Managing access to a secure content-part of a PPCD using a key reset point
First Claim
1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said method comprising:
- determining a key reset point of the secure content-part during a workflow among the workflow participants; and
generating, by the processor, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key,wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key, andwherein the access keys contained in the at least one of the plurality of key-map files that corresponds to the key reset point are to be implemented to verify a signature of the secure content-part using the first verification key, to decrypt the secure content-part using the first decryption key, to re-encrypt the decrypted secure content-part using the second encryption key, and to sign the encrypted secure-content part using the second signature key;
encrypting the plurality of key-map files using respective symmetric keys;
encrypting the symmetric keys using respective public keys of the workflow participants; and
supplying the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method for managing access to a secure content-part of a PPCD, a key reset point of the secure content-part during a workflow among workflow participants is determined. In addition, key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions are generated, in which at least one of the key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, in which the first decryption key does not correspond to the second encryption key, and in which the first verification key does not correspond to the second signature key. In addition, the plurality of key-map files are supplied to at least one of the participants.
-
Citations
15 Claims
-
1. A method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said method comprising:
-
determining a key reset point of the secure content-part during a workflow among the workflow participants; and generating, by the processor, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point and comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key, and wherein the access keys contained in the at least one of the plurality of key-map files that corresponds to the key reset point are to be implemented to verify a signature of the secure content-part using the first verification key, to decrypt the secure content-part using the first decryption key, to re-encrypt the decrypted secure content-part using the second encryption key, and to sign the encrypted secure-content part using the second signature key; encrypting the plurality of key-map files using respective symmetric keys; encrypting the symmetric keys using respective public keys of the workflow participants; and supplying the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said apparatus comprising:
-
a processor; and a hardware memory on which is stored machine readable instructions that cause the processor to; determine a key reset point of the secure-content part during a workflow among the workflow participants to be a key reset point; generate, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point, and wherein the at least one of the plurality of key-map files comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, wherein the first decryption key does not correspond to the second encryption key, and wherein the first verification key does not correspond to the second signature key; encrypt the plurality of key-map files using respective symmetric keys; encrypt the symmetric keys using respective public keys of the workflow participants; incorporate the encrypted plurality of key-map files into the PPCD; and supply the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium on which is embedded a computer program, said computer program implementing a method for managing access to a secure content-part of a publicly posted composite document (PPCD) by workflow participants, said computer program comprising a set of instructions to:
-
determine a key reset point of the secure-content part during a workflow among the workflow participants to be a key reset point; generate, in a secure environment, a plurality of key-map files comprising subsets of access keys that provide access to the secure content-part during respective content access sessions, wherein at least one of the plurality of key-map files corresponds to the key reset point, and wherein the at least one of the plurality of key-map files comprises a first decryption key, a first verification key, a second encryption key, and a second signature key, wherein the first decryption key does not correspond to the second encryption key, wherein the first verification key does not correspond to the second signature key; encrypt the plurality of key-map files using respective symmetric keys; encrypt the symmetric keys using respective public keys of the workflow participants; and supply the PPCD and the plurality of key-map files to at least one of the workflow participants outside of the secure environment without the at least one of the workflow participants being granted access to the secure environment.
-
Specification