Information security architecture for encrypting documents for remote access while maintaining access control
First Claim
1. A method of controlling distribution of electronic information, comprising:
- retrieving, at a user location, a segment of encrypted electronic information;
receiving, from a key server, a copy of a decryption key for the segment, and at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control distribution of the electronic information;
destroying the copy of the decryption key at the user location in response to said accessing;
rendering the decrypted segment in response to said accessing; and
destroying the decrypted segment in response to said rendering.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for encrypting electronic information such as a document so that only users with permission may access the document in decrypted form. The process of encrypting the information includes selecting a set of policies as to who may access the information and under what conditions. A remote server stores a unique identifier for the information and associates an encryption/decryption key pair and access policies with the information. Software components residing on the author'"'"'s computer retrieve the encryption key from the remote server, encrypt the information, and store the encrypted information at a location chosen by the author. A user wishing to access the information acquires the encrypted information electronically. Software components residing on the viewing user'"'"'s computer retrieve the associated decryption key and policies, decrypt the information to the extent authorized by the policies, and immediately delete the decryption key from the viewing user'"'"'s computer upon decrypting the information and rendering the clear text to the viewing user'"'"'s computer screen. The software components are also capable of prohibiting functional operations by the viewing user'"'"'s computer while the clear text is being viewed.
-
Citations
13 Claims
-
1. A method of controlling distribution of electronic information, comprising:
-
retrieving, at a user location, a segment of encrypted electronic information;
receiving, from a key server, a copy of a decryption key for the segment, and at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control distribution of the electronic information;
destroying the copy of the decryption key at the user location in response to said accessing;
rendering the decrypted segment in response to said accessing; and
destroying the decrypted segment in response to said rendering. - View Dependent Claims (2)
-
-
3. A method of viewing encrypted electronic information on a display, comprising:
-
retrieving, at a user location, a segment of encrypted electronic information;
receiving, from a remote server, a decryption key for the segment;
decrypting the segment using the decryption key;
destroying, at the user location, the decryption key in response to said decrypting;
rendering the segment as decrypted; and
destroying, at the user location, the segment as decrypted in response to said rendering. - View Dependent Claims (5, 6, 7, 8)
-
-
4. The method of claim 4, further comprising providing an encrypted communication channel, wherein said receiving occurs over the encrypted communication channel.
-
9. A method of encrypting information, comprising:
-
providing, at a user location, electronic information having at least one segment;
receiving, from a remote server, an encryption key for a segment of said at least one segment, the encryption key being associated with a decryption key;
associating at least one access precondition with the decryption key;
encrypting the segment with the encryption key;
destroying, at the user location, the encryption key and any unencrypted versions of said segment in response to said encrypting. - View Dependent Claims (10, 11, 12, 13)
-
Specification