Method and apparatus for transitioning between states of security policies used to secure electronic documents

US 8,739,302 B2
Filed: 02/24/2012
Issued: 05/27/2014
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transitioning from a previous state to a next state in accordance with a security policy;

retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state;

producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and

re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods.

671 Citations

18 Claims

1. A method comprising:
- transitioning from a previous state to a next state in accordance with a security policy;
  
  retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state;
  
  producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and
  
  re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - receiving an event; and
      
      determining whether the event causes the transitioning.
  - 3. The method of claim 2, wherein the event is an external event originating from outside of a file security system.
  - 4. The method of claim 1, wherein additional states each have different access restrictions when applied to the secured document.
  - 5. The method of claim 1, wherein producing the decrypted file key comprises:
    - obtaining a decryption key corresponding, to the previous state; and
      
      decrypting the file key encrypted by the first encryption using the decryption key.
  - 6. The method of claim 1, wherein re-encrypting the decrypted file key comprises:
    - obtaining an encryption key corresponding to the next state; and
      
      encrypting the decrypted file key with the second encryption using the encryption key.

7. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations comprising:
- transitioning from a previous state to a next state in accordance with a security policy;
  
  retrieving, responsive to the transitioning, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state;
  
  producing a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document; and
  
  re-encrypting the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage device of claim 7, the operations further comprising:
    - receiving an event; and
      
      determining whether the event causes the transitioning.
  - 9. The computer-readable storage device of claim 8, wherein the event is an external event originating from outside of a file security system.
  - 10. The computer-readable storage device of claim 7, wherein additional states each have different access restrictions when applied to the secured document.
  - 11. The computer-readable storage device of claim 7, wherein producing the decrypted file key comprises:
    - obtaining a decryption key corresponding to the previous state; and
      
      decrypting the file key encrypted by the first encryption using the decryption key.
  - 12. The computer-readable storage device of claim 7, wherein re-encrypting the decrypted file key comprises:
    - obtaining an encryption key corresponding to the next state; and
      
      encrypting the decrypted file key with the second encryption using the encryption key.

13. A system comprising:
- a memory configured to store a state machine, wherein the state machine is configured to;
  
  transition from a previous state to a next state in accordance with a security policy;
  
  retrieve, responsive to the transition, a file key from a security information portion of a secured document, wherein the file key is encrypted by a first encryption in accordance with the previous state,produce a decrypted file key, wherein producing the decrypted file key comprises decrypting the file key encrypted by the first encryption, wherein the decrypted file key is usable to decrypt an encrypted data portion of the secured document, andre-encrypt the decrypted file key with a second encryption in accordance with the next state, wherein the first encryption and the second encryption are different; and
  
  one or more processors configured to process the state machine.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the state machine is further configured to receive an event and determine whether the event causes the transition.
  - 15. The system of claim 14, wherein the event is an external event originating from outside of a file security system.
  - 16. The system of claim 13, wherein additional states each have different access restrictions when applied to the secured document.
  - 17. The system of claim 13, wherein the state machine is further configured to produce the decrypted file key by obtaining a decryption key corresponding to the previous state and decrypting the file key encrypted by the first encryption using the decryption key.
  - 18. The system of claim 13, wherein the state machine is further configured to re-encrypt the decrypted file key by obtaining an encryption key corresponding to the next state and encrypting the decrypted file key with the second encryption using the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Vainstein, Klimenty, Nath, Satyajit, Ouye, Michael Michio
Primary Examiner(s)
Zee, Edward

Application Number

US13/404,578
Publication Number

US 20120159191A1
Time in Patent Office

823 Days
Field of Search

380/277, 380/280, 380/281, 380/284
US Class Current

726/27
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

Method and apparatus for transitioning between states of security policies used to secure electronic documents

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

671 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for transitioning between states of security policies used to secure electronic documents

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

671 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links