Selective data encryption using style sheet processing

US 6,931,532 B1
Filed: 10/21/1999
Issued: 08/16/2005
Est. Priority Date: 10/21/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product embodied on computer readable media readable by a computing system in a computing environment, for enforcing security policy using style sheet processing, comprising:

computer-readable program code for obtaining an input document;

computer-readable program code for obtaining a Document Type Definition (DTD) that defines elements of said input document, wherein;

(1) an attribute of at least one element defined in said DTD references one of a plurality of stored policy enforcement objects;

(2) more than one of said references may reference a single stored policy enforcement object; and

(3) each of said stored policy enforcement objects specifies a visibility policy for said referencing element or elements, said visibility policy identifying an encryption requirement for all elements having that visibility policy and a community whose members are authorized to view those elements;

computer-readable program code for applying one or more style sheets to said input document, thereby adding markup notation to each element of said input document for which said element definition in said DTD references one of said stored policy enforcement objects specifying a visibility policy with a non-null encryption requirement, resulting in creation of an interim transient document that indicates elements of said input document which are to be encrypted; and

computer-readable program code for creating an output document in which each element of said interim transient document for which markup notation has been added is encrypted in a manner that enables each community member that is authorized to view that element to use key distribution material associated with the output document to decrypt the encrypted element, and that precludes decryption of the encrypted element by unauthorized community members.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.

Citations

60 Claims

1. A computer program product embodied on computer readable media readable by a computing system in a computing environment, for enforcing security policy using style sheet processing, comprising:
- computer-readable program code for obtaining an input document;
  
  computer-readable program code for obtaining a Document Type Definition (DTD) that defines elements of said input document, wherein;
  
  (1) an attribute of at least one element defined in said DTD references one of a plurality of stored policy enforcement objects;
  
  (2) more than one of said references may reference a single stored policy enforcement object; and
  
  (3) each of said stored policy enforcement objects specifies a visibility policy for said referencing element or elements, said visibility policy identifying an encryption requirement for all elements having that visibility policy and a community whose members are authorized to view those elements;
  
  computer-readable program code for applying one or more style sheets to said input document, thereby adding markup notation to each element of said input document for which said element definition in said DTD references one of said stored policy enforcement objects specifying a visibility policy with a non-null encryption requirement, resulting in creation of an interim transient document that indicates elements of said input document which are to be encrypted; and
  
  computer-readable program code for creating an output document in which each element of said interim transient document for which markup notation has been added is encrypted in a manner that enables each community member that is authorized to view that element to use key distribution material associated with the output document to decrypt the encrypted element, and that precludes decryption of the encrypted element by unauthorized community members.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The computer program product according to claim 1, wherein said markup notation in said interim transient document comprises tags of a markup language.
  - 3. The computer program product according to claim 1, wherein said input document is specified in an Extensible Markup Language (XML) notation.
  - 4. The computer program product according to claim 3, wherein said output document is specified in said XML notation.
  - 5. The computer program product according to claim 1, wherein said stored policy enforcement objects further comprise computer-readable program code for overriding a method for evaluating said elements of said input document, and wherein said computer-readable program code for applying said one or more style sheets further comprises computer program code for invoking said computer-readable program code for overriding, thereby causing said markup notation to be added.
  - 6. The computer program product according to claim 5, wherein said style sheets are specified in an Extensible Stylesheet Language (XSL) notation.
  - 7. The computer program product according to claim 6, wherein said method is a value-of method of said XSL notation, and wherein said computer-readable program code for overriding said value-of method is by subclassing said value-of method.
  - 8. The computer program product according to claim 5, wherein:
    - said overriding method comprises;
      
      computer-readable program code for generating said markup notation as encryption tags; and
      
      computer-readable program code for inserting said generated encryption tags into said interim transient document to surround elements of said interim transient document for which said visibility policy of said elements in said input document have said non-null encryption requirement; and
      
      said computer-readable program code for creating said output document further comprises computer-readable program code for encrypting those elements surrounded by said inserted encryption tags.
  - 9. The computer program product according to claim 1, wherein said encryption requirement further comprises specification of an encryption algorithm to be used when encrypting elements having that visibility policy.
  - 10. The computer program product according to claim 1, wherein said encryption requirement further comprises specification of an encryption algorithm strength value to be used when encrypting elements having that visibility policy.
  - 11. The computer program product according to claim 1, wherein said computer-readable program code for creating said output document further comprises:
    - computer-readable program code for generating a distinct symmetric key for each unique one of said communities identified by said visibility policy in said stored policy objects for each of said elements of said input document; and
      
