Physical key for accessing a securely stored digital document

US 20070050696A1
Filed: 08/11/2003
Published: 03/01/2007
Est. Priority Date: 03/31/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for securely storing a document, comprising:

receiving a document;

encrypting the received document using an encryption key;

generating a decryption key for decrypting the document;

storing the encrypted document; and

outputting, on non-electronic media, a physical artifact comprising a representation of the key presentable for decryption.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An incoming document is scanned, encrypted, and stored. A decryption key is generated and output on a physical artifact, such as a printed sheet of paper. The decryption key is not stored in any other location. The physical artifact can later be presented to access, decrypt, and output the stored document. Additional features of some embodiments of the invention include user authentication, key expiry, and watermarking.

177 Citations

View as Search Results

93 Claims

1. A method for securely storing a document, comprising:
- receiving a document;
  
  encrypting the received document using an encryption key;
  
  generating a decryption key for decrypting the document;
  
  storing the encrypted document; and
  
  outputting, on non-electronic media, a physical artifact comprising a representation of the key presentable for decryption.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The method of claim 1, wherein the step of encrypting the received document is performed without creating any persistent copies of the unencrypted document, and wherein the step of generating a key is performed without creating any persistent copies of the key.
  - 3. The method of claim 1, further comprising:
    - destroying any transient electronic copies of the unencrypted document; and
      
      destroying any transient electronic copies of the key.
  - 4. The method of claim 1, wherein the encryption key is identical to the decryption key.
  - 5. The method of claim 1, wherein the encryption key is different from the decryption key.
  - 6. The method of claim 1, wherein receiving a document comprises receiving a collection of files.
  - 7. The method of claim 1, wherein receiving a document comprises:
    - receiving at least one file from a first source; and
      
      receiving at least one file from a second source.
  - 8. The method of claim 7, wherein each of the sources comprises one selected from the group consisting of:
    - a scanner;
      
      a camera;
      
      a memory card;
      
      a storage device;
      
      a facsimile source;
      
      an email source; and
      
      a wireless source.
  - 9. The method of claim 7, wherein receiving a document comprises receiving a document from at least one selected from the group consisting of:
    - a scanner;
      
      a camera;
      
      a memory card;
      
      a storage device;
      
      a facsimile source;
      
      an email source; and
      
      a wireless source.
  - 10. The method of claim 1, further comprising:
    - printing the document.
  - 11. The method of claim 1, wherein outputting the physical artifact comprising the representation of the key comprises printing the representation of the key on a piece of paper.
  - 12. The method of claim 1, wherein outputting the representation of the key comprises printing a bar code representing the key.
  - 13. The method of claim 1, wherein outputting the representation of the key comprises printing a human-readable representation of the key.
  - 14. The method of claim 1, wherein outputting the representation of the key comprises generating a physical artifact comprising the representation of the key.
  - 15. The method of claim 1, further comprising storing a watermark indication for the document.
  - 16. The method of claim 1, further comprising storing an expiry criterion for the decryption key.
  - 17. The method of claim 1, wherein outputting the physical artifact further comprises outputting, on the physical artifact, an expiry criterion for the decryption key.
  - 18. The method of claim 16 or 17, wherein the expiry criterion comprises at least one selected from the group consisting of:
    - a maximum number of uses of the decryption key;
      
      a time period;
      
      a date; and
      
      a time.
  - 19. The method of claim 16 or 17, further comprising:
    - receiving the representation of the key;
      
      responsive to receiving the representation of the key;
      
      determining, based on the expiry criterion, whether the key has expired; and
      
      responsive to non-expiry of the key;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 20. The method of claim 16 or 17, further comprising, responsive to expiration of the decryption key according to the expiry criterion, deleting the encrypted document.
  - 21. The method of claim 1, wherein the physical artifact further comprises a pointer to the encrypted document.
  - 22. The method of claim 21, wherein the pointer is machine-readable.
  - 23. The method of claim 21, wherein the pointer comprises at least one selected from the group consisting of:
    - a filename;
      
      a file identifier;
      
      a uniform resource locator;
      
      a storage location;
      
      an IP address;
      
      a domain name; and
      
      an alias.
  - 24. The method of claim 1, further comprising:
    - receiving the representation of the key; and
      
      responsive to receiving the representation of the key;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 25. The method of claim 24, wherein receiving the representation of the key comprises scanning a physical artifact comprising the representation of the key.
  - 26. The method of claim 24, further comprising storing a watermark indication for the document, and wherein outputting the document comprises outputting the document including the indicated watermark.
  - 27. The method of claim 26, wherein receiving the representation of the key comprising receiving a user identifier, and wherein the indicated watermark identifies the user corresponding to the identifier.
  - 28. The method of claim 1, further comprising:
    - receiving the representation of the key;
      
      receiving a user identifier; and
      
      determining whether the identified user is authorized to receive the document;
      
      responsive to the identified user being authorized to receive the document;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 29. The method of claim 28, wherein receiving the user identifier comprises receiving at least one selected from the group consisting of:
    - a biometric indicator of the user'"'"'s identity; and
      
      user input verifying the user'"'"'s identity.
  - 30. The method of claim 1, further comprising:
    - receiving the representation of the key;
      
      receiving a user identifier; and
      
      responsive to the user identifier, selecting a version of the document from a plurality of versions;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the selected version of the document.
  - 31. The method of claim 30, further comprising, prior to outputting the selected version, generating the selected version by changing at least one characteristic of the retrieved document.

32. A method for securely storing a document, comprising:
- receiving a document;
  
  encrypting the received document using an encryption key;
  
  generating a decryption key for decrypting the document;
  
  generating, from the decryption key, at least two key components combinable to reconstitute the decryption key;
  
  storing the encrypted document;
  
  storing a first subset of the key components, wherein at least one key component is not included in the first subset; and
  
  outputting, on non-electronic media, a physical artifact comprising a representation of a second subset of the key components, wherein at least one key component is not included in the second subset;
  
  wherein each subset comprises at least one key component.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The method of claim 32, further comprising destroying any transient electronic copies of the second subset of the key components.
  - 34. The method of claim 32, further comprising:
    - receiving the representation of the second subset of the key components; and
      
      responsive to receiving the representation of the second subset;
      
      retrieving the stored encrypted document;
      
      retrieving the first subset of the key components;
      
      combining the first subset and the second subset to reconstitute the decryption key;
      
      decrypting the retrieved document using the decryption key; and
      
      outputting the document.
  - 35. The method of claim 32, further comprising storing an expiry criterion for the decryption key.
  - 36. The method of claim 32, wherein outputting the physical artifact further comprises outputting, on the physical artifact, an expiry criterion for the decryption key.
  - 37. The method of claim 35 or 36, further comprising:
    - receiving the representation of the second subset of the key components;
      
      responsive to receiving the representation of the second subset;
      
      determining, based on the expiry criterion, whether the key has expired; and
      
      responsive to non-expiry of the key;
      
      retrieving the stored encrypted document;
      
      retrieving the first subset of the key components;
      
      combining the first subset and the second subset to reconstitute the decryption key;
      
      decrypting the retrieved document using the decryption key; and
      
      outputting the document.
  - 38. The method of claim 35 or 36, further comprising, responsive to expiration of the decryption key according to the expiry criterion:
    - deleting the encrypted document; and
      
      deleting the first subset of the key components.

39. A method for retrieving a stored encrypted document, comprising:
- receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  responsive to receiving the physical artifact, automatically performing the steps of;
  
  retrieving the document from a storage device;
  
  decrypting the retrieved document using the key; and
  
  outputting the decrypted document.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
- - 40. The method of claim 39, wherein the physical artifact comprises a piece of paper.
  - 41. The method of claim 39, wherein receiving a physical artifact comprises scanning a bar code.
  - 42. The method of claim 39, wherein the physical artifact further comprises a pointer to the encrypted document and wherein retrieving the document comprises retrieving the document from a location specified by the pointer.
  - 43. The method of claim 42, wherein the pointer comprises at least one selected from the group consisting of:
    - a filename;
      
      a file identifier;
      
      a uniform resource locator;
      
      a storage location;
      
      an IP address;
      
      a domain name; and
      
      an alias.
  - 44. The method of claim 39, wherein outputting the decrypted document comprises outputting the document including a watermark.
  - 45. The method of claim 44, wherein the watermark is uniquely associated with the physical artifact.
  - 46. The method of claim 44, further comprising receiving a user identifier, and wherein the indicated watermark identifies the user corresponding to the identifier.

47. A method for retrieving a stored encrypted document, comprising:
- receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  receiving a user identifier; and
  
  determining whether the identified user is authorized to receive the document;
  
  responsive to the identified user being authorized to receive the document;
  
  retrieving the stored encrypted document;
  
  decrypting the retrieved document using the key; and
  
  outputting the document.

