EP3864559A1 - Method for securing a digital document - Google Patents
Method for securing a digital documentInfo
- Publication number
- EP3864559A1 EP3864559A1 EP19794842.5A EP19794842A EP3864559A1 EP 3864559 A1 EP3864559 A1 EP 3864559A1 EP 19794842 A EP19794842 A EP 19794842A EP 3864559 A1 EP3864559 A1 EP 3864559A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- data
- target data
- document
- storage unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 230000003190 augmentative effect Effects 0.000 claims description 7
- 238000012015 optical character recognition Methods 0.000 claims description 4
- 238000009877 rendering Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000001771 impaired effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Definitions
- the present invention relates to methods for securely managing paper documents. It relates particularly to methods of securely accessing documents comprising at least two types of data requiring different security' level managements.
- the invention aims at solving the above mentioned technical problem.
- An object of the present invention is a computer-implemented method for securely accessing a document in paper form containing a set of data by a user.
- the method comprises:
- the subset of said set of data may include a display value that does not belong to the enhanced version.
- the display value may be a random value.
- the subset of said set of data may belong to the enhanced version.
- the subset of said set of data may include a text and/or a non-text.
- the target data may be rendered to the user through augmented reality'.
- Another object of the present invention is a system for securely accessing a document m paper form containing a set of data.
- the system comprises a hardware processor, an accessor engine including instructions that, when executed by the processor, cause said accessor engine to detect, from a current version of the document, the existence of a target data belonging to an enhanced version of the document and missing from the current version of the document, and to generate a link value allocated to the target data by applying a preset function to a subset of said set of data.
- the system is adapted to retrieve a metadata from a secure storage unit by using the link value and, using a message based on said metadata, proposing to a user to get the target data.
- the system is adapted to get both agreement of the user and credentials of the user.
- the system is adapted to generate a request by using the link value for retrieving the target data from the secure storage unit only if the user gave his agreement and to forward the retrieved target data to a output device for rendering to the user only if the secure storage unit successfully checked the compliance of the request with preset access rules.
- the system may be configured to render the target data to the user through augmented reality .
- the current version of the document may comprise a display value and the system may be adapted to display the target data in place of display value.
- the subset of said set of data may include a text and/or a non-text.
- said target data may be a sensitive data.
- the system may include a capturing device able to perform optical character recognition.
- the system may include a security device able to get a biometric data, a password or a user’s secret key pre-stored in the system.
- FIG. 1 shows an example of architecture of a system for securely accessing data belonging to the protected document according to the invention
- FIG. 2 depicts a flow chart for securely accessing a document according to an example of the invention
- FIG. 3 depicts an entry stored in the secure storage unit according to an example of the invention
- - Figure 4 depicts an example of a current version of the document m paper form according to an example of the invention
- - Figure 5 depicts an example of an output device allowing to confirm the request access to sensitive data of the document according to an example of the invention
- FIG. 6 depicts an example of an output device allowing to display the sensitive data of the document according to an example of the invention.
- the invention may apply to any type of document comprising several types of data that need to be managed according to different security policies. It is well- suited for managing structured documents comprising sensitive data. It applies to any printed document (whatever the medium) like a text file or a spreadsheet document, regardless of their format.
- Figure 1 shows an example of architecture of an accessing system 90 for securely accessing data belonging to the protected document according to the invention.
- the accessing system 90 is intended to allow a user 80 to access the full content of a protected document.
- a current version 30 in paper form of the document is assumed to be available for the user.
- the user may be an individual, a software application or a computer machine.
- an initial version (not shown) of the document contains a set of data including at least two type of data.
- the initial version can contain both a non-sensitive data 21 and a sensitive data 22
- An automated system (not shown) can be designed to take as input data both the initial version of the document and a list of data of the second type (e.g. sensitive data) contained in the initial version of the document.
- the list may be built by a so-called automated Data Discover' and Classification Process.
- data of the second type may be financial reports, medical information, personally identifiable information (RP) or confidential data.
- a current version 30 of the document is assumed to have been generated from the initial version 20 by removing all data of the second type and creating as many entries in a secure storage unit 60. Each entry contains a link value allocated to a data of the second type. Each data of the second type is reachable in the secure storage unit through its allocated link value.
- the secure storage unit 60 is deployed in cloud environment.
- the data of the first type (e.g. non-sensitive data) remain present in both the initial version and the current version 30 of the document.
- a display value (noted 33 at Fig. 1 ) may be inserted in place of a removed data in the current version 30 of the document.
- the display value can be text or a non-textual information like an icon or a button.
- the display value may contain a subset of the link value.
- the display value can be a machine readable URL.
- the display value may contain a random value.
- the initial version of the document may also comprise data of more than two types and the link values may have been previously created using different functions (and policy to select the input parameter) according to each type of data.
