[특허]Method of encrypting information for remote access while maintaining access control

Method of encrypting information for remote access while maintaining access control 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-009/32
출원번호	UP-0936829 (2004-09-09)
등록번호	US-RE41186 (2010-04-23)
발명자 / 주소	Pensak, David A. Cristy, John J. Singles, Steven J.
출원인 / 주소	EMC Corporation
대리인 / 주소	Steptoe & Johnson LLP
인용정보	피인용 횟수 : 3 인용 특허 : 48

초록 ▼

The invention provides for encrypting electronic information such as a document so that only users with permission may access the document in decrypted form. The process of encrypting the information includes selecting a set of policies as to who may access the information and under what conditions. A remote server stores a unique identifier for the information and associates an encryption/decryption key pair and access policies with the information. Software components residing on the author's computer retrieve the encryption key from the remote server, encrypt the information, and store the encrypted information at a location chosen by the author. A user wishing to access the information acquires the encrypted information electronically. Software components residing on the viewing user's computer retrieve the associated decryption key and policies, decrypt the information to the extent authorized by the policies, and immediately delete the decryption key from the viewing user's computer upon decrypting the information and rendering the clear text to the viewing user's computer screen. The software components are also capable of prohibiting functional operations by the viewing user's computer while the clear text is being viewed.

대표청구항 ▼

What is claimed is: 1. A method of controlling distribution of a segment of encrypted electronic information, comprising: receiving, at a user location, a user code and an identification of the segment; transmitting the user code and the identification from the user location to a key server; receiving, at a user location from a key server in response to the user code representing a user authorized to view the segment, a decryption key for the segment and at least one access policy associated with the segment; decrypting the segment with the decryption key into clear text in response to said receiving; destroying the decryption key in response to said decrypting; rendering the clear text; limiting access to the clear text consistent with the at least one access policy; and defending the decryption key at the user location when the decryption key is resident at the user location; wherein a processing between and including said receiving the decryption key and said destroying the decryption key occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defending resists capturing of the decryption key during the moment. 2. A method of controlling distribution of a segment of encrypted electronic information, comprising: receiving, at a user location from a key server, a decryption key for the segment; immediately decrypting the segment with the decryption key after said receiving; immediately destroying the decryption key after to said decrypting; and defending the decryption key at the user location when the decryption key is resident at the user location; wherein said receiving, said immediately decrypting and said immediately destroying only permit the decryption key to be resident at the user location for a brief moment in time, and said defending resists capture of the decryption key during the brief moment in time, such that it is difficult to improperly capture the decryption key at the user location. 3. A method of controlling distribution of a segment of encrypted electronic information, comprising: attempting to access the segment at a user location; requesting from the user location to the key server a decryption key for the segment; receiving, at a user location from a key server, a the decryption key for the segment; decrypting the segment with the decryption key in response to said receiving; destroying the decryption key in response to said decrypting; and defending the decryption key at the user location when the decryption key is resident at the user location; wherein processing between and including said receiving and said destroying occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defending resists capture of the decryption key during the moment. 4. A method of controlling distribution of a segment of encrypted electronic information, comprising: receiving, at a user location from a key server, a decryption key for the segment; immediately decrypting the segment into clear text with the decryption key after said receiving; immediately rendering said clear text on a display; immediately destroying the decryption key after one of said decrypting and said rendering; and defending the decryption key at the user location when the decryption key is resident at the user location; wherein said receiving, said immediately decrypting and said immediately destroying only permit the decryption key to be resident at the user location for a brief moment in time, and said defending resists capture of the decryption key during the brief moment in time, such that it is difficult to improperly capture the decryption key at the user location. 5. A method of controlling distribution of a segment of encrypted electronic information, comprising: attempting to access the segment at a user location, including receiving, at a the user location, a user code and an identification of the segment; transmitting, in response to the attempting to access, the user code and the identification to a server; receiving, at a user location from a key server, a decryption key for the segment in response to the user code representing a user authorized to view the segment; decrypting the segment with the decryption key in response to said receiving; destroying the decryption key in response to said decrypting; and defending the decryption key at the user location when the decryption key is resident at the user location; wherein a processing between and including said receiving the decryption key and said destroying the decryption key occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defending resists capturing of the decryption key during the moment. 6. A system for controlling access to a segment of encrypted electronic content, comprising: a computer readable medium containing instructions designed to operate in conjunction with computer hardware and other computer software to: receive, at a user location, a user code and an identification of the segment; transmit the user code and the identification from the user location to a key server; receive, at a user location from a key server in response to the user code representing a user authorized to view the segment, a decryption key for the segment and at least one access policy associated with the segment; decrypt the segment with the decryption key into clear text in response to said receiving; destroy the decryption key in response to said decrypting; render the clear text; limit access to the clear text consistent with the at least one access policy; and defend the decryption key at the user location when the decryption key is resident at the user location; wherein said instructions require that computer processing between and including said receive the decryption key and said destroy the decryption key occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defend the decryption key resists capture of the decryption key during the moment. 7. A system for controlling access to a segment of encrypted electronic content, comprising: a computer readable medium containing instructions designed to operate in conjunction with computer hardware and other computer software to: receive, at a user location from a key server, a decryption key for the segment; immediately decrypt the segment with the decryption key after said receiving; immediately destroy the decryption key after said decrypting; and defend the decryption key at the user location when the decryption key is resident at the user location; wherein the decryption key will only be resident at the user location for a brief moment in time, and said defend the key resists capture of the decryption key during the brief moment in time, such that it is difficult to improperly capture the decryption key at the user location. 8. A system for controlling access to a segment of encrypted electronic content, comprising: a computer readable medium containing instructions designed to operate in conjunction with computer hardware and other computer software to: attempt to access the segment at a user location; request from the user location to the key server a decryption key for the segment; receive, at a user location from a key server, a the decryption key for the segment; decrypt the segment with the decryption key in response to said receiving; destroy the decryption key in response to said decrypting; and defend the decryption key at the user location when the decryption key is resident at the user location; wherein said instructions require computer processing between and including said receive and said destroy to occur with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defend resists capture of the decryption key during the moment. 9. A system for controlling access to a segment of encrypted electronic content, comprising: a computer readable medium containing instructions designed to operate in conjunction with computer hardware and other computer software to: receive, at a user location from a key server, a decryption key for the segment; immediately decrypt the segment into clear text with the decryption key after said receiving; immediately render said clear text on a display; immediately destroy the decryption key in response to one of said decrypting and said rendering; and defend the decryption key at the user location when the decryption key is resident at the user location; wherein the decryption key will only be resident at the user location for a brief moment in time, and said defend resists capture of the decryption key during the brief moment in time, such that it is difficult to improperly capture the decryption key at the user location. 10. A system for controlling access to a segment of encrypted electronic content, comprising: a computer readable medium containing instructions designed to operate in conjunction with computer hardware and other computer software to: receive attempt to access the segment at a user location, including receiving, at a user location, a user code and an identification of the segment; transmit, in response to the attempt to access, the user code and the identification to a server; receive, at a user location from a key server, a decryption key for the segment in response to the user code representing a user authorized to view the segment; decrypt the segment with the decryption key in response to said receiving; destroy the decryption key in response to said decrypting; and defend the decryption key at the user location when the decryption key is resident at the user location; wherein said instructions require that computer processing between and including said receiving the decryption key and said destroying the decryption key occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said defend resists capturing of the decryption key during the moment. 11. A system for controlling distribution of a segment of encrypted electronic information, comprising: means for receiving, at a user location, a user code and an identification of the segment; means for transmitting the user code and the identification of the segment from the user location to a key server; means for receiving, at a user location from a key server in response to the user code representing a user authorized to view the segment, a decryption key for the segment and at least one access policy associated with the segment; means for decrypting the segment with the decryption key into clear text in response to said receiving; means for destroying the decryption key in response to said decrypting; means for rendering the clear text; means for limiting access to the clear text consistent with the at least one access policy; and means for defending the decryption key at the user location when the decryption key is resident at the user location; wherein a time between operations performed by and including said means for receiving the decryption key and said means for destroying the decryption key occurs with sufficient speed such that the decryption key is only resident at the user location for a moment, and said means for defending resists capturing of the decryption key during the moment.

