Method of encrypting information for remote access while maintaining access control
First Claim
1. A method of controlling access to a segment of encrypted electronic information, comprising:
- receiving, at the user location from a key server, a copy of a decryption key for the segment, and at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control access to the electronic information;
destroying the copy of the decryption key at the user location in response to said accessing;
rendering the decrypted segment in response to said accessing; and
destroying the decrypted segment in response to said rendering.
10 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for encrypting electronic information such as a document so that only users with permission may access the document in decrypted form. The process of encrypting the information includes selecting a set of policies as to who may access the information and under what conditions. A remote server stores a unique identifier for the information and associates an encryption/decryption key pair and access policies with the information. Software components residing on the author'"'"'s computer retrieve the encryption key from the remote server, encrypt the information, and store the encrypted information at a location chosen by the author. A user wishing to access the information acquires the encrypted information electronically. Software components residing on the viewing user'"'"'s computer retrieve the associated decryption key and policies, decrypt the information to the extent authorized by the policies, and immediately delete the decryption key from the viewing user'"'"'s computer upon decrypting the information and rendering the clear text to the viewing user'"'"'s computer screen. The software components are also capable of prohibiting functional operations by the viewing user'"'"'s computer while the clear text is being viewed.
197 Citations
30 Claims
-
1. A method of controlling access to a segment of encrypted electronic information, comprising:
-
receiving, at the user location from a key server, a copy of a decryption key for the segment, and at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control access to the electronic information;
destroying the copy of the decryption key at the user location in response to said accessing;
rendering the decrypted segment in response to said accessing; and
destroying the decrypted segment in response to said rendering. - View Dependent Claims (2)
-
-
3. A method of accessing a segment of encrypted electronic information on a display, comprising:
-
receiving, from a remote server, a decryption key for the segment;
decrypting the segment using the decryption key;
destroying, at the user location, the decryption key in response to said decrypting;
rendering the segment as decrypted; and
destroying, at the user location, the segment as decrypted in response to said rendering. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A method of controlling access to a segment of encrypted electronic information, comprising:
-
accessing, at the user location, a segment using a decryption key for the segment and a control process, the control process responsive to a user limitation to control access to the electronic information;
rendering, at the user location, the decrypted segment; and
destroying, at the user location, the decrypted segment in response to said rendering. - View Dependent Claims (10)
-
-
11. A method of accessing a segment of encrypted electronic information on a display, comprising:
-
decrypting the segment using a decryption key;
rendering the segment as decrypted; and
destroying the segment as decrypted in response to said rendering.
-
-
12. A method of controlling access to a segment of encrypted electronic information, comprising:
-
receiving, at the user location from a key server, a copy of a decryption key for the segment, and at least one user limitation assigned to the segment and associated with the decryption key;
accessing the segment using the copy of the decryption key at the user location for the segment and a control process, the control process responsive to a user limitation to control access to the electronic information;
destroying the copy of the decryption key at the user location in response to said accessing;
rendering, pursuant to preprogrammed computer control, the decrypted; and
destroying, pursuant to preprogrammed computer control, the decrypted segment. - View Dependent Claims (13)
-
-
14. A method of viewing a segment of encrypted electronic information on a display, comprising:
-
receiving, from a remote server, a decryption key for the segment;
decrypting the segment using the decryption key;
destroying, at the user location, the decryption key in response to said decrypting;
rendering the segment as decrypted; and
destroying, at the user location and pursuant to preprogrammed computer control, the segment as decrypted. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method of controlling access to a segment of encrypted electronic information, comprising:
-
accessing, at the user location, a segment using a decryption key for the segment and a control process, the control process responsive to a user limitation to control access to the electronic information;
rendering, at the user location, the decrypted segment; and
destroying, at the user location and pursuant to preprogrammed computer control, the decrypted segment. - View Dependent Claims (21)
-
-
22. A method of viewing a segment of encrypted electronic information on a display, comprising:
-
decrypting the segment using a decryption key;
rendering the segment as decrypted; and
destroying, pursuant to preprogrammed computer control, the segment as decrypted.
-
-
23. A method of readying a computer to limit access to a segment of encrypted electronic information, comprising:
-
preparing a computer software program capable of operating in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
render the segment as decrypted; and
destroy, at the user location, the segment as decrypted in response to said rendering; and
installing the computer software program on a computer.
-
-
24. A system for controlling access to a segment of encrypted electronic content, comprising:
-
a computer program designed to operate in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
render the segment as decrypted; and
destroy, at the user location, the segment as decrypted in response to said rendering; and
a computer readable medium on which said computer program is resident.
-
-
25. A method of readying a computer to limit access to a segment of encrypted electronic information, comprising:
-
preparing a computer software program capable of operating in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
render the segment as decrypted; and
destroy, at the user location and pursuant to preprogrammed computer control, the segment as decrypted; and
installing the computer software program on a computer.
-
-
26. A system for controlling access to a segment of encrypted electronic content, comprising:
-
a computer program designed to operate in conjunction with computer hardware and other computer software to;
decrypt the segment using a decryption key;
render the segment as decrypted; and
destroy, at the user location and pursuant to preprogrammed computer control, the segment as decrypted; and
a computer readable medium on which said computer program is resident.
-
-
27. A method of readying a computer to limit access to a segment of encrypted electronic information, comprising:
-
preparing a computer software program capable of operating in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
destroy the decryption key after decrypting the segment;
render the segment as decrypted; and
destroy, at the user location, the segment as decrypted in response to said rendering; and
installing the computer software program on a computer.
-
-
28. A system for controlling access to a segment of encrypted electronic content, comprising:
-
a computer program designed to operate in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
destroy the decryption key after decrypting the segment;
render the segment as decrypted; and
destroy, at the user location, the segment as decrypted in response to said rendering; and
a computer readable medium on which said computer program is resident.
-
-
29. A method of readying a computer to limit access to a segment of encrypted electronic information, comprising:
-
preparing a computer software program capable of operating in conjunction with computer hardware and other computer software to;
decrypt a segment using the decryption key;
destroy the decryption key after decrypting the segment;
render the segment as decrypted; and
destroy, at the user location and under preprogrammed computer control, the segment as decrypted; and
installing the computer software program on a computer.
-
-
30. A system for controlling access to a segment of encrypted electronic content, comprising:
-
a computer program designed to operate in conjunction with computer hardware and other computer software to;
decrypt the segment using a decryption key;
destroy the decryption key after decrypting the segment;
render the segment as decrypted; and
destroy, at the user location under and pursuant to preprogrammed computer control, the segment as decrypted; and
a computer readable medium on which said computer program is resident.
-
Specification