Method for selective encryption within documents

US 7,917,771 B2
Filed: 06/09/2008
Issued: 03/29/2011
Est. Priority Date: 04/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for selective encryption within a document, said method comprising:

detecting a first section of a document, said first section having been selected and marked for encryption;

detecting a second section of the document, said second section having been selected and marked for encryption;

a processor of a data processing system encrypting the first section with one encryption key;

said processor encrypting the second section with two different encryption keys,wherein the first section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the first section, andwherein the second section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the second section,said processor receiving an access request to access the encrypted first section of the document;

responsive to said receiving the access request, said processor determining that a received decryption key for the encrypted first section of the document is proper for the encrypted first section, by attempting to decrypt the encrypted first section with the received decryption key by determining that a defined character string is in the encrypted first section;

responsive to said determining that the received decryption key is proper for the encrypted first section of the document, said processor retrieving and decrypting the encrypted first section of the document for which the access request was made to generate a first decrypted section of the document corresponding to the encrypted first section; and

said processor displaying the first decrypted section of the document.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. In addition, each encrypted section could have multiple encryption keys such that some viewers can review certain parts of the document while other viewers will not have that same access. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be ‘tagged’ with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. The highlighted sections would also have encryption keys associated with the highlighted and encrypted section. Any one of the encryption keys for that section would decrypt that section. With proper authorization, any encrypted portion of a document would be displayed as part of the document. Without proper authorization, the display of the document would only contain the unencrypted portions of the document.

55 Citations

View as Search Results

17 Claims

1. A method for selective encryption within a document, said method comprising:
- detecting a first section of a document, said first section having been selected and marked for encryption;
  
  detecting a second section of the document, said second section having been selected and marked for encryption;
  
  a processor of a data processing system encrypting the first section with one encryption key;
  
  said processor encrypting the second section with two different encryption keys,wherein the first section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the first section, andwherein the second section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the second section,said processor receiving an access request to access the encrypted first section of the document;
  
  responsive to said receiving the access request, said processor determining that a received decryption key for the encrypted first section of the document is proper for the encrypted first section, by attempting to decrypt the encrypted first section with the received decryption key by determining that a defined character string is in the encrypted first section;
  
  responsive to said determining that the received decryption key is proper for the encrypted first section of the document, said processor retrieving and decrypting the encrypted first section of the document for which the access request was made to generate a first decrypted section of the document corresponding to the encrypted first section; and
  
  said processor displaying the first decrypted section of the document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, said method further comprising:
    - after said encrypting the first section and said encrypting the second section, displaying the document with the encrypted first section and the encrypted second section being displayed in a random unintelligible format.
  - 3. The method of claim 2, said method further comprising:
    - after said displaying, transmitting the document across a computing network to an identified destination.
  - 4. The method of claim 1, wherein the one encryption key and the two encryption keys comprise a same encryption key.
  - 5. The method of claim 1, said method further comprising:
    - before said encrypting the first section, adding the defined character string to the first section.
  - 6. The method of claim 1, said method further comprising:
    - detecting a third section of a document, said first section having been selected and marked for encryption; and
      
      said processor encrypting the third section with three different encryption keys, wherein the third section is not embedded in any other section of the document that has been encrypted and/or marked for encryption.
  - 7. The method of claim 1, said method further comprising:
    - said processor ascertaining that an employee has satisfied requirements of;
      
      providing said one encryption key, providing a name of the employee, providing an employee number of the employee, and providing an identification of the first section; and
      
      in response to said ascertaining, said processor enabling the employee to access the first section of the document.
  - 8. The method of claim 1, said first section consisting of text, said method further comprising:
    - after said encrypting the first section and said encrypting the second section, displaying the document with the encrypted first section being displayed with the text being blanked out and with diagonal red lines drawn under the blanked out text.

