Document access auditing

US 7,707,642 B1
Filed: 08/31/2004
Issued: 04/27/2010
Est. Priority Date: 08/31/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method comprising:

receiving, from a client by a document archive server system, a request relating to an electronic document associated with a document tracking system, wherein the request is for generation of an audit-enabled document, and wherein the electronic document is stored in a first data repository communicatively coupled with the document archive server system;

retrieving, from an audit information server system by the document archive server system in response to the request, actions-taken information associated with the electronic document and maintained by the document tracking system, the actions-taken information comprising information stored separate from the electronic document in a second data repository communicatively coupled with the audit information server system, the actions taken information describing actions taken with respect to the electronic document;

generating, by the document archive server system, a signed, audit-enabled document, which includes the actions-taken information, wherein the generating comprises combining and signing the electronic document and the actions-taken information, in response to the retrieving; and

providing, by the document archive server system, the signed document to enable access to the actions-taken information independent of the document tracking system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure includes systems and techniques relating to document access auditing. According to an aspect, the invention involves receiving a request relating to an electronic document associated with a document tracking system; retrieving actions-taken information associated with the electronic document and maintained by the document tracking system; combining and signing the electronic document and the actions-taken information to form a signed document that includes the actions-taken information; and providing the signed document to enable access to the actions-taken information independent of the document tracking system. According to another aspect, the invention involves presenting a consent query that requests consent to an audit event to be recorded by a document control system for an electronic document tethered to the document control system; receiving a consent indication with respect to a consent statement relating to the audit event; and sending information corresponding to the consent indication to the document control system.

Citations

53 Claims

1. A machine-implemented method comprising:
- receiving, from a client by a document archive server system, a request relating to an electronic document associated with a document tracking system, wherein the request is for generation of an audit-enabled document, and wherein the electronic document is stored in a first data repository communicatively coupled with the document archive server system;
  
  retrieving, from an audit information server system by the document archive server system in response to the request, actions-taken information associated with the electronic document and maintained by the document tracking system, the actions-taken information comprising information stored separate from the electronic document in a second data repository communicatively coupled with the audit information server system, the actions taken information describing actions taken with respect to the electronic document;
  
  generating, by the document archive server system, a signed, audit-enabled document, which includes the actions-taken information, wherein the generating comprises combining and signing the electronic document and the actions-taken information, in response to the retrieving; and
  
  providing, by the document archive server system, the signed document to enable access to the actions-taken information independent of the document tracking system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the request comprises a database query defining a subset of all available actions-taken information associated with the electronic document and maintained by the document tracking system, and retrieving comprises retrieving a subset of the available actions-taken information from a database according to the database query.
  - 3. The method of claim 1, wherein the electronic document comprises at least a portion of a project document having multiple sub-documents associated with a project, and retrieving the actions-taken information comprises retrieving actions-taken information associated with the project.
  - 4. The method of claim 1, wherein the actions-taken information comprises an indication of authorization by an authenticated user obtained as part of a document approval workflow.
  - 5. The method of claim 1, wherein the document tracking system comprises a document control system that provides persistent document security for documents tethered to the document control system, and the electronic document comprises a document tethered to the document control system, the method further comprising untethering the signed document from the document control system.
  - 6. The method of claim 5, wherein combining and signing the electronic document and the actions-taken information comprises:
    - combining the electronic document and the actions-taken information;
      
      generating a cryptographic checksum of the electronic document with the actions-taken information included;
      
      encrypting the cryptographic checksum to produce a digital signature; and
      
      adding the digital signature to the electronic document, which includes the actions-taken information, to generate the signed document.
  - 7. The method of claim 5, wherein combining and signing the electronic document and the actions-taken information comprises:
    - signing the actions-taken information;
      
      combining the electronic document and the signed actions-taken information; and
      
      signing the electronic document, which includes the signed actions-taken information, to generate the signed document.
  - 8. The method of claim 7, wherein combining the electronic document and the signed actions-taken information comprises embedding the signed actions-taken information within the electronic document.
  - 9. The method of claim 7, wherein:
    - signing the actions-taken information comprises signing with a private encryption key associated with the document control system; and
      
      signing the electronic document, which includes the signed actions-taken information, comprises signing with the private encryption key.
  - 10. The method of claim 5, wherein the actions-taken information comprises information related to authenticated user interactions with the electronic document.
  - 11. The method of claim 10, wherein providing the signed document comprises sending the signed document to a client that generated the request, the method further comprising encrypting the signed document before sending the signed document to the client.
  - 12. The method of claim 10, wherein providing the signed document comprises archiving the signed document in a secured storage location.
  - 13. The method of claim 12, further comprising performing a signed incremental update on the archived document.
  - 14. The method of claim 10, wherein the information related to authenticated user interactions with the electronic document comprises audited consent statements.
  - 15. The method of claim 14, further comprising:
    - initiating presentation of a consent query that requests consent to an audit event to be recorded by the document control system for the electronic document tethered to the document control system; and
      
      receiving information corresponding to a consent indication with respect to a consent statement relating to the audit event, the consent indication information configured to be included with the actions-taken information relating to the electronic document.
  - 16. The method of claim 15, further comprising altering one or more permissions associated with the electronic document in accordance with the consent indication information.
  - 17. The method of claim 16, wherein the consent query includes a predefined list of consent statements, and the consent indication comprises a selection from the predefined list of consent statements.
  - 18. The method of claim 16, wherein the consent indication information comprises a digitally signed consent statement.

19. A software product tangibly embodied in a machine-readable medium, the software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
- receiving, from a client, a request relating to an electronic document associated with a document tracking system, wherein the request is for generation of an audit-enabled document, and wherein the electronic document is stored in a first data repository communicatively coupled with the one or more data processing apparatus;
  
  retrieving, from an audit information server system in response to the request, actions-taken information associated with the electronic document and maintained by the document tracking system, the actions-taken information comprising information stored separate from the electronic document in a second data repository communicatively coupled with the audit information server system, the actions taken information describing actions taken with respect to the electronic document;
  
  generating a signed, audit-enabled document, which includes the actions-taken information, wherein the generating comprises combining and signing the electronic document and the actions-taken information, in response to the retrieving; and
  
  providing the signed document to enable access to the actions-taken information independent of the document tracking system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 20. The software product of claim 19, wherein the request comprises a database query defining a subset of all available actions-taken information associated with the electronic document and maintained by the document tracking system, and retrieving comprises retrieving a subset of the available actions-taken information from a database according to the database query.
  - 21. The software product of claim 19, wherein the electronic document comprises at least a portion of a project document having multiple sub-documents associated with a project, and retrieving the actions-taken information comprises retrieving actions-taken information associated with the project.
  - 22. The software product of claim 19, wherein the actions-taken information comprises an indication of authorization by an authenticated user obtained as part of a document approval workflow.
  - 23. The software product of claim 19, wherein the document tracking system comprises a document control system that provides persistent document security for documents tethered to the document control system, and the electronic document comprises a document tethered to the document control system, the operations further comprising untethering the signed document from the document control system.
  - 24. The software product of claim 23, wherein the actions-taken information comprises information related to authenticated user interactions with the electronic document.
  - 25. The software product of claim 24, wherein providing the signed document comprises sending the signed document to a client that generated the request, the operations further comprising encrypting the signed document before sending the signed document to the client.
  - 26. The software product of claim 24, wherein providing the signed document comprises archiving the signed document in a secured storage location.
  - 27. The software product of claim 24, wherein the information related to authenticated user interactions with the electronic document comprises audited consent statements.
  - 28. The software product of claim 27, wherein the operations further comprise:
    - initiating presentation of a consent query that requests consent to an audit event to be recorded by the document control system for the electronic document tethered to the document control system; and
      
      receiving information corresponding to a consent indication with respect to a consent statement relating to the audit event, the consent indication information configured to be included with the actions-taken information relating to the electronic document.
  - 29. The software product of claim 28, wherein the operations further comprise altering one or more permissions associated with the electronic document in accordance with the consent indication information.
  - 30. The software product of claim 29, wherein the consent query includes a predefined list of consent statements, and the consent indication comprises a selection from the predefined list of consent statements.
  - 31. The software product of claim 29, wherein the consent indication information comprises a digitally signed consent statement.
  - 32. The software product of claim 23, wherein combining and signing the electronic document and the actions-taken information comprises:
    - combining the electronic document and the actions-taken information;
      
      generating a cryptographic checksum of the electronic document with the actions-taken information included;
      
      encrypting the cryptographic checksum to produce a digital signature; and
      
      adding the digital signature to the electronic document, which includes the actions-taken information, to generate the signed document.
  - 33. The software product of claim 23, wherein combining and signing the electronic document and the actions-taken information comprises:
    - signing the actions-taken information;
      
      combining the electronic document and the signed actions-taken information; and
      
      signing the electronic document, which includes the signed actions-taken information, to generate the signed document.
  - 34. The software product of claim 33, wherein combining the electronic document and the signed actions-taken information comprises embedding the signed actions-taken information within the electronic document.
  - 35. The software product of claim 33, wherein:
    - signing the actions-taken information comprises signing with a private encryption key associated with the document control system; and
      
      signing the electronic document, which includes the signed actions-taken information, comprises signing with the private encryption key.

