LIGHTWEIGHT DOCUMENT ACCESS CONTROL USING ACCESS CONTROL LISTS IN THE CLOUD STORAGE OR ON THE LOCAL FILE SYSTEM

US 20130054976A1
Filed: 08/23/2011
Published: 02/28/2013
Est. Priority Date: 08/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to an encrypted document, the method comprising the steps of:

a computer receiving a request to access the encrypted document, wherein the access request comprises a user ID and a user password;

the computer performing a one-way hash function on the user password to generate a hash value;

the computer searching an access control table for the hash value which indicates an authorization for the user to access the encrypted document and corresponds to a document password encrypted with the user password;

the computer decrypting the document password using the user password; and

the computer decrypting the encrypted document using the decrypted document password.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for controlling access to an encrypted document, a computer receives a request to access the encrypted document, the access request comprising a user ID and a user password. The computer performs a one-way hash function on the user password to generate a hash value. The computer searches an access control table for the hash value which indicates an authorization for the user to access the encrypted document and corresponds to a document password encrypted with the user password. The computer decrypts the document password using the user password. The computer decrypts the encrypted document using the decrypted document password.

Citations

24 Claims

1. A method for controlling access to an encrypted document, the method comprising the steps of:
- a computer receiving a request to access the encrypted document, wherein the access request comprises a user ID and a user password;
  
  the computer performing a one-way hash function on the user password to generate a hash value;
  
  the computer searching an access control table for the hash value which indicates an authorization for the user to access the encrypted document and corresponds to a document password encrypted with the user password;
  
  the computer decrypting the document password using the user password; and
  
  the computer decrypting the encrypted document using the decrypted document password.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the hash value also corresponds to an expiration date, and wherein the step of decrypting the encrypted document further comprises the steps of:
    - the computer comparing the expiration date with a current date; and
      
      the computer decrypting the encrypted document in response to determining that the current date is before the expiration date.
  - 3. The method of claim 1, wherein the hash value corresponds to a plurality of user IDs.
  - 4. The method of claim 1, wherein an access to the access control table is provided as a service in a cloud environment.
  - 5. The method of claim 1, wherein the hash value corresponds to a security role and wherein the step of decrypting the encrypted document further comprises the computer decrypting the encrypted document in accordance with the security role.
  - 6. The method of claim 1, wherein the encrypted document has been encrypted using a symmetric encryption algorithm.

7. A computer program product for controlling access to an encrypted document, the computer program product comprising one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more computer-readable tangible storage devices, the program instructions comprising:
- program instructions to receive a request to access the encrypted document, wherein the access request comprises a user ID and a user password;
  
  program instructions to perform a one-way hash function on the user password to generate a hash value;
  
  program instructions to search an access control table for the hash value which indicates an authorization for the user to access the encrypted document and corresponds to a document password encrypted with the user password;
  
  program instructions to decrypt the document password using the user password; and
  
  program instructions to decrypt the encrypted document using the decrypted document password.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein the hash value also corresponds to an expiration date and wherein the program instructions to decrypt the encrypted document further comprise:
    - program instructions to compare the expiration date with a current date; and
      
      program instructions to decrypt the encrypted document if the current date is before the expiration date.
  - 9. The computer program product of claim 7, wherein the hash value corresponds to a plurality of user IDs.
  - 10. The computer program product of claim 7, wherein an access to the access control table is provided as a service in a cloud environment.
  - 11. The computer program product of claim 7, wherein the hash value corresponds to a security role and wherein the program instructions to decrypt the encrypted document further comprise program instructions to decrypt the encrypted document in accordance with the security role.
  - 12. The computer program product of claim 7, wherein the encrypted document has been encrypted using a symmetric encryption algorithm.

13. A method for controlling access to an encrypted web page, the method comprising the steps of:
- a computer receiving an email message, wherein the email message comprises a hyperlink to the encrypted web page and wherein a markup language document for the encrypted web page includes program code to request a user ID and password from a user of the computer and to determine whether the user is authorized to access the web page, and if so, to decrypt the web page; and
  
  the computer invoking the program code, in response to a user request to display the encrypted web page, and in response to the determination of authorization of the user to access the web page, the computer decrypting the web page and displaying the web page at the computer.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the program code, when executed by the computer, performs the steps of:
    - receiving a request to access the encrypted web page, and in response, requesting the user ID and the password from the user;
      
      performing a one-way hash function on the user password to generate a hash value;
      
      searching an access control table for the hash value which indicates an authorization for the user to access the encrypted web page and corresponds to a document password encrypted with the user password;
      
      decrypting the document password using the user password; and
      
      decrypting the encrypted web page using the decrypted document password.
  - 15. The method of claim 14, wherein the hash value also corresponds to an expiration date, and wherein the step of decrypting the encrypted web page further comprises the steps of:
    - comparing the expiration date with a current date; and
      
      decrypting the encrypted web page in response to determining that the current date is before the expiration date.
  - 16. The method of claim 14, wherein the hash value corresponds to a plurality of user IDs.
  - 17. The method of claim 14, wherein an access to the access control table is provided as a service in a cloud environment.
  - 18. The method of claim 14, wherein the hash value corresponds to a security role and wherein the step of decrypting the encrypted web page further comprises decrypting the encrypted web page in accordance with the security role.

19. A computer program product for controlling access to an encrypted web page, the computer program product comprising one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more computer-readable tangible storage devices, the program instructions comprising:
- program instructions to receive an email message, wherein the email message comprises a hyperlink to the encrypted web page and wherein a markup language document for the encrypted web page includes program code to request a user ID and password from a user of the computer and to determine whether the user is authorized to access the web page, and if so, to decrypt the web page; and
  
  program instructions to invoke the program code, in response to a user request to display the encrypted web page, and in response to the determination of authorization of the user to access the web page, program instructions to decrypt the web page and to display the web page at the computer.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer program product of claim 19, wherein the program code comprises:
    - program instructions to receive a request to access the encrypted web page, and in response, to request the user ID and the password from the user;
      
      program instructions to perform a one-way hash function on the user password to generate a hash value;
      
      program instructions to search an access control table for the hash value which indicates an authorization for the user to access the encrypted web page and corresponds to a document password encrypted with the user password;
      
      program instructions to decrypt the document password using the user password; and
      
      program instructions to decrypt the encrypted web page using the decrypted document password.
  - 21. The computer program product of claim 20, wherein the hash value also corresponds to an expiration date and wherein the program instructions to decrypt the encrypted web page further comprise:
    - program instructions to compare the expiration date with a current date; and
      
      program instructions to decrypt the encrypted web page if the current date is before the expiration date.
  - 22. The computer program product of claim 20, wherein the hash value corresponds to a plurality of user IDs.
  - 23. The computer program product of claim 20, wherein an access to the access control table is provided as a service in a cloud environment.
  - 24. The computer program product of claim 20, wherein the hash value corresponds to a security role and wherein the program instructions to decrypt the encrypted web page further comprise program instructions to decrypt the encrypted web page in accordance with the security role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Brown, Douglas S., Kelley, John F., Torres, Robert J., Seager, Todd

Granted Patent

US 8,543,836 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 61/4523   using lightweight directory...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

LIGHTWEIGHT DOCUMENT ACCESS CONTROL USING ACCESS CONTROL LISTS IN THE CLOUD STORAGE OR ON THE LOCAL FILE SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

LIGHTWEIGHT DOCUMENT ACCESS CONTROL USING ACCESS CONTROL LISTS IN THE CLOUD STORAGE OR ON THE LOCAL FILE SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links