48. A method for retrieving a stored encrypted document, comprising:
- receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  receiving a user identifier; and
  
  responsive to the user identifier, selecting a version of the document from a plurality of versions;
  
  retrieving the stored encrypted document;
  
  decrypting the retrieved document using the key; and
  
  outputting the selected version of the document.
- View Dependent Claims (49)
- - 49. The method of claim 48, further comprising, prior to outputting the selected version, generating the selected version by changing at least one characteristic of the retrieved document.

50. A computer program product for securely storing a document, comprising:
- a computer-readable medium; and
  
  computer program code, encoded on the medium, for;
  
  receiving a document;
  
  encrypting the received document using an encryption key;
  
  generating a decryption key for decrypting the document;
  
  storing the encrypted document; and
  
  outputting, on non-electronic media, a physical artifact comprising a representation of the key presentable for decryption.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 51. The computer program product of claim 50, wherein the computer program code for receiving a document comprises computer program code for scanning a document.
  - 52. The computer program product of claim 50, wherein the computer program code for receiving a document comprises computer program code for receiving a document from at least one selected from the group consisting of:
    - a scanner;
      
      a camera;
      
      a memory card;
      
      a storage device;
      
      a facsimile source;
      
      an email source; and
      
      a wireless source.
  - 53. The computer program product of claim 50, wherein the computer program code for outputting the physical artifact comprising the representation of the key comprises computer program code for printing the representation of the key on a piece of paper.
  - 54. The computer program product of claim 50, further comprising computer program code for storing a watermark indication for the document.
  - 55. The computer program product of claim 50, further comprising computer program code for storing an expiry criterion for the decryption key.
  - 56. The computer program product of claim 50, wherein the computer program code for outputting the physical artifact further comprises computer program code for outputting, on the physical artifact, an expiry criterion for the decryption key.
  - 57. The computer program product of claim 55 or 56, further comprising:
    - receiving the representation of the key;
      
      responsive to receiving the representation of the key;
      
      determining, based on the expiry criterion, whether the key has expired; and
      
      responsive to non-expiry of the key;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 58. The computer program product of claim 55 or 56, further comprising computer program code for, responsive to expiration of the decryption key according to the expiry criterion, deleting the encrypted document.
  - 59. The computer program product of claim 50, wherein the physical artifact further comprises a pointer to the encrypted document.
  - 60. The computer program product of claim 50, further comprising computer program code for:
    - receiving the representation of the key; and
      
      responsive to receiving the representation of the key;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 61. The computer program product of claim 60, wherein the computer program code for receiving the representation of the key comprises computer program code for scanning a physical artifact comprising the representation of the key.
  - 62. The computer program product of claim 60, further comprising computer program code for storing a watermark indication for the document, and wherein the computer program code for outputting the document comprises computer program code for outputting the document including the indicated watermark.
  - 63. The computer program product of claim 50, further comprising computer program code for:
    - receiving the representation of the key;
      
      receiving a user identifier; and
      
      determining whether the identified user is authorized to receive the document;
      
      responsive to the identified user being authorized to receive the document;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the document.
  - 64. The computer program product of claim 50, further comprising computer program code for:
    - receiving the representation of the key;
      
      receiving a user identifier; and
      
      responsive to the user identifier, selecting a version of the document from a plurality of versions;
      
      retrieving the stored encrypted document;
      
      decrypting the retrieved document using the key; and
      
      outputting the selected version of the document.

65. A computer program product for securely storing a document, comprising:
- a computer-readable medium; and
  
  computer program code, encoded on the medium, for;
  
  receiving a document;
  
  encrypting the received document using an encryption key;
  
  generating a decryption key for decrypting the document;
  
  generating, from the decryption key, at least two key components combinable to reconstitute the decryption key;
  
  storing the encrypted document;
  
  storing a first subset of the key components, wherein at least one key component is not included in the first subset; and
  
  outputting, on non-electronic media, a physical artifact comprising a representation of a second subset of the key components, wherein at least one key component is not included in the second subset;
  
  wherein each subset comprises at least one key component.
- View Dependent Claims (66, 67, 68, 69)
- - 66. The computer program product of claim 65, further comprising computer program code for:
    - receiving the representation of the second subset of the key components; and
      
      responsive to receiving the representation of the second subset;
      
      retrieving the stored encrypted document;
      
      retrieving the first subset of the key components;
      
      combining the first subset and the second subset to reconstitute the decryption key;
      
      decrypting the retrieved document using the decryption key; and
      
      outputting the document.
  - 67. The computer program product of claim 65, further comprising computer program code for storing an expiry criterion for the decryption key.
  - 68. The computer program product of claim 65, wherein the computer program code for outputting the physical artifact further comprises computer program code for outputting, on the physical artifact, an expiry criterion for the decryption key.
  - 69. The computer program product of claim 67 or 68, further comprising computer program code for:
    - receiving the representation of the second subset of the key components;
      
      responsive to receiving the representation of the second subset;
      
      determining, based on the expiry criterion, whether the key has expired; and
      
      responsive to non-expiry of the key;
      
      retrieving the stored encrypted document;
      
      retrieving the first subset of the key components;
      
      combining the first subset and the second subset to reconstitute the decryption key;
      
      decrypting the retrieved document using the decryption key; and
      
      outputting the document.

70. A computer program product for retrieving a stored encrypted document, comprising:
- a computer-readable medium; and
  
  computer program code, encoded on the medium, for;
  
  receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  responsive to receiving the physical artifact, automatically performing the steps of;
  
  retrieving the document from a storage device;
  
  decrypting the retrieved document using the key; and
  
  outputting the decrypted document.
- View Dependent Claims (71)
- - 71. The computer program product of claim 70, wherein the computer program code for outputting the decrypted document comprises computer program code for outputting the document including a watermark.

72. A computer program product for retrieving a stored encrypted document, comprising:
- a computer-readable medium; and
  
  computer program code, encoded on the medium, for;
  
  receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  receiving a user identifier; and
  
  responsive to the user identifier, selecting a version of the document from a plurality of versions;
  
  retrieving the stored encrypted document;
  
  decrypting the retrieved document using the key; and
  
  outputting the selected version of the document.

73. A system for securely storing a document, comprising:
- a document receiving device, for receiving a document;
  
  an document encryptor, coupled to the document receiving device, for encrypting the received document using an encryption key, and for generating a decryption key for decrypting the document;
  
  a storage device, coupled to the document encryptor, for storing the encrypted document; and
  
  an output device, coupled to the document encryptor, for outputting, on non-electronic media, a physical artifact comprising a representation of the key presentable for decryption.
- View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85)
- - 74. The system of claim 73, wherein the document receiving device comprises at least one selected from the group consisting of:
    - a scanner;
      
      a camera;
      
      a memory card;
      
      a storage device;
      
      a facsimile receiver;
      
      an email receiver; and
      
      a wireless receiver.
  - 75. The system of claim 73, wherein the output device comprises a printer, for printing the representation of the key on a piece of paper.
  - 76. The system of claim 73, wherein the storage device stores an expiry criterion for the decryption key.
  - 77. The system of claim 73, wherein the output device outputs, on the physical artifact, an expiry criterion for the decryption key.
  - 78. The system of claim 76 or 77, further comprising:
    - a key receiving device, for receiving the representation of the key;
      
      a processor, coupled to the key receiving device, for determining, based on the expiry criterion, whether the key has expired;
      
      a document retriever, coupled to the processor, for, responsive to the processor determining that the key has not expired, retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for, responsive to the processor determining that the key has not expired, decrypting the retrieved document using the key; and
      
      a document output device, coupled to the document decryptor, for, responsive to the processor determining that the key has not expired, outputting the document.
  - 79. The system of claim 76 or 77, wherein, responsive to expiration of the decryption key according to the expiry criterion, the storage device deletes the encrypted document.
  - 80. The system of claim 73, wherein the physical artifact further comprises a pointer to the encrypted document.
  - 81. The system of claim 73, further comprising:
    - a key receiving device, for receiving the representation of the key;
      
      a document retriever, coupled to the key receiving device, for retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for decrypting the retrieved document using the key; and
      
      a document output device, coupled to the document decryptor, for outputting the document.
  - 82. The system of claim 81, wherein the key receiving device comprises a scanner.
  - 83. The system of claim 81, wherein the storage device stores a watermark indication for the document, and wherein the document output device outputs the document including the indicated watermark.
  - 84. The system of claim 73, further comprising:
    - a key receiving device, for receiving the representation of the key;
      
