Document security system that permits external users to gain access to secured files
First Claim
Patent Images
1. A system comprising:
- a server comprising an access manager configured to;
restrict access to a file of an organization having an internal user responsive to a request for the file, the file comprising a header portion including an access rule that restricts access to the file, and a content portion encrypted by a file key;
anddetermine whether a partner relationship exists between the organization and an external partner;
a database coupled to the server and configured to store an encryption key for use between the internal user and an the external partner comprising an external user, wherein the access manager is further configured to encrypt the file key, located within security information of the header portion of the file, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner and deny the request in response to determining that the partner relationship does not existing exist; and
an external access server operatively connected to the server and coupled between the server and a data network, the data network configured to allow the external user use of the external access server, wherein the external access server is configured to permit file exchange between the internal user and the external user via the server.
0 Assignments
0 Petitions
Accused Products
Abstract
A system includes a server with an access manager configured to restrict access to files of an organization and maintain at least encryption keys for internal and external users and an external access server connected to the server and coupled between the server and a data network. The data network is configured to allow the external users use of the external access server. The external access server is also configured to permit file exchange between the internal users and the external users via the server.
742 Citations
27 Claims
-
1. A system comprising:
-
a server comprising an access manager configured to; restrict access to a file of an organization having an internal user responsive to a request for the file, the file comprising a header portion including an access rule that restricts access to the file, and a content portion encrypted by a file key;
anddetermine whether a partner relationship exists between the organization and an external partner; a database coupled to the server and configured to store an encryption key for use between the internal user and an the external partner comprising an external user, wherein the access manager is further configured to encrypt the file key, located within security information of the header portion of the file, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner and deny the request in response to determining that the partner relationship does not existing exist; and an external access server operatively connected to the server and coupled between the server and a data network, the data network configured to allow the external user use of the external access server, wherein the external access server is configured to permit file exchange between the internal user and the external user via the server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
maintaining, in a database, an encryption key for use between an organization comprising an internal user and an external partner comprising an external user; receiving, by a server coupled to the database, a request to access a file, the file comprising a header portion including an access rule that restricts access to the filer and a content portion encrypted by a file key; determining whether a partner relationship exists between the organization and the external partner; encrypting the file key, located within security information of the header portion, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner; and denying the request in response to determining that the partner relationship does not existing exist. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device associated with an organization, causes the computing device to perform operations comprising:
-
maintaining an encryption key for use between the organization comprising an internal user and an external partner comprising an external user; receiving a request to access a file at the computing device, the file comprising a header portion including an access rule that restricts access to the file and a content portion encrypted by a file key; determining whether a partner relationship exists between the organization and the external partner; encrypting the file key, located within security information of the header portion, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner; and denying the request in response to determining that the partner relationship does not existing exist. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
a server comprising an access manager configured to restrict access to a file of an organization responsive to a request for the file, the file comprising a header portion including an access rule that restricts access to the file, and a content portion encrypted by a file key; a database coupled to the server and configured to store an encryption key associated with an external user, wherein the access manager is further configured to encrypt the file key, located within security information of the header portion of the file, with the encryption key in response to determining that the encryption key associated with the external user is available and deny the request in response to the encryption key not existing; and an external access server operatively connected to the server and coupled between the server and a data network, the data network configured to allow the external user use of the external access server, wherein the external access server is configured to transmit the file to the external user via the data network. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification