Parallel and hierarchical password protection on specific document sections

US 9,773,119 B2
Filed: 02/25/2015
Issued: 09/26/2017
Est. Priority Date: 02/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computerized method performed by one or more processors, the method comprising:

receiving a request to provide access to an electronic file to a user, the electronic file having a plurality of sections, wherein at least two of the sections of the electronic file are encrypted using at least two different hierarchical cryptographic keys, wherein a higher level section is associated with a first level of security clearance and is encrypted using a first hierarchical cryptographic key, wherein a lower level section is associated with a second level of security clearance and is encrypted using a second hierarchical cryptographic key different than the first hierarchical cryptographic key, the second level of security clearance is lower than the first level of security clearance, wherein the second hierarchical cryptographic key is encrypted by the first hierarchical cryptographic key, wherein the first hierarchical cryptographic key is generated based on a first password using a first key generation mechanism, wherein the second hierarchical cryptographic key is generated based on a second password using the first key generation mechanism, and wherein the electronic file is associated with a set of security metadata, the set of security metadata including a set of section definitions and a description of the encryption applied to one or more sections, wherein the set of security metadata is embedded within the electronic file;

generating a third hierarchical cryptographic key in response to receiving a third password from a user requesting access to the electronic file, wherein the third hierarchical cryptographic key is generated based on the third password using the first key generation mechanism;

comparing the third hierarchical cryptographic key to the first hierarchical cryptographic key and the second hierarchical cryptographic key to determine whether the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key or the second hierarchical cryptographic key;

in response to determining the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key, decrypting the higher level section encrypted using the first hierarchical cryptographic key with the third hierarchical cryptographic key;

in response to determining that the second hierarchical cryptographic key is encrypted using the first hierarchical cryptographic key, decrypting the second hierarchical cryptographic key using the third hierarchical cryptographic key;

decrypting the lower level section encrypted using the second cryptographic key with the decrypted second hierarchical cryptographic key; and

in response to decrypting the lower level section, presenting the electronic file at a user interface, the presented electronic file making visible the higher level section and the lower level section.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.

43 Citations

View as Search Results

5 Claims

1. A computerized method performed by one or more processors, the method comprising:
- receiving a request to provide access to an electronic file to a user, the electronic file having a plurality of sections, wherein at least two of the sections of the electronic file are encrypted using at least two different hierarchical cryptographic keys, wherein a higher level section is associated with a first level of security clearance and is encrypted using a first hierarchical cryptographic key, wherein a lower level section is associated with a second level of security clearance and is encrypted using a second hierarchical cryptographic key different than the first hierarchical cryptographic key, the second level of security clearance is lower than the first level of security clearance, wherein the second hierarchical cryptographic key is encrypted by the first hierarchical cryptographic key, wherein the first hierarchical cryptographic key is generated based on a first password using a first key generation mechanism, wherein the second hierarchical cryptographic key is generated based on a second password using the first key generation mechanism, and wherein the electronic file is associated with a set of security metadata, the set of security metadata including a set of section definitions and a description of the encryption applied to one or more sections, wherein the set of security metadata is embedded within the electronic file;
  
  generating a third hierarchical cryptographic key in response to receiving a third password from a user requesting access to the electronic file, wherein the third hierarchical cryptographic key is generated based on the third password using the first key generation mechanism;
  
  comparing the third hierarchical cryptographic key to the first hierarchical cryptographic key and the second hierarchical cryptographic key to determine whether the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key or the second hierarchical cryptographic key;
  
  in response to determining the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key, decrypting the higher level section encrypted using the first hierarchical cryptographic key with the third hierarchical cryptographic key;
  
  in response to determining that the second hierarchical cryptographic key is encrypted using the first hierarchical cryptographic key, decrypting the second hierarchical cryptographic key using the third hierarchical cryptographic key;
  
  decrypting the lower level section encrypted using the second cryptographic key with the decrypted second hierarchical cryptographic key; and
  
  in response to decrypting the lower level section, presenting the electronic file at a user interface, the presented electronic file making visible the higher level section and the lower level section.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising:
    - in response to determining the third hierarchical cryptographic key is identical to the second hierarchical cryptographic key, decrypting the lower level section encrypted using the second hierarchical cryptographic key with the third hierarchical cryptographic key; and
      
      presenting the electronic file at a user interface, the presented electronic file making visible the lower level section and obscuring the higher level section.

3. A non-transitory, computer-readable medium storing computer-readable instructions, the instructions executable by at least one processor and operable when executed to:
- receive a request to provide access to an electronic file to a user, the electronic file having a plurality of sections, wherein at least two of the sections of the electronic file are encrypted using at least two different hierarchical cryptographic keys, wherein a higher level section is associated with a first level in an organizational hierarchy and is encrypted using a first hierarchical cryptographic key, wherein a lower level section is associated with a second level in an organizational hierarchy and is encrypted using a second hierarchical cryptographic key different than the first hierarchical cryptographic key, wherein the second hierarchical cryptographic key is encrypted by the first hierarchical cryptographic key, the second level in the organizational hierarchy is lower than the first level in the organizational hierarchy, wherein the first hierarchical cryptographic key is generated based on a first password using a first key generation mechanism, wherein the second hierarchical cryptographic key is generated based on a second password using the first key generation mechanism, and wherein the electronic file is associated with a set of security metadata, the set of security metadata including a set of section definitions and a description of the encryption applied to one or more sections, wherein the set of security metadata is embedded within the electronic file;
  
  generate a third hierarchical cryptographic key in response to receiving a third password from a user requesting access to the electronic file, wherein the third hierarchical cryptographic key is generated based on the third password using the first key generation mechanism;
  
  compare the third hierarchical cryptographic key to the first hierarchical cryptographic key and the second hierarchical cryptographic key to determine whether the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key or the second hierarchical cryptographic key;
  
  in response to determining the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key, decrypt the higher level section encrypted using the first hierarchical cryptographic key with the third hierarchical cryptographic key;
  
  in response to determining that the second hierarchical cryptographic key is encrypted using the first hierarchical cryptographic key, decrypt the second hierarchical cryptographic key using the third hierarchical cryptographic key;
  
  decrypt the lower level section encrypted using the second cryptographic key with the decrypted second hierarchical cryptographic key; and
  
  in response to decrypting the lower level section, present the electronic file at a user interface, the presented electronic file making visible the higher level section and the lower level section.
- View Dependent Claims (4)
- - 4. The medium of claim 3, the instructions further operable when executed to:
    - in response to determining the third hierarchical cryptographic key is identical to the second hierarchical cryptographic key, decrypt the lower level section encrypted using the second hierarchical cryptographic key with the third hierarchical cryptographic key; and
      
      presenting the electronic file at a user interface, the presented electronic file making visible the lower level section and obscuring the higher level section.

5. A system comprising:
- at least one processor; and
  
  a memory communicatively coupled to the at least one processor, the memory storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising;
  
  receiving a request to provide access to an electronic file to a user, the electronic file having a plurality of sections, wherein at least two of the sections of the electronic file are encrypted using at least two different hierarchical cryptographic keys, wherein a higher level section is associated with a first level of security clearance and is encrypted using a first hierarchical cryptographic key, wherein a lower level section is associated with a second level of security clearance and is encrypted using a second hierarchical cryptographic key different than the first hierarchical cryptographic key, the second level of security clearance is lower than the first level of security clearance, wherein the second hierarchical cryptographic key is encrypted by the first hierarchical cryptographic key, wherein the first hierarchical cryptographic key is generated based on a first password using a first key generation mechanism, wherein the second hierarchical cryptographic key is generated based on a second password using the first key generation mechanism, and wherein the electronic file is associated with a set of security metadata, the set of security metadata including a set of section definitions and a description of the encryption applied to one or more sections, wherein the set of security metadata is embedded within the electronic file;
  
  generating a third hierarchical cryptographic key in response to receiving a third password from a user requesting access to the electronic file, wherein the third hierarchical cryptographic key is generated based on the third password using the first key generation mechanism;
  
  comparing the third hierarchical cryptographic key to the first hierarchical cryptographic key and the second hierarchical cryptographic key to determine whether the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key or the second hierarchical cryptographic key;
  
  in response to determining the third hierarchical cryptographic key is identical to the first hierarchical cryptographic key, decrypting the higher level section encrypted using the first hierarchical cryptographic key with the third hierarchical cryptographic key;
  
  in response to determining that the second hierarchical cryptographic key is encrypted using the first hierarchical cryptographic key, decrypting the second hierarchical cryptographic key using the third hierarchical cryptographic key;
  
  decrypting the lower level section encrypted using the second cryptographic key with the decrypted second hierarchical cryptographic key; and
  
  in response to decrypting the lower level section, presenting the electronic file at a user interface, the presented electronic file making visible the higher level section and the lower level section.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Sinha, Anand, Sheel, Vinay
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GUNDRY, STEPHEN T

Application Number

US14/631,610
Publication Number

US 20160357971A1
Time in Patent Office

944 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/0863   involving passwords or one-...

Parallel and hierarchical password protection on specific document sections

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Parallel and hierarchical password protection on specific document sections

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links