Updating and validating documents secured cryptographically
First Claim
1. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
- accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key;
using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and
using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key.
3 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions.
20 Citations
33 Claims
-
1. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
-
accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key; using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method implemented at least in part by a computer, the method comprising:
-
using a processing unit of the computer, accessing information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;obtaining data from the field; and using at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data. - View Dependent Claims (12, 13, 14, 15)
-
-
16. In a computing environment, an apparatus, comprising:
-
a computer comprising; a document locator operable to access a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key; a cryptographic component operable to perform cryptographic operations; and an updating component operable to use the cryptographic component and the encrypted field to authenticate the new version of the document, wherein the updating component is further operable to use the cryptographic component to decrypt the private write key using a key held by the entity and to sign the new version of the document with the private write key. - View Dependent Claims (17)
-
-
18. A method implemented at least in part by a computer, the method comprising:
-
accessing information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key; using a key held by the entity, decrypting the encrypted private write key to obtain a private write key; and using the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key. - View Dependent Claims (19, 20)
-
-
21. In a computing environment, an apparatus, comprising:
-
a computer comprising; a document locator that accesses information of a new version of a document that includes encrypted data, the document including an identifier that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising an encrypted private write key, the security data further comprising a public write key that corresponds to the encrypted private write key; a cryptographic component that, using a key held by the entity, decrypts the encrypted private write key to obtain a private write key; and an updating component that uses the cryptographic component and the security data to indicate that the new version of the document was created by the entity by signing the new version using the private write key. - View Dependent Claims (22, 23)
-
-
24. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
-
accessing information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;obtaining data from the field; and using at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data. - View Dependent Claims (25, 26)
-
-
27. In a computing environment, an apparatus, comprising:
-
a computer comprising; a document locator that accesses information of a document that identifies security data associated with the document, the document being an updated version of a previous version of the document, the security data including a field usable to determine whether the document was updated by an authorized entity;
the security data further including an encrypted field comprising an encrypted private write key, the private write key used to sign the security data;a cryptographic component that obtains data from the field; and a validating component that uses the cryptographic component and at least the data to determine whether the document was updated by the authorized entity, wherein the data from the field comprises a public write key that corresponds to the private write key used to sign the security data. - View Dependent Claims (28, 29)
-
-
30. A method implemented at least in part by a computer, the method comprising:
-
accessing a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key; authenticating the new version of the document using the encrypted field; decrypting the private write key using a key held by the entity; and signing the new version of the document with the private write key. - View Dependent Claims (31)
-
-
32. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
-
accessing a new version of a document that includes encrypted data, the document including data that identifies security data associated with the document, the security data including an encrypted field relating to an entity that is authorized to create a new version of the document, the encrypted field comprising a private write key; authenticating the new version of the document using the encrypted field; decrypting the private write key using a key held by the entity; and signing the new version of the document with the private write key. - View Dependent Claims (33)
-
Specification