      computer-readable program code for encrypting said distinct symmetric keys separately for each of said members of said community for which said symmetric key was generated, thereby creating member-specific versions of each of said distinct symmetric keys.
  - 12. The computer program product according to claim 11, wherein said computer-readable program code for encrypting each of said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions.
  - 13. The computer program product according to claim 1, wherein said encrypted elements in said created output document are encrypted using a cipher block chaining mode encryption process.
  - 14. The computer program product according to claim 11, further comprising:
    - computer-readable program code for creating a key class for each of said unique communities, wherein said key class is associated with each of said encrypted elements of said output document for which members of this unique community are authorized viewers, and wherein said key class comprises;
      
      (1) an encryption algorithm identifier and key length used when encrypting said associated encrypted elements;
      
      (2) an identifier of each member of said unique community; and
      
      (3) one of said member-specific versions of said encrypted symmetric key for each of said identified community members.
  - 15. The computer program product according to claim 11, further comprising:
    - computer-readable program code for decrypting, for an individual user or process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising;
      
      computer-readable program code for determining zero or more of said communities of which said individual user or process is one of said members;
      
      computer-readable program code for decrypting, for each of said determined communities, said member-specific version of said symmetric key, thereby creating a decrypted key; and
      
      computer-readable program code for decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined communities.
  - 16. The computer program product according to claim 14,wherein said computer-readable program code for encrypting each of said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions and further comprising:
    - computer-readable program code for decrypting, for an individual user or process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising;
      
      computer-readable program code for determining zero or more of said key classes which identify said individual user or process as one of said members;
      
      computer-readable program code for decrypting, for each of said determined key classes, said member-specific version of said encrypted symmetric key, using a private key of said individual user or process, thereby creating a decrypted key; and
      
      computer-readable program code for decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined key classes.
  - 17. The computer program product according to claim 15 or claim 16, further comprising computer-readable program code for substituting a predetermined text message for any encrypted elements in said output document which cannot be decrypted for said individual user or process.
  - 18. The computer program product according to claim 1, wherein said DTD is replaced by a schema.
  - 19. The computer program product according to claim 1, wherein said encryption requirement further comprises specification of an encryption key length.
  - 20. The computer program product according to claim 8, wherein said inserted encryption tags may surround either values of said elements or values and tags of said elements.

21. A system for enforcing security policy using style sheet processing in a computing environment, comprising:
- an input document;
  
  a Document Type Definition (DTD) that defines elements of said input document, wherein;
  
  (1) an attribute of at least one element defined in said DTD references one of a plurality of stored policy enforcement objects;
  
  (2) more than one of said references may reference a single stored policy enforcement object; and
  
  (3) each of said stored policy enforcement objects specifies a visibility policy for said referencing element of elements, said visibility policy identifying an encryption requirement for all elements having that visibility policy and a community whose members are authorized to view those elements;
  
  means for applying one or more style sheets to said input document, thereby adding markup notation to each element of said input document for which said element definition in said DTD references one of said stored policy enforcement objects specifying a visibility policy with a non-null encryption requirement, resulting in creation of an interim transient document that indicates elements of said input document which are to be encrypted; and
  
  means for creating an output document in which each element of said interim transient document for which markup notation has been added is encrypted in a manner that enables each community member that is authorized to view that element to use key distribution material associated with the output document to decrypt the encrypted element, and that precludes decryption of the encrypted element by unauthorized community members.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. The system according to claim 21, wherein said markup notation in said interim transient document comprises tags of a markup language.
  - 23. The system according to claim 21, wherein said input document is specified in an Extensible Markup Language (XML) notation.
  - 24. The system according to claim 23, wherein said output document is specified in said XML notation.
  - 25. The system according to claim 21, wherein said stored policy enforcement objects further comprise means for overriding a method for evaluating said elements of said input document, and wherein said means for applying said one or more style sheets further comprises means for invoking said means for overriding, thereby causing said markup notation to be added.
  - 26. The system according to claim 25, wherein said style sheets are specified in an Extensible Stylesheet Language (XSL) notation.
  - 27. The system according to claim 26, wherein said method is a value-of method of said XSL notation, and wherein said means for overriding said value-of method is by subclassing said value-of method.
  - 28. The system according to claim 25, wherein:
    - said overriding method comprises;
      
