Method and system for providing cryptographic document retention with off-line access

US 7,748,045 B2
Filed: 03/30/2004
Issued: 06/29/2010
Est. Priority Date: 03/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing automated document retention for an electronic document comprising:

assigning a document retention policy to the electronic document, the document retention policy being derived from a recurring cut-off retention schedule specifying cut-off periods, each cut-off period having a respective document retention duration associated therewith and corresponding to a respective maximum off-line period of a client, wherein the maximum off-line period expires a predetermined period of time after a beginning of its cut-off period;

encrypting the electronic document using cryptographic keys associated with particular cut-off periods, associated retention durations, and corresponding maximum off-line periods, wherein the encrypting is based on the document retention policy such that the electronic document can be cryptographically accessed using the cryptographic keys during retention durations and prior to the expiration of the maximum off-line period of the client; and

deactivating the cryptographic keys when the respective document retention duration has expired, thereby preventing further access to the electronic document.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for utilizing security criteria to implement document retention for electronic documents are disclosed. The security criteria can also limit when, how and where access to the electronic documents is permitted. The security criteria can pertain to keys (or ciphers) used to secure (e.g., encrypt) electronic files (namely, electronic documents), or to unsecure (e.g., decrypt) electronic files already secured. At least a portion of the security criteria can be used to implement document retention, namely, a document retention policy. After a secured electronic document has been retained for the duration of the document retention policy, the associated security criteria becomes no longer available, thus preventing subsequent access to the secured electronic document. In other words, access restrictions on electronic documents can be used to prevent access to electronic documents which are no longer to be retained.

190 Citations

21 Claims

1. A method of providing automated document retention for an electronic document comprising:
- assigning a document retention policy to the electronic document, the document retention policy being derived from a recurring cut-off retention schedule specifying cut-off periods, each cut-off period having a respective document retention duration associated therewith and corresponding to a respective maximum off-line period of a client, wherein the maximum off-line period expires a predetermined period of time after a beginning of its cut-off period;
  
  encrypting the electronic document using cryptographic keys associated with particular cut-off periods, associated retention durations, and corresponding maximum off-line periods, wherein the encrypting is based on the document retention policy such that the electronic document can be cryptographically accessed using the cryptographic keys during retention durations and prior to the expiration of the maximum off-line period of the client; and
  
  deactivating the cryptographic keys when the respective document retention duration has expired, thereby preventing further access to the electronic document.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, whereinencrypting the electronic document comprises encrypting using a cryptographic key associated with each particular cut-off period, its associated retention duration, and its corresponding maximum off-line period.
  - 3. The method as recited in claim 2, wherein the document retention policy specifies the respective document retention duration that expires a predetermined period of time after a beginning of its respective cut-off period.
  - 4. The method as recited in claim 1, wherein said encrypting comprises acquiring a cryptographic key from a server over a network, the cryptographic key being used to encrypt the electronic document based on the document retention policy.
  - 5. The method as recited in claim 4, wherein:
    - said encrypting uses a cryptographic key to encrypt the electronic document based on the document retention policy, andthe document retention policy specifies respective document retention durations and cut-off periods.
  - 6. The method as recited in claim 5, wherein the document retention policy specifies the respective document retention duration that expires a predetermined period of time after a beginning of its respective cut-off period.

7. A method of limiting access to an electronic document comprising:
- associating a document retention policy with a first document retention key, wherein the document retention policy specifies a document retention duration that expires a predetermined period of time after a beginning of a cut-off period of a recurring cut-off retention schedule;
  
  determining whether the cut-off period for the first document retention key has elapsed;
  
  generating a next document retention key to be used to encrypt the electronic document during a next cut-off period, the next document retention key having a document retention duration associated therewith and corresponding to a maximum off-line period of a client; and
  
  notifying the client of the next document retention key, the electronic document being cryptographically accessible only during document retention durations and prior to the expiration of the maximum off-line period of the client using a cryptographic key associated with particular cut-off periods, associated retention durations, and corresponding maximum off-line periods.
- View Dependent Claims (8, 9)
- - 8. The method as recited in claim 7, further comprising:
    - deactivating a cryptographic key according to a predetermined schedule.
  - 9. The method as recited in claim 8, wherein the document retention duration is a predetermined duration of time following a beginning of the next cut-off period.

10. A method for restricting access to an electronic document, said method comprising:
- assigning a document retention policy to the electronic document, the document retention policy specifying a document retention duration that expires a predetermined period of time after a beginning of a cut-off period of a recurring cut-off retention schedule;
  
  encrypting a data portion of the electronic document using a document key to produce an encrypted data portion;
  
  using a retention access key to associate the document retention policy with the electronic document;
  
  encrypting the document key using the retention access key to produce an encrypted document key, the retention access key being usable for said encrypting during the cut-off period of a recurring cut-off retention schedule, the cut-off period having a document retention duration associated therewith and corresponding to a maximum off-line period of a client, wherein the maximum off-line period expires a predetermined period of time after a beginning of the cut-off period;
  
  forming a secured electronic document from at least the encrypted data portion and the encrypted document key; and
  
  storing the secured electronic document, the secured electronic document being cryptographically accessible only during the document retention duration and prior to the expiration of the maximum off-line period of the client.
- View Dependent Claims (11, 12)
- - 11. The method as recited in claim 10, wherein the retention access key is a public retention access key.
  - 12. The method as recited in claim 10, wherein access is restricted to the secured electronic document stored to a remote location.

13. A method for accessing a secured electronic document, the secured electronic document having at least a header portion and a data portion, comprising:
- assigning a document retention policy to the electronic document;
  
  obtaining a retention access key, the retention access key being used to associate a document retention duration of the document retention policy having a cut-off period and a maximum off-line period of a client associated therewith the secured electronic document, wherein the maximum off-line period expires a predetermined period of time after a beginning of the cut-off period, the retention access key being usable during the document retention duration following a beginning of its respective cut-off period of a recurring cut-off retention schedule, the secured electronic document being cryptographically accessible only during the document retention duration and prior to the expiration of the maximum off-line period of the client;
  
  obtaining an encrypted document key from the header portion of the secured electronic document;
  
  decrypting the encrypted document key using the retention access key to produce a document key; and
  
  decrypting an encrypted data portion of the secured electronic document using the document key to produce a data portion.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method as recited in claim 13, wherein the retention access key is identified by an indicator within a header portion of the secured electronic document.
  - 15. The method as recited in claim 13, wherein the retention access key is a private retention access key.
  - 16. The method as recited in claim 13, wherein said obtaining obtains the retention access key from a server.
  - 17. The method as recited in claim 13, wherein the document retention duration is a predetermined period of time following a beginning of its respective cut-off period.

18. A tangible computer-readable medium having instructions stored thereon, the instructions comprising:
- instructions to assign a document retention policy to an electronic document, the document retention policy being derived from a recurring cut-off retention schedule specifying cut-off periods, each cut-off period having a respective document retention duration associated therewith and corresponding to a respective maximum off-line period of a client, wherein the maximum off-line period expires a predetermined period of time after a beginning of its cut-off period; and
  
  instructions to encrypt the electronic document using cryptographic keys associated with particular cut-off periods, associated retention durations, and corresponding maximum off-line periods, wherein the encrypting is based on the document retention policy such that the electronic document can be cryptographically accessed using the cryptographic keys during retention durations and prior to the expiration of the maximum off-line period of the client.
- View Dependent Claims (19, 20)
- - 19. The tangible computer-readable medium as recited in claim 18, wherein the instructions to encrypt the electric document comprise instructions to use a cryptographic key associated with particular cut-off period, its associated retention duration, and its corresponding maximum off-line period.
  - 20. The tangible computer-readable medium as recited in claim 19, wherein the document retention policy specifies the respective document retention duration that expires a predetermined period of time after a beginning of its respective cut-off period.

21. A file security system for restricting access to an electronic file, comprising:
- a computing device;
  
  a module which if executed by the computing device, causes the computing device to store a plurality of cryptographic key pairs on a computer-readable storage medium, each of the cryptographic key pairs including a public key and a private key, at least one of the cryptographic key pairs pertaining to a retention policy, the retention policy having document retention durations, each document retention duration having a respective cut off period associated therewith and corresponding to a respective maximum off-line period of a client, wherein the maximum off-line period expires a predetermined period of time after a beginning of its cut-off period; and
  
  an access control management module which if executed by the computing device, causes the computing device to;
  
  provide, for each particular cut-off period, a different one of the public keys of the at least one of the cryptographic key pairs, anddetermine whether the private key of the at least one of the cryptographic key pairs pertaining to the retention policy is permitted to be provided to a requestor based on whether its respective document retention duration following a beginning of its respective cut-off period has expired,wherein the requestor requires the private key of the at least one of the cryptographic key pairs pertaining to the retention policy to access a secured electronic file, and wherein the secured electronic file was previously secured using the public key of the at least one of the cryptographic key pairs pertaining to the retention policy, and at the time the electronic file was secured, the public key was within its respective cut-off period and available for use, the secured electronic document being cryptographically accessible only during the retention durations and prior to the expiration of the maximum off-line period of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Guardian Data Storage LLC
Inventors
Kenrich, Michael Frederick, Gutnik, Yevgeniy
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US10/815,229
Publication Number

US 20050223414A1
Time in Patent Office

2,282 Days
Field of Search

713/193, 713/165, 713/160, 726/27, 726/26, 709/219, 709/229, 711/100, 711/112, 711/159, 707/8, 707/203
US Class Current

726/27
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

Method and system for providing cryptographic document retention with off-line access

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

190 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing cryptographic document retention with off-line access

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links