36. A system comprising:
- a tangible computer-readable medium encoding software program instructions and data; and
  
  one or more programmable processors configured to perform operations comprising;
  
  receiving, from a client by a document archive server system, a request relating to an electronic document associated with a document tracking system, wherein the request is for generation of an audit-enabled document, and wherein the electronic document is stored in a first data repository communicatively coupled with the one or more processors;
  
  retrieving, from an audit information server system in response to the request, actions-taken information associated with the electronic document and maintained by the document tracking system, the actions-taken information comprising information stored separate from the electronic document in a second data repository communicatively coupled with the audit information server system, the actions taken information describing actions taken with respect to the electronic document;
  
  generating a signed, audit-enabled document, which includes the actions-taken information, wherein the generating comprises combining and signing the electronic document and the actions-taken information, in response to the retrieving; and
  
  providing the signed document to enable access to the actions-taken information independent of the document tracking system.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 37. The system of claim 36, wherein the request comprises a database query defining a subset of all available actions-taken information associated with the electronic document and maintained by the document tracking system, and retrieving comprises retrieving a subset of the available actions-taken information from a database according to the database query.
  - 38. The system of claim 36, wherein the electronic document comprises at least a portion of a project document having multiple sub-documents associated with a project, and retrieving the actions-taken information comprises retrieving actions-taken information associated with the project.
  - 39. The system of claim 36, wherein the actions-taken information comprises an indication of authorization by an authenticated user obtained as part of a document approval workflow.
  - 40. The system of claim 36, wherein the document tracking system comprises a document control system that provides persistent document security for documents tethered to the document control system, and the electronic document comprises a document tethered to the document control system, the operations further comprise untethering the signed document from the document control system.
  - 41. The system of claim 40, wherein combining and signing the electronic document and the actions-taken information comprises:
    - combining the electronic document and the actions-taken information;
      
      generating a cryptographic checksum of the electronic document with the actions-taken information included;
      
      encrypting the cryptographic checksum to produce a digital signature; and
      
      adding the digital signature to the electronic document, which includes the actions-taken information, to generate the signed document.
  - 42. The system of claim 40, wherein combining and signing the electronic document and the actions-taken information comprises:
    - signing the actions-taken information;
      
      combining the electronic document and the signed actions-taken information; and
      
      signing the electronic document, which includes the signed actions-taken information, to generate the signed document.
  - 43. The system of claim 42, wherein combining the electronic document and the signed actions-taken information comprises embedding the signed actions-taken information within the electronic document.
  - 44. The system of claim 42, wherein:
    - signing the actions-taken information comprises signing with a private encryption key associated with the document control system; and
      
      signing the electronic document, which includes the signed actions-taken information, comprises signing with the private encryption key.
  - 45. The system of claim 40, wherein the actions-taken information comprises information related to authenticated user interactions with the electronic document.
  - 46. The system of claim 45, wherein providing the signed document comprises sending the signed document to a client that generated the request, the operations further comprise encrypting the signed document before sending the signed document to the client.
  - 47. The system of claim 45, wherein providing the signed document comprises archiving the signed document in a secured storage location.
  - 48. The system of claim 47, further comprising performing a signed incremental update on the archived document.
  - 49. The system of claim 45, wherein the information related to authenticated user interactions with the electronic document comprises audited consent statements.
  - 50. The system of claim 49, further comprising:
    - initiating presentation of a consent query that requests consent to an audit event to be recorded by the document control system for the electronic document tethered to the document control system; and
      
      receiving information corresponding to a consent indication with respect to a consent statement relating to the audit event, the consent indication information configured to be included with the actions-taken information relating to the electronic document.
  - 51. The system of claim 50, further comprising altering one or more permissions associated with the electronic document in accordance with the consent indication information.
  - 52. The system of claim 51, wherein the consent query includes a predefined list of consent statements, and the consent indication comprises a selection from the predefined list of consent statements.
  - 53. The system of claim 51, wherein the consent indication information comprises a digitally signed consent statement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Shapiro, William M., Herbach, Jonathan D., Donahue, James
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US10/931,323
Time in Patent Office

2,065 Days
Field of Search

726/27, 726/28, 726/3
US Class Current

726/27
CPC Class Codes

G06F 16/93   Document management systems

G06F 21/60   Protecting data

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

Document access auditing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Document access auditing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links