      means for generating said markup notation as encryption tags; and
      
      means for inserting said generated encryption tags into said interim transient document to surround elements of said interim transient document for which said visibility policy of said elements in said input document have said, non-null encryption requirement; and
      
      said means for creating said output document further comprises means for encrypting those elements surrounded by said inserted encryption tags.
  - 29. The system according to claim 21, wherein said encryption requirement further comprises specification of an encryption algorithm to be used when encrypting elements having that visibility policy.
  - 30. The system according to claim 21, wherein said encryption requirement further comprises specification of an encryption algorithm strength value to be used when encrypting elements having that visibility policy.
  - 31. The system according to claim 21, wherein said means for creating said output document further comprises:
    - means for generating a distinct symmetric key for each unique one of said communities identified by said visibility policy in said stored policy objects for each of said elements of said input document; and
      
      means for encrypting said distinct symmetric keys separately for each of said members of said community for which said symmetric key was generated, thereby creating member-specific versions of each of said distinct symmetric keys.
  - 32. The system according to claim 31, wherein said means for encrypting each of said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions.
  - 33. The system according to claim 21, wherein said encrypted elements in said created output document are encrypted using a cipher block chaining mode encryption process.
  - 34. The system according to claim 31, further comprising:
    - means for creating a key class for each of said unique communities, wherein said key class is associated with each of said encrypted elements of said output document for which members of this unique community are authorized viewers, and wherein said key class comprises;
      
      (1) an encryption algorithm identifier and key length used when encrypting said associated encrypted elements;
      
      (2) an identifier of each member of said unique community; and
      
      (3) one of said member-specific versions of said encrypted symmetric key for each of said identified community members.
  - 35. The system according to claim 31, further comprising:
    - means for decrypting, for an individual user or process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising;
      
      means for determining zero or more of said communities of which said individual user or process is one of said members;
      
      means for decrypting, for each of said determined communities, said member-specific version of said symmetric key, thereby creating a decrypted key; and
      
      means for decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined communities.
  - 36. The system according to claim 34, wherein said means for encrypting each of said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions and further comprising:
    - means for decrypting, for an individual user of process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising;
      
      means for determining zero or more of said key classes which identify said individual user or process as one of said members;
      
      means for decrypting, for each of said determined key classes, said member-specific version of said encrypted symmetric key, using a private key of said individual user or process, thereby creating a decrypted key; and
      
      means for decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined key classes.
  - 37. The system according to claim 35 or claim 36 further comprising means for substituting a predetermined text message for encrypted elements in said output document which cannot be decrypted for said individual user or process.
  - 38. The system according to claim 21, wherein said DTD is replaced by a schema.
  - 39. The system according to claim 21, wherein said encryption requirement further comprises specification of an encryption key length.
  - 40. The system according to claim 28, wherein said inserted encryption tags may surround either values of said elements or values and tags of said elements.

41. A method for enforcing security policy using style sheet processing in a computing environment, comprising:
- providing an input document;
  
  providing a Document Type Definition (DTD) that defines elements of said input document, wherein;
  
  (1) an attribute of at least one element defined in said DTD references one of a plurality of stored policy enforcement objects;
  
  (2) more than one of said references may reference a single stored policy enforcement object; and
  
  (3) each of said stored policy enforcement objects specifies a visibility policy for said referencing element of elements, said visibility policy identifying an encryption requirement for all elements having that visibility policy and a community whose members are authorized to view those elements;
  
  applying one or more style sheets to said input document, thereby adding markup notation to each element of said input document for which said element definition in said DTD references one of said stored policy enforcement objects specifying a visibility policy with a non-null encryption requirement, resulting in creation of an interim transient document that indicates elements of said input document which are to be encrypted; and
  
