Method and system for business workflow cycle of a composite document

US 8,656,181 B2
Filed: 05/26/2011
Issued: 02/18/2014
Est. Priority Date: 05/26/2011
Status: Active Grant

First Claim

Patent Images

1. A method for creating a secure distribution version of a composite document comprising document parts, the method performed by a computer to perform operations comprising:

creating a serialization having a relational database format, wherein said serialization comprisesa content table comprising for each document part signed and encrypted versions of the document part in association with a respective document part index,for each user a respective signed and encrypted map file comprising in association with respective ones of the document part indices signed and encrypted signature verification and decryption keys for respective ones of the signed and encrypted versions of the document parts according to document part access information associated with the user, andan entry table comprising for each user a respective signed and encrypted index to the respective map file; and

distributing the serialization to a plurality of users according to a workflow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for a business workflow of a composite document are described. An integrity and authenticity of an entry table are identified and verified using a verification key, a map file corresponding to entries in the table are identified using a private user decryption key, signature verification keys and access keys are read from the map file, and authenticity of the map file and the document parts are verified. Following verification, content is delivered to a user for review, update and/or modification of the content, and then is encrypted, signed, and moved along the workflow, normally to the next workflow participant. A secure distribution version of a composite document is created from a master copy by creating a serialization including at least one part of a composite document and at least one user, creating a table listing document parts and associated users, generating encryption and decryption keys, encrypting document parts, applying signatures to encrypted document parts, updating the tables with the signed parts and updating the composite document with the updated tables. A master copy is updated from a secure distribution copy after the distribution copy has completed a workflow and a workflow wrap.

32 Citations

View as Search Results

17 Claims

1. A method for creating a secure distribution version of a composite document comprising document parts, the method performed by a computer to perform operations comprising:
- creating a serialization having a relational database format, wherein said serialization comprisesa content table comprising for each document part signed and encrypted versions of the document part in association with a respective document part index,for each user a respective signed and encrypted map file comprising in association with respective ones of the document part indices signed and encrypted signature verification and decryption keys for respective ones of the signed and encrypted versions of the document parts according to document part access information associated with the user, andan entry table comprising for each user a respective signed and encrypted index to the respective map file; and
  
  distributing the serialization to a plurality of users according to a workflow.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each of said document parts has unique access permissions.
  - 3. The method of claim 2, wherein said access permissions correspond to a plurality of said users.
  - 4. The method of claim 1, wherein said encryption and said decryption keys are symmetric keys.
  - 5. The method of claim 1, wherein said encryption and said decryption keys are asymmetric keys.
  - 6. The method of claim 1, wherein said creating of said serialization and said content table are performed using information from a master copy of said composite document.
  - 7. The method of claim 1, wherein said serialization is a database file.
  - 8. The method of claim 7, wherein said database file is a .pex file.
  - 9. The method of claim 1, wherein the creating comprises producing the content table, wherein the producing comprises encrypting confidential ones of the document parts, obtaining a respective signature for each of the encrypted and other ones of the document parts, and inserting into the content table each of the encrypted and other ones of the document parts in association with the respective signature and a respective document part index.
  - 10. The method of claim 1, wherein the creating comprises generating the map files and the entry table, wherein the generating comprises for each user:
    - generating a respective user encryption key;
      
      for each document part,selecting a set of one or more encryption, decryption, signature, and verification keys associated with the document part according to the document part access information associated with the user,with the respective user encryption key encrypting the selected set of keys together with the respective part identifier of the document part to obtain an encrypted map file element,signing the encrypted map file element to obtain a respective map file element signature, andinserting the encrypted map file element and the respective map file element signature into the respective map file;
      
      with the respective user encryption key encrypting the respective map file together with an index to the respective map file to obtain an entry table element;
      
      signing the entry table element to obtain a respective entry table element signature; and
      
      inserting the encrypted entry table element and the respective entry table element signature into the entry table.

11. A system for document workflow comprising:
- a memory storing processor-readable instructions;
  
  a processor coupled to the memory, operable to execute the instructions, and based at least in part on the execution of the instructions operable to perform operations comprisingcreating a serialization having a relational database format, wherein said serialization comprisesa content table comprising for each document part signed and encrypted versions of the document part in association with a respective document part index,for each user a respective signed and encrypted map file comprising in association with respective ones of the document part indices signed and encrypted signature verification and decryption keys for respective ones of the signed and encrypted versions of the document parts according to document part access information associated with the user, andan entry table comprising for each user a respective signed and encrypted index to the respective map file; and
  
  distributing the serialization to a plurality of users according to a workflow.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein prior to the creating the serialization is generated from a master copy maintained in a secure location.
  - 13. The system of claim 11, further comprising storing the serialization in the memory.
  - 14. The system of claim 13, wherein the plurality of users perform tasks according to a workflow cycle.
  - 15. The system of claim 11, further comprising storing the serialization in a relational database.

16. A non-transitory computer-readable medium having stored thereon instructions which when executed by a processor cause the processor to perform operations comprising:
- creating a secure distribution version of a composite document comprising document parts, wherein the creating comprises creating a serialization having a relational database format, and the serialization comprisesa content table comprising for each document part signed and encrypted versions of the document part in association with a respective document part index,for each user a respective signed and encrypted map file comprising in association with respective ones of the document part indices signed and encrypted signature verification and decryption keys for respective ones of the signed and encrypted versions of the document parts according to document part access information associated with the user, andan entry table comprising for each user a respective signed and encrypted index to the respective map file; and
  
  distributing the serialization to a plurality of users according to workflow.
- View Dependent Claims (17)
- - 17. The non-transitory computer-readable medium of claim 16, further comprising creating said composite document from a master copy stored in a secured environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Balinsky, Helen, Simske, Steven J.
Primary Examiner(s)
Gelagay, Shewaye

Application Number

US13/116,376
Publication Number

US 20120303968A1
Time in Patent Office

999 Days
Field of Search

713/165, 713/189, 726/26, 707/705, 380/285
US Class Current

713/189
CPC Class Codes

G06Q 10/103   Workflow collaboration or p...

H04L 2209/60   Digital content management,...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

Method and system for business workflow cycle of a composite document

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for business workflow cycle of a composite document

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links