Method and system for securing digital assets using process-driven security policies

US 20050071658A1
Filed: 09/30/2003
Published: 03/31/2005
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for limiting access to electronic documents, said method comprising:

creating a process-driven security policy having a plurality of states, with each of the states having a different set of access restrictions;

associating an identifier to the process-driven security policy; and

making the identifier available to certain of users or groups of users.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy.

Citations

19 Claims

1. A method for limiting access to electronic documents, said method comprising:
- creating a process-driven security policy having a plurality of states, with each of the states having a different set of access restrictions;
  
  associating an identifier to the process-driven security policy; and
  
  making the identifier available to certain of users or groups of users.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as recited in claim 1, wherein the identifier is a classifier.
  - 3. A method as recited in claim 1, wherein the process-driven security policy is provided or part of a document security system.
  - 4. A method as recited in claim 1, wherein said method further comprises:
    - creating an electronic document; and
      
      assigning the identifier to the created electronic document.
  - 5. A method as recited in claim 1, wherein the process-driven security policy is provided or part of a document security system, and wherein said method further comprises:
    - creating a plurality of electronic documents; and
      
      assigning the identifier to each of the created electronic documents.

6. A method for imposing access restrictions on electronic documents, said method comprising:
- providing at least one process-driven security policy from a server machine to a client machine, the process-driven security policy having a plurality of states associated therewith; and
  
  associating the electronic document with at least one of the states of the process-driven security policy to impose access restrictions on an electronic document, the access restrictions being dependent on the at least one of the states of the process-driven security policy.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. A method as recited in claim 6, wherein said method further comprises:
    - subsequently changing the state of the process-driven security policy for the electronic document.
  - 8. A method as recited in claim 7, wherein said changing is initiated by a user.
  - 9. A method as recited in claim 7, wherein said changing is automatically performed based on events that occur at or are received at the client machine.
  - 10. A method as recited in claim 6, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document.
  - 11. A method as recited in claim 6, wherein said method is performed on a document-by-document basis.
  - 12. A method as recited in claim 6, wherein at the client machine, each of a plurality of electronic documents are in one of the states of the process-driven security policy.

13. A computer readable medium including at least computer program code for imposing access restrictions on electronic documents, said computer readable medium comprising:
- computer program code for providing at least one process-driven security policy from a server machine to a client machine, the process-driven security policy having a plurality of states associated therewith; and
  
  computer program code for associating the electronic document with at least one of the states of the process-driven security policy to impose access restrictions on an electronic document, the access restrictions being dependent on the at least one of the states of the process-driven security policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. A computer readable medium as recited in claim 13, wherein said computer readable medium further comprises:
    - computer program code for changing the state of the process-driven security policy for the electronic document.
  - 15. A computer readable medium as recited in claim 14, wherein said computer program code for changing is initiated by a user.
  - 16. A computer readable medium as recited in claim 14, wherein said computer program code for changing is automatically performed based on events that occur at or are received at the client machine.
  - 17. A computer readable medium as recited in claim 13, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document.
  - 18. A computer readable medium as recited in claim 13, wherein the process-driven security policy is imposed on a document-by-document basis.
  - 19. A computer readable medium as recited in claim 13, wherein at the client machine, each of a plurality of electronic documents are in one of the states of the process-driven security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
PSS Systems, Inc. (International Business Machines Corporation)
Inventors
Ouye, Michael Michio, Nath, Satyajit, Vainstein, Klimenty

Granted Patent

US 7,703,140 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/60   Digital content management,...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0833   involving conference or gro...

Method and system for securing digital assets using process-driven security policies

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing digital assets using process-driven security policies

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links