Method and system for providing document retention using cryptography
First Claim
1. A method of electronic document retention, comprising:
- assigning a document retention policy to the electronic document, the document retention policy being based on a future event that is unscheduled;
cryptographically associating, by encrypting at least a data portion of the electronic document using a cryptographic key, the document retention policy with the electronic document, wherein the cryptographic key is a document retention key or a key encrypted with the document retention key, and wherein the cryptographic key is protected by a document access policy comprising access rules which provide restrictive access to the cryptographic key and the encrypted data portion of the electronic document by deactivating the cryptographic key at a future time; and
permitting the deactivating to be overridden so that the electronic document can remain accessible even after a document retention period.
13 Assignments
0 Petitions
Accused Products
Abstract
Techniques for utilizing security criteria to implement document retention for electronic documents are disclosed. The security criteria can also limit when, how and where access to the electronic documents is permitted. The security criteria can pertain to keys (or ciphers) used to secure (e.g., encrypt) electronic files (namely, electronic documents), or to unsecure (e.g., decrypt) electronic files already secured. At least a portion of the security criteria can be used to implement document retention, namely, a document retention policy. After a secured electronic document has been retained for the duration of the document retention policy, the associated security criteria becomes no longer available, thus preventing subsequent access to the secured electronic document. In other words, access restrictions on electronic documents can be used to prevent access to electronic documents which are no longer to be retained.
-
Citations
26 Claims
-
1. A method of electronic document retention, comprising:
-
assigning a document retention policy to the electronic document, the document retention policy being based on a future event that is unscheduled; cryptographically associating, by encrypting at least a data portion of the electronic document using a cryptographic key, the document retention policy with the electronic document, wherein the cryptographic key is a document retention key or a key encrypted with the document retention key, and wherein the cryptographic key is protected by a document access policy comprising access rules which provide restrictive access to the cryptographic key and the encrypted data portion of the electronic document by deactivating the cryptographic key at a future time; and permitting the deactivating to be overridden so that the electronic document can remain accessible even after a document retention period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for distributing cryptographic keys used in a file security system, comprising:
-
receiving, at a computing device, a request for a document retention key that is necessary to gain access to a cryptographically secured electronic document; identifying, by the computing device, a document retention period having been cryptographically associated with the secured electronic document by encrypting at least a data portion of the secured electronic using the document retention key, the document retention period being dependent on a future event that was unscheduled when the document retention period was associated with the secured electronic document, wherein the document retention key is protected by a document access policy comprising access rules which provide restrictive access to the document retention key and the encrypted data portion of the secured electronic document by deactivating the document retention key at a future time; determining, by the computing device, whether the document retention period associated with the document retention key has been exceeded; and refusing to distribute the document retention key in response to determining that the document retention period for the electronic document has been exceeded, except a system administrator is allowed access the document retention key by extending the document retention period or setting a new retention period. - View Dependent Claims (14, 15)
-
-
16. A file security system comprising:
-
a processor; a memory having instructions stored thereon, that, in response to execution by the processor, cause the processor to restrict access to electronic files comprising respective encrypted data portions, the instructions comprising; instructions for storing a plurality of cryptographic key pairs in a key store, each of the cryptographic key pairs including a public key and a private key, at least one of the cryptographic key pairs pertaining to a retention policy, the retention policy being dependent on a future event, wherein the cryptographic key pairs are document retention keys or keys encrypted with a document retention key, and wherein the cryptographic key pairs are protected by a document access policy comprising access rules which provide restrictive access to the cryptographic key pairs and the encrypted data portions of the electronic files by deactivating the private keys at a future time; instructions for determining whether the private key of the at least one of the cryptographic key pairs pertaining to the retention policy is permitted to be provided to a requestor based on whether the future event has occurred; and instructions for permitting the private key to be provided to a system administrator even after the future event has occurred, wherein the requestor requires the private key of the at least one of the cryptographic key pairs pertaining to the retention policy to access a secured electronic file, and wherein the secured electronic file was previously cryptographically associated with the retention policy by encrypting at least a data portion of the secured electronic file using the public key of the at least one of the cryptographic key pairs pertaining to the retention policy, and at the time the electronic file was so secured, the future event was unscheduled. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A non-transitory computer readable medium having computer-executable instructions stored thereon for providing data retention for electronic data, the computer-executable instructions comprising:
-
instructions to assign a data retention policy to the electronic data, the data retention policy being based on a future event that is unscheduled; instructions to cryptographically associate, by using a cryptographic key to encrypt at least a data portion of the electronic data, the data retention policy with the electronic data, wherein the cryptographic key is a document retention key or a key encrypted with the document retention key, and wherein the cryptographic key is protected by a document access policy comprising access rules which provide restrictive access to the cryptographic key and the encrypted data portion of the electronic data by deactivating the cryptographic key at a future time; and instructions to permit the deactivating to be overidden so that the electronic document remains accessible even after a document retention period. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification