EP1374009A2 - Multiple encryption of a single document providing multiple level access privileges - Google Patents
Multiple encryption of a single document providing multiple level access privilegesInfo
- Publication number
- EP1374009A2 EP1374009A2 EP01945301A EP01945301A EP1374009A2 EP 1374009 A2 EP1374009 A2 EP 1374009A2 EP 01945301 A EP01945301 A EP 01945301A EP 01945301 A EP01945301 A EP 01945301A EP 1374009 A2 EP1374009 A2 EP 1374009A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- document
- key
- keys
- encrypted
- encrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
A method and system for selectively encrypting and decrypting different sections of a document provides different access levels in a technique employing different keys. The documents may be encrypted at a document section level ('section' here used according to its general meaning) and uses a different set of encryption keys for each section. A user A with an access level 1 may access only those section encoded with access level 1 plus unencoded sections. An application example of this technique is in hospitals. A patients records may each be segmented into separately-encrypted portions giving access to nurses for only suitable material while giving broader access to doctors. The nurse would be provided with his/her access level private key to gain access to those parts of the document for which nurses have rights. There could also be a level to which only the primary care physician or health care proxy has access.
Description
Multiple encryption of a single document providing multiple level access privileges BACKGROUND OF THE INVENTION FIELD OF THE INVENTION The invention relates to document encryption and access restrictions on documents and more particularly to the encryption of each portion of a document such that access rights to respective portions may be obtained with corresponding keys. BACKGROUND Various kinds of document access protection are known. In one example, EP 0 848 314 Al for DOCUMENT SECURITY SYSTEM AND METHOD only documents to which the user has rights are generated from a database. Varying security levels are provided. Another system described in US Patent No. 5,052,040 for MULTIPLE USER STORED DATA CRYPTOGRAPHIC LABELING SYSTEM AND METHOD permits different users to utilize the same files. The system exploits an extension of the file label which contains configuration capabilities and user rights and privileges. The separate user rights and privileges in this case relate to the entire document such as read only, read and write, deletion, etc. The document is encrypted. Another prior art system is described in US Patent No. 6,011,847 for CRYPTOGRAPHIC ACCESS AND LABELING SYSTEM. In this system, encryption and decryption of files uses a relational key generated by the system. A computer program also generates a series of labels that are encrypted and appended as a trailer to the encrypted message. The encrypted labels provide a history behind the particular encryption and they can be individually selected, separated, and decrypted from the total file. An access control module provides access to an encryption portion of the document to users with passphrases by comparing a generated vector or key with a partially decrypted version of a second vector or key stored on a portable storage medium such as a floppy disk. In response, a main key can be generated to encrypt or decrypt the labels. The latter system is mainly concerned with adding descriptive labels to the end of an encrypted document and contains a key exchange method for passing the decryption key between a server and a client. Other prior art systems and methods are known, but none contain a very convenient, robust, and straightforward method for encryption-protection of different parts of a document based on access privileges. SUMMARY OF THE INVENTION A method and system for selectively encrypting and decrypting different sections of a document provides different access levels in a technique employing different keys. The documents may be encrypted at a document section level ("section"here used according to its general meaning) and uses a different set of encryption keys for each section. A user A with an access level 1 may access only those sections encoded with access level 1 plus unencoded sections. An application example of this technique is in hospitals. A patients records may each be segmented into separately-encrypted portions giving access to nurses for only suitable material while giving broader access to doctors. Thus, this example illustrates access control to information contained inside a document based on pre-defined roles accepted within a specific environment. The nurse would be provided with an access level key based on the access control rules defined by the hospital. Such key would allow the nurse to gain access to those parts of the document for which nurses have rights. There could also be a level to which only the primary care physician or health care proxy has access. A method for distributing keys is also provided. This method utilizes a key box which is created for holding keys used to encode the sections of the document. The key box contains a slot for each level of access. The set of keys that a user at a given level requires is placed in a corresponding slot. Each slot is encoded using the access level public key giving the user access to the keys in the appropriate slot when decrypted using the user's private key. An additional feature provides an outer layer of encryption using a public key for a requesting organization. Once the requesting organization opens the document using its private key, anyone in the receiving organization can apply their access level private key (s) to the key box, which in turn applies the keys in the corresponding slot to the document. This allows each user to view/modify the parts of the document to which they have access rights. The invention will be described in connection with certain preferred embodiments, with reference to the following illustrative figures so that it may be more fully understood. The description of this invention uses the definition of public key to correspond to the public portion of the public/private key pair that is used in the art to realize asymmetric algorithms. The description of this invention uses the definition of private key to correspond to the private portion of the public/private key pair that is used in the art to realize asymmetric algorithms. The description of this invention uses the definition of symmetric key to refer to the a single key that is used in the art to realize symmetric algorithms. With reference to the figures, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of the preferred embodiments of the present invention only, and are presented in the cause of providing what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the invention. In this regard, no attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention, the description taken with the drawings making apparent to those skilled in the art how the several forms of the invention may be embodied in practice. BRIEF DESCRIPTION OF THE DRAWING Fig. 1 is an illustration of a computer environment in which the invention may be used. Fig. 2A is an illustration of a document indicating separate sections and the encryption processes to be applied to each section according to first embodiment of the invention in which public keys are used for encryption. Fig. 2B is an illustration of a document indicating separate sections and the encryption processes to be applied to each section according to second embodiment of the invention in which public keys are used for encryption. Fig. 3 is an illustration of a document indicating separate sections and the encryption processes to be applied to each section according to third embodiment of the invention in which document-specific keys are used. Fig. 4 is an illustration of a key box document used with the embodiment of Fig. 3. Fig. 5 is an illustration of a process for encrypting a document according to an embodiment compatible with any of the foregoing embodiments. Fig. 6 is an illustration of a process for encrypting a document according to an embodiment compatible with any of the foregoing embodiments. Fig. 7 is an alternative way of packaging the key box in a transmission by including it within a single document. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to Fig. 1, the invention may be used in the environment of electronic document transfer. An example of such an environment is a sending computer 110 and a receiving computer 120 connected by a network 100 or simply by physical transfer of a nonvolatile data store 90 such as a floppy disk. Referring to Fig. 2A, a document 95 contains various sections 130,135,140, and 145. Each section is divided according to how the information contained in the section is desired to be made available to a particular person (organization or other entity) or class of persons. The document 95 is intended to be transferred by the sender 110 to the receiver 120, the receiver including each of the persons or classes of persons. The sections labeled 130 and 145 are encrypted with a public key LI corresponding to the first user or class of users. The section labeled 135 is encrypted with a second public key L2 corresponding to the second user or class of users. By virtue of being embedded in the section 135, section 145 is also encrypted with the L2 public key. Referring to Fig. 2B, the various sections may be encrypted with only one key or all keys from the access level to which they correspond down to the lowest level of access. Thus, in this example, document section 145 is encrypted with both the LI and L2 keys, but so is document section 130. Alternatively, each section may be encrypted with only a single key, so that a level 1 section appearing in a level 2 section is simply treated as a completely separate section with the level 2 section being broken into separate subsections for L2 encryption. The encryption methods described above permit multilevel access to a document based on the public keys of the intended audience. It is possible to limit access based on the user as well as the particular document as shown in the next embodiment. Referring now to Figs. 3 and 4, the document sections are encrypted with respective document keys, a respective one for each access level defined within the scope of the document. The document keys may be symmetric keys. The latter are not shared outside of the context of use of the document and the user need never directly know what the symmetric keys are. These document keys are then made available to the recipients by encrypting them into a separate document (which could be part of the original document as in a file header as illustrated in Fig. 7) called a key box. The key box has a slot corresponding to each access level defined within the scope of the organization that is requesting such document. A first slot 1 210 contains document keys for access levels 1 and 2 giving the user access to both levels. A second slot 1 215 contains document keys for access level 2. Each slot is encrypted using the public key of the organization that corresponds to the access level of the slot. The entire key box file and the document may be encrypted using the public key of the user to ensure confidentiality of the transmission of the document and the key box. Additionally, the key box and the document may be signed by the sender 110 to ensure integrity of the transmission and authenticity of the document. The preceding embodiment contemplates an agreement between the sender of the document who prepares the encryption and the organization receiving the document. This agreement would map access levels used in encrypting the document to the access levels in place at the receiver. For a given document, a given organization level may map to a single document access level. Alternatively, a given organization level may map to multiple document access level. Preferably, to assure data integrity and non-repudiation, the document source may sign the document hash with a private key. The requestor receiving the document together with the signature can then vouch for the validity of the source. Other mechanisms for authenticating the document's contents may also be used. When a person with access level N opens the document, he/she presents his/her organization access level private