System for electronic repository of data enforcing access control on data retrieval

US 6,839,843 B1
Filed: 12/10/1999
Issued: 01/04/2005
Est. Priority Date: 12/23/1998
Status: Expired due to Term

First Claim

Patent Images

1. A secure electron data storage and retrieval system with the electronic data stored therein maintained secure from the repository manager, comprising:

a data repository;

a repository manager for managing storage and retrieval of encrypted electronic data of a deposing computer into and out of the data repository;

an agent program of the depositing computer, accessible to the repository manager whether the depositing computer is online or off-line, the agent program having means in an environment secure from the repository manager to decrypt, on authentication of a requesting computer, the encrypted electronic data of the depositing computer retrieved from the data repository on request of the requesting computer;

where the repository manager is further adapted to digitally sign the encrypted electronic prior to storage in the data repository, and to forward a copy of the signed encrypted data to the agent program of the depositing computer, and wherein the agent program of the depositing computer is adapted to verify in the environment secure from the repository manager against the signed encrypted data, the retrieved encrypted electronic following decryption; and

where the agent program is further adapted to forward the decrypted electronic data directly from the environment secure from the repository manager to the requesting computer without providing access to the repository manager.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository'"'"'s vault signs the encrypted document itself before storing the document in the electronic repository and returns to the originator'"'"'s vault proof of deposit of the encrypted document in the form of a copy of the signed encrypted document. An access control list identifying access ownership privileges for the document are also stored in the repository. Updates to the access control list are under the control of document originator, or another computer designated by the document originator. When a request is made to view the document, it is made from the vault of the requesting party (a secure extension of the requesting party'"'"'s work space) to the repository'"'"'s vault. The repository'"'"'s vault retrieves a copy of the encrypted document which it forwards, along with the requestor'"'"'s identity to the originator'"'"'s vault. The originator'"'"'s vault verifies that the access control is valid, then verifies that the requestor is authorized to view the document from the access control list, then decrypts the document and forwards the decrypted document directly to the requestor'"'"'s vault. The requestor provides proof of receipt of the decrypted document.

Citations

18 Claims

1. A secure electron data storage and retrieval system with the electronic data stored therein maintained secure from the repository manager, comprising:
- a data repository;
  
  a repository manager for managing storage and retrieval of encrypted electronic data of a deposing computer into and out of the data repository;
  
  an agent program of the depositing computer, accessible to the repository manager whether the depositing computer is online or off-line, the agent program having means in an environment secure from the repository manager to decrypt, on authentication of a requesting computer, the encrypted electronic data of the depositing computer retrieved from the data repository on request of the requesting computer;
  
  where the repository manager is further adapted to digitally sign the encrypted electronic prior to storage in the data repository, and to forward a copy of the signed encrypted data to the agent program of the depositing computer, and wherein the agent program of the depositing computer is adapted to verify in the environment secure from the repository manager against the signed encrypted data, the retrieved encrypted electronic following decryption; and
  
  where the agent program is further adapted to forward the decrypted electronic data directly from the environment secure from the repository manager to the requesting computer without providing access to the repository manager.
- View Dependent Claims (2, 3, 4)
- - 2. The system, according to claim 1, wherein the agent program is a secure extension of the deposing computer and is adapted to manage communications between the depositing computer and the repository manager.
  - 3. The system, according to claim 2, further comprising a server having communication links with the repository manager, the depositing computer and the requesting computer, the server housing:
    - the agent program of the depositing computer and the environment secure from the repository manger;
      
      a second environment comprising a secure extension of the repository manager, said second environment adapted to manage communications to and from other environments on the server with the repository manager and at least a third environment comprising a secure extension of the requesting computer, said third environment adapted to manage commutations to and from other environments on the server with the requesting computer.
  - 4. The system, according to claim 3, wherein the agent program of the depositing computer comprises means to crypt and dilly sign electronic data received tom the depositing computer, and to forward the encrypted electronic data and signature to the repository manager for storage in the depositing computers data repository.

5. A process for authenticating user access to electronic data stored in a data repository secure from a repository manager unrelated to a source of the electronic data, comprising:
- associating an access control list of user authorizations with the electronic data when stored in the data repository in an environment secure from the repository manager;
  
  effecting updates to the access control list only from the source of the electronic data;
  
  storing the updated access control list with the electronic data stored in the data repository in an environment secure from the repository manager;
  
  storing evidence of the updated access control list at the source of the electronic data and at any use computer to have effected the update;
  
  verifying accuracy of the updated access control list stored with the electronic data in the data repository with the evidence stored at the source before releasing the electronic data to a requesting authorized user;
  
  identifying a revision level of the updated access control list;
  
  associating a current time stop with the updated access control list, where the step of storing evidence comprises;
  
  creating a token of the revision level and current time stamp;
  
  storing the token at every with access to the electronic data in the data repository;
  
  attaching the token to the updated access control list to form a data structure;
  
  digitally signing the data structure;
  
  storing the singed data structure with the updated access control list in the data repository and at the source; and
  
  where the step of verifying accuracy of the updated access control list compromises;
  
  verifying decrypting the data repository and at the source; and
  
  comparing the verified data structure with the updated access control list retrieved from the data repository.
- View Dependent Claims (6, 7)
- - 6. The process of claim 5, wherein the step of storing evidence further comprises:
    - digitally signaling the token; and
      
      storing the signed token at the source.
  - 7. The process of claim 6, further comprising:
    - forwarding the digitally signed token to a user authorized by the source to update the access control list; and
      
      on presentation of the digitally signed token by the user authorized to update the access control list;
      
      verifying the token signature at the source; and
      
      comparing the verified token with the revision level and current time stamp associated with the updated access control list retrieved from the data repository.

