TW474080B - Secure management of electronic documents in a networked environment - Google Patents

Abstract

A system and methods are provided that permit electronic documents to be securely transferred, stored, and shared. When an electronic document is to be managed by the system, a document key pair, comprising a document public key and a document private key are generated. The document key pair is used to encrypt the document, and a public key associated with a recipient is used to encrypt the document key pair. To share the document with an entire team, a team public key is used to encrypt the document key pair. Each member of the team is provided a copy of a team key pair comprising a team public key and a team private key, encrypted using his public key. The team private key may be used to decrypt the document key pair, which may be used to decrypt the document. The document and all keys are generated, encrypted, and decrypted on a user's computer, so that the document management system has no access to decrypted versions of the document or the keys. The system is illustratively described in the context of an Internet-accessible document management system.

Description

474080 V. Description of the invention (1) Scope of the invention The present invention relates to a device and method for securely transmitting, sharing, and storing electronic files on, for example, an Internet unsafe electronic network. More specifically, the present invention can provide a device and method for securely processing electronic files in a network file management system. BACKGROUND OF THE INVENTION Document management systems are known to allow multiple users to store and retrieve electronic documents on a closed client / server structured network such as a local area network or a secure wide area network. These previously known document management systems, such as DOCSFusion and EDMS 98, are available from PCDOCS, Inc. of Toronto, Canada, and Documentum inc of 'Princeton, California, respectively, at each section of the network Client applications are required to access and process files and provide limited security features. With the recent boom in the Internet, opportunities for joint efforts have accelerated. Through the use of electronic mail facilities, partners around the world can quickly send files for review and revision. However, although the e-mail system helps to transmit smaller files on the Internet, large files are often too large, and are handled by typical messaging systems, and they can cause a network burden. Large files It may also exceed the available storage at the recipient's end, so that the recipient is not required to store a received document. An email system used on an open system such as Internet Crowd Road, usually also cannot handle services that may be actual delivery services. (E.g., courier) security considerations, or allow for a transmission. Therefore, some or all of these difficulties can be accessed through a central Internet -4-This paper standard applies Chinese National Standard (CNS) A4 specifications 2 Criminals ^ —----- Order --------- (Please read the precautions on the back before filling out this page) Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs Consumer Cooperatives 474080 Five Intellectual Property Bureau of the Ministry of Economic Affairs Printed A7 by Employee Consumer Cooperative, Invention Description (2) Processing of another piece of management service, and this file management service allows uploaded files to be misstored, transmitted, cooperated, or other file management Service. This central service also provides limited access and tracking of documents when uploading, viewing, changing, downloading, or other accessing them. In addition, unlike a document, each recipient can receive his or her own documents Duplicate emails, a central document management service that can store a single copy of a lengthy document, when sent to " recipients, a short notice 'allow them to access documents on the service to save storage space and communication bandwidth These services can be accessed on the Internet by using a standard web browser as an interface to access these services. Many services are known to provide some of the above-mentioned advantages associated with an Internet document management service. For example, Smith USA Patent No. 5,79〇, 79〇 describes an Internet electronic document delivery system in which an e-mail message transmitted to a recipient includes a direct reference to an electronic document stored on a server. In the Schachs patent The described system does not provide a complete set of file management services, such as file sharing or storage, and does not provide security services. In this patent One of the disadvantages of the described system is that the transmitting computer must include a special client application that talks to the server. The system described in the Smith patent also lacks the transaction records and instructions required to provide a useful document management system. The IMEtm system provided by Redwood City's Tumbleweed Communications Corporation overcomes some of the system disadvantages described in the Smith patent. For example, the imetm system eliminates the need for specialized client software for basic file transfer operations and allows the use of a previously known website Liu Lanqi, for example, can be obtained from Mi_〇ft, Raymond, Washington. This paper size is applicable _ home standard tear public love) U --- 一 ------- 0 S ------- -Order --------- (Please read the notes on the back before filling this page) -5- 474080 A7 ---------- ^ B7 V. Description of the invention (3) Internet Explorer®, Netscape Navigator 4 Netscape Navigator® acquired by Netscape, Mountain View, California. ≪…, and the system does not provide the capabilities normally associated with a document management system. (Please read the notes on the back before filling out this page) Similar to the above-mentioned Smith patents, and + +, the mother and Wu patent case number 5,790,793 also describes the Internet electronic document transmission s 1 卞 1 System, where an email message includes