key, which corresponds to the asymmetric key pair, to a decryption process that uses the key to access the appropriate slot in the key box. The symmetric keys may be used by the process to access the appropriate levels of the document transparently to the user. The user never"handles"the symmetric document keys and simply accesses the portions of the document the user has permission to access. Referring now to Fig. 5, the detailed steps for creating, sending, receiving, and using a document begin with the receipt of a request S 10 for the document and the appropriate information such as the public keys of the users, a map of users to access levels, etc. Next, a key is created for each access level required S20. The document is then encrypted starting with the highest (most privileged) access level and going down S30. This may result in the layered encryption of either of Figs. 2A and 2B or the alternative process where each level is only encrypted once. The keys are formed into a key box document and each set separately encrypted using the public keys of the access levels S45. Then the document and key box are bundled and optionally encrypted using the public key of the receiver S55. When the receiver receives the file containing the encrypted document and the key box, the package is unbundled and optionally decrypted S60. The document and key box are then made available to the users S70. When a user accesses the document, the user provides his/her organization access level private key to a decryption process on a receiving computer (e. g. 120) which uses the key to decrypt the appropriate slot of the key box S75. The process then applies the symmetric keys, obtained from the decrypted slot in the key box, S80 to the document to allow the user to access the document S85. The user never directly accesses the symmetric access level keys or even concerns him/herself with how many keys are involved. Referring to Fig. 6, in an alternative embodiment, the public keys of the receivers are not used to encrypt the document. Rather step S45 is skipped and the key box is simply encrypted using the organization's public key. At the receiving organization, an additional step S90 between S65 and S70 is added wherein the slots of the key box are mapped to the access levels present in the organization and encrypted with the appropriate public keys of the users or group of users. It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims
CLAIMS : 1. A method of securely transmitting a first document, comprising the steps of : -generating first and second level document keys; -encrypting a first section (130) of said first document with said first level document key and encrypting said first and a second section (135) of said first document with said second level document key; -forming a second document (220) or a portion (520) of said document, said second document or said portion containing said first and second level document keys; -transmitting said first document or said first and second documents as appropriate to the choice in said step of forming.
2. A method as in claim 1, wherein said first and second level document keys are symmetric keys.
3. A method as in claim 1, further comprising receiving at least two public keys from a recipient, said step of forming including encrypting said second document such that a corresponding set of said first and second level document keys is made available by decryption using a first of said at least two public keys and such that a corresponding other set of said first and second level document keys is made available by decryption using said second of said at least two public keys.
4. A method as in claim 3, wherein said step of encrypting including encrypting a first of said at least two public keys in a first portion of said second document or first document portion and encrypting a first and second of said at least two public keys in a second portion of second document or first document portion.
5. A method as in claim 3, wherein said first and second level document keys are symmetric keys.
6. A method as in claim 1, wherein said step of transmitting includes encrypting said first document or said first and second documents as appropriate to the choice in said step of forming.
7. A method of encrypting a document, comprising the steps of : -encrypting a first portion of a document using a first key; -encrypting a second portion of said document using a second key; -encrypting a result of said first and second steps of encrypting using a third key, being a public key of a recipient.
8. A method of encrypting a document as in claim 7, wherein said first key is a first public key of said recipient and said second key is a second public key of said recipient.
9. A method of encrypting a document as in claim 7, wherein said first key is a first symmetric key and said second key is a second symmetric key, and the method includes the step of encrypting said first symmetric key with a public key.
10. A method as in claim 9, wherein said second portion includes a part of said first portion, said part having been encrypted with said first symmetric key.
11. A method of encrypting a document as in claim 9, comprising the step of encrypting said second symmetric key with a second public key.
12. A method of securely providing access to first and second readers of a document, comprising the steps of: -transmitting to a sender of a document, public keys corresponding to readers of said document, said public keys being used to encrypt said document; -receiving encrypted data from said sender; decrypting a portion of said encrypted data using a private key corresponding to one of said public keys; -a result of said first step decrypting being the accessing of a portion of said data corresponding to said one of said public keys; -decrypting a portion of said encrypted data using a private key corresponding to another of said public keys; -result of said second step decrypting being the accessing of a portion of said data corresponding to said other of said public keys.
13. A method as in claim 12, wherein said first and second steps of decrypting each include decrypting a portion of said data to unlock a respective set of encryption keys.
