Document management system and method

US 8,484,477 B2
Filed: 01/30/2011
Issued: 07/09/2013
Est. Priority Date: 01/30/2011
Status: Active Grant

First Claim

Patent Images

1. A document management system, comprising:

a processing device;

a secure authoring tool including computer readable code, embodied on a tangible, non-transitory, computer readable medium, the code being executable by the processing device, the secure authoring tool including at least one of a number generator or a secure controller;

a document generated using the secure authoring tool, the document including a map-file for each of a plurality of participants in a workflow of the document, each map-file providing differential access for a respective one of the plurality of participants;

i) corresponding, randomly generated nonces;

or ii) complementary workflow assurance tokens;

or iii) both i and ii distributed within the respective map-files of neighboring participants by the number generator or the secure controller, wherein;

a) a first of the nonces is provided in the map-file of a sending one of the neighboring participants, a second of the nonces is provided in the map-file of a receiving one of the neighboring participants, and the first and second nonces are identical;

orb) the complementary workflow assurance tokens include a pair of specially generated signature and verification keys, the specially generated signature key is provided in the map-file of a receiving one of the neighboring participants, and the specially generated verification key is provided in the map-file of a sending one of the neighboring participants;

orc) both a and b;

a private key that recovers at least one of the second nonce or the specially generated signature key; and

a communication mechanism enabling transmission of at least one of the recovered second nonce or a signature generated by the receiving one of the neighboring participants using the recovered specially generated signature key to a sending one of the neighboring participants for verification using at least one of the first nonce or the specially generated verification key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A document management system includes a number generator and/or a secure controller, and a document. The document includes a map-file for each participant in a workflow of the document. Corresponding, randomly generated nonces and/or complementary workflow assurance tokens are distributed within the respective map-files of neighboring participants by the number generator or the secure controller. The system includes a private key that recovers the respective corresponding, randomly generated nonce of a receiving one of the neighboring participants and/or the respective complementary workflow assurance token of the receiving one of the neighboring participants. A communication mechanism enables transmission of the recovered corresponding, randomly generated nonce of the receiving one of the neighboring participants or a signature generated by the receiving one of the neighboring participants to a sending one of the neighboring participants for verification.

Citations

20 Claims

1. A document management system, comprising:
- a processing device;
  
  a secure authoring tool including computer readable code, embodied on a tangible, non-transitory, computer readable medium, the code being executable by the processing device, the secure authoring tool including at least one of a number generator or a secure controller;
  
  a document generated using the secure authoring tool, the document including a map-file for each of a plurality of participants in a workflow of the document, each map-file providing differential access for a respective one of the plurality of participants;
  
  i) corresponding, randomly generated nonces;
  
  or ii) complementary workflow assurance tokens;
  
  or iii) both i and ii distributed within the respective map-files of neighboring participants by the number generator or the secure controller, wherein;
  
  a) a first of the nonces is provided in the map-file of a sending one of the neighboring participants, a second of the nonces is provided in the map-file of a receiving one of the neighboring participants, and the first and second nonces are identical;
  
  orb) the complementary workflow assurance tokens include a pair of specially generated signature and verification keys, the specially generated signature key is provided in the map-file of a receiving one of the neighboring participants, and the specially generated verification key is provided in the map-file of a sending one of the neighboring participants;
  
  orc) both a and b;
  
  a private key that recovers at least one of the second nonce or the specially generated signature key; and
  
  a communication mechanism enabling transmission of at least one of the recovered second nonce or a signature generated by the receiving one of the neighboring participants using the recovered specially generated signature key to a sending one of the neighboring participants for verification using at least one of the first nonce or the specially generated verification key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The document management system as defined in claim 1 wherein the transmitted, recovered second nonce forms a traceable and verifiable log within the document.
  - 3. The document management system as defined in claim 2 wherein:
    - the workflow includes a plurality of receiving participants;
      
      a respective plurality of the second nonces of the plurality of receiving participants are recovered along the workflow; and
      
      the plurality of recovered second nonces form the traceable and verifiable log.
  - 4. The document management system as defined in claim 2, further comprising a record in the log including an entry including the transmitted, recovered second nonce and a corresponding version of the composite document.
  - 5. The document management system as defined in claim 1 wherein both the corresponding, randomly generated nonces and the complementary workflow assurance tokens are distributed within the respective map-files of the neighboring participants.
  - 6. The document management system as defined in claim 1, further comprising an executable file embedded in the document prior to its transmission.
  - 7. The document management system as defined in claim 1 wherein the communication mechanism is a network, a compact disc, a universal serial bus (USB), or a shared drive.
  - 8. The document management system as defined in claim 1, further comprising a public-posting system that supports the document.
  - 9. The document management system as defined in claim 8 wherein the public-posting system is a cloud computing system.
  - 10. The document management system as defined in claim 1 wherein the private key is to identify a corresponding entry in an entry table which enables the receiving one of the neighboring participants to recover a map-file name and a map-file decryption key for the map-file of the receiving one of the neighboring participants, and wherein the map-file name and the map-file decryption key are to respectively identify and decrypt the map-file of the receiving one of the neighboring participants to recover the at least one of the second nonce or the specially generated signature key.

11. A document management method, comprising:
- distributing at least one of corresponding, randomly generated nonces or complementary workflow assurance tokens within respective map-files of a document, wherein the respective map-files are of neighboring participants in a workflow of the document, wherein the distributing is accomplished by a number generator or a secure controller of a secure authoring tool including computer readable code, embodied on a tangible, non-transitory, computer readable medium, the code being executable by a processing device, and wherein the distributing includes;
  
  a) providing a first of the nonces in the map-file of a sending one of the neighboring participants and a second of the nonces in the map-file of a receiving one of the neighboring participants, wherein the first and second nonces are identical;
  
  orb) providing the complementary workflow assurance tokens as a pair of specially generated signature and verification keys such that the specially generated signature key is provided in the map-file of a receiving one of the neighboring participants and the specially generated verification key is provided in the map-file of a sending one of the neighboring participants;
  
  orc) both a and b;
  
  receiving the document at a receiving one of the neighboring participants;
  
  recovering at least one of the second nonce of the receiving one of the neighboring participants or the specially generated signature key of the receiving one of the neighboring participants; and
  
  transmitting at least one of the recovered second nonce or a signature generated by the receiving one of the neighboring participants using the recovered specially generated signature key to the sending one of the neighboring participants for verification using at least one of the first nonce or the specially generated verification key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The document management method as defined in claim 11 wherein prior to transmitting, the method further comprises generating the signature using the recovered specially generated signature key.
  - 13. The method as defined in claim 11, further comprising generating a traceable and verifiable log within the document using the transmitted, recovered second nonce.
  - 14. The method as defined in claim 13, further comprising:
    - receiving the recovered second nonce of the receiving one of the neighboring participants;
      
      transmitting an acknowledgement signature of the sending one of the neighboring participants to the receiving one of the neighboring participants; and
      
      incorporating the acknowledgement signature in the traceable and verifiable log.
  - 15. The method as defined in claim 11, further comprising embedding an executable file in the document prior to its transmission.
  - 16. The method as defined in claim 11 wherein the transmitting is accomplished via a network, a compact disc, a universal serial bus (USB), or a shared drive.
  - 17. The method as defined in claim 11 wherein:
    - both the corresponding, randomly generated nonces and the complementary workflow assurance tokens are distributed within the respective map-files of the document;
      
      both the second nonce of the receiving one of the neighboring participants and the specially generated signature key of the receiving one of the neighboring participants are recovered; and
      
      both the second nonce of the receiving one of the neighboring participants and the signature generated by the receiving one of the neighboring participants are transmitted to the sending one of the neighboring participants.
  - 18. The method as defined in claim 11 wherein prior to the distributing of the corresponding, randomly generated nonces, the method further includes generating the corresponding, randomly generated nonces via a number generator.
  - 19. The method as defined in claim 11 wherein prior to the distributing of the complementary workflow assurance tokens, the method further includes generating the complementary workflow assurance tokens via a secure controller.
  - 20. The method as defined in claim 11 wherein recovering the at least one of the second nonce or the specially generated signature key includes:
    - using a private decryption key to identify, in an entry table, an entry corresponding to the receiving one of the neighboring participants;
      
      from the entry, recovering a map-file name and a map-file decryption key generated for the receiving one of the neighboring participants;
      
      using the map-file name to identify the map-file of the receiving one of the neighboring participants; and
      
      decrypting the map-file of the receiving one of the neighboring participants.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Balinsky, Helen, Simske, Steven J.
Primary Examiner(s)
Hwa, Shyue Jiunn

Application Number

US13/017,032
Publication Number

US 20120198237A1
Time in Patent Office

891 Days
Field of Search

707/822, 713/176
US Class Current

713/176
CPC Class Codes

H04L 9/0827   involving distinctive inter...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Document management system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Document management system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links