A reference to the URL of the article 彳 丰 Τ 祠 ΓΧ > τ A stored in the "Civil Service". The system described in this patent also requires the use of a special corpse application, and it also limits electronic file delivery services. The focus of all these services is almost exclusively on document delivery, not on other document management services such as storage and syndication. In addition, previously known systems have limited document tracking and interpretation capabilities, and limited security. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, although known in the arts using an Internet website browser from a website using, for example, Hypertext Transfer Protocol ("HTTP ") or File Transfer Protocol (" FTp ") Download an electronic file, but there is currently no secure network file management system that uses encryption and digital signatures to allow a file to be modified by a user and uploaded to the system for further use by other Collaborative retrieval and modification, so unauthorized users or document management systems cannot view protected documents. Although currently known systems use a secure transmission method, such as a secure packet layer (SSL) Between the server and a client computer, but after the electronic file transfer, this is not enough to provide the secret or legitimacy of an electronic file. The system that decides on SSL and other secure transmission methods cannot pass through the service provider (that is, execute The server sending the document) to prevent unauthorized access to electronic documents, or to prevent hackers from accessing stored documents Server. This paper size is applicable to China National Standard (CNS) A4 (⑵G x 297). 1 1 ~ —---- 474080

V. Description of the invention (4 (Please read the notes on the back before filling this page) Recently, the electronic mail system has been developed to provide the ability to transmit encrypted emails. This system typically only provides email services, and does not provide storage. One of the centralized servers for messages or messages, or any other document management service. This system is often implemented by combining a known email client with known encryption products and standards, such as 0penpGI ^^ S / MIME.