14. A method as in claim 12, wherein said first and second steps of decrypting further include using said respective set of encryption keys to unlock at least a portion of said encrypted data to provide access to only a portion of said document.
15. A method as in claim 12, wherein said first and second steps of decrypting further include using said respective set of encryption keys to unlock at least a portion of said encrypted data to provide access to said document.
16. A data file (95+220), comprising: an encryption protected document (95,595) containing a key portion (520) and an encrypted document portion (585); -said key portion being at least partly decryptable with a first public key to provide access to a first symmetric key ; -said key portion being at least partly decryptable with a second public key to provide access to a second symmetric key; -a first portion (210) of said encrypted document portion being decryptable with said first symmetric key and a second portion (215) of said encrypted document portion being decryptable with said second symmetric key.
17. A data file containing: -an encrypted document (95) and at least two encryption keys; -said encryption keys being encrypted such as to be accessible using at least two public keys and such that a first portion (130) of said encrypted document is accessible by decrypting with a first subset of said encryption keys, said first subset being decryptable using a first of said at least two public keys, and such that a second portion of said encrypted document is accessible by decrypting with a second subset of said encryption keys, said second subset being decryptable using a second of said at least two public keys.
18. A data set stored on a data storage medium, comprising: -a document encrypted in portions using respective keys to encrypt said portions; -a first portion of said document being encrypted with a first of said respective keys ; -a second portion of said document being encrypted with a second of said respective key; -said first and second respective keys being encrypted in a file such as to permit decryption of said first key by a first private key and to permit decryption of said second key by a second private key.
19. A data set stored on a data storage medium, comprising: -document encrypted in portions using respective keys to encrypt said portions; -a first portion of said document being encrypted with first and second of said respective keys; -a second portion of said document being encrypted with said first respective key; -said first and second respective keys being encrypted in a file such as to permit decryption of said first and second keys by a first private key and to permit decryption of said first key by a second private key.
20. A document decrypting program stored on a data storage medium, comprising: -code defining a process capable of selectively decrypting a portion of a data set using a respective key, said portion yielding a respective set of further keys upon decryption; -code defining a further process capable of retrieving from said data set portions of a document corresponding to said respective set of further keys to provide access to only portions of said document corresponding to respective key.
21. A stored program as in claim 20, wherein said respective key is a public key.
22. A stored program as in claim 20, wherein each of said set of further keys is unique to said document.
23. A stored program as in claim 20, wherein each of said set of further keys is a symmetric key.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US60633900A | 2000-06-29 | 2000-06-29 | |
US606339 | 2000-06-29 | ||
PCT/EP2001/007090 WO2002001271A1 (en) | 2000-06-29 | 2001-06-22 | Multiple encryption of a single document providing multiple level access privileges |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1374009A2 true EP1374009A2 (en) | 2004-01-02 |
Family
ID=24427575
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP01945301A Withdrawn EP1374009A2 (en) | 2000-06-29 | 2001-06-22 | Multiple encryption of a single document providing multiple level access privileges |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1374009A2 (en) |
JP (1) | JP2004502379A (en) |
KR (1) | KR20020041809A (en) |
CN (1) | CN1471661A (en) |
WO (1) | WO2002001271A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1786196A3 (en) * | 2005-11-10 | 2008-06-25 | Canon Kabushiki Kaisha | Image processing apparatus, image managing method, document managing apparatus, and document managing method |
US9843440B2 (en) | 2014-10-20 | 2017-12-12 | Samsung Electronics Co., Ltd. | Encryptor/decryptor, electronic device including encryptor/decryptor, and method of operating encryptor/decryptor |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9684676B1 (en) | 2002-03-29 | 2017-06-20 | Google Inc. | Method for searching media |
