Authorized document usage including rendering a protected document
First Claim
Patent Images
1. A method for using a partially encrypted document, comprising:
- issuing a document usage request for using the partially encrypted document in a session;
authenticating the partially encrypted document;
receiving authorization to use the partially encrypted document;
receiving a session key for the session;
receiving a proxy key that delegates decryption to the session;
rendering a non-encrypted portion of the partially encrypted document;
performing a proxy transformation on the partially rendered, partially encrypted document using the proxy key,wherein rendering a portion of the partially encrypted document and performing proxy transformation on the rendered portion of the partially encrypted document comprises a combination of performing partial rendering transformations and performing partial decryption transformations; and
decrypting the proxy transformed, partially rendered, partially encrypted document using the session key,wherein the proxy key and the session key are used to decrypt the partially encrypted document as part of the session rendering process only, thereby assuring that only rendered images of the decrypted document are available to an end user.
5 Assignments
0 Petitions
Accused Products
Abstract
Access to protected documents is controlled by delegating the decryption from a document source to a document processing device. Interactions between an input device and the document source are provided to generate public and non-commutative proxy keys. The document processing device can use the proxy keys to convert the documents originally encrypted for the owner/publisher/distributor to ones encrypted for the end user. Authorization and usage are combined by invoking a method of trusted rendering of documents. Thus, the proxy conversion and decryption are delayed to a late stage within the document rendering application.
-
Citations
11 Claims
-
1. A method for using a partially encrypted document, comprising:
-
issuing a document usage request for using the partially encrypted document in a session; authenticating the partially encrypted document; receiving authorization to use the partially encrypted document; receiving a session key for the session; receiving a proxy key that delegates decryption to the session; rendering a non-encrypted portion of the partially encrypted document; performing a proxy transformation on the partially rendered, partially encrypted document using the proxy key, wherein rendering a portion of the partially encrypted document and performing proxy transformation on the rendered portion of the partially encrypted document comprises a combination of performing partial rendering transformations and performing partial decryption transformations; and decrypting the proxy transformed, partially rendered, partially encrypted document using the session key, wherein the proxy key and the session key are used to decrypt the partially encrypted document as part of the session rendering process only, thereby assuring that only rendered images of the decrypted document are available to an end user. - View Dependent Claims (2, 3, 4, 5, 10)
-
-
6. A usage authorization system for using a partially encrypted document, comprising:
-
a request receiving device that receives a document usage request for using the partially encrypted document in a session; a document processing device that authenticates the partially encrypted document, wherein the document processing device authenticates the partially encrypted document by at least one of checking a digital signature associated with the partially encrypted document, and verifying integrity of each component of the partially encrypted document; a document source that authorizes usage of the partially encrypted document, and issues a proxy key that delegates decryption to the session; an access device that, along with the document device, creates a session key for the session, wherein the document processing device renders the partially encrypted document, performs proxy transformation on the rendered, partially encrypted document using the proxy keys, and decrypts the proxy transformed rendered partially encrypted document using the session key, wherein the proxy key and the session key are used to decrypt the partially encrypted document as part of the session rendering process only, thereby assuring that only rendered images of the decrypted document are available to an end user. - View Dependent Claims (7, 8, 9)
-
-
11. A method for using a partially encrypted document, comprising:
-
receiving a document usage request for using the partially encrypted document in a session; authorizing use the partially encrypted document; creating a session key for the session; and issuing a proxy key that delegates decryption to the session, wherein the proxy key and the session key enable; rendering a non-encrypted portion of the partially encrypted document; performing a proxy transformation on the partially rendered, partially encrypted document using the proxy key, wherein rendering a portion of the partially encrypted document and performing proxy transformation on the rendered portion of the partially encrypted document comprises a combination of performing partial rendering transformations and performing partial decryption transformations; and decrypting the proxy transformed, partially rendered, partially encrypted document using the session key, wherein the proxy key and the session key are used to decrypt the partially encrypted document as part of the session rendering process only, thereby assuring that only rendered images of the decrypted document are available to an end user.
-
Specification