 Citations
21 Claims
-
1. In a computing system environment, a method of providing access to redacted material, comprising:
-
designating a portion of content as redacted, including establishing various users roles able to access the redacted portion, the establishing occurring by an author of the content; upon electronically saving the content, encrypting the redacted portion; identifying a role of a user attempting to thereafter interact with the content; and if the role of the user attempting to interact with the content matches one of the established various user roles able to access the redacted portion, decrypting the encrypted redacted portion, otherwise preventing access to the encrypted redacted portions but showing portions of the content other than the encrypted redacted portions. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a computing system environment, a method of providing access to redacted material, comprising:
-
at a first computing device, designating portions of content as redacted, including establishing access indicia to the redacted portions by way of various user roles able to access the redacted portions and indicating any attributes or time constraints for accessing the content; upon electronically saving the content, encrypting the redacted portions; by way of a second computing device not the same as the first computing device, identifing a role of a user attempting to interact with the content; and if the role of the user attempting to interact with the content matches one of the established various user roles able to access the redacted portions, decrypting the encrypted redacted portions, otherwise preventing access to the encrypted redacted portions but showing the encrypted redacted portions in the content. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computer program product available as a download or on a computer readable medium having executable instructions for performing steps to provide access to redacted material, comprising:
-
opening a document for an author to create content; receiving an indication from the author of the content to designate a portion of the content as redacted, including receiving from the author various users roles able to access the redacted portion and receiving any attributes or time constraints relating to interacting with the content; causing an encryption of the redacted content upon receiving an indication from the author to electronically save the content; and passing a key to decrypt the encryption of the redacted content and passing the various users roles, attributes and time constraints to a mediation service for decrypting the encrypted redacted content with the key upon matching a role of a user attempting to interact with the content with one of the established various user roles able to access the redacted portion.
-
-
13. A computing system environment for providing access to redacted material, comprising:
-
a first computing device interacting with a computer program product that allows an author to designate portions of content as redacted, the product including allowing the author to establish access indicia to the redacted portions by way of various user roles and according to any attributes or time constraints; and a mediation computing device not the same as the first computing device but connected to the first computing device for identifying a role of a user attempting to interact with the content, wherein either the first computing device or the mediation computing device is configured to encrypt the redacted portions upon an indication by the author to electronically save the content, and wherein if the role of the user matches one of the established various user roles able to access the redacted portions the mediation computing device is configured to decrypt the encrypted redacted portions, otherwise the mediation computing device prevents access to the encrypted redacted portions but enables showing the encrypted redacted portions in the content. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer program product available as a download or on a computer readable medium having executable instructions for loading on a computing device to regulate access to redacted material, comprising:
-
a document space for display on a monitor of the computing device for an author to visually see content created in the document space; a visual interface for display on the monitor for the author to designate a portion of the content created in the document space as redacted and to designate various users roles able to access the redacted portion; a saving component causing local or remote encryption of the redacted content upon receipt of an indication from the author to electronically save the content, the encryption able to be decrypted upon matching a role of a user attempting to interact with the content to one of the designated various user roles; and a displaying component to visually show the user, attempting to interact with the content, the redacted portion in encrypted form if the role of the user does not match one of the designated various user roles.
-
-
19. In a computing system environment, a method of providing access to redacted material, comprising:
-
designating a portion of content as redacted, including establishing various users roles able to access the redacted portion according to any attributes or time constraints; upon electronically saving the content, encrypting the redacted portion; identifying a role of a user attempting to thereafter interact with the content; if the role of the user attempting to interact with the content matches one of the established various user roles able to access the redacted portion, decrypting the encrypted redacted portion so long as a monitored connection between a plurality of computing devices is maintained in a time-responsive fashion. - View Dependent Claims (20)
-
-
21. In a computing system environment, a method of providing access to redacted material, comprising:
-
designating portions of content as redacted, including establishing various users roles able to access the redacted portions, the establishing occurring by an author of the content and one portion of the redacted portions being accessible by one role of the various users roles different than another role of the various user roles able to access another portion of the redacted portions; upon electronically saving the content, encrypting the redacted portion; identifying a role of a plurality ofusers attempting to thereafter interact with the content; and per each of the roles of the users, if the role of one of the users attempting to interact with the content matches one of the established various user roles able to access the redacted portion, decrypting the encrypted redacted portion, otherwise preventing access to the encrypted redacted portions but showing portions of the content other than the encrypted redacted portions.
-
Specification