- the secure storage unit 60 can include a database (or a file system), a set of access rules and a controller engine 65 able to check whether a request trying to access a record stored in the secure storage unit complies with the access rules.
- the controller engine is able to authorize or deny the request according to predefined access rules.
- the controller engine may check user’s credentials like a passphrase, a biometric data, a One-Time password or a cryptographic value computed from a secret key allocated to the user for example.
- the controller engine 65 can be implemented as a software application executed by a hardware processor.
- Each entry stored in the secure storage unit 60 can comprise several fields. As shown at Figure 3, for example, an entry 61 may contain the following elements: a) an Index 11 which has a unique value allowing to identify the entry among the others,
- Metadata 14 that may contain various data like the entry creation/update date, author, country' origin, file name of the updated version of the document, and
- the access rules stored in the secure storage unit 60 can be defined according to the profile of the users. For instance, a user accredited at level 2 is authorized to access all types of data while a user accredited at level 1 can only access data of first type.
- the access rules can be defined according to both the profile of the user and the type of data. For instance, a financial data can be accessed only by Finance employ ees.
- the access rules can be defined so as to take into account the type of user’s device (i.e. System 90). For instance a Personal computer may be assumed to be more secure than a smart phone.
- the access rules can be defined to take into account the user’s location.
- access to a target data type can be restricted to users located in the company office only for instance.
- the access rules can define access rights which are set with an expiration date.
- the secure storage unit 60 can be configured to log any attempt to access data of the second ty pe from the current version of the document. Hence repeated unauthorized attempts may be detected and trigger appropriate security measures. Such log may also be used to monitor and size the secure storage unit 60.
- the accessing system 90 for securely accessing data belonging to the current version 30 of the document can be deployed on a client device. For instance, it may be hosted in a laptop or a smartphone.
- the system 90 comprises a processor and an accessor engine 76 including a first set of instructions that, when executed by the processor, cause the accessor engine to detect, from the current version 30 (paper form) of the document, the existence of a target data belonging to a previous version (e.g. initial version) of the document and missing from the current version 30 of the document.
- the accessor engine 76 detects existence of a target data by using a set of context data which can include a text or a non-text.
- the accessor engine 76 can be adapted to detect the presence of a predefined list of fields in the current version 30 for deducing the existence of a target data belonging to the enhanced version (and also to the previous version) of the document.
- the accessor engine 76 can be configured to detect a field named“secret key " ’,“passport number " ’ or“Amount” and to deduce that a corresponding sensitive data should be retrieved from the secure storage unit.
- the accessor engine 76 can be adapted to detect the presence of a predefined list of patterns (or tokens) which are assumed to be display values inserted in the current version 30.
- a display value can be a text or a non-text.
- the accessor engine 76 can be adapted to detect the presence of a pattern, for illustration in the Figure 4 the pattern is HX40-$DD2.
- the accessor engine 76 can be adapted to detect the existence of a target data belonging to a previous version of the document by applying a predefined function to a part of the current version of the document. For instance by applying a hash function to the first 5 lines (or records or cells) and comparing the result with a list of pre-stored reference hashes.
- another option w ould be using the unique identifier (e.g. title, version and issuing date) of the enclosing document to look up the list of all sensitive data removed from the original, then using information from the meta data stored with each entry in that list to know which fields in the document are replacements. For example, a list of replacements can be retrieved from a specific document and the system 90 can find that the list includes a data located at cell B4 in the document.
- the unique identifier e.g. title, version and issuing date
- the accessor engine 76 includes a second set of instructions that, when executed by the processor, cause said accessor engine to build a link value 35 allocated to the target data 22 by applying a preset function to a subset of the data found in the current version 30. In fact the accessor engine 76 is adapted to re compute the link value which has been previously allocated to the target data.
- the system 90 is configured to retrieve the metadata contained in the entry from a secure storage unit 60 by using the link value. Both the metadata and the link value are allocated to the same target data.
- the system 90 can be also configured to propose to the user 80 to get the target data using a message based on said metadata. For instance, the system 90 can display a message 36 describing the nature of the target data and ask consent of the user to reveal the target data.
- the message can be an audio message.
- the system 90 is configured to get both agreement 37 of the user and credentials of the user.
- the system may comprise an output device 72 that displays the message 36 to the user and an input device 73 (like a keyboard) allowing the user to enter his/her response and credentials.
- both the output device and the input device may be merged m a single hardware device, like a smart phone having a touch screen.
- the system 90 may also comprise another input device (not shown) - also called security device - adapted to capture biometric data of the user 80.
- a user’s secret key can be pre-stored in the system 90 and the system can include a security device able to automatically get the pre stored secret key of the user 80.
