Method and apparatus for transitioning between states of security policies used to secure electronic documents
First Claim
1. A method comprising:
- transitioning from a previous state to a next state in accordance with a security policy;
retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state;
producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and
re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods.
671 Citations
18 Claims
-
1. A method comprising:
-
transitioning from a previous state to a next state in accordance with a security policy; retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state; producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations comprising:
-
transitioning from a previous state to a next state in accordance with a security policy; retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state; producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a memory configured to store a state machine, wherein the state machine is configured to; transition from a previous state to a next state in accordance with a security policy; retrieve, responsive to the transition, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state, produce a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document, and re-encrypt the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different; and one or more processors configured to process the state machine. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification