최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0262218 (2002-09-30) |
등록번호 | US-8176334 (2012-05-08) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 39 인용 특허 : 434 |
An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from ac
An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.
1. A method for releasing a secured document from a document security system, the method comprising: receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an exte
1. A method for releasing a secured document from a document security system, the method comprising: receiving a request from a user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;in response to receiving the request: obtaining a public key associated with the external user;encrypting the data portion of the secured document using the file key;encrypting the security information portion of the secured document, including the file key, using the public key associated with the external user;imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; andreleasing the secured document including the encrypted file key to the external user. 2. The method as recited in claim 1, wherein the document security system restricts access to a plurality of documents, the document security system comprising a key store that stores at least public keys associated with external users, and wherein the obtaining of the public key associated with the external user comprises obtaining the public key from the key store. 3. The method as recited in claim 1, wherein the security information portion of the secured document includes a header comprising the encrypted file key that was used to encrypt the data portion of the secured document. 4. The method as recited in claim 1, wherein the portion of the secured document being encrypted by the public key associated with the external user comprises at least some of the security information portion. 5. The method as recited in claim 1, wherein the external user is in a partner relationship with the organization, and wherein the obtaining is controlled by the partner relationship. 6. The method as recited in claim 1, further comprising: subsequently receiving the secured document at a computing device associated with the external user;retrieving a private key associated with the external user;decrypting at least a portion of the secured document using the private key associated with the external user; andevaluating document level security imposed by the access control restrictions to determine whether the external user gains access to an unsecured version of the secured document. 7. The method as recited in claim 1, wherein obtaining the public key comprises: determining whether the internal user is permitted to receive the public key of the external user; andobtaining the public key associated with the external user in response to determining that the internal user is permitted to receive the public key of the external user. 8. A method for releasing a secured document to a user affiliated with an organization, the method comprising: receiving, at a document security system associated with the organization, a request from an external user unaffiliated with the organization to release a secured document including a security information portion and a data portion to a user affiliated with the organization, wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;receiving a public key associated with the user of the document security system over a data network;in response to receiving the request: authenticating that the received public key originated from the document security system over the data network;encrypting, using the file key from the security information portion, the data portion of the secured document;encrypting, using the received public key, the security information portion of the secured document, including the file key;imposing the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, a duration, and an extent of access that the user affiliated with the organization is granted with respect to the secured document, the location of access being one of within the organization or outside of the organization; andreleasing the secured document including the encrypted file key to the user of the document security system. 9. The method as recited in claim 8, wherein the authenticating relies on a certificate received with the received public key. 10. The method as recited in claim 9, wherein the user of the document security system is a member of the organization. 11. The method as recited in claim 10, wherein the certificate is associated with the organization. 12. The method as recited in claim 8, wherein the external user is in a partner relationship with the organization. 13. The method as recited in claim 8, wherein the releasing of the secured document and the file key to the user of the document security system comprises transmitting the secured document and the file key to the internal user via the data network. 14. The method as recited in claim 13, wherein the data network includes at least a part of the Internet. 15. The method as recited in claim 8, wherein the encrypting operates to encrypt a header of the secured document, the header comprising the file key and wherein the releasing provides the file key within the header of the secured document. 16. The method as recited in claim 15, wherein the header of the secured document is encrypted with the received public key. 17. The method as recited in claim 8, wherein the document security system comprises at least a key store that stores at least public keys for users of the document security system, and wherein the receiving of the public key associated with the user of the document security system comprises receiving the public key associated with the user of the document security system from the key store. 18. A non-transitory tangible computer-readable medium having instructions stored thereon in a document security system, the instructions comprising: instructions to receive a request from a first user affiliated with an organization to release a secured document including a security information portion and a data portion from the document security system, to an external user unaffiliated with the organization, wherein the document security system is associated with the organization, and wherein the security information portion includes a file key and access control restrictions pertaining to the data portion;instructions to, in response to receiving the request: obtain a public key associated with the external user;encrypt, using the file key from the security information portion, the data portion of the secured document;encrypt the security information portion of the secured document, including the file key, using the public key associated with the external user;impose the access control restrictions by including access rules in the security information portion, wherein the access rules are defined in a markup language and limit a type, a location, and an extent of access that the external user is granted with respect to the secured document, the location of access being one of within the ornanization or outside of the organization; andrelease the secured document including the encrypted file key to the external user. 19. The non-transitory tangible computer readable medium as recited in claim 18, wherein the document security system comprises at least a key store that stores at least public keys for the external user, and wherein the obtaining further comprises obtaining the public key from the key store. 20. The non-transitory tangible computer readable medium as recited in claim 18, wherein the instructions to obtain further comprise instructions to obtain the public key associated with the external user from the document security system over a data network. 21. The non-transitory tangible computer readable medium as recited in claim 20, wherein the instructions further comprise: instructions to authenticate that the public key originated from the document security system and was provided to the external user over the data network. 22. The non-transitory tangible computer readable medium as recited in claim 20, wherein the instructions to obtain further comprise instructions to retrieve the public key associated with the external user from a key store within the document security system. 23. The non-transitory tangible computer readable medium as recited in claim 18, wherein the portion of the secured document being encrypted by the public key comprises at least some of the security information portion.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.