- the system 90 is configured to generate a request by using the link value 35 and user’s credentials for retrieving the target data from the secure storage unit 60 only if the user gave his consent.
- the system 90 is also configured to forward the retrieved target data 22 to the output device 72 for rendering to the user only if the secure storage unit 60 sent back the target data. (I.e. if the secure storage unit 60 successfully checked the compliance of the request with its preset access rules.)
- the system can include a camera able to capture the current version 30 of the paper document and to perform optical character recognition (OCR).
- OCR optical character recognition
- the system 90 can include a sensor able to capture tactile writing dedicated to blind or visually impaired people from the current version 30 of the document in paper form.
- the system 90 can render the full enhanced version of the document using augmented reality.
- the output device 72 may display the current version of the document and the retrieved target data superimposed.
- the system 90 can be designed to replace the display value with the retrieved target data for rendering to the user via augmented reality.
- the user 80 can freely read a non-sensitive data 21 (from the current version 30 of the paper document) and get the sensitive data 22 through the output device 72.
- the accessor engine 76, the output device 72 and the input device 73 may be merged in a single hardware device.
- Figure 2 shows a flow chart for securely accessing a protected document according to an example of the invention.
- a current version 30 of the document is assumed to have been generated and printed.
- the current version 30 comprises non-sensitive data only.
- the current version of the paper document is made available to a user 80
- step S10 the existence of a target data (i.e. sensitive data) belonging to an enhanced (e.g. initial or previous) version of the document and missing from the current version 30 of the document is detected.
- This detection operation is carried out on the basis of the current version 30 of the paper document only.
- the list mentioned at Figure 1 can be used to detect the existence of the target data 22
- a subset of the content of the current version is identified in relation with the target data then a link value allocated to the target data is generated by applying a preset function to the identifi ed subset.
- the accessor engine 76 can build the link value 35 by using a combination of unique and unvarying elements of the content, such as printed characters and numbers.
- the accessor engine 76 can build the link value 35 by using that document title and the coordinates (e.g. sheet number, column, and row) of the spreadsheet cell intended to contain the target (sensitive) data.
- the link value may be generated by concatenating a preset string with the built value. Assuming that the preset string is https ://wxyz.com/app/, the generated link value may be https : //wxyz. com/app/QWERTY AZERTY.
- the link value may be generated as a Uniform Resource Locator (URL).
- URL Uniform Resource Locator
- Other examples for identifying the relevant input parameters ) and the preset function can be applied to documents structured by lines. For instance, in a text file, the (non-sensitive) content of all odd lines preceding the line comprising the target data can be taken as input parameter(s) and the preset function can be a Hash function.
- each version of the document can be handled through several paper formats; using different character fonts, colors or layouts for examples.
- data belonging to the document may be expressed using different formats.
- Different context information may be used from each version/format to derive the link.
- the used context information are assumed not to change over time.
- the context information may change from a version to another one (for instance by printing the document with different fonts, size or margins).
- the method of derivation must resolve to the same link value.
- a metadata is retrieved from the secure storage unit 60 by using the computed link value. Then a message based on said metadata is provided to the user to propose to get the target data.
- the message may express the nature or type of target data to be retrieved. It can be a message in audio, textual, or tactile form.
- a smartphone 90 can display information related to the target data (“Passport number” and other data extracted from the retrieved metadata.)
- the system gets both the agreement (to retrieve the target data) of the user and credentials of the user. For instance, the user may be ask to enter a passphrase.
- a request is generated by using the link value and the user’s credentials for retrieving the target data from the secure storage unit only if the user gave his agreement.
- the secure storage unit is intended to grant access to the user after a successful checking of the user’s credentials.
- the user is provided with the target data retrieved from the relevant entry of secure storage unit only if the secure storage unit successfully checked the compliance of the request with preset access rules (e.g. if the user is authorized to access the target data.)
- the target data can be displayed to the user through augmented reality as shown at Figure 6.
- request generation and request sending can be fully automated so that the user does not need to explicitly give his/her consent for retrieving the target data. In other words, the user may have given his/her consent during a previous phase. Thus user’s agreement may be implicit.
- the user may agree to reveal any (sensitive) data in the current document.
- the user may agree to reveal any (sensitive) data in any document scanned for the period of time that the user’s authentication session with the accessor software lasts.
- the user must authenticate each time a request to retrieve a sensitive data is received by the secure storage unit.
- the secure storage unit may authenticate the user only once and authorize further access from this user during a session without new credentials checking.
- a session can be an authenticated context established between the user’s web browser (hosted on the system 90) and the web server which provides access to the sensitive data.
- the session can be materialized as a cookie.
- the invention applies to any types of access like read access and write access.
- a secure storage unit can store data related to several enhanced versions of a plurality of documents.
