Document Security Management System

US 20100217987A1
Filed: 05/12/2006
Published: 08/26/2010
Est. Priority Date: 02/07/2006
Status: Abandoned Application

First Claim

Patent Images

1. A document security management system for securely managing documents or data files for users, the document management system comprising:

a document repository, providing a facility for storing data files representing the documents;

a key repository for storing a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository and comprising a public key and a private key, wherein each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document; and

a plurality of client terminals configured to retrieve the documents from the document repository for processing by a user, wherein each user is provided with a digital certificate comprising a certificate key pair, each certificate key pair comprising a public key and a private key, and the key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user, the client terminal being operable with the private key of the certificate key pair, the client terminal being configured to decrypt the private key of encryption key pair using the private key of the certificate key pair, to retrieve the encrypted document from the document repository, and to decrypt the document using the decrypted private key of the encryption key pair to access the document.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A document security management system for securely managing documents for users. The document management system comprises a document repository providing a facility for storing data files representing the documents. A key repository stores a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository. Each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document. A plurality of client terminals are operable to store and to retrieve the documents from the documentary repository for processing by a user. Each user is in possession of a digital certificate comprising a certificate key pair. The key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user. The client terminal is operable with the private key of the certificate key pair in possession of a user. The client terminal is operable to decrypt the private key of the encryption key pair using the private key of the certificate key pair of a user, and to retrieve the encrypted document from the document repository and to decrypt the document using the decrypted private key of the encryption key pair. Thus, in accordance with the present invention a two tier arrangement of private key/public key pairs is provided with a first private key/public key pair called the encryption key pair being associated with each of the documents and a second digital certificate private key/public key pair called a certificate key pair being associated with the users. A document management system according to the present invention is therefore provided with an improvement in security with respect to document management and document management security.

115 Citations

17 Claims

1. A document security management system for securely managing documents or data files for users, the document management system comprising:
- a document repository, providing a facility for storing data files representing the documents;
  
  a key repository for storing a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository and comprising a public key and a private key, wherein each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document; and
  
  a plurality of client terminals configured to retrieve the documents from the document repository for processing by a user, wherein each user is provided with a digital certificate comprising a certificate key pair, each certificate key pair comprising a public key and a private key, and the key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user, the client terminal being operable with the private key of the certificate key pair, the client terminal being configured to decrypt the private key of encryption key pair using the private key of the certificate key pair, to retrieve the encrypted document from the document repository, and to decrypt the document using the decrypted private key of the encryption key pair to access the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 17)
- - 2. The document security management system as claimed in claim 1, wherein the client terminal is configured to generate a hash value of the document after the document has been created or edited by a user, to encrypt the hash value with the private key of the private key of the encryption key pair, and to store the encrypted hash value with the encrypted document on the document server, and the client terminal is configured when retrieving the document from the document server to decrypt the hash value which has been stored in association with the document, to recalculate the hash value from the decrypted document retrieved from the document server, and to verify that the document corresponds with a version of the document in a form when the hash value which has been stored in association with document was produced, by comparing the recalculated hash value with the hash value which was stored on the document server in association with the document.
  - 3. The document security management system as claimed in claim 1, wherein the client terminal is configured to generate a digital signature using the user'"'"'s private key of the certificate key pair, by calculating a hash value of the document, and encrypting the hash value calculated from the document with the private key, and to store the digital signature in association with the encrypted document in the document server, and the client terminal is configured when retrieving the document from the document server to retrieve the digital signature associated with the document from the document server, to re-calculate the hash value from the decrypted document, to extract the hash value from the digital signature by decrypting the encrypted hash value in the signature to compare the extracted hash with the re-generated hash, and if the regenerated hash is the same as the extracted hash to validate the retrieved digital signature as being authentic.
  - 4. The document security management system as claimed in claim 2, wherein the digital signature is a detached digital signature generated in accordance with the Public Key Certificate Standard 7.
  - 5. The document security management system as claimed in claim 1, wherein the client terminals are configured to generate a temporal reference indicating a time and/or a date when the document was created or edited, to encrypt the temporal reference with the public key encryption key pair, and to communicate the encrypted temporal reference to the document repository, wherein the document repository is configured to store the temporal reference with the document in the document repository.
  - 6. The document management security system as claimed in claim 1, wherein the key repository is configured to store the public key of the one or more encryption key pairs in the key repository, to encrypt the private key of the one or more encryption key pairs with the public key of the certificate key pair associated with a user, and to store the encrypted private key of the one or more encryption key pairs in the key repository.
  - 7. The document security management system as claimed in claim 1, wherein the key repository is configured to store each private key of the one or more encryption key pairs encrypted with a public key of a key manager'"'"'s certificate key pair.
  - 17. A document security management system as claimed in claim 3, wherein the digital signature is a detached digital signature generated in accordance with the Public Key Certificate Standard 7.