8. A process for secure storage and retrieval of electronic data in a rite data repository, comprising:
- digitally signaling the electronic data at a source;
  
  encrypting the electronic data at the source;
  
  forwarding the encrypted electronic data to the data repository;
  
  digitally signing the encrypted electronic data at the data repository to produce a deposit receipt;
  
  storing the encrypted electronic data and deposit receipt in the data repository in an environment fee of access by the data repository manager;
  
  returning a copy of the deposit receipt to the source;
  
  receiving a request from a requesting user, for access to the stored electronic data;
  
  retrieving the encrypted electronic data and forwarding the retrieved data to the source;
  
  verifying the requesting user as authorized to access the electronic data; and
  
  if verified, decrypting the retrieved data by the source and sending it directly to the requesting user without providing access to the data by the repository manager.
- View Dependent Claims (9, 10, 11)
- - 9. The process, according to claim 8, further comprising:
    - associating an access control list of user authorizations with the electronic data when stored in the data repository in the environment free of access by the depository manager;
      
      effecting updates to the access control only list from the source of the electronic data;
      
      storing the updated access control list with the electronic data stored in the data repository; and
      
      storing evidence of the updated access control list at the source and at every user with authorized access to the electronic data in the data repository in areas free form access by the depository manager.
  - 10. The process, according to claim 9, wherein the step of verifying the requesting user as authorized comprises locating the requesting user on the updated access control list.
  - 11. The process, according to claim 10, further comprising the step of verifying accuracy of the idated access control list stored with the electronic data in the data repository with the evidence stored at the source before releasing the electronic data to the requesting user.

12. A computer program product on a computer usable medium for authenticating user access to electronic data stored in a data repository secure from a repository manager unrelated to a source of the electronic data, said computer program product comprising:
- computer software for associating an access control list of user authorizations with the electronic data when stored in the data repository in an environment secure from the repository manager;
  
  computer software for effecting updates to the access control list from the source of electronic data;
  
  computer software for storing the updated access control list with the electronic data stored in the data repository in an environment secure from the repository manager;
  
  computer software for storing the evidence of the updated access control list at the source of the electronic data and at any user computer to have effected the update;
  
  computer software for verifying accuracy of the updated access control list stored with the electronic data in the data repository with the evidence stored at the source before releasing the electronic data to a requesting authorized user;
  
  where the computer software for effecting updates to the access control list comprises;
  
  computer software for identifying a revision level of the updated access control list; and
  
  computer software for associating a current time stamp with the updated access control list; and
  
  where the step of storing evidence comprises;
  
  computer software for creating a token of the revision level and current time stamp; and
  
  computer software for storing the token at every user with access to the electronic data in the data repository;
  
  computer software for attaching the token to the updated access control list to form a data structure;
  
  computer software for digitally the signing the data structure computer software for storing the signed data structure with the updated access control list in the data repository and at the source; and
  
  where the software for verifying accuracy of the updated access control list comprises;
  
  computer software for verifying decrypting the data structure signature at the source; and
  
  computer software for comparing the verified data structure with the updated access control list retrieved from data repository.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The program product of claim 12, wherein the computer software for storing evidence further comprises:
    - computer software for digitally signing the token; and
      
      computer software for storing the signed token at the source.
  - 14. The program product of claim 13, further comprising:
    - computer software for forwarding the digitally signed token to a user authorized by the source to update the access control list, and on presentation of the digitally signed token by the user authorized to update the access control list verifying the token signature at the source, and comparing the verified token with the revision level and current time stamp associated hit the updated access control list retrieved from the data repository.
  - 15. The computer program product according to claim 12, further comprising:
    - computer software for associating an access, control list of user authorizations with the electronic data when stored in the data repository in an environment free of access by the depository manager;
      
      computer software for effecting updates to the access control list only from the source of the electronic data;
      
      computer software for storing the updated access control list with the electronic data stored in the data repository; and
      
      computer software for storing evidence of the updated access cool list at the source and at every user with authorized access to the electronic data in the data repository in areas free from access by the depository manager.
  - 16. The computer program product according to claim 15 wherein the computer software for verifying the requesting user as authorized comprises computer software for locating the requesting user on the updated access control list.

17. The computer program product according to clam 16, further comprising computer software for verifying accuracy of the updated access control list stored with the electronic data in the data repository with the evidence stored at the source before releasing the electronic data to the requesting user.

18. A computer program Product on a computer for secure storage and retrieval of electronic dam in a remote data repository, comprising:
- computer software for digitally signing the electronic data at a source;
  
  computer software for encrypting the electronic data at the source;
  
  computer software for forwarding the encrypted electronic data to the data repository;
  
  computer software for storing the encrypted electronic data and deposit receipt in the data repository in an environment free of access by the data depository manager;
  
  computer software for returning a copy of the deposit receipt to the source;
  
  computer software for receiving a request from a requesting user, for access to the stored electronic data;
  
  computer software for retrieving the encrypted electronic data and forwarding the retrieved data the source;
  
  computer software for verifying the requesting user as authorized to access the electronic data; and
  
  computer software at the source for decrypting the retrieved data when verified and sending it directly to the requesting user without providing access to the data repository manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Carroll, Robert Bruce, Tchao, Sung Wei, Bacha, Hanid, Nirlas, Lev
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
TRUONG, THANHNGA B

Application Number

US09/459,239
Time in Patent Office

1,852 Days
Field of Search

713/176, 713/156, 713/201, 713/155, 380/258, 380/281, 707/9, 707/103.R, 707/103.Z, 707/103.Y
US Class Current

713/176
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

System for electronic repository of data enforcing access control on data retrieval

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for electronic repository of data enforcing access control on data retrieval

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links