Offline access in a document control system
First Claim
1. A computer-implemented method comprising:
- receiving a request from a client to take an action with respect to a first electronic document, the action unrelated to a second electronic document; and
synchronizing offline access information with the client, in response to the request, to pre-authorize the client, to allow actions by a user as a member of a group of users, by sending to the client an update to offline access information retained at the client, the update comprising a first key associated with the group, the first key being useable at the client to access the second electronic document while offline by decrypting a second key in the second electronic document.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques to provide offline access in a document control system. In general, in one implementation, the technique includes: receiving a request from a client, and pre-authorizing the client, in response to the request, to allow actions by a user as a member of a group of users by sending to the client offline access information including a first key associated with the group, the first key being useable at the client to access an electronic document by decrypting a second key in the electronic document. Receiving a request can involve receiving a request from the client to take an action with respect to a second document. The technique can also include verifying the user at the client as an authenticated user, and the offline access information can include user-specific keys, group-specific keys, a policy, and a document revocation list.
152 Citations
66 Claims
-
1. A computer-implemented method comprising:
-
receiving a request from a client to take an action with respect to a first electronic document, the action unrelated to a second electronic document; and synchronizing offline access information with the client, in response to the request, to pre-authorize the client, to allow actions by a user as a member of a group of users, by sending to the client an update to offline access information retained at the client, the update comprising a first key associated with the group, the first key being useable at the client to access the second electronic document while offline by decrypting a second key in the second electronic document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method comprising:
-
receiving a request to take an action with respect to a first electronic document, the action unrelated to a second electronic document; synchronizing offline access information with a document control server in response to the request, when online, to pre-authorize offline access to the second electronic document, the synchronizing comprising receiving an update to offline access information retained locally, the update comprising a first key associated with a group of users of the document control server; and allowing access to the second electronic document, when offline, by performing operations comprising using the first key to decrypt a second key in the second electronic document and governing actions with respect to the second electronic document based on document-permissions information associated with the second electronic document. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented method comprising:
-
encrypting an electronic document; and incorporating into the encrypted electronic document an address of a document control server, document-permissions information, and an encryption key useable in decrypting the encrypted electronic document, the encryption key being encrypted with a key generated by, and associated with a group of users of, the document control server; wherein the encryption key comprises a session key generated by the document control server, encrypting the electronic document comprises encrypting the electronic document using a document key, and incorporating comprises incorporating into the encrypted electronic document a document security payload comprising the document key and the document-permissions information, the document security payload being encrypted using the session key. - View Dependent Claims (20, 21)
-
-
22. A software product tangibly embodied in a machine-readable storage device, the software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
-
receiving a request from a client to take an action with respect to a first electronic document, the request unrelated to a second electronic document; and synchronizing offline access information with the client, in response to the request, to pre-authorize the client, to allow actions by a user as a member of a group of users, by sending to the client an update to offline access information retained at the client, the update comprising a first key associated with the group, the first key being useable at the client to access the second electronic document while offline by decrypting a second key in the second electronic document. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A software product tangibly embodied in a machine-readable storage device, the software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
-
receiving a request to take an action with respect to a first electronic document, the action unrelated to a second electronic document; synchronizing offline access information with a document control server in response to the request, when online, to pre-authorize offline access to the second electronic document, the synchronizing comprising receiving an update to offline access information retained locally, the update comprising a first key associated with a group of users of the document control server; and allowing access to the second electronic document, when offline, by performing operations comprising using the first key to decrypt a second key in the second electronic document and governing actions with respect to the second electronic document based on document-permissions information associated with the second electronic document. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
-
40. A software product tangibly embodied in a machine-readable storage device, the software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
-
encrypting an electronic document; and incorporating into the encrypted electronic document an address of a document control server, document-permissions information, and an encryption key useable in decrypting the encrypted electronic document, the encryption key being encrypted with a key generated by, and associated with a group of users of, the document control server; wherein the encryption key comprises a session key generated by the document control server, encrypting the electronic document comprises encrypting the electronic document using a document key, and incorporating comprises incorporating into the encrypted electronic document a document security payload comprising the document key and the document-permissions information, the document security payload being encrypted using the session key. - View Dependent Claims (41, 42)
-
-
43. A system comprising:
-
a document control server that; receives a client request to take an action with respect to a first electronic document, the client request unrelated to a second electronic document; and synchronizes offline access information with the client in response to the client request, to pre-authorize offline access to the second electronic document by sending an update to the offline access information retained at the client, the update comprising a first key associated with a group, the first key being useable at the client to access the second electronic document by decrypting a second key in the second electronic document; and the client that stores the first key in a memory and allows access to the second electronic document, when offline, by a user as a member of the group, using the first key to decrypt the second key in the second electronic document and governing actions with respect to the second electronic document based on document-permissions information associated with the second electronic document. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A system comprising:
-
server means for receiving client requests to take an action with respect to a first electronic document, the action unrelated to a second electronic document; server means for transparently synchronizing offline access information for the second electronic document in response to the client requests to pre-authorize the client, to allow offline actions by a user as a member of a group of users, by sending to the client an update to offline access information retained at the client, the update comprising a first key associated with the group, the first key being useable at the client to access the second electronic document while offline by decrypting a second key in the second electronic document; and client means for storing the first key in a memory and accessing the second electronic document using the offline access information. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A system comprising:
-
server means for encrypting an electronic document; and server means for incorporating into the encrypted electronic document an address of a document control server, document-permissions information, and an encryption key useable in decrypting the encrypted electronic document, the encryption key being encrypted with a key generated by, and associated with a group of users of, the document control server; wherein the encryption key comprises a session key generated by the document control server, encrypting the electronic document comprises encrypting the electronic document using a document key, and incorporating comprises incorporating into the encrypted electronic document a document security payload comprising the document key and the document-permissions information, the document security payload being encrypted using the session key.
-
Specification