8. A method of securely managing documents for users, the method comprising:
- storing data files representing documents on a document repository;
  
  storing a public key of one or more encryption key pairs on a key repository, each of the encryption key pairs being associated with one of the documents stored in the document repository and each of the encryption key pairs comprising a public key and a private key, and each document stored in the document repository being encrypted with the public key of the encryption key pair associated with the documents;
  
  storing the documents in the document repository for processing by a user, wherein the key repository includes the private key of an encryption key pair encrypted with the public key of a digital certificate key pair associated with the user;
  
  decrypting the private key of the encryption key pair using the private key of the certificate key pair;
  
  retrieving the encrypted document from the document repository; and
  
  decrypting the document using the decrypted private key of the first document private key/public key pair.
- View Dependent Claims (9, 10)
- - 9. The method as claimed in claim 8, the method further comprising:
    - generating a hash value of the document after the document has been created or edited by a user;
      
      encrypting the hash value with the private key of the first document private key/public key pair;
      
      storing the encrypted hash value with the encrypted document on the document repository;
      
      decrypting the stored hash value;
      
      re-calculating the hash value from the decrypted document retrieved from the document repository; and
      
      verifying that the document corresponds with a version of the document when the stored hash value was produced, by comparing the recalculated hash value with the stored hash value.
  - 10. The method as claimed in claim 8, further comprising:
    - generating a digital signature using the user'"'"'s private key of the certificate key pair, by calculating a hash value of the document, and encrypting the hash value calculated from the document with the public key;
      
      storing the digital signature in the document repository;
      
      retrieving the digital signature from the document repository;
      
      re-calculating the hash value from the decrypted document;
      
      re-generating the digital signature by encrypting the re-calculated hash value with the user'"'"'s public key of the second document private key/public key pair,comparing the retrieved digital signature with the re-generated digital signature; and
      
      ,validating the retrieved digital signature as being authentic if the re-generated digital signature is substantially the same as the re-retrieved digital signature.

11. A document repository for a document management system for securely managing documents for users, the document repository configured to store data files representing documents, each stored document being associated with a first private key/public key pair and each stored document being encrypted with the public key of the first document private key/public key pair associated with the document, wherein the document repository is further configured to store in association with each of the documents a hash value generated from the document and a digital signature generated from the hash value and the private key of a second private key/public key pair provided to a user.

12. A client terminal operable in combination with a key repository and a document repository of a document security management system, the client terminal being configured to store and to retrieve documents to and from the documentary repository for processing by a user, wherein each user possesses a digital certificate comprising a certificate key pair, the certificate key pair comprising a public key and a private key, and the key repository includes the private key of an encryption key pair encrypted with the public key of the certificate key pair of the user, the client terminal being provided by the user with the private key of the certificate key pair of the user, the client terminal being configured to decrypt the private key of the encryption key pair using the private key of the certificate key pair, to retrieve the encrypted document from the document repository, and to decrypt the document using the decrypted private key of the encryption key pair.
- View Dependent Claims (13)
- - 13. A client terminal as claimed in claim 12, wherein the client terminal is configured to create a data file representing a document, to encrypt the data file with the public key of the one or more encryption key pairs, and to store the encrypted data file on the document repository.

14. A key repository operable in combination with a document repository and one or more client terminals of a document security management system, the key repository being configured to store a public key of one or more encryption key pairs, each of the encryption key pairs comprising a public key and a private key and each of the encryption key pairs being associated with one of the documents stored in the document repository, wherein each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document, wherein the key repository includes the private key of the encryption key pair encrypted with a public key of a digital certificate key pair associated with the user.

15. (canceled)

16. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ravindra Waman Shevade
Original Assignee
Ravindra Waman Shevade
Inventors
Shevade, Ravindra Waman

Application Number

US12/278,779
Publication Number

US 20100217987A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/6272   by registering files or doc...

G06F 21/64   Protecting data integrity, ...

G06F 21/645   using a third party

H04W 12/77   Graphical identity

Document Security Management System

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Document Security Management System

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links