      a user authenticator, for receiving a user identifier; and
      
      a processor, coupled to the user authenticator, for determining whether the identified user is authorized to receive the document;
      
      a document retriever, coupled to the storage device and to the processor, for, responsive to the identified user being authorized to receive the document, retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for, responsive to the identified user being authorized to receive the document, decrypting the retrieved document using the key; and
      
      a document output device, coupled to the document decryptor, for, responsive to the identified user being authorized to receive the document, outputting the document.
  - 85. The system of claim 73, further comprising:
    - a key receiving device, for receiving the representation of the key;
      
      a user authenticator, for receiving a user identifier; and
      
      a version selector, coupled to the user authenticator, for, responsive to the user identifier, selecting a version of the document from a plurality of versions;
      
      a document retriever, coupled to the storage device and to the version selector, for retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for decrypting the retrieved document using the key; and
      
      a document output device, coupled to the document decryptor, for outputting the document.

86. A system for securely storing a document, comprising:
- a document receiving device, for receiving a document;
  
  an document encryptor, coupled to the document receiving device, for encrypting the received document using an encryption key, and for generating a decryption key for decrypting the document;
  
  a processor, coupled to the document encryptor, for generating, from the decryption key, at least two key components combinable to reconstitute the decryption key;
  
  a storage device, coupled to the document encryptor, for storing the encrypted document; and
  
  a storage device, coupled to the document encryptor, for storing a first subset of the key components, wherein at least one key component is not included in the first subset; and
  
  an output device, coupled to the document encryptor, for outputting, on non-electronic media, a physical artifact comprising a representation of a second subset of the key components, wherein at least one key component is not included in the second subset. wherein each subset comprises at least one key component.
- View Dependent Claims (87, 88, 89, 90)
- - 87. The system of claim 86, further comprising:
    - a key receiving device, for receiving the representation of the second subset of the key components; and
      
      a document retriever, coupled to the key receiving device, for retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for decrypting the retrieved document using a combination of the first subset and the second subset of the decryption key; and
      
      a document output device, coupled to the document decryptor, for outputting the document.
  - 88. The system of claim 86, wherein the storage device further stores an expiry criterion for the decryption key.
  - 89. The system of claim 86, wherein the output device further outputs, on the physical artifact, an expiry criterion for the decryption key.
  - 90. The system of claim 88 or 89, further comprising computer program code for:
    - a key receiving device, for receiving the representation of the second subset of the key components; and
      
      a document retriever, coupled to the key receiving device, for, responsive to non-expiry of the key, retrieving the stored encrypted document from the storage device;
      
      a document decryptor, coupled to the document retriever, for, responsive to non-expiry of the key, decrypting the retrieved document using a combination of the first subset and the second subset of the decryption key; and
      
      a document output device, coupled to the document decryptor, for outputting the document.

91. A system for retrieving a stored encrypted document, comprising:
- a key receiver, for receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  a document retriever, coupled to the key receiver, for retrieving the document from a storage device;
  
  a document decryptor, coupled to the document retriever, for decrypting the retrieved document using the key; and
  
  a document output device, coupled to the document decryptor, for outputting the document.
- View Dependent Claims (92)
- - 92. The system of claim 91, wherein the document output device outputs the document including a watermark.

93. A system for retrieving a stored encrypted document, comprising:
- a key receiver, for receiving a physical artifact comprising a representation of a key for decrypting the document;
  
  a user authenticator, for receiving a user identifier; and
  
  a document version selector, coupled to the user authenticator, for, responsive to the user identifier, selecting a version of the document from a plurality of versions;
  
  a document retriever, coupled to the key receiver, for retrieving the document from a storage device;
  
  a document decryptor, coupled to the document retriever, for decrypting the retrieved document using the key; and
  
  a document output device, coupled to the document decryptor, for outputting the selected version of the document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Piersol, Kurt, Wolff, Gregory

Application Number

US10/639,282
Publication Number

US 20070050696A1
Time in Patent Office

Days
Field of Search
US Class Current

715/210
CPC Class Codes

G06F 21/16   Program or content traceabi...

G06F 21/608   Secure printing

G06F 21/6209   to a single file or object,...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2153   Using hardware token as a s...

Physical key for accessing a securely stored digital document

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

93 Claims

Specification

Use Cases

Quick Links

Others

Physical key for accessing a securely stored digital document

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

93 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others