Managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow

US 8,601,276 B2
Filed: 07/27/2011
Issued: 12/03/2013
Est. Priority Date: 07/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) following introduction of the PPCD into a workflow among a plurality of workflow participants, said method comprising:

in a secure content manager,receiving, from a workflow participant of the plurality of workflow participants, a key-map file for a subsequent workflow participant that is to receive the key-map file, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD;

verifying authenticity of the received key-map file;

identifying and authenticating the subsequent workflow participant to receive the PPCD;

accessing a public key of the subsequent workflow participant; and

encrypting, using the public key of the subsequent workflow participant, by a processor, the key map file or a symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager; and

sending the encrypted key-map file to the subsequent workflow participant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow among a plurality of workflow participants, in a secure content manager, from a workflow participant of the plurality of workflow participants, a key-map file for a subsequent workflow participant that is to receive the key-map file is received, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD. In addition, authenticity of the received key-map file is verified, the subsequent workflow participant to receive the PPCD is identified and authenticated, a public key of the subsequent workflow participant is accessed, the key map file or a symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager is encrypted using the public key of the subsequent workflow participant, and the encrypted key-map file is sent to the subsequent workflow participant.

14 Citations

View as Search Results

15 Claims

1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) following introduction of the PPCD into a workflow among a plurality of workflow participants, said method comprising:
- in a secure content manager,receiving, from a workflow participant of the plurality of workflow participants, a key-map file for a subsequent workflow participant that is to receive the key-map file, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD;
  
  verifying authenticity of the received key-map file;
  
  identifying and authenticating the subsequent workflow participant to receive the PPCD;
  
  accessing a public key of the subsequent workflow participant; and
  
  encrypting, using the public key of the subsequent workflow participant, by a processor, the key map file or a symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager; and
  
  sending the encrypted key-map file to the subsequent workflow participant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the key-map file has been encrypted using a public key of the secure content manager prior to receipt of the key-map file by the secure content manager, said method further comprising:
    - decrypting the encrypted key-map file using a private key of the secure content manager following verification of the authenticity of the key-map file.
  - 3. The method according to claim 1, wherein the key-map file for the subsequent workflow participant has been encrypted using the symmetric key and wherein the symmetric key has been encrypted using a public key of the secure content manager prior to receipt of the key-map file by the secure content manager, said method further comprising:
    - decrypting the encrypted symmetric key using a private key of the secure content manager;
      
      wherein accessing the public key of the subsequent workflow participant further comprises establishing a valid and trusted public key for the subsequent participant in response to the subsequent participant being authenticated; and
      
      wherein encrypting the symmetric key or the key-map file further comprises re-encrypting the symmetric key using the valid and trusted public key of the subsequent workflow participant.
  - 4. The method according to claim 3, wherein the encrypted symmetric key is stored in an entry table, said method further comprising:
    - storing the re-encrypted symmetric key in the entrytable.
  - 5. The method according to claim 1, further comprising:
    - signing the encrypted symmetric key or the key-map file using a private signature key of the secure content manager.
  - 6. The method according to claim 1, wherein receiving the key-map file further comprises receiving the key-map file through a web upload by the workflow participant.
  - 7. The method according to claim 1, further comprising a prior key-map file for the workflow participant from which the key-map file for the subsequent workflow participant was received, and wherein the prior key-map file comprises an instruction for the workflow participant to send the key-map file for the subsequent workflow participant to the secure content manager as part of the workflow.
  - 8. The method according to claim 1, further comprising:
    - receiving the PPCD with the key-map file;
      
      incorporating the encrypted symmetric key or the encrypted key-map file into the PPCD; and
      
      sending the PPCD and the encrypted symmetric key or the encrypted key-map file to the subsequent workflow participant.
  - 9. The method according to claim 8, further comprising:
    - at least one of;
      
      storing a copy of the PPCD prior to sending the PPCD to the subsequent workflow participant;
      
      timestamping the PPCD prior to sending the PPCD to the subsequent workflow participant; and
      
      implementing the secure content manager autonomously in response to receipt of the key-map file from the workflow participant.
  - 10. The method according to claim 1, wherein the PPCD comprises a part that is exclusively accessible by the secure content manager, wherein the part contains security compliance rules, said method further comprising:
    - accessing the part; and
      
      comparing the security compliance rules with other information contained in the PPCD to check for compliance with the security compliance rules.

11. A secure content manager for managing access to a secure content-part of a publicly posted composite document (PPCD) following introduction of the PPCD into a workflow among a plurality of workflow participants, said apparatus comprising:
- at least one module to receive, from a workflow participant of the plurality of workflow participants, an encrypted key-map file for a subsequent workflow participant that is to receive the encrypted key-map file, wherein the encrypted key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD, to verify authenticity of the received encrypted key-map file, to identify and authenticate the subsequent workflow participant, to decrypt the encrypted key-map file or an encrypted symmetric key used to encrypt the key-map file in response to the authenticity of the encrypted key-map file being verified, to access a public key of the subsequent workflow participant, to re-encrypt, using the public key of the subsequent workflow participant, the key-map file or the symmetric key used to encrypt the key-map file prior to receipt of the key-map file by the secure content manager, and to send the re-encrypted key-map file to the subsequent workflow participant; and
  
  a processor to implement the at least one module.
- View Dependent Claims (12, 13, 14)
- - 12. The secure content manager according to claim 11, wherein the key-map file has been encrypted using a public key of the secure content manager prior to receipt of the key-map file by the secure content manager, and wherein said at least one module is further to decrypt the encrypted key-map file using a private key of the secure content manager following verification of the authenticity of the key-map file.
  - 13. The secure content manager according to claim 11, wherein the encrypted key-map file for the subsequent workflow participant has been encrypted using the symmetric key and wherein the symmetric key has been encrypted using a public key of the secure content manager prior to receipt of the key-map file by the secure content manager, and wherein the at least one module is further to decrypt the encrypted symmetric key using a private key of the secure content manager, to establish a valid and trusted public key for the subsequent participant in response to the subsequent participant being authenticated, and to re-encrypt the symmetric key using the valid and trusted public key of the subsequent workflow participant.
  - 14. The secure content manager according to claim 11, wherein the at least one module is further to receive the PPCD with the key-map file and to at least one of:
    - store a copy of the PPCD prior to sending the PPCD to the subsequent workflow participant;
      
      timestamp the PPCD prior to sending the PPCD to the subsequent workflow participant;
      
      implement the secure content manager autonomously in response to receipt of the key-map file from the workflow participant; and
      
      check for compliance with security compliance rules.

15. A non-transitory computer readable storage medium on which is embedded a computer program, said computer program implementing a method for managing access to a secure content-part of a publicly posted composite document (PPCD) following introduction of the PPCD into a workflow among a plurality of workflow participants, said computer program comprising a set of instructions to:
- receive, in a secure content manager, from a workflow participant of the plurality of workflow participants, an encrypted key-map file for a subsequent workflow participant that is to receive the key-map file, wherein the key-map file comprises a set of keys to enable the subsequent workflow participant to access the content-part in the PPCD;
  
  verify authenticity of the received key-map file;
  
  decrypt one of the encrypted key-map and an encrypted symmetric key used to encrypt the key-map file using a public key of the secure content manager;
  
  identify and authenticate the subsequent workflow participant to receive the PPCD;
  
  establish a valid and trusted public key for the subsequent workflow participant in response to the subsequent workflow participant being authenticated;
  
  re-encrypt, using the valid and trusted public key of the subsequent workflow participant, the key-map file and a symmetric key used to encrypt the key-map file; and
  
  send the re-encrypted key-map file to the subsequent workflow participant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Simske, Steven J., Balinsky, Helen
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/192,189
Publication Number

US 20130031366A1
Time in Patent Office

860 Days
Field of Search

713168-174, 713182-186, 713/202, 709/225, 709/229, 726 2- 6
US Class Current

713/180
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

Managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Managing access to a secure content-part of a PPCD following introduction of the PPCD into a workflow

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others