Document security system that permits external users to gain access to secured files

US 8,176,334 B2
Filed: 09/30/2002
Issued: 05/08/2012
Est. Priority Date: 09/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for releasing a secured document from a document security system, the method comprising:

receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;

in response to receiving the request;

obtaining a public key associated with the external user;

encrypting the data portion of the secured document using the file key;

encrypting the security information portion of the secured document, including the file key, using the public key associated with the external user;

imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and

releasing the secured document including the encrypted file key to the external user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.

977 Citations

23 Claims

1. A method for releasing a secured document from a document security system, the method comprising:
- receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;
  
  in response to receiving the request;
  
  obtaining a public key associated with the external user;
  
  encrypting the data portion of the secured document using the file key;
  
  encrypting the security information portion of the secured document, including the file key, using the public key associated with the external user;
  
  imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and
  
  releasing the secured document including the encrypted file key to the external user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, wherein the document security system restricts access to a plurality of documents, the document security system comprising a key store that stores at least public keys associated with external users, and wherein the obtaining of the public key associated with the external user comprises obtaining the public key from the key store.
  - 3. The method as recited in claim 1, wherein the security information portion of the secured document includes a header comprising the encrypted file key that was used to encrypt the data portion of the secured document.
  - 4. The method as recited in claim 1, wherein the portion of the secured document being encrypted by the public key associated with the external user comprises at least some of the security information portion.
  - 5. The method as recited in claim 1, wherein the external user is in a partner relationship with the organization, and wherein the obtaining is controlled by the partner relationship.
  - 6. The method as recited in claim 1, further comprising:
    - subsequently receiving the secured document at a computing device associated with the external user;
      
      retrieving a private key associated with the external user;
      
      decrypting at least a portion of the secured document using the private key associated with the external user; and
      
      evaluating document level security imposed by the access control restrictions to determine whether the external user gains access to an unsecured version of the secured document.
  - 7. The method as recited in claim 1, wherein obtaining the public key comprises:
    - determining whether the internal user is permitted to receive the public key of the external user; and
      
      obtaining the public key associated with the external user in response to determining that the internal user is permitted to receive the public key of the external user.

8. A method for releasing a secured document to a user affiliated with an organization, the method comprising:
- receiving, at a document security system associated with the organization, a request from an external user unaffiliated with the organization to release a secured document including a security information portion and a data portion to a user affiliated with the organization, wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;
  
  receiving a public key associated with the user of the document security system over a data network;
  
  in response to receiving the request;
  
  authenticating that the received public key originated from the document security system over the data network;
  
  encrypting, using the file key from the security information portion, the data portion of the secured document;
  
  encrypting, using the received public key, the security information portion of the secured document, including the file key;
  
  imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, a duration, and an extent of access that the user affiliated with the organization is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; and
  
  releasing the secured document including the encrypted file key to the user of the document security system.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The method as recited in claim 8, wherein the authenticating relies on a certificate received with the received public key.
  - 10. The method as recited in claim 9, wherein the user of the document security system is a member of the organization.
  - 11. The method as recited in claim 10, wherein the certificate is associated with the organization.
  - 12. The method as recited in claim 8, wherein the external user is in a partner relationship with the organization.
  - 13. The method as recited in claim 8, wherein the releasing of the secured document and the file key to the user of the document security system comprises transmitting the secured document and the file key to the internal user via the data network.
  - 14. The method as recited in claim 13, wherein the data network includes at least a part of the Internet.
  - 15. The method as recited in claim 8, wherein the encrypting operates to encrypt a header of the secured document, the header comprising the file key and wherein the releasing provides the file key within the header of the secured document.
  - 16. The method as recited in claim 15, wherein the header of the secured document is encrypted with the received public key.
  - 17. The method as recited in claim 8, wherein the document security system comprises at least a key store that stores at least public keys for users of the document security system, and wherein the receiving of the public key associated with the user of the document security system comprises receiving the public key associated with the user of the document security system from the key store.

18. A non-transitory tangible computer-readable medium having instructions stored thereon in a document security system, the instructions comprising:
- instructions to receive a request from a first user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;
  
  instructions to, in response to receiving the request;
  
  obtain a public key associated with the external user;
  
  encrypt, using the file key from the security information portion, the data portion of the secured document;
  
  encrypt the security information portion of the secured document, including the file key, using the public key associated with the external user;
  
  impose the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the ornanization or outside of the organization; and
  
  release the secured document including the encrypted file key to the external user.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The non-transitory tangible computer readable medium as recited in claim 18, wherein the document security system comprises at least a key store that stores at least public keys for the external user, andwherein the obtaining further comprises obtaining the public key from the key store.
  - 20. The non-transitory tangible computer readable medium as recited in claim 18, wherein the instructions to obtain further comprise instructions to obtain the public key associated with the external user from the document security system over a data network.
  - 21. The non-transitory tangible computer readable medium as recited in claim 20, wherein the instructions further comprise:
    - instructions to authenticate that the public key originated from the document security system and was provided to the external user over the data network.
  - 22. The non-transitory tangible computer readable medium as recited in claim 20, wherein the instructions to obtain further comprise instructions to retrieve the public key associated with the external user from a key store within the document security system.
  - 23. The non-transitory tangible computer readable medium as recited in claim 18, wherein the portion of the secured document being encrypted by the public key comprises at least some of the security information portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Vainstein, Klimenty
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
THIAW, CATHERINE B

Application Number

US10/262,218
Publication Number

US 20040064710A1
Time in Patent Office

3,508 Days
Field of Search

713/186, 713/189, 713165-171, 726/30, 726 26- 29, 726 2- 6, 380/279
US Class Current

713/189
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 21/6218 to a system of files or obj...

Document security system that permits external users to gain access to secured files

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

977 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Document security system that permits external users to gain access to secured files

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

977 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links