Document security system that permits external users to gain access to secured files
First Claim
1. A method for releasing a secured document from a document security system, the method comprising:
- receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;
in response to receiving the request;
obtaining a public key associated with the external user;
encrypting the data portion of the secured document using the file key;
encrypting the security information portion of the secured document, including the file key, using the public key associated with the external user;
imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and
releasing the secured document including the encrypted file key to the external user.
5 Assignments
0 Petitions
Accused Products
Abstract
An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.
977 Citations
23 Claims
-
1. A method for releasing a secured document from a document security system, the method comprising:
-
receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion; in response to receiving the request; obtaining a public key associated with the external user; encrypting the data portion of the secured document using the file key; encrypting the security information portion of the secured document, including the file key, using the public key associated with the external user; imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and releasing the secured document including the encrypted file key to the external user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for releasing a secured document to a user affiliated with an organization, the method comprising:
-
receiving, at a document security system associated with the organization, a request from an external user unaffiliated with the organization to release a secured document including a security information portion and a data portion to a user affiliated with the organization, wherein the security information portion includes a file key and access control restrictions pertaining to the data portion; receiving a public key associated with the user of the document security system over a data network; in response to receiving the request; authenticating that the received public key originated from the document security system over the data network; encrypting, using the file key from the security information portion, the data portion of the secured document; encrypting, using the received public key, the security information portion of the secured document, including the file key; imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, a duration, and an extent of access that the user affiliated with the organization is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and releasing the secured document including the encrypted file key to the user of the document security system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory tangible computer-readable medium having instructions stored thereon in a document security system, the instructions comprising:
-
instructions to receive a request from a first user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion; instructions to, in response to receiving the request; obtain a public key associated with the external user; encrypt, using the file key from the security information portion, the data portion of the secured document; encrypt the security information portion of the secured document, including the file key, using the public key associated with the external user; impose the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the ornanization or outside of the organization; and release the secured document including the encrypted file key to the external user. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification