Updating and validating documents secured cryptographically

US 8,887,298 B2
Filed: 07/13/2007
Issued: 11/11/2014
Est. Priority Date: 07/13/2007
Status: Active Grant

First Claim

Patent Images

1. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:

accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key;

using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and

using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions.

20 Citations

View as Search Results

33 Claims

1. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
- accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key;
  
  using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and
  
  using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer storage medium of claim 1, further comprising associating the new version of the document with the security data by placing the identifier in the new version of the document.
  - 3. The computer storage medium of claim 1, further comprising changing an access right in conjunction with creating a new version of the document.
  - 4. The computer storage medium of claim 3, wherein changing an access right in conjunction with creating a new version of the document comprises creating new security data and associating the new version of the document with the new security data by placing a new identifier that identifies the new security data in the new version of the document.
  - 5. The computer storage medium of claim 4, wherein changing an access right in conjunction with creating a new version of the document further comprises placing an encrypted new private write key associated with the access right in the new security data, and, wherein using the security data to indicate that the new version was created by the entity by signing the new version using the private write key comprises signing using the new private write key.
  - 6. The computer storage medium of claim 1, further comprising creating new security data and associating the new version of the document with the new security data by placing a new identifier that identifies the new security data in the new version of the document.
  - 7. The computer storage medium of claim 1, wherein the identifier comprises a hash of one or more fields of data included in the security data.
  - 8. The computer storage medium of claim 1, further comprising having another entity provide a signature to be placed in the new version of the document.
  - 9. The computer storage medium of claim 8, wherein the signature provided by the other entity indicates that the new version of the document is to be replicated during file replication activities.
  - 10. The computer storage medium of claim 1, further comprising using the public write key to determine whether the new version of the document was created by an authorized entity.

11. A method implemented at least in part by a computer, the method comprising:
- using a processing unit of the computer, accessing information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
  
  the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;
  
  obtaining data from the field; and
  
  using at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the data from the field comprises an identifier that identifies a prior version of the security data.
  - 13. The method of claim 12, wherein the public key is available from the prior version of the security data.
  - 14. The method of claim 12, wherein the document includes encrypted data that was changed from the previous version of the document.
  - 15. The method of claim 11, wherein the security data includes another field that includes a signature of an observer, the signature of the observer created by a private key corresponding to the observer, further comprising using the signature and a public key corresponding to the observer to determine whether the document was updated by an entity authorized to update the document at a time the document was updated.

16. In a computing environment, an apparatus, comprising:
- a computer comprising;
  
  a document locator operable to access a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key;
  
  a cryptographic component operable to perform cryptographic operations; and
  
  an updating component operable to use the cryptographic component and the encrypted field to authenticate the new version of the document, wherein the updating component is further operable to use the cryptographic component to decrypt the private write key using a key held by the entity and to sign the new version of the document with the private write key.
- View Dependent Claims (17)
- - 17. The apparatus of claim 16, further comprising a validating component operable to determine whether a new version of a document was created by an authorized entity.

18. A method implemented at least in part by a computer, the method comprising:
- accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key;
  
  using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and
  
  using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising changing an access right in conjunction with creating a new version of the document.
  - 20. The method of claim 18, further comprising having another entity provide a signature to be placed in the new version of the document.

21. In a computing environment, an apparatus, comprising:
- a computer comprising;
  
  a document locator that accesses information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key;
  
  a cryptographic component that, using a key held by the entity, decrypts the encrypted private write key to obtain a private write key; and
  
  an updating component that uses the cryptographic component and the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key.
- View Dependent Claims (22, 23)
- - 22. The apparatus of claim 21, wherein the updating component further changes an access right in conjunction with creating the new version of the document.
  - 23. The apparatus of claim 21, wherein another entity provide a signature to be placed in the new version of the document.

24. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
- accessing information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
  
  the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;
  
  obtaining data from the field; and
  
  using at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data.
- View Dependent Claims (25, 26)
- - 25. The computer storage medium of claim 24, wherein the public key is available from the prior version of the security data.
  - 26. The computer storage medium of claim 24, wherein the security data includes another field that includes a signature of an observer, the signature of the observer created by a private key corresponding to the observer, further comprising using the signature and a public key corresponding to the observer to determine whether the document was updated by an entity authorized to update the document at a time the document was updated.

27. In a computing environment, an apparatus, comprising:
- a computer comprising;
  
  a document locator that accesses information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
  
  the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;
  
  a cryptographic component that obtains data from the field; and
  
  a validating component that uses the cryptographic component and at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data.
- View Dependent Claims (28, 29)
- - 28. The apparatus of claim 27, wherein the public key is available from the prior version of the security data.
  - 29. The apparatus of claim 27, wherein the security data includes another field that includes a signature of an observer, the signature of the observer created by a private key corresponding to the observer, the validating component further using the signature and a public key corresponding to the observer to determine whether the document was updated by an entity authorized to update the document at a time the document was updated.

30. A method implemented at least in part by a computer, the method comprising:
- accessing a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key;
  
  authenticating the new version of the document using the encrypted field;
  
  decrypting the private write key using a key held by the entity; and
  
  signing the new version of the document with the private write key.
- View Dependent Claims (31)
- - 31. The method of claim 30, further comprising determining whether a new version of a document was created by an authorized entity.

32. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
- accessing a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key;
  
  authenticating the new version of the document using the encrypted field;
  
  decrypting the private write key using a key held by the entity; and
  
  signing the new version of the document with the private write key.
- View Dependent Claims (33)
- - 33. The computer storage medium of claim 32, further comprising determining whether a new version of a document was created by an authorized entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reid, Colin Wilson
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US11/777,298
Publication Number

US 20090019549A1
Time in Patent Office

2,678 Days
Field of Search

None
US Class Current

726/27
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6209   to a single file or object,...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/088   Usage controlling of secret...

H04L 9/3247   involving digital signatures

Updating and validating documents secured cryptographically

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Updating and validating documents secured cryptographically

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others