DOCUMENT SECURITY SYSTEM AND METHOD

US 20120185701A1
Filed: 01/13/2011
Published: 07/19/2012
Est. Priority Date: 01/13/2011
Status: Active Grant

First Claim

Patent Images

1. A method for document security, comprising:

decrypting a key-map file located in an composite document with embedded access control;

decrypting a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part;

loading the content part in decrypted form into a document serialization maintained in a transient memory, wherein the content part in decrypted form is maintained exclusively in the transient memory; and

erasing the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for document security are described. The method decrypts a key-map file located a composite document with embedded access control, decrypts a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part, loads the content part in decrypted form into a document serialization maintained in a transient memory where the content part in decrypted form is maintained exclusively in the transient memory, and erases the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization.

Citations

20 Claims

1. A method for document security, comprising:
- decrypting a key-map file located in an composite document with embedded access control;
  
  decrypting a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part;
  
  loading the content part in decrypted form into a document serialization maintained in a transient memory, wherein the content part in decrypted form is maintained exclusively in the transient memory; and
  
  erasing the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the document serialization comprises a relational database structure.
  - 3. The method of claim 2, further comprising:
    - encrypting the edited content part by an encryption key that corresponds to a decryption key from the key-map file used to decrypt the content part; and
      
      storing the edited content part in the composite document with embedded access control to create an updated composite document with embedded access control.
  - 4. The method of claim 3, further comprising sending the updated composite document with embedded access control to a second user over a low security communication channel.
  - 5. The method of claim 3, further comprising updating a master copy corresponding to the composite document with embedded access control with data from the updated composite document with embedded access control.
  - 6. The method of claim 1, further comprising checking the amount of space available in the transient memory to determine if there is sufficient space to decrypt a largest encrypted content part in the composite document that a user may have access to according one or more keys stored in the key-map file.
  - 7. The method of claim 6, further comprising generating a notification when there is insufficient space available in the transient memory to decrypt the largest encrypted content part.
  - 8. The method of claim 1, further comprising decrypting each of one or more encrypted content parts of the composite document with embedded access control that a user has access to according to one or more keys stored in the map file and loading each of the one or more content parts in decrypted form into the document serialization structure if it is determined there is sufficient transient memory to hold each of the one or more content parts in decrypted form.

9. A system for document security comprising:
- a transient memory;
  
  a secured composite document comprising one or more encrypted content parts and one or more encrypted key-map files, the key-map files comprising access information for the one or more content parts corresponding to one or more users; and
  
  a document interface, to locate a key-map file corresponding to a user from one or more encrypted key-map files, to decrypt a content part that the user may access according a key in the located in the key-map file, and to store the content part in decrypted form in the transient memory for access by a user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein the secured composite document was generated from a master copy maintained in a secure location.
  - 11. The system of claim 9, comprising an entry table within the secured composite document to find the location of a key-map file that corresponds to a particular user.
  - 12. The system of claim 11, wherein a user decrypts an entry in the entry table to locate the location of the key-map file that corresponds to the user.
  - 13. The system of claim 9, further comprising a document serialization structure created in the transient memory to hold the decrypted content parts.
  - 14. The system of claim 13, wherein the document serialization created in the transient memory holds decrypted entries from the located key-map file, said decrypted entries comprising access keys for the access granted the user for the one or more content parts.
  - 15. The system of claim 9, wherein the secured composite document is distributed to a number of users performing tasks according to a workflow.
  - 16. The system of claim 9, wherein the secured composite document comprises a flat file database.
  - 17. The system of claim 9, wherein the decrypted entries are stored in a table in a relational database.

18. A non-transitory computer-readable medium having stored thereon instructions which when executed by a processor cause the processor to perform the method of:
- retrieving a content part from a secured composite document, based on a request to access the content part;
  
  attempting to decrypt the content part using an access key in the secured composite document that corresponds to a particular user;
  
  erasing one or more other content parts previously decrypted from the secured composite document and stored in the transient memory, wherein the one or more other content parts are identified as candidates for erasing based on a pre-determined criterion;
  
  storing the content part in transient memory version, if the amount of transient memory erased is equal to or greater than the amount of memory space needed to store the content part in transient memory.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the pre-determined criterion is one or more of lowest security risk, user access privilege to modify, longest idle time for each content part, longest path from the one or more other content parts.
  - 20. The non-transitory computer-readable medium of claim 18, further comprising before erasing:
    - encrypting each of the other parts that were modified while in transient memory;
      
      signing each of the other parts that were modified in transient memory; and
      
      storing encrypted versions of each of the other parts that were modified in the secured composite document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Balinsky, Helen, Simske, Steven J.

Granted Patent

US 8,560,846 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6209 to a single file or object,...

DOCUMENT SECURITY SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DOCUMENT SECURITY SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links