System for electronic repository of data enforcing access control on data search and retrieval
First Claim
Patent Images
1. A computer program product on a computer usable medium for maintaining a secure electronic data search system for a third party electronic data repository in which electronic data file documents are stored in encrypted form in the data repository to prevent access by the repository administrator such a system having a record listing document access privileges for each computer with access to electronic data stored in the repository the program product comprising:
- software for updating a manifest for an electronic data file document stored in the repository;
software for identifying all computers with access to the electronic data file document and for changing such access in an update software for communicating the change in access to all affected computers;
software for updating access privileges records in all affected software; and
software for communicating the access privilege records to the affected computers;
software in a vault of the document originator to encrypt a document that it receives from the originator, prior to forwarding it onto the electric data vault of the repository;
software in a vault of the repository administrator which on receipt of the encrypted document, signs the encrypted document itself before storing the document in the electronic data repository and returns to the originator'"'"'s vault proof of deposition of the encrypted document;
software in a vault of a requesting user to request the repository'"'"'s vault for use of the requested document;
software in the repository'"'"'s vault to retrieve a copy of the document in encrypted form which is forwarded, along with the requester'"'"'s identity, to the originator'"'"'s vault;
software in the originator'"'"'s vault to verify that the requester is authorized to view the document from the access control list using an access control list identifying access ownership privileges for the document stored in the vault itself;
software in the originator'"'"'s vault when the requester has access to decrypt the document and forward the decrypted document directly to the requester'"'"'s vault; and
software in the requester'"'"'s vault to provide proof of receipt of the decrypted document wherein the originators of the electronic data files, users of the electronic data files and the repository administrator all have vaults which are secure extensions of their respective work space.
1 Assignment
0 Petitions
Accused Products
Abstract
When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository'"'"'s vault signs the encrypted document itself before storing the document in the electronic repository and returning to the originator'"'"'s vault proof of deposit of the encrypted document. When a request is made to view the document, it is made from the vault of the requesting party (a secure extension of the requesting party'"'"'s work space) to the repository'"'"'s vault. The repository'"'"'s vault retrieves a copy of the encrypted document which it forwards, along with the requestor'"'"'s identity to the originator'"'"'s vault. The originator'"'"'s vault verifies that the requester is authorized to view the document from the access control list using an access control list identifying access ownership privileges for the document stored in the vault itself. If the requestor has access, the originator'"'"'s vault decrypts the document and forwards the decrypted document directly to the requestor'"'"'s vault. The requestor must provide proof of receipt of the decrypted document.
154 Citations
3 Claims
-
1. A computer program product on a computer usable medium for maintaining a secure electronic data search system for a third party electronic data repository in which electronic data file documents are stored in encrypted form in the data repository to prevent access by the repository administrator such a system having a record listing document access privileges for each computer with access to electronic data stored in the repository the program product comprising:
-
software for updating a manifest for an electronic data file document stored in the repository; software for identifying all computers with access to the electronic data file document and for changing such access in an update software for communicating the change in access to all affected computers; software for updating access privileges records in all affected software; and software for communicating the access privilege records to the affected computers; software in a vault of the document originator to encrypt a document that it receives from the originator, prior to forwarding it onto the electric data vault of the repository; software in a vault of the repository administrator which on receipt of the encrypted document, signs the encrypted document itself before storing the document in the electronic data repository and returns to the originator'"'"'s vault proof of deposition of the encrypted document; software in a vault of a requesting user to request the repository'"'"'s vault for use of the requested document; software in the repository'"'"'s vault to retrieve a copy of the document in encrypted form which is forwarded, along with the requester'"'"'s identity, to the originator'"'"'s vault; software in the originator'"'"'s vault to verify that the requester is authorized to view the document from the access control list using an access control list identifying access ownership privileges for the document stored in the vault itself; software in the originator'"'"'s vault when the requester has access to decrypt the document and forward the decrypted document directly to the requester'"'"'s vault; and software in the requester'"'"'s vault to provide proof of receipt of the decrypted document wherein the originators of the electronic data files, users of the electronic data files and the repository administrator all have vaults which are secure extensions of their respective work space.
-
-
2. A process for maintaining a secure electronic data search system for a third party electronic data repository which contains document data files encrypted to make them secure from the administrator of the repository, the system having a manifest listing access controls for each electronic data file stored in the data repository and a record maintained by a documents originator listing document access privileges for each computer with access to the electronic data stored in the repository which record is maintained secure from the administrator of the repository, the process comprising the steps performed by the documents originator of:
-
updating a manifest for an electronic data file stored in the repository; identifying all computers with a change in access to the electronic data file effected by the update; updating the access privileges records of all affected computers; communicating the updated access privilege records to the affected computers; providing the originators of the electronic data files, users of the electronic data files and the repository with vaults which are secure extensions of their respective work spaces; encrypting in the vault of the document originator a document of the originator, prior to forwarding it on to the vault of the repository; signing the encrypted document in the vault of the repository before storing the document in the electronic repository and returning to the originator'"'"'s vault proof of deposition of the encrypted document; sending from the vault of a requesting user to the repository'"'"'s vault a request to use the requested document; retrieving from the repository'"'"'s vault a copy of the document in encrypted form and forwarding it along with the requester'"'"'s identity, to the originator'"'"'s vault; verifying in the originator'"'"'s vault that the requester is authorized to view the document from the access control list in the originators vault identifying access privileges for the document; decrypting the document in the originator'"'"'s vault when the requester has access and forwarding the decrypted document directly to the requester'"'"'s vault; and having the requester'"'"'s vault provide proof of receipt of the decrypted document.
-
-
3. A computer program product on a computer usable medium for maintaining a secure electronic data search system for a third party electronic data repository in which electronic data file documents are stored in encrypted form in the data repository to prevent access by the repository administrator such a system having a manifest to an electronic data document secure to the originator of the electronic document listing document access privileges for each computer with access to the electronic data document stored in the repository, the program product comprising:
-
software for updating the manifest for the electronic data file document stored in the repository; software for identifying all computers with access to the electronic data file document and for changing such access in an update software for communicating the change in access to all affected computers; software in the vault of the document originator to encrypt a document that it receives from the originator, prior to forwarding it on to the vault of the repository administrator; software in the vault of the repository which on receipt of the encrypted document, signs the encrypted document before storing the document in the electronic repository and returning to the originator'"'"'s vault proof of deposition of the encrypted document; software in the vault of a requesting user to the repository'"'"'s vault to request use of the requested document; software in repository'"'"'s vault to retrieve a copy of the document in encrypted form which is forwarded, along with the requester'"'"'s identity, to the originator'"'"'s vault; software in the originator'"'"'s vault to verify that the requester is authorized to view the document using an access control list identifying access ownership privileges for the document stored in the vault itself; software in the originator'"'"'s vault when the requester has access decrypts the document and forwards the decrypted document directly to the requester'"'"'s vault; and software in the requester'"'"'s vault to provide proof of receipt of the decrypted document.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMirlas, Lev, Bacha, Hamid, Carroll, Robert Bruce, Tchao, Sung Wei
-
Primary Examiner(s)Barrón, Jr., Gilberto
-
Assistant Examiner(s)KIM, JUNG W
-
Application NumberUS09/459,240Time in Patent Office2,118 DaysField of Search713/164, 713/165, 713/166, 713/200, 713/201, 713/202US Class Current726/21CPC Class CodesG06F 21/6209 to a single file or object,...H04L 63/101 Access control lists [ACL]H04L 63/126 the source of the received ...
