Method and apparatus for collaborative document control
First Claim
1. A method for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion each portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of collaboratively encrypting the document and restricting access to the data portion of the resulting collaboratively encrypted document.
16 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are disclosed for controlling collaborative access to a work group document by the users of a computer system. A combination of public-key cryptographic methods, symmetric cryptographic methods, and message digest generation methods are used. The document has a data portion and a prefix portion. A computer-implemented collaborative encryption method uses structures in the prefix portion to restrict access to the information stored in the data portion. Users who are currently members of a collaborative group can readily access the information, while users who are not currently members of the group cannot. Other structures in the prefix portion support collaborative signatures, such that members of the group can digitally sign a particular version of the data portion. These collaborative signatures can then be used to identify the signing member and to determine if changes in the data portion were made after the collaborative signature was linked to the document.
-
Citations
70 Claims
-
1. A method for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion each portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of collaboratively encrypting the document and restricting access to the data portion of the resulting collaboratively encrypted document.
-
2. A method for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion, each portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of collaboratively encrypting the document and restricting access to the data portion of the resulting collaboratively encrypted document, wherein said step of collaboratively encrypting the document comprises the steps of:
-
encrypting at least a portion of the document using a document key; identifying a collaborative group which contains at least one member, each member having a corresponding member identifier; obtaining a public key for each member of the collaborative group, each public key having a corresponding private key, the public and private keys being generated by a public-key cryptographic method; and linking each member identifier with a corresponding encrypted copy of the document key and with the document, each encrypted copy of the document key being created by using the public key of the member identified by the member identifier. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion, each portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of collaboratively encrypting the document and restricting access to the data portion of the resulting collaboratively encrypted document, wherein said restricting step comprises the steps of:
-
detecting that the document has been collaboratively encrypted; obtaining a member identifier and a corresponding password from the user; and attempting to use the password to obtain the private key of the member identified by the member identifier. - View Dependent Claims (23, 24, 25)
-
-
26. A method for controlling collaborative attribution of a work group document to users of a computer system, the document having a data portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of:
-
identifying an authorized signer; and signing the document with a collaborative digital signature that is based at least in part on the data portion of the document and a key of the authorized signer. - View Dependent Claims (27, 28, 29, 30, 40, 41, 42)
-
-
31. A method for controlling collaborative attribution of a work group document to users of a computer system, the document having a data portion capable of being stored in at least one file in the computer system, said method comprising the computer-implemented steps of identifying an authorized signer, and signing the document with a collaborative digital signature that is based at least in part on the data portion of the document and a key of the authorized signer, wherein said step of signing the document comprises the steps of:
-
generating a message digest based on the current contents of the data portion of the document; obtaining a signer identifier and a corresponding password from a user, the signer identifier identifying a signer of the document; using the password to obtain a private key of the signer from a hierarchical synchronized-partition database maintained by a network operating system, the private key and a corresponding public key being generated by a public-key cryptographic method; encrypting the message digest with the private key; and linking together the signer identifier, the encrypted copy of the message digest, and the document. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
-
43. A computer-readable storage medium having a configuration that represents data and instructions which cause a processor to perform at least one method step for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion, each portion capable of being stored in at least one file in the computer system, the method comprising the computer-implemented step of collaboratively encrypting the document.
-
44. A computer-readable storage medium having a configuration that represents data and instructions which cause a processor to perform at least one method step for controlling collaborative access to a work group document by users of a computer system, the document having a data portion and a prefix portion, each portion capable of being stored in at least one file in the computer system, the method comprising the computer-implemented step of collaboratively encrypting the document, wherein the step of collaboratively encrypting the document comprises the steps of:
-
encrypting a data portion of the document using a document key; identifying a collaborative group which contains at least one member, each member having a corresponding member identifier; obtaining a public key for each member of the collaborative group, each public key having a corresponding private key, the public and private keys being generated by a public-key cryptographic method; and linking each member identifier with a corresponding encrypted copy of the document key and with the document, each encrypted copy of the document key being created by using the public key of the member identified by the member identifier. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51)
-
- 52. A computer-readable storage medium having a configuration that represents data and instructions which cause a processor to perform at least one method step for controlling collaborative access to a work group document by users of a computer system, the document having a data portion capable of being stored in at least one file in the computer system, the method comprising the computer-implemented step of collaboratively encrypting the document, wherein the method further comprises the step of restricting access to the data portion of the resulting collaboratively encrypted document.
-
57. A computer-readable storage medium having a configuration that represents data and instructions which cause a processor to perform at least one method step for controlling collaborative attribution of a work group document to users of a computer system, the document having a data portion capable of being stored in at least one file in the computer system, the method comprising the computer-implemented steps of:
-
identifying an authorized signer; and signing the document with a collaborative digital signature that is based at least in part on the data portion of the document and a key of the authorized signer. - View Dependent Claims (58, 59, 60, 61, 68, 69, 70)
-
-
62. A computer-readable storage medium having a configuration that represents data and instructions which cause a processor to perform at least one method step for controlling collaborative attribution of a work group document to users of a computer system, the document having a data portion capable of being stored in at least one file in the computer system, the method comprising the computer-implemented steps of identifying an authorized signer, and signing the document with a collaborative digital signature that is based at least in part on the data portion of the document and a key of the authorized signer, wherein the step of signing the document comprises the steps of:
-
generating a message digest based on the current contents of the data portion of the document; obtaining a signer identifier and a corresponding password from a user, the signer identifier identifying a signer of the document; using the password to obtain a private key of the signer from a hierarchical synchronized-partition database maintained by a network operating system, the private key and a corresponding public key being generated by a public-key cryptographic method; encrypting the message digest with the private key; and linking together the signer identifier, the encrypted copy of the message digest, and the document. - View Dependent Claims (63, 64, 65, 66, 67)
-
Specification