Method and system for securing digital assets using process-driven security policies

US 7,703,140 B2
Filed: 09/30/2003
Issued: 04/20/2010
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for limiting access to an electronic document, comprising:

associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restrictions;

associating, by the one or more computing devices, an identifier representing a user or a group of users with the first state of the process-driven security policy;

associating, by the one or more computing devices, the electronic document with at least the first state of the process-driven security policy having a set of access restrictions on the electronic document;

limiting access to the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and

changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy.

703 Citations

19 Claims

1. A method for limiting access to an electronic document, comprising:
- associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restrictions;
  
  associating, by the one or more computing devices, an identifier representing a user or a group of users with the first state of the process-driven security policy;
  
  associating, by the one or more computing devices, the electronic document with at least the first state of the process-driven security policy having a set of access restrictions on the electronic document;
  
  limiting access to the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and
  
  changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, wherein the identifier is a user ID or a group ID.
  - 3. The method as recited in claim 1, wherein the process-driven security policy is provided as part of a document security system.
  - 4. The method as recited in claim 1, wherein said method further comprises:
    - creating the electronic document; and
      
      assigning the identifier to the created electronic document.
  - 5. The method as recited in claim 1, wherein the process-driven security policy is provided as part of a document security system, andwherein said method further comprises:
    - creating a plurality of electronic documents; and
      
      assigning the identifier and the classifier to the created electronic documents associated with the first state.
  - 6. The method of claim 1, wherein the event occurs at or is received at a client machine.
  - 7. The method as recited in claim 1, wherein the event is a user-triggered event.

8. A method for imposing access restrictions on an electronic document, comprising:
- associating, by one or more computing devices, an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions;
  
  imposing the set of access restrictions associated with the first state on the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and
  
  changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method as recited in claim 8, wherein the event is a user-triggered event.
  - 10. The method as recited in claim 8, wherein the event occurs at or is received at the client machine.
  - 11. The method as recited in claim 8, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document.
  - 12. The method as recited in claim 8, wherein said method is performed on a plurality of documents on a document-by-document basis.
  - 13. The method as recited in claim 8, wherein at the client machine, a plurality of electronic documents is in one of the states of the process-driven security policy.

14. A tangible computer-readable medium having stored thereon computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method for imposing access restrictions on an electronic document, the method comprising:
- associating an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions;
  
  imposing the set of access restrictions associated with the first state on the electronic document by encrypting at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and
  
  changing the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The tangible computer-readable medium as recited in claim 14, wherein the event is a user-triggered event.
  - 16. The tangible computer-readable medium as recited in claim 14, wherein the event occurs at or is received at the client machine.
  - 17. The tangible computer-readable medium as recited in claim 14, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document.
  - 18. The tangible computer-readable medium as recited in claim 14, wherein the process-driven security policy is imposed on a plurality of documents on a document-by-document basis.
  - 19. The tangible computer-readable medium as recited in claim 14, wherein at the client machine, a plurality of electronic documents is in one of the states of the process-driven security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Nath, Satyajit, Ouye, Michael Michio, Vainstein, Klimenty
Primary Examiner(s)
Dinh; Minh

Application Number

US10/677,049
Publication Number

US 20050071658A1
Time in Patent Office

2,394 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/60   Digital content management,...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0833   involving conference or gro...

Method and system for securing digital assets using process-driven security policies

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

703 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing digital assets using process-driven security policies

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

703 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links