  creating an output document in which each element of said interim transient document for which markup notation has been added is encrypted in a manner that enables each community member that is authorized to view that element to use key distribution material associated with the output document to decrypt the encrypted element, and that precludes decryption of the encrypted element by unauthorized community members.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 42. The method according to claim 41, wherein said markup notation in said interim transient document comprises tags of a markup language.
  - 43. The method according to claim 41, wherein said input document is specified in an Extensible Markup Language (XML) notation.
  - 44. The method according to claim 43, wherein said output document is specified in said XML notation.
  - 45. The method according to claim 41, wherein said stored policy enforcement objects further comprise executable code for overriding a method for evaluating said elements of said input document, and wherein said applying one or more style sheets to said input document step further comprises overriding said method for evaluating, thereby causing said markup notation to be added.
  - 46. The method according to claim 45, wherein said style sheets are specified in an Extensible Stylesheet Language (XSL) notation.
  - 47. The method according to claim 46, wherein said method is a value-of method of said XSL notation, and wherein said overriding said value-of method is by subclassing said value-of method.
  - 48. The method according to claim 45, wherein:
    - said overriding further comprises;
      
      generating said markup notation as encryption tags; and
      
      inserting said generated encryption tags into said interim transient document to surround elements of said interim transient document for which said visibility policy of said elements in said input document have said non-null encryption requirement; and
      
      said creating said output document further comprises the encrypting those elements surrounded by said inserted encryption tags.
  - 49. The method according to claim 41, wherein said encryption requirement further comprises specification of an encryption algorithm to be used when encrypting elements having that policy.
  - 50. The method according to claim 41, wherein said encryption requirement further comprises specification of an encryption algorithm strength value to be used when encrypting elements having that policy.
  - 51. The method according to claim 41, wherein said creating said output document further comprises:
    - generating a distinct symmetric key for each unique one of said communities identified by said visibility policy in said stored policy objects for each of said elements of said input document; and
      
      encrypting said distinct symmetric keys separately for each of said members of said community for which said symmetric key was generated, thereby creating member-specific versions of each of said distinct symmetric keys.
  - 52. The method according to claim 51, wherein said encrypting each of said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions.
  - 53. The method according to claim 41, wherein said encrypted elements in said created output document are encrypting using a cipher block chaining mode encryption process.
  - 54. The method according to claim 52, further comprising:
    - creating a key class for each of said unique communities, wherein said key class is associated with each of said encrypted elements of said output document for which members of this unique community are authorized viewers, and wherein said key class comprises;
      
      (1) an encryption algorithm identifier and key length used when encrypting said associated encrypted elements;
      
      (2) an identifier of each member of said unique community; and
      
      (3) one of said member-specific versions of said encrypted symmetric key for each of said identified community members.
  - 55. The method according to claim 51, further comprisingdecrypting, for an individual user or process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising:
    - determining zero or more of said communities of which said individual user or process is one of said members;
      
      decrypting, for each of said determined communities, said member-specific version of said symmetric key, thereby creating a decrypted key; and
      
      decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined communities.
  - 56. The method according to claim 54, wherein said encrypting said distinct symmetric keys separately for each of said members uses a public key of said community member as input when creating each of said member-specific versions and further comprising:
    - decrypting, for an individual user or process, only those encrypted elements in said output document for which said individual user or process is one of said authorized community members, further comprising;
      
      determining zero or more of said key classes which identify said individual user or process as one of said members;
      
      decrypting, for each of said determined key classes, said member-specific version of said encrypted symmetric key, using a private key of said individual user or process, thereby creating a decrypted key; and
      
      decrypting selected ones of said encrypted elements in said output document using said decrypted keys, wherein said selected ones of said encrypted elements are those which were encrypted for one of said determined key classes.
  - 57. The method according to claim 55 or claim 56, further comprising substituting a predetermined text message for any encrypted elements in said output document which cannot be decrypted for said individual user or process.
  - 58. The method according to claim 41, wherein said DTD is replaced by a schema.
  - 59. The method according to claim 41, wherein said encryption requirement further comprises specification of an encryption key length.
  - 60. The method according to claim 48, wherein said inserted encryption tags may surround either values of said elements or values and tags of said elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hind, John R., Davis, Mark C., Topol, Brad B., Peters, Marcia L.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Tran, Tongoc

Application Number

US09/422,430
Time in Patent Office

2,126 Days
Field of Search

713200-201, 713/165, 713/167, 713/155, 713/189, 713/182, 713/150, 713/161, 713/166, 713/170, 713/176, 713/162, 713/169, 713/171, 713/157, 713/175, 380/273, 380/277, 380/286, 380/44, 380/28, 380/282, 380/259, 705/51, 705/71, 705/76, 705/72, 705/52, 705/75, 705/78
US Class Current

713/167
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/88   Medical equipments

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

Selective data encryption using style sheet processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Selective data encryption using style sheet processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links