이 특허에 인용된 특허 (48)

Carroll, III, Phillip Patrick; Cormier, Joel Matthew; Smith, Donald Scott; Audi, Richard Francois, Composite energy absorber.
상세보기
Auerbach Joshua Seth (Ridgefield CT) Chow Chee-Seng (Cupertino CA) Kaplan Marc Adam (Katonah NY) Crigler Jeffrey Charles (McLean VA), Creation and distribution of cryptographic envelope.
상세보기
Saito Makoto,JPX, Data management system.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Dillon Douglas M., Deferred billing, broadcast, electronic document distribution system and method.
상세보기
Siebels Johann,DEX ; Schmidt Knut,DEX, Deformable structure for protection of vehicle occupants.
상세보기
Okamoto, Ryuichi; Kozuka, Masayuki; Minami, Masataka; Inoue, Mitsuhiro, Digital data distribution system.
상세보기
Elmer Thomas I. (Sunnyvale CA) Nguyen Tuan T. (Milpitas CA) Lin Rung-Pan (San Jose CA), Encryption of streams of addressed information to be used for program code protection.
상세보기
Ashmead, Michael, Energy-absorbing structures.
상세보기
Schneier Bruce ; Kelsey John M., Event auditing system.
상세보기
Bitzer Thomas N., Honeycomb core with controlled crush properties.
상세보기
Leuchten William E. (Mountain Lake NJ) Kretow Robert P. (Howell NJ), Honeycomb reinforcing sheet for the reinforcement of panels and method of reinforcing panels.
상세보기
Dunn Eric S. (810 Van Dyke La. Belair MD 21014), Impact absorbing armor.
상세보기
Akiyama Ryota (Kawasaki JPX) Hasebe Takayuki (Kawasaki JPX) Yoshioka Makoto (Kawasaki JPX), Information distribution system wherein storage medium storing ciphered information is distributed.
상세보기
Pensak David A. ; Cristy John J. ; Singles Steven J., Information security architecture for encrypting documents for remote access while maintaining access control.
상세보기
Campbell ; Jr. Carl M. (Newtown Square PA), Key management system for on-line communication.
상세보기
Wyman Robert M. (Kirkland WA), License document interchange format for license management system.
상세보기
Deng, Huijie Robert; Wu, Yong Dong, Method and apparatus for digital content copy protection.
상세보기
Cooper Thomas Edward (Louisville CO) Pryor Robert Franklin (Longmont CO), Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy.
상세보기
Akira Yaegashi ; Henry Theo F. Guico, Method and apparatus for secure distribution of information recorded of fixed media.
상세보기
Sachs James ; Pomeroy Thomas W., Method and apparatus for viewing electronic reading materials.
상세보기
Yuval Gideon A. (Mercer Island WA) Ernst Michael (Redmond WA), Method and system for controlling unauthorized access to information distributed to users.
상세보기
Janis Frederick L. (Keller TX), Method and system for providing user access control within a distributed data processing system by the exchange of acces.
상세보기
Schull Jonathan (Haverford PA), Method for encouraging purchase of executable and non-executable software.
상세보기
Finkelstein Louis D. (Wheeling IL) Brown Daniel P. (Elmhurst IL) Puhl Larry C. (Sleepy Hollow IL), Method for key management of point-to-point communications.
상세보기
Williams Thomas H. ; Baggett Claude T., Method for protecting publicly distributed software.
상세보기
David A. Pensak ; John J. Cristy ; Steven J. Singles, Method of encrypting information for remote access while maintaining access control.
상세보기
David A. Pensak ; John J. Cristy ; Steven J. Singles, Method of encrypting information for remote access while maintaining access control.
상세보기
Ronning Joel A., On-line try before you buy software distribution system.
상세보기
Breed David S. (Boonton Township ; Morris County NJ) Shokoohi Ferevdoon (Hackettstown NJ), Padding to reduce injuries in automobile accidents.
상세보기
Martin Euchner DE; Volker Kessler DE, Process for cryptographic code management between a first computer unit and a second computer unit.
상세보기
Hazard, Michel, Process for storage and use of sensitive information in a security module and the associated security module.
상세보기
Dolan George M. (Charlotte NC) Holloway Christopher J. (Woking GB2) Matyas ; Jr. Stephen M. (Poughkeepsie NY), Public key data communications system under control of a portable security device.
상세보기
Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak Rostislaw (Dumfries VA) Wilkins John D. (Somerville VA), Secure cryptographic operations using control vectors generated inside a cryptographic facility.
상세보기
Folmsbee Alan, Secure execution of program instructions provided by network interactions with processor.
상세보기
Weller Peter A. (Holland MI), Side impact protection apparatus.
상세보기
Robert Gregory (Nashua NH) Chase David (Wellesley MA) Schaefer Ronald (Acton MA), Software licensing management system.
상세보기
Mashayekhi Cameron, System and method for automically authenticating a user in a distributed network system.
상세보기
Chen Qilun ; Murphy ; Jr. Thomas Edwin ; Rieth Paul Francis ; Stevens Jeffrey Scott, System and method for building and exchanging encrypted passwords between a client and server.
상세보기
Erickson John S., System and method for managing copyrighted electronic media.
상세보기
Rose John R., System and method for managing try-and-buy usage of application programs.
상세보기
McDonnal William D. ; Lohstroh Shawn ; Grawrock David, System for automatic decryption of file data on a per-use basis and automatic re-encryption within context of multi-thre.
상세보기
Schneck Paul B. ; Abrams Marshall D., System for controlling access and distribution of digital property.
상세보기
Stefik Mark J. (Woodside CA) Casey Michalene M. (Morgan Hill CA), System for controlling the distribution and use of digital works.
상세보기
Slik David,CAX ; Byrne Shannon,CAX, System for distributing digital information.
상세보기
Chen Huey-Shiang ; Chen Mon-Song ; Huang Shiow-Laang ; Song Deyang, System for just-in-time retrieval of multimedia files over computer networks by transmitting data packets at transmissio.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Davis Mark Charles ; Kuehr-McLaren David Gerard ; Powers Calvin Stacy, Systems, methods and computer program products that use an encrypted session for additional password verification.
상세보기

이 특허를 인용한 특허 (3)

Harwood, Jack; Linnell, Thomas E.; Fitzgerald, John T., Methodology for coordinating centralized key management and encryption keys cached through proxied elements.
상세보기
Lazar, Gregory W.; Mogavero, Greg; Hamel, Michael; Wang, Yidong; Chanderia, Prakash; Zhou, Feng; Tidke, Ashwin Ramkrishna, Providing secure access to a set of credentials within a data security mechanism of a data storage system.
상세보기
Mergen, John-Francis, Systems and methods for document control using public key encryption.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Method of encrypting information for remote access while maintaining access control 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (48)

이 특허를 인용한 특허 (3)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Method of encrypting information for remote access while maintaining access control 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (48)

이 특허를 인용한 특허 (3)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트