Method and System for Generating Trusted Security Labels for Electronic Documents
First Claim
1. A computerized method for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the method comprising:
- (a1) determining a part of the document to be protected;
(b1) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels;
(c1) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and
(d1) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for generating trusted security labels in electronic documents is disclosed. The method comprises determining parts of the document to be cryptographically bound to the security label and hashing them; hashing the security label; specifying any necessary policies as signable signature properties; and digitally signing the collection of these items. The resulting security label is trusted, because it is digitally signed and its digital signature also covers the parts of the document to be protected, thus allowing any tampering of the security label or the covered parts of the document to be detectable. A corresponding system for generating trusted security labels is also provided.
-
Citations
20 Claims
-
1. A computerized method for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the method comprising:
-
(a1) determining a part of the document to be protected; (b1) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels; (c1) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and (d1) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable storage medium, having a computer readable program code instructions stored thereon, which, when executed by a processor, performs the following:
-
(a10) determining a part of the document to be protected; (b10) selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels; (c10) specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and (d10) generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies.
-
-
11. A system for generating a trusted security label for an electronic document for protecting the electronic document from unauthorized access, the system comprising:
-
a processor, and a computer readable storage medium having computer readable instructions stored thereon, which, when executed by the processor, form the following; (a11) a part determination module determining a part of the document to be protected; (b11) a selection module selecting a security label associated with the part of the document, and indicating a security classification level for the part of the document from a predetermined list of security labels; (c11) a policy module specifying one or more policies governing generation of the trusted security label based on the part of the document and the security label; and (d11) a label generation module generating the trusted security label, including digitally signing the part of the document, the security label and said one or more policies. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification