Systems and methods for controlling electronic document use

US 9,137,014 B2
Filed: 01/25/2011
Issued: 09/15/2015
Est. Priority Date: 01/25/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

sending, by a server, a plurality of documents to one or more client devices;

receiving, at the server, a request for a document key for accessing a document of the plurality of documents on a client device, wherein the request comprises;

a user identity identifying a requester requesting access to the document; and

information about the document;

determining, at the server, whether access to the document is permitted or revoked;

based on determining that access to the document is permitted and is not revoked;

computing, at the server, the document key using the user identity and using the information about the document, wherein the document key is document specific, wherein, prior to the computing of the document key, the document key is not stored for access by the server, wherein computing the document key comprises using a function that takes as input;

a first value comprising a user key hashed a number of times, a document identifier, and a second value identifying the number of times; and

responding to the request by providing the document key for use in accessing the document on the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One exemplary embodiment involves receiving a request for a document key for accessing a document on a client device. The request comprises a user identity identifying a requester requesting access to the document. The request also comprises information about the document. The exemplary embodiment further involves determining, at the server, whether access to the document by the requester is permitted. And, the exemplary embodiment further involves, if access to the document is permitted computing, at the server, the document key using the user identity and using the information about the document. The document key is document specific and, prior to the computing of the document key, the document key is not stored for access by the server. The exemplary embodiment further involves responding to the request by providing the document key for use in accessing the document on the client device.

46 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- sending, by a server, a plurality of documents to one or more client devices;
  
  receiving, at the server, a request for a document key for accessing a document of the plurality of documents on a client device, wherein the request comprises;
  
  a user identity identifying a requester requesting access to the document; and
  
  information about the document;
  
  determining, at the server, whether access to the document is permitted or revoked;
  
  based on determining that access to the document is permitted and is not revoked;
  
  computing, at the server, the document key using the user identity and using the information about the document, wherein the document key is document specific, wherein, prior to the computing of the document key, the document key is not stored for access by the server, wherein computing the document key comprises using a function that takes as input;
  
  a first value comprising a user key hashed a number of times, a document identifier, and a second value identifying the number of times; and
  
  responding to the request by providing the document key for use in accessing the document on the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein determining whether access to the document by the requester is permitted comprises:
    - identifying, at the server, an access policy associated with the user identity, the access policy specifying access privileges applicable to one or more documents without specifying access privileges specific to individually-identified documents, wherein stored associations between user identities and access policies are accessible at the server.
  - 3. The method of claim 1 wherein computing the document key comprises applying a function to a user key associated with the user identity.
  - 4. The method of claim 1 wherein computing the document key comprises applying a hash function.
  - 5. The method of claim 1 wherein the number of times the user key is hashed depends upon when the document was first encrypted, wherein the number of times for later encrypted documents is less than the number of times for earlier encrypted documents.
  - 6. The method of claim 1 wherein determining whether access to the document is revoked comprises accessing a revocation record identified by the server using the information about the document, and wherein the revocation record is specific to the document.
  - 7. The method of claim 1 wherein determining whether access to the document is revoked comprises accessing a revocation record identified by the server using the information about the document, wherein the revocation record indicates that access to a plurality of documents is revoked.
  - 8. The method of claim 1 wherein the information about the document comprises a category identifier, wherein a single record is stored to specify a category access rule, wherein access to each of a plurality of documents associated with the category identifier is controlled by the category access rule.
  - 9. The method of claim 8 wherein the plurality of documents associated with the category identifier are all associated with a particular time period or location.
  - 10. The method of claim 1 wherein determining whether access to the document is permitted comprises determining whether access to the document has expired using an attribute identifying a date created, wherein the attribute is included in the information about the document.
  - 11. The method of claim 1 wherein a user key is accessed from a database accessible from the server, wherein the user key comprises a unique value associated with the user identity.
  - 12. The method of claim 1 wherein computing the document key comprises using a user key and a document identifier retrieved from the information about the document.
  - 13. The method of claim 1 further comprising:
    - accessing, at the server, a first record and a second record based on the request, the first record permitting access to a plurality of documents based on information about one or more requesters, the second record revoking access to one or more documents of the plurality of documents based on a condition associated with the one or more documents;
      
      wherein determining whether the access to the document is permitted comprises;
      
      determining, at the server, that the first record permits access to the document based on the user identity from the request; and
      
      wherein determining whether the access to the document is revoked comprises;
      
      determining, at the server, that the second record does not revoke access to the document based on a comparison of the information about the document from the request to the condition.
  - 14. The method of claim 1 wherein the document comprises a first portion and a second portion, wherein the first portion comprises the user identity and the information about the document, and wherein the second portion is protected with the document key, and wherein prior to receiving the request for the document key, the server protects the second portion of the document with the document key and sends the document to the client device, wherein protection of only the second portion of the document permits the client device to access the first portion of the document without the document key to generate the request for the document key.
  - 15. The method of claim 1 wherein documents sent to different client devices are protected with different document keys based on different user keys, and wherein documents sent to a same client device are protected with different document keys based on a same user key and different specified periods of time associated with the documents.

16. A system comprising:
- a memory that stores computer-executable instructions; and
  
  a processor configured to access the memory and to execute the computer-executable instructions to;
  
  send a plurality of documents to one or more client devices;
  
  receive a request for a document key for accessing a document of the plurality of documents on a client device, wherein the request comprises;
  
  a user identity identifying a requester requesting access to the document; and
  
  information about the document;
  
  determine whether access to the document is permitted or revoked;
  
  compute the document key using the user identity and using the information about the document, wherein the document key is document specific, wherein, prior to the computing of the document key, the document key is not stored for access, wherein computing the document key comprises using a function that takes as input;
  
  a first value comprising a user key hashed a number of times, a document identifier, and a second value identifying the number of times; and
  
  respond to the request, if access to the document is permitted and not revoked, by providing the document key for use in accessing the document on the client device.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16 wherein determining whether access to the document is permitted comprises:
    - identifying an access policy associated with the user account, the access policy specifying access privileges applicable to one or more documents without specifying access privileges specific to individually-identified documents, wherein stored associations between user accounts and access policies are accessible at the system.
  - 18. The system of claim 16 wherein the number of times the user key is hashed depends upon when the document was first encrypted, wherein the number of times for later encrypted documents is less than the number of times for earlier encrypted documents.
  - 19. The system of claim 16 wherein the information about the document comprises a category identifier, wherein a single record is stored to specify a category access rule, wherein access to each of a plurality of documents associated with the category identifier is controlled by the category access rule.

20. A non-transitory computer-readable medium comprising computer-readable instructions that, when executed on a computing device, cause the computing device to perform operations comprising:
- sending, by the computing device, a plurality of documents to one or more client devices;
  
  receiving, at the computing device, a request for a document key for accessing a document of the plurality of documents on a client device, wherein the request comprises;
  
  a user identity identifying a requester requesting access to the document; and
  
  information about the document;
  
  determining, at the computing device, whether access to the document is permitted or revoked; and
  
  based on determining that access to the document is permitted and not revoked;
  
  computing, at the computing device, the document key using the user identity and using the information about the document, wherein the document key is document specific, wherein, prior to the computing of the document key, the document key is not stored for access by the computing device, wherein computing the document key comprises using a function that takes as input;
  
  a first value comprising a user key hashed a number of times, a document identifier, and a second value identifying the number of times; and
  
  responding to the request by providing the document key for use in accessing the document on the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Systems Incorporated (Adobe Inc.)
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Herbach, Jonathan, Kumar, Dharmendra
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
Zhu, Zhimei

Application Number

US13/013,282
Publication Number

US 20140013111A1
Time in Patent Office

1,694 Days
Field of Search

380/279
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 63/102   Entity profiles

H04L 9/0866   involving user or device id...

Systems and methods for controlling electronic document use

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling electronic document use

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links