- the invention allows freely forwarding or distributing a paper document without revealing certain critical information.
- the access control rules can be applied selectively based on who is accessing, on what device, from where as well as the class of the information.
- access to part of the document can be dynamically refined (Access rules can be changed at any time) since Access rules are enforced only when a user attempts to access the protected data.
- the invention allows to centralize credentials management and highly ease the management of secret/encryption keys.
- the secure storage unit can include several databases or file systems.
- the secure storage unit can include a web server which manages the interface between users and the secure storage unit and performs checking operations for authentication and authorization of the user.
Abstract
Description
Claims
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/156,353 US10970408B2 (en) | 2018-10-10 | 2018-10-10 | Method for securing a digital document |
US16/156,349 US11625496B2 (en) | 2018-10-10 | 2018-10-10 | Methods for securing and accessing a digital document |
US16/166,770 US10956590B2 (en) | 2018-10-22 | 2018-10-22 | Methods for securely managing a paper document |
PCT/US2019/055579 WO2020077061A1 (en) | 2018-10-10 | 2019-10-10 | Methods for securely managing a paper document |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3864559A1 true EP3864559A1 (en) | 2021-08-18 |
Family
ID=68345084
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19795397.9A Pending EP3864560A1 (en) | 2018-10-10 | 2019-10-10 | Methods for securing and accessing a digital document |
EP19794842.5A Pending EP3864559A1 (en) | 2018-10-10 | 2019-10-10 | Method for securing a digital document |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19795397.9A Pending EP3864560A1 (en) | 2018-10-10 | 2019-10-10 | Methods for securing and accessing a digital document |
Country Status (2)
Country | Link |
---|---|
EP (2) | EP3864560A1 (en) |
WO (2) | WO2020077048A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113553480A (en) * | 2021-07-28 | 2021-10-26 | 用友汽车信息科技(上海)股份有限公司 | Document auditing method, document auditing device and readable storage medium |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4586913B2 (en) * | 2008-09-19 | 2010-11-24 | 富士ゼロックス株式会社 | Document management system, document use management apparatus, and program |
CN101859360A (en) * | 2009-04-08 | 2010-10-13 | 黄金富 | File security processing method, corresponding software and decryption reading device |
EP2803001A1 (en) * | 2011-10-31 | 2014-11-19 | Forsythe Hamish | Method, process and system to atomically structure varied data and transform into context associated data |
CN102722737B (en) * | 2012-05-13 | 2015-11-25 | 河南大学 | A kind of paper document tamper resistant method |
-
2019
- 2019-10-10 EP EP19795397.9A patent/EP3864560A1/en active Pending
- 2019-10-10 WO PCT/US2019/055551 patent/WO2020077048A1/en unknown
- 2019-10-10 EP EP19794842.5A patent/EP3864559A1/en active Pending
- 2019-10-10 WO PCT/US2019/055579 patent/WO2020077061A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
EP3864560A1 (en) | 2021-08-18 |
WO2020077061A1 (en) | 2020-04-16 |
WO2020077048A1 (en) | 2020-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4625334B2 (en) | Information processing apparatus, information processing method, information processing program, recording medium, and resource management apparatus | |
US8024304B2 (en) | Document classification toolbar | |
JP4676779B2 (en) | Information processing device, resource management device, attribute change permission determination method, attribute change permission determination program, and recording medium | |
US7757162B2 (en) | Document collection manipulation | |
US11947704B2 (en) | Tagging and auditing sensitive information in a database environment | |
JP4606052B2 (en) | Information processing apparatus, operation permission information generation method, operation permission information generation program, and recording medium | |
US11775678B2 (en) | Tagging and auditing sensitive information in a database environment | |
US20070169174A1 (en) | User authentication for computer systems | |
US10855868B1 (en) | Systems, processes, and computer program products for detecting and verifying invisible information in documents | |
TW202201243A (en) | Systems and methods for creating enhanced documents for perfect automated parsing | |
US11157639B2 (en) | Systems, processes, and computer program products for authentication of documents based on invisible information in documents | |
EP3864559A1 (en) | Method for securing a digital document | |
US10956590B2 (en) | Methods for securely managing a paper document | |
JP4764614B2 (en) | Information processing apparatus, operation permission information generation method, operation permission information generation program, and recording medium | |
US10970408B2 (en) | Method for securing a digital document | |
JP2005141483A (en) | Document providing server | |
US11625496B2 (en) | Methods for securing and accessing a digital document | |
EP3699785A1 (en) | Method for managing data of digital documents | |
CA3043983A1 (en) | Tagging and auditing sensitive information in a database environment | |
WO2020074438A1 (en) | Method for managing data of digital documents |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210510 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: THALES DIS CPL USA, INC. |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20230124 |