Managing access to a secure content-part of a PPCD using a key reset point

US 8,984,298 B2
Filed: 07/27/2011
Issued: 03/17/2015
Est. Priority Date: 07/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said method comprising:

determining a key reset point of the secure content-part during a workflow among the workflow participants; and

generating, by the processor, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key,wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key, andwherein the access keys contained in the at least one of the plurality of key-map files that corresponds to the key reset point are to be implemented to verify a signature of the secure content-part using the first verification key, to decrypt the secure content-part using the first decryption key, to re-encrypt the decrypted secure content-part using the second encryption key, and to sign the encrypted secure-content part using the second signature key;

encrypting the plurality of key-map files using respective symmetric keys;

encrypting the symmetric keys using respective public keys of the workflow participants; and

supplying the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for managing access to a secure content-part of a PPCD, a key reset point of the secure content-part during a workflow among workflow participants is determined. In addition, key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions are generated, in which at least one of the key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, in which the first decryption key does not correspond to the second encryption key, and in which the first verification key does not correspond to the second signature key. In addition, the plurality of key-map files are supplied to at least one of the participants.

Citations

15 Claims

1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said method comprising:
- determining a key reset point of the secure content-part during a workflow among the workflow participants; and
  
  generating, by the processor, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key,wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key, andwherein the access keys contained in the at least one of the plurality of key-map files that corresponds to the key reset point are to be implemented to verify a signature of the secure content-part using the first verification key, to decrypt the secure content-part using the first decryption key, to re-encrypt the decrypted secure content-part using the second encryption key, and to sign the encrypted secure-content part using the second signature key;
  
  encrypting the plurality of key-map files using respective symmetric keys;
  
  encrypting the symmetric keys using respective public keys of the workflow participants; and
  
  supplying the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising:
    - determining which of the plurality of key-map files corresponds to access to a version of the secure content-part prior to the key reset point; and
      
      wherein generating the plurality of key-map files further comprises generating the key-map file that corresponds to the version of the secure content-part prior to the key reset point to comprise at least one of the encryption key corresponding to the first decryption key and the signature key corresponding to the first verification key.
  - 3. The method according to claim 1, further comprising:
    - determining which of the plurality of key-map files correspond to access to a version of the secure content-part following the key reset point; and
      
      wherein generating the plurality of key-map files further comprises generating at least one of the plurality of key-map files that corresponds to the secure content-part following the key reset point to comprise at least one of a second decryption key and a second verification key, wherein the second decryption key corresponds to the second encryption key and the second verification key corresponds to the second signature key.
  - 4. The method according to claim 1, further comprising:
    - determining that a participant is to have a first access to a version of the secure content-part prior to the key reset point and that the participant is to have a second access to a version of the secure content-part following the key reset point; and
      
      wherein generating the plurality of key-map files further comprises generating a first key-map file for the participant that includes a first set of keys that enables the participant to have the first type of access to the version of the secure content-part prior to the key reset point, wherein the first set of keys are unable to provide the second type of access to the version of the secure content-part following the key reset point.
  - 5. The method according to claim 4, wherein generating the plurality of key-map files further comprises generating a second key-map file for the participant that includes a second set of keys that enables the participant to have the second type of access to the version of the secure content-part following the key reset point, wherein the second set of keys are unable to provide the first type of access to the version of the secure content-part prior to the key reset point.
  - 6. The method according to claim 1, further comprising:
    - determining that a participant is to have a first type of access to a version of the secure content-part prior to the key reset point and that the participant is to have no access to a version of the secure content-part following the key reset point; and
      
      wherein generating the plurality of key-map files further comprises generating a key-map file for the participant that includes a first set of keys that enable the participant to have the first type of access to the version of the secure content-part prior to the key reset point, wherein the first set of keys are unable to provide any access to the version of the secure content-part following the key reset point.
  - 7. The method according to claim 1, further comprising:
    - determining that a participant is to have no access to a version of the secure content-part prior to the key reset point and that the participant is to have a second type of access to a version of the secure content-part following the key reset point; and
      
      wherein generating the plurality of key-map files further comprises generating a first key-map file for the participant that includes a first set of keys that enables the participant to have the second type of access to the version of the secure content-part following the key reset point, wherein the first set of keys are unable to provide any access to the version of the secure content-part prior to the key reset point.
  - 8. The method according to claim 1, further comprising:
    - encrypting the secure content-part using a first encryption key, wherein the first decryption key corresponds to the first encryption key;
      
      signing the secure content-part using a first signature key, wherein the first verification key corresponds to the first signature key; and
      
      incorporating the secure content-part into a document serialization of the PPCD.
  - 9. The method according to claim 1, further comprising:
    - incorporating the encrypted plurality of key-map files into the PPCD.

10. An apparatus for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said apparatus comprising:
- a processor; and
  
  a hardware memory on which is stored machine readable instructions that cause the processor to;
  
  determine a key reset point of the secure-content part during a workflow among the workflow participants to be a key reset point;
  
  generate, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point, and wherein the at least one of the plurality of key-map files comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, wherein the first decryption key does not correspond to the second encryption key, and wherein the first verification key does not correspond to the second signature key;
  
  encrypt the plurality of key-map files using respective symmetric keys;
  
  encrypt the symmetric keys using respective public keys of the workflow participants;
  
  incorporate the encrypted plurality of key-map files into the PPCD; and
  
  supply the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus according to claim 10, wherein the machine readable instructions are further to cause the processor to determine which of the plurality of key-map files correspond to access to a version of the secure content-part following the key reset point and to generate at least one of the plurality of key-map files that corresponds to the secure content-part following the key reset point to comprise at least one of a second decryption key and a second verification key, wherein the second decryption key corresponds to the second encryption key and the second verification key corresponds to the second signature key.
  - 12. The apparatus according to claim 10, wherein the machine readable instructions are further to cause the processor to determine that a participant is to have a first type of access to a version of the secure content-part prior to the key reset point and that the participant is to have a second type of access to a version of the secure content-part following the key reset point and to generate a first key-map file for the participant that includes a first set of keys that enables the participant to have the first type of access to the version of the secure content-part prior to the key reset point, wherein the first set of keys are unable to provide the second type of access to the version of the secure content-part following the key reset point.
  - 13. The apparatus according to claim 10, wherein the machine readable instructions are further to cause the processor to determine that a participant is to have a first type of access to a version of the secure content-part prior to the key reset point and that the participant is to have no access to a version of the secure content-part following the key reset point and to generate a key-map file for the participant that includes a first set of keys that enables the participant to have the first type of access to the version of the secure content-part prior to the key reset point, wherein the first set of keys are unable to provide any access to the version of the secure content-part following the key reset point.
  - 14. The apparatus according to claim 10, wherein the machine readable instructions are further to cause the processor to determine that a participant is to have no access to a version of the secure content-part prior to the key reset point and that the participant is to have a second type of access to a version of the secure content-part following the key reset point and to generate a first key-map file for the participant that includes a first set of keys that enables the participant to have the second type of access to the version of the secure content-part following the key reset point, wherein the first set of keys are unable to provide any access to the version of the secure content-part prior to the key reset point.

15. A non-transitory computer readable storage medium on which is embedded a computer program, said computer program implementing a method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said computer program comprising a set of instructions to:
- determine a key reset point of the secure-content part during a workflow among the workflow participants to be a key reset point;
  
  generate, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point, and wherein the at least one of the plurality of key-map files comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key;
  
  encrypt the plurality of key-map files using respective symmetric keys;
  
  encrypt the symmetric keys using respective public keys of the workflow participants; and
  
  supply the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Balinsky, Helen, Simske, Steven J.
Primary Examiner(s)
EDWARDS, LINGLAN E

Application Number

US13/192,205
Publication Number

US 20130031369A1
Time in Patent Office

1,329 Days
Field of Search

713/168, 713/176, 713/189, 380/277, 726/2, 726/4
US Class Current

713/189
CPC Class Codes

G06F 21/6209 to a single file or object,...

H04L 9/088 Usage controlling of secret...

Managing access to a secure content-part of a PPCD using a key reset point

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Managing access to a secure content-part of a PPCD using a key reset point

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links