Method and apparatus for combining encryption and steganography in a file control system

US 20130125196A1
Filed: 05/18/2005
Published: 05/16/2013
Est. Priority Date: 05/18/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for improving security of a file control system, the method comprising:

performing, by a computer;

receiving a request from a user to view a file, and in response;

accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies;

whether the user is permitted to create an unencrypted copy of content from the file; and

adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file;

decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and

receiving another request from the user to create a copy of content from the file, and in response;

determining whether the security policy permits the user to create an unencrypted copy of the content from the file;

ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and

preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that improves security of a file control system. During operation the system receives a request from a user to decrypt a file. The system then decrypts the file. Next, the system adds a watermark to the decrypted file which allows the decrypted file to be subsequently traced back to the origin of the decrypted file, thereby improving security of the file control system. Note that the watermark can include a user identifier, an Internet Protocol (IP) address associated with the user, a hardware address or identifier associated with the user, a timestamp, or any other information that can be used to identify the origin of the decrypted file.

21 Citations

View as Search Results

19 Claims

1. A method for improving security of a file control system, the method comprising:
- performing, by a computer;
  
  receiving a request from a user to view a file, and in response;
  
  accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies;
  
  whether the user is permitted to create an unencrypted copy of content from the file; and
  
  adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file;
  
  decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and
  
  receiving another request from the user to create a copy of content from the file, and in response;
  
  determining whether the security policy permits the user to create an unencrypted copy of the content from the file;
  
  ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and
  
  preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving another request from another user to decrypt the file;
      
      determining whether the security policy associated with the file authorizes the another user to access the file;
      
      reporting an error in response to determining that the security policy does not authorize the another user to access the file.
  - 3. The method of claim 1, wherein decrypting the file involves:
    - sending user authentication information to a server; and
      
      receiving a key from the server that can be used to decrypt the file.
  - 4. The method of claim 1, wherein the watermark includes a user identifier, an Internet Protocol (IP) address associated with the user, a hardware address or identifier associated with the user, a timestamp, or any other information that can be used to identify the origin of the decrypted version of the file.
  - 5. The method of claim 1, wherein the method is performed by:
    - a document control system;
      
      a policy server;
      
      a document editor;
      
      a document reader;
      
      ora proxy server that acts as an intermediary between a client and a server.
  - 6. The method of claim 1, further comprising:
    - creating a security policy and associating the security policy with the file, wherein the security policy specifies that, in the event the file is decrypted, a watermark should be added to the decrypted file; and
      
      encrypting the file in response to receiving a request to encrypt the file, wherein the encrypted file remains associated with the security policy.
  - 7. The method of claim 6, wherein the security policy specifies:
    - whether a user can decrypt the file;
      
      whether a user can copy the contents of the file;
      
      whether a user can print the contents of the file;
      
      whether a user can edit the contents of the file;
      
      an encryption technique to encrypt the file;
      
      a key used for encrypting the file;
      
      ora digital watermarking technique to add the watermark to the file as a digital watermark.

8. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for improving security of a file control system, the method comprising:
- receiving a request from a user to view a file, and in response;
  
  accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies;
  
  whether the user is permitted to create an unencrypted copy of content from the file; and
  
  adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file;
  
  decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and
  
  receiving another request from the user to create a copy of content from the file, and in response;
  
  determining whether the security policy permits the user to create an unencrypted copy of the content from the file;
  
  ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and
  
  preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, further comprising:
    - receiving another request from another user to decrypt the file;
      
      determining whether the security policy associated with the file authorizes the another user to access the file;
      
      reporting an error in response to determining that the security policy does not authorize the another user to access the file.
  - 10. The computer-readable storage medium of claim 8, wherein decrypting the file involves:
    - sending user authentication information to a server; and
      
      receiving a key from the server that can be used to decrypt the file.
  - 11. The computer-readable storage medium of claim 8, wherein the watermark includes a user identifier, an Internet Protocol (IP) address associated with the user, a hardware address or identifier associated with the user, a timestamp, or any other information that can be used to identify the origin of the decrypted version of the file.
  - 12. The computer-readable storage medium of claim 8, wherein the method is performed by:
    - a document control system;
      
      a policy server;
      
      a document editor;
      
      a document reader;
      
      ora proxy server that acts as an intermediary between a client and a server.
  - 13. The computer-readable storage medium of claim 8, further comprising:
    - creating a security policy and associating the security policy with the file, wherein the security policy specifies that, in the event the file is decrypted, a watermark should be added to the decrypted file, wherein the watermark contains information indicating when or where the file was decrypted; and
      
      encrypting the file in response to receiving a request to encrypt the file, wherein the encrypted file is still associated with the security policy.
  - 14. The computer-readable storage medium of claim 13, wherein the security policy specifies:
    - whether a user can decrypt the file;
      
      whether a user can copy the contents of the file;
      
      whether a user can print the contents of the file;
      
      whether a user can edit the contents of the file;
      
      an encryption technique to encrypt the file;
      
      a key used for encrypting the file;
      
      ora digital watermarking technique to add the watermark to the file as a digital watermark.

15. A computing device for improving security of a file control system, wherein the computing device comprises a processor configured to execute code for:
- a receiving mechanism configured to receive a request from a user to view a file and to receive another request from the user to create a copy of content from the file;
  
  a policy accessing mechanism configured to access a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies;
  
  whether the user is permitted to create an unencrypted copy of content from the file; and
  
  adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file;
  
  a decrypting mechanism configured to decrypt the file to permit the user to view the decrypted version of the file in response to the receiving mechanism receiving a request from the user to view the file and in response to the policy accessing mechanism determining that the security policy authorizes the user to view the decrypted version of the file, wherein the decrypting mechanism is configured to perform said adding the watermark to the unencrypted copy of the content from the file whenever the decrypting mechanism decrypts the file; and
  
  a content-copying mechanism configured to, in response to the receiving mechanism receiving another request from the user to create a copy of content from the file;
  
  determine whether the security policy permits the user to create an unencrypted copy of the content from the file;
  
  ensure that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein the decrypting mechanism is configured to perform said adding the watermark to the unencrypted copy of the content from the file whenever the decrypting mechanism decrypts the file; and
  
  prevent an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computing device of claim 15, wherein the decrypting mechanism is configured to:
    - send user authentication information to a server; and
      
      receive a key from the server that can be used to decrypt the file.
  - 17. The computing device of claim 15, wherein the watermark includes include a user identifier, an Internet Protocol (IP) address associated with the user, a hardware address or identifier associated with the user, a timestamp, or any other information that can be used to identify the origin of the decrypted version of the file.
  - 18. The computing device of claim 15, wherein the code, when executed by the processor, also:
    - creates a security policy and associates the security policy with the file, wherein the security policy specifies that, in the event the file is decrypted, a watermark should be added to the decrypted file, wherein the watermark contains information indicating when or where the file was decrypted; and
      
      encrypts the file in response to receiving a request to encrypt the file, wherein the encrypted file is still associated with the security policy.
  - 19. The computing device of claim 18, wherein the security policy specifies:
    - whether a user can decrypt the file;
      
      whether a user can copy the contents of the file;
      
      whether a user can print the contents of the file;
      
      whether a user can edit the contents of the file;
      
      an encryption technique to encrypt the file;
      
      a key used for encrypting the file;
      
      ora digital watermarking technique to add the watermark to the file as a digital watermark.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Systems Incorporated (Adobe Inc.)
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Shapiro, William M.

Application Number

US11/132,923
Publication Number

US 20130125196A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/604 Tools and structures for ma...

Method and apparatus for combining encryption and steganography in a file control system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for combining encryption and steganography in a file control system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links