Method and System for Generating Trusted Security Labels for Electronic Documents

US 20100263060A1
Filed: 04/06/2010
Published: 10/14/2010
Est. Priority Date: 03/04/2009
Status: Active Grant

First Claim

Patent Images

1. A computerized method for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the method comprising:

(a1) determining a part of the document to be protected;

(b1) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels;

(c1) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and

(d1) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for generating trusted security labels in electronic documents is disclosed. The method comprises determining parts of the document to be cryptographically bound to the security label and hashing them; hashing the security label; specifying any necessary policies as signable signature properties; and digitally signing the collection of these items. The resulting security label is trusted, because it is digitally signed and its digital signature also covers the parts of the document to be protected, thus allowing any tampering of the security label or the covered parts of the document to be detectable. A corresponding system for generating trusted security labels is also provided.

Citations

20 Claims

1. A computerized method for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the method comprising:
- (a1) determining a part of the document to be protected;
  
  (b1) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels;
  
  (c1) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and
  
  (d1) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the step (a1) further comprises applying a hash function to the part of the document.
  - 3. The method of claim 2, wherein the step (b1) further comprises applying a hash function to the security label.
  - 4. The method of claim 3, wherein the step (c1) comprises specifying a policy for identifying the part of the document to be protected.
  - 5. The method of claim 4, wherein the digitally signing comprises cryptographically binding the part of the 0.49″
    - document to the security label.
  - 6. The method of claim 4, wherein the step (c1) comprises specifying a policy for verifying an identity of a person applying the trusted security label.
  - 7. The method of claim 1, the method comprising matching the security classification level of the part of the document with a security classification level of a recipient of the document.
  - 8. The method of claim 1, the method comprising providing the document in an Open Office Extensible Markup Language (OOXML) format.
  - 9. The method of claim 1, the method comprising providing a Microsoft Office document.

10. A computer readable storage medium, having a computer readable program code instructions stored thereon, which, when executed by a processor, performs the following:
- (a10) determining a part of the document to be protected;
  
  (b10) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels;
  
  (c10) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and
  
  (d10) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.

11. A system for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the system comprising:
- a processor, and a computer readable storage medium having computer readable instructions stored thereon, which, when executed by the processor, form the following;
  
  (a11) a part determination module determining a part of the document to be protected;
  
  (b11) a selection module selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels;
  
  (c11) a policy module specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and
  
  (d11) a label generation module generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the part generation module (a11) further comprises a first hash application module applying a hash function to the part of the document.
  - 13. The system of claim 12, wherein the selection module (b12) further comprises a second hash application module applying a hash function to the security label.
  - 14. The system of claim 13, wherein the policy module (c11) comprises computational means for specifying a policy for identifying the part of the document to be protected.
  - 15. The system of claim 14, wherein the label generation module (d11) comprises a signature module cryptographically binding the part of the document to the security label.
  - 16. The system of claim 14, wherein the policy module (c11) comprises computational means for specifying a policy for verifying an identity of a person applying the trusted security label.
  - 17. The system of claim 11, comprising a guard device matching the security classification level of the part of the document with a security classification level of a recipient of the document.
  - 18. The system of claim 11, the system comprising computational means for providing the document in an Open Office Extensible Markup Language (OOXML) format.
  - 19. The system of claim 11, the system comprising computational means for providing a Microsoft Office document.
  - 20. The system of claim 11 wherein the processor is a multicore processor with each of the part detection module, the selection module, the policy module and the label generation module running on a separate core.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TITUS Inc.
Original Assignee
TITUS Inc.
Inventors
Simon, Edward Joseph, Charbonneau, Stephane Roger Daniel Joseph

Granted Patent

US 8,869,299 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2141   Access rights, e.g. capabil...

Method and System for Generating Trusted Security Labels for Electronic Documents

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Generating Trusted Security Labels for Electronic Documents

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links