USRE45952E1 (en) | 2002-03-29 | 2016-03-29 | Google Inc. | Method for searching media |
US9256753B2 (en) | 2003-06-11 | 2016-02-09 | Microsoft Technology Licensing, Llc | Method and apparatus for protecting regions of an electronic document |
US7346769B2 (en) | 2003-10-23 | 2008-03-18 | International Business Machines Corporation | Method for selective encryption within documents |
US7092510B2 (en) | 2004-01-12 | 2006-08-15 | International Business Machines Corporation | Method and system for telephone wait user interface selection |
US7484107B2 (en) * | 2004-04-15 | 2009-01-27 | International Business Machines Corporation | Method for selective encryption within documents |
US7870386B2 (en) | 2004-04-29 | 2011-01-11 | International Business Machines Corporation | Method for permanent decryption of selected sections of an encrypted document |
US7958369B2 (en) | 2004-10-22 | 2011-06-07 | Hewlett-Packard Development Company, L.P. | Systems and methods for multiple level control of access of privileges to protected media content |
US7533420B2 (en) * | 2004-12-09 | 2009-05-12 | Microsoft Corporation | System and method for restricting user access to a network document |
US20070033149A1 (en) * | 2005-07-20 | 2007-02-08 | Kanngard Lars O | Secure transaction string |
CN1925388A (en) * | 2005-08-31 | 2007-03-07 | 西门子(中国)有限公司 | Resource encrypting and deencrypting method and system |
US8868930B2 (en) | 2006-05-31 | 2014-10-21 | International Business Machines Corporation | Systems and methods for transformation of logical data objects for storage |
US9176975B2 (en) | 2006-05-31 | 2015-11-03 | International Business Machines Corporation | Method and system for transformation of logical data objects for storage |
US7940926B2 (en) | 2006-06-08 | 2011-05-10 | Novell, Inc. | Cooperative encoding of data by pluralities of parties |
FR2903509A1 (en) * | 2006-07-06 | 2008-01-11 | France Telecom | ELECTRONIC MODULE FOR STORING DATA |
US8887297B2 (en) | 2007-07-13 | 2014-11-11 | Microsoft Corporation | Creating and validating cryptographically secured documents |
US9020913B2 (en) * | 2007-10-25 | 2015-04-28 | International Business Machines Corporation | Real-time interactive authorization for enterprise search |
JP5277660B2 (en) * | 2008-02-21 | 2013-08-28 | 富士通株式会社 | Image encryption device, image decryption device, image encryption method, image decryption method, and image encryption program |
JP2010157013A (en) * | 2008-12-26 | 2010-07-15 | Ricoh Co Ltd | Security setting device, security setting processing method, security release processing method, document sharing system, program, and recording medium |
GB2467580B (en) * | 2009-02-06 | 2013-06-12 | Thales Holdings Uk Plc | System and method for multilevel secure object management |
GB2472491B (en) * | 2009-02-06 | 2013-09-18 | Thales Holdings Uk Plc | System and method for multilevel secure object management |
EP2619677A4 (en) | 2010-09-21 | 2015-05-13 | Hewlett Packard Development Co | Application of differential policies to at least one digital document |
GB2494498A (en) * | 2011-08-04 | 2013-03-13 | Ibm | Handling defined areas within an electronic document to preserve integrity and context |
US8935265B2 (en) * | 2011-08-30 | 2015-01-13 | Abbyy Development Llc | Document journaling |
US9081953B2 (en) | 2012-07-17 | 2015-07-14 | Oracle International Corporation | Defense against search engine tracking |
US9305172B2 (en) | 2013-03-15 | 2016-04-05 | Mcafee, Inc. | Multi-ring encryption approach to securing a payload using hardware modules |
EP2863332A1 (en) | 2013-10-15 | 2015-04-22 | One Drop Diagnostics Sàrl | System and method for controlling access to analytical results of a diagnostic test assay |
WO2016109588A1 (en) * | 2014-12-29 | 2016-07-07 | F16Apps, Inc. | Tiered access control |
US10387577B2 (en) | 2015-03-03 | 2019-08-20 | WonderHealth, LLC | Secure data translation using machine-readable identifiers |
CN112287389A (en) | 2015-03-03 | 2021-01-29 | 旺德海尔斯有限责任公司 | Access control of encrypted data in machine-readable identifiers |
US10380379B2 (en) | 2015-03-03 | 2019-08-13 | WonderHealth, LLC | Selectively encrypting and displaying machine-readable identifiers in a device lock screen |
GB2552522A (en) * | 2016-07-27 | 2018-01-31 | Scram Software Pty Ltd | Method and system for encrypting files and storing the encrypted files in a storage file system |
US10068099B1 (en) * | 2018-01-19 | 2018-09-04 | Griffin Group Global, LLC | System and method for providing a data structure having different-scheme-derived portions |
US10078759B1 (en) * | 2018-01-19 | 2018-09-18 | Griffin Group Global, LLC | System and method for data sharing via a data structure having different-scheme-derived portions |
US11449677B2 (en) | 2018-10-18 | 2022-09-20 | International Business Machines Corporation | Cognitive hierarchical content distribution |
CN111739190B (en) * | 2020-05-27 | 2022-09-20 | 深圳市元征科技股份有限公司 | Vehicle diagnostic file encryption method, device, equipment and storage medium |
US20230401328A1 (en) * | 2022-06-13 | 2023-12-14 | International Business Machines Corporation | Protecting sensitive data dump information |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5319705A (en) * | 1992-10-21 | 1994-06-07 | International Business Machines Corporation | Method and system for multimedia access control enablement |
US5677953A (en) * | 1993-09-14 | 1997-10-14 | Spyrus, Inc. | System and method for access control for portable data storage media |
US5343527A (en) * | 1993-10-27 | 1994-08-30 | International Business Machines Corporation | Hybrid encryption method and system for protecting reusable software components |
EP0880840A4 (en) * | 1996-01-11 | 2002-10-23 | Mrj Inc | System for controlling access and distribution of digital property |
US5953419A (en) * | 1996-05-06 | 1999-09-14 | Symantec Corporation | Cryptographic file labeling system for supporting secured access by multiple users |
-
2001
- 2001-06-22 KR KR1020027002578A patent/KR20020041809A/en not_active Application Discontinuation
- 2001-06-22 JP JP2002506149A patent/JP2004502379A/en active Pending
- 2001-06-22 EP EP01945301A patent/EP1374009A2/en not_active Withdrawn
- 2001-06-22 CN CNA018025439A patent/CN1471661A/en active Pending
- 2001-06-22 WO PCT/EP2001/007090 patent/WO2002001271A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO0201271A1 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1786196A3 (en) * | 2005-11-10 | 2008-06-25 | Canon Kabushiki Kaisha | Image processing apparatus, image managing method, document managing apparatus, and document managing method |
US9843440B2 (en) | 2014-10-20 | 2017-12-12 | Samsung Electronics Co., Ltd. | Encryptor/decryptor, electronic device including encryptor/decryptor, and method of operating encryptor/decryptor |
Also Published As
Publication number | Publication date |
---|---|
WO2002001271A1 (en) | 2002-01-03 |
JP2004502379A (en) | 2004-01-22 |
WO2002001271A3 (en) | 2003-10-02 |
KR20020041809A (en) | 2002-06-03 |
CN1471661A (en) | 2004-01-28 |
WO2002001271A8 (en) | 2002-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1374009A2 (en) | Multiple encryption of a single document providing multiple level access privileges | |
US11664984B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content | |
US11461434B2 (en) | Method and system for secure distribution of selected content to be protected | |
KR102111141B1 (en) | Medical data service method and system based on block chain technology | |
US6874085B1 (en) | Medical records data security system | |
Benaloh et al. | Patient controlled encryption: ensuring privacy of electronic medical records | |
Narayan et al. | Privacy preserving EHR system using attribute-based infrastructure | |
US9858433B2 (en) | Cryptographic role-based access control | |
US7873168B2 (en) | Secret information management apparatus and secret information management system | |
US8619982B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance specific basis | |
US20070180259A1 (en) | Secure Personal Medical Process | |
US20060288210A1 (en) | System of personal data spaces and a method of governing access to personal data spaces | |
JP2002501250A (en) | Protected database management system for sensitive records | |
KR20060052219A (en) | Contents encryption method, system and method for providing contents through network using the encryption method | |
KR20020067663A (en) | Data distribution system | |
US20100235924A1 (en) | Secure Personal Medical Process | |
JP2007080145A (en) | Data management system, data processing method and data processing program | |
Biget | The vault, an architecture for smartcards to gain infinite memory | |
Petković et al. | Cryptographically enforced personalized role-based access control | |
Awrangjeb et al. | A hierarchical security solution for medical image transmissions | |
JP2002083046A (en) | Method and apparatus for managing medical data | |
Greenshields et al. | Framework for Security Analysis and Access Control in a Distributed Service Medical Imaging Network | |
JP2002157436A (en) | Document distribution method | |
AU2002217630A1 (en) | System of databases of personal data and a method of governing access to databases of personal data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
17P | Request for examination filed |
Effective date: 20040402 |
|
17Q | First examination report despatched |
Effective date: 20050221 |
|
17Q | First examination report despatched |
Effective date: 20050221 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20090106 |