9. A computer program product, comprising a computer readable storage device containing instructions that, upon being executed by a processor of a data processing system, implement a method for selective encryption within a document, said method comprising:
- detecting a first section of a document, said first section having been selected and marked for encryption;
  
  detecting a second section of the document, said second section having been selected and marked for encryption;
  
  encrypting the first section with one encryption key;
  
  encrypting the second section with two different encryption keys,wherein the first section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the first section, andwherein the second section is not embedded in any other section of the document that has been encrypted and/or marked for encryption and no other section of the document that has been encrypted and/or marked for encryption is embedded in the second section,receiving an access request to access the encrypted first section of the document;
  
  responsive to said receiving the access request, determining that a received decryption key for the encrypted first section of the document is proper for the encrypted first section, by attempting to decrypt the encrypted first section with the received decryption key by determining that a defined character string is in the encrypted first section;
  
  responsive to said determining that the received decryption key is proper for the encrypted first section of the document, retrieving and decrypting the encrypted first section of the document for which the access request was made to generate a first decrypted section of the document corresponding to the encrypted first section; and
  
  displaying the first decrypted section of the document.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, said method further comprising:
    - after said encrypting the first section and said encrypting the second section, displaying the document with the encrypted first section and the encrypted second section being displayed in a random unintelligible format.
  - 11. The computer program product of claim 10, said method further comprising:
    - after said displaying, transmitting the document across a computing network to an identified destination.
  - 12. The computer program product of claim 9, wherein the one encryption key and the two encryption keys comprise a same encryption key.
  - 13. The computer program product of claim 9, said method further comprising:
    - before said encrypting the first section, adding the defined character string to the first section.
  - 14. The computer program product of claim 9, said method further comprising:
    - detecting a third section of a document, said first section having been selected and marked for encryption; and
      
      encrypting the third section with three different encryption keys, wherein the third section is not embedded in any other section of the document that has been encrypted and/or marked for encryption.
  - 15. The computer program product of claim 9, said method further comprising:
    - ascertaining that an employee has satisfied requirements of;
      
      providing said one encryption key, providing a name of the employee, providing an employee number of the employee, and providing an identification of the first section; and
      
      in response to said ascertaining, enabling the employee to access the first section of the document.
  - 16. The computer program product of claim 9, said first section consisting of text, said method further comprising:
    - after said encrypting the first section and said encrypting the second section, displaying the document with the encrypted first section being displayed with the text being blanked out and with diagonal red lines drawn under the blanked out text.

17. A computer program product, comprising a computer readable storage device containing instructions that, upon being executed by a processor of a data processing system, implement a method for selective encryption within a document, said method comprising:
- detecting a document encryption request;
  
  activating a document encryption routine;
  
  accessing a proposed document for encryption and tagging one or more sections of the proposed document as designated for encryption;
  
  encrypting the tagged sections with multiple encryption keys;
  
  extracting the plain text version of each encrypted sections from the document;
  
  marking locations in the document where the extracted sections were located;
  
  storing a copy of each encrypted section of the document for each key used in the encryption process, extracted sections from the document in an appendix attached to the document;
  
  receiving a request to access an encrypted section of the document;
  
  determining whether a received decryption key for the encrypted section of the document for which the access request was made is proper for that encrypted section, by selecting one of the encrypted copies of the document, selecting a key and attempting to decrypt the selected encrypted copies with the selected key by determining if a defined character string is in the selected copy of the encrypted section;
  
  when the determination is that the received decryption key is proper, retrieving and decrypting the section of the document for which the access request was made; and
  
  displaying the decrypted section of the document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Forlenza, Randolph Michael, Berstis, Viktors
Primary Examiner(s)
Henning; Matthew T

Application Number

US12/135,321
Publication Number

US 20080270807A1
Time in Patent Office

1,023 Days
Field of Search

713/193, 713/166
US Class Current

713/193
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2149   Restricted operating enviro...

H04L 2209/60   Digital content management,...

H04L 9/088   Usage controlling of secret...

H04L 9/14   using a plurality of keys o...

Method for selective encryption within documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method for selective encryption within documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links