OpenPGP and S / MIME use public key cryptography and provide encryption, authentication, and acceptance capabilities. ^ Public key cryptography uses a key pair for encryption and decryption. This key pair consists of a dedicated key known only by the owner of the key pair, and a public key accessible by the general public. A message encrypted using a private key can only be decrypted by using a public key, and a message encrypted by using a public key can only be decrypted by using a private key. Therefore, if a message is to be securely transmitted to a particular recipient, the message is encrypted by the recipient's public key, which is known to the public. The message is then sent to the recipient and decrypted by using the recipient's private key. Since only the receiver knows his private key, only the receiver can decrypt the message. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs The public key cryptography method can also be used to provide authentication and acceptance. This is typically accomplished by applying " digital signature " to the message via the sender's dedicated key using a typical digital signature agreement. The sender may use, for example, MD2 or MD5 (by Virginia Switzerland A "message digest" of the RFCs maintained by the Internet Society (ISOC) (described in 'Annotation Requests' 13 19 and 13 21) is applied to the message' so that it will change when any situation of the message changes. Short excerpt. This digest can then be encrypted by using the sender's private key. A receiver can receive messages and encrypted digests, and by using the sender's public key, the paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 474080 A7 —--------- -B7 V. Description of Invention (5) and decrypt the abstract. The receiver can then apply the message digest deduction method to the message on its own, and compare the result with the digest transmitted with the message. If (please read the notes on the back before filling this page), if the two abstracts are combined, the message has not changed, and it is proved that the common key is used to send messages to and from the sender of the abstract. There are many common key deduction methods available, including RSA (covered in US Patent No. 4,405,829), and various deduction methods are based on elliptic curves. Any of these common key deductions can be used under a wide variety of protocols to accomplish a variety of different security-related tasks. It should be noted that public key cryptography (also known as asymmetric cryptography) methods are typically implemented using a combination of public key deduction and secret key cryptography (also known as asymmetric cryptography), where a single secret key Can be used to encrypt and decrypt a message. This "hybrid" deduction method typically works by using a randomly generated secret key to encrypt a message by using a secret key cryptography method and decrypt the secret key by using a common key deduction method. When the message When decrypting, a common key deduction method can be used to decrypt the secret key, and then used to decrypt the message. Since it can be typically faster and easier to use a common key deduction method to encrypt large messages by using a secret key deduction method, so The hybrid deduction method can be beneficial to combine the speed of the secret key deduction method with the flexibility of the common key deduction method. Or decryption means a hybrid deduction method can be used for encryption or decryption, or using a common key deduction method. Similarly, common key cryptography means using a hybrid deduction method, or a π pure "common key deduction method. Although, for example, the above-mentioned hybrid deduction method and the “pure” common key deduction method are currently used interchangeably, a hybrid method ¥ paper size Guan Jiaxian (CNS) A4 specification (210 X 297 mm) 474080 A7 B7 V. Invention Note () Deduction method is typically better, because the hybrid deduction method is faster. (Please read the notes on the back before filling out this page) Public key cryptography products that can be combined with other products and systems (using public key deduction) Method and hybrid deduction method) are provided by Security, Inc., Bedford, Mass., RSA Security has published a series of standards regarding the entire public key cryptography method considered as PKCS. The PKCS standard describes a variety of different security-related technologies, including Digital authentication, encrypted messages, private key information, and the syntax of the authentication request. The PKCS standard is typically referenced by a number, such as PKCS # 5, which provides a password-based encryption standard. Various different PKCS standards have been in 1993. 1 Burton S. Kaliski Jr., revised on January 1, `` An Overview of the PKCS Standards " »RSA Laboratories Technical Note, RSA Secu Rity, Inc. Public-Key Cryptography Standards (PKCS) is a general description. Public key cryptography determines a public key that can be obtained, and the public key is used by one of the encrypted message intended recipients, or a digital signature. Sender. The public key of a person can be almost regarded as his or her "digital identity", which is that anyone who wants to send a private message, or check the source and authenticity of a signed digital document, can use it or her public Key to identify a person. You need to have one of the trusted methods of accessing public keys. One method that has been used to provide this level of trust is to use "digital certification." A trusted source sent by a certification authority to provide public key information. A digital certificate typically includes a public key and other identifying information digitally signed by a certification authority. When a user includes a certificate that includes a public key and identifying information When a request is sent to a certification authority, a digital certification will be generated. Then, the certification machine-9-this paper size applies the Chinese national standard Standard (CNS) A4 (210 X 297 mm) 474080 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (7) You can try to check the information and add its digital signature to the public key and The identification information is then sent back to the person who made the request. Digital certificates can then be sent to those who want to communicate with the certification owner or stored in a database for other people to use. Digital signatures from certification authorities can be used to verify authenticity. A standard syntax for transmitting the accreditation request is provided in PKCS # 10, and a standard format for digital authentication is provided in PKCS # 6 and ITU Recommendation X.509 issued by the International Telecommunication Union at the headquarters in Geneva, Switzerland. For secure electronic mailing and other communications, many email customers use the S / MIME specifications maintained by the S / MIME working group of the Internet Engineering Task Force and are available via the Internet Society of Reston, Virginia (ISOC). S / MIME packet messages can be securely sent to a "digital envelope" to provide encryption and digital signature. The digital signature part of S / MIME works essentially as described above. S / MIME encryption uses a hybrid deduction method as described below. In the first step of encrypting a message by using S / MIME, the sender's system can generate a random "talk key" which is used for a symmetric (or secret key) encryption deduction method, such as DES, Triple-DES , Or RC2 to encrypt the message. A symmetric encryption deduction method can be used because the symmetric encryption deduction method is typically less computationally demanding than the common key encryption deduction method, and is more suitable for the use of long messages. Second, the random talk key is encrypted using the encryption public key of the intended recipient, and the recipient's encryption public key can be obtained from X.509 digital authentication. The session key encryption period can be performed by using a public key encryption deduction method such as RSA. Then, the encrypted message and the encrypted conversation key can be sent to the desired receiver. -10- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) ▼-装 —ϋ 11 n ai · —-XW-mouth, > US · ϋ alaa ϋ_ · 1 ϋ. .Ρ 474080 A7 B7 5. Invention Description (8 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. If To unlock the S / MIME digital encapsulation, the receiver first needs to decrypt the conversation key using his private key. The conversation key can then be used with a symmetric deduction method to decrypt the message. In addition, the message can be transmitted as described above Confirmed using _Digital Signature and one of the sender's common keys, χ · 509 digital authentication. VeriSign lnc, Mountain View, California, has established a certification-level organization to support S / MIME. For fees For example, VedSign can provide digital certificates and S / MIME use, and store digital certificates in a database that can be used to find a public key for a person, provide identification information, such as an email address of a digital certificate, A name Or a serial number. All of these protocols and encryption methods can be managed to ensure the security of messages or other data transmitted over unsecured communication channels. Similar security methods are used to ensure that electronic documents are transmitted through a central Internet Document management service processing can be more complicated and cumbersome. For example, to transfer an S / MIME-encoded message to a new recipient by using this central document management service, you need to download the message from the document management service and use the original The receiver's private key decrypts the message, re-encrypts the entire message by using the new recipient's public key, and uploads the re-encrypted message to the file management service, and instructs the notice to receive the newly received message. Sharing S / MIME messages with multiple users in a group typically requires downloading the message, re-encrypting and uploading it to each of the group members and each new member of the group. If you send too much information to each of the large groups Members, this view on computing time, storage requirements, and communication bandwidth is less economical. File security management of H in Internet access file management system ------------ M (Please read the precautions on the back before filling this page) • n H ϋ tr ---- ------ This paper size is suitable for financial and household food (CNS) A4 specifications (210: 297 mm) 474080 A7 B7 V. Description of invention (9 Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs and Consumer Cooperatives. Requirements, but standards such as S / MIME, digital encapsulation, and the use of protocols can reduce the storage and communication benefits associated with central document management services. Because documents must be repackaged (ie, repackaged) for each recipient or group member Encrypted and signed, or placed in a new " digital envelope, '), so many individual copies of a document need to be uploaded and stored. This makes collaboration and sharing of documents more difficult. 4 In view of the previous description, a system and method for performing one of a variety of different secure electronic file management services is provided, including the transfer, storage, and sharing of electronic files. It is further necessary to provide a document management service and method to allow secure storage, transmission, and sharing of documents without requiring the entire document to be re-encrypted, in order to be forwarded or shared with each member of a group or other group. A document management service and method are also provided to allow electronic documents to be safely transmitted, stored, and shared without the need for a document management service or any unintended recipient to access unencrypted electronic documents. SUMMARY OF THE INVENTION It is an object of the present invention to provide a system and method for performing various secure electronic file management services, including transmitting, storing, and sharing electronic files. · A further object of the present invention is to provide a document management service and method to allow secure storage, transmission, and sharing of documents without the need to re-encrypt the entire document, in order to forward it with each member of a group or other group or It is also an object of the present invention to provide a document management service and method. -12- This paper size is applicable to China National Standard (CNS) A4 specifications (210 X 297). (Please read the precautions on the back before filling in this Page} Γ-pack

m m · __ϋ —ϋ 1: mouth, ϋ— I ϋ m 1 i n I% · A7 B7

Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 474080 It allows the buns to be transported, stored, and shared securely, without the need for documents, or any unintended recipients to access unencrypted electronic files. This month, these and other projects can be achieved by adding additional levels of key management to,, and * technology. In a preferred embodiment of the present invention, in order to use with a file management system, each file can be provided with a file key. The file key pair contains a file common key and a file special key ^.狯 or decrypt documents, not digitally sign or confirm them. However, the file key pair can be added by using a public key of the intended recipient, and the file itself is encrypted by using the file public key. Documents, paired with document keys, encrypted by using the recipient's public key, and optionally digitally signed by using the sponsor's private key, are uploaded to the document management service, which can notify prospective recipients about the available documents. In a preferred embodiment, the generation of key pairs, secrets, and decryption are all provided from a computer separate from the system, so the file management service has never been able to access an unencrypted version of the file. To view a file, the recipient first downloads the file and file key pair from the file management service, and decrypts the file key pair using his special key.蚨 后 ’The recipient decrypts the file using the file-specific key. To forward a file to a new recipient ’, just download and decrypt the file key pair, use the new recipient ’s key to re-encrypt the file, and upload the re-encrypted file key pair. It does not require downloading, decrypting, re-encrypting, and uploading the entire file for conversion. For larger file contents, this is a fairly obvious storage for time, storage space, and communication bandwidth. According to the original of the present invention, an additional level of key management can be added to allow -13- this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm)

*. Packing -------- Order --- (Please read the notes on the back before filling this page)%, 474080 A7 B7 V. Invention Description (11 (Please read the notes on the back before filling in this Page): *,], and all members are shared without having to each group member: again: re-add. When a new member joins a group, members can :: ,, and key pairs of fields U This 'contains-the group's public key and-the group's private,' which is encrypted by using the member's public key. The document key pair of documents shared by the group can be encrypted by using the group's public key. Each member of the group can pass Its private key accesses the file to decrypt the group key pair, decrypts the file key pair by using the group's private key, and decrypts the file by using another private key. Each of the file and file key pair need only be encrypted once, by It is shared by all members of the group. The steps of generating a file (or group) key, encrypting a file, encrypting a file (or group) key pair, decrypting those key pairs, and decrypting the file are ideally performed on a user's computer, and Not accessing documents with central internet The system management system related to the management service is implemented. Because of &, the file management service that stores encrypted file management key pair 2 encrypted files has never been able to access the unencrypted version of the key pair or the file, and cannot compromise the storage of the transmission Or document security shared through the use of document management services. A brief description of the above-mentioned and other objects and advantages of the present invention will be available from the following detailed description printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economics and the accompanying drawings. To better understand, wherein the same parts in the drawings are represented by the same numerals, and: Figures 1 A and 1 B are block diagrams of a file management service (DMS) system structure described in the system and method of the present invention; Figure 2 It is a flow chart of a method for safely processing a document according to the principles of the present invention; 14- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 474080 A7 B7 V. Description of the invention (12 Ministry of Economy Printed by Intellectual Property Bureau employee consumer cooperative Figure 3 is a flowchart of a method for securely transmitting an electronic file according to the principles of the present invention; Figures 4 A and 4 B According to the principles of the present invention, the additional levels of encryption and key management are shown; Figure 5 is a flowchart of a method for adding a new member to a group according to the principles of the present invention; and Figure 6 is shown according to the principles of the present invention. Digital authentication structure storing a common key. Detailed Description of the Invention The present invention is directed to a device and method for securely managing electronic files on the Internet. Specifically, the present invention can be used in a network environment by using a central file management service. Provide methods for secure transmission and sharing of documents. This method has been described in this article on a program-controlled Internet access server. Μ provides multiple document management services, including document storage and retrieval, collaborative document sharing, and electronics. File delivery and distribution. According to the principles of the present invention, these services can be safely executed 'without requiring the user to trust services with valuable information ^ ::': such as keys or messages' and without downloading large files, and transporting, sharing, forwarding , Or re-encrypt on distribution. The document management system can use a common database procedure to make sense ^ & Taxi heart, 丄 + grab only one 洋 foreign tooth, system or data treasure house support board every two serving spears, and security features, the common database厍 The interface that allows multiple services is through the use of a known website Liu Xian: / :: and in addition to downloadable applets or other "action two" access to 'Hua Ke: Application' which can be implemented in this article by Liu Lan. Bu :::: The operating system shared by Shunyun and Beixun, such as the operating system and ㈣ 2 women's full biography 70 < other Internet Minglebao system ------------------ (Please read the notes on the back before filling out this page) Order --------- X 297 mm) 15- 474080 A7

The method of the invention can also be used to advantage. Note that as used herein, an electronic file contains any collection of electronic data that can be stored, transmitted, used, or otherwise processed. Typically, — an electronic file will contain an archive or collection of archives. ^ Please refer to the diagram of the system structure, suitable for the implementation of the system and method of the present invention in the network file management service. The exemplary structure of the system and method described in this article is described in Figures ^ and ⑺. An open network of the Internet 15 is coupled to a document management service (,, DMS ") system i 7. The DMS system 17 includes a server computer 20, which in turn contains or is coupled to] 〇] ^ 8 Database 25 , Storage 30, notification server 35, and public key infrastructure server 40. Personal computers 10 and 11 are connected via a dial-up connection using a wireless connection, a dedicated line, or a public standard telephone network (" PSTN "). It can be connected to an open network such as the Internet ^ 15. Although the Internet 15 is like a single entity, it can of course be understood that the Internet 15 includes countless computer networks connected by bridging, routing, and the like, and it is constantly developing. As defined here, "Internet," the term is not only the current form of the Internet, but also includes changes, additions, and specific implementations of the Internet. The personal computers i 0 and ii are connected to the Internet 15 through an Internet Service Provider (" ISP "), and include web browsers, such as the aforementioned Internet Explorer® or Netscape Navigator⑧, which can be used with DMS System 17 talks. The personal computer can be a stand-alone computer or connected to the Internet through a local area network (not shown). The personal computers 10 and 11 can be IBM compatible personal computers (or any of their 16 -This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page)-丨 Binding ---------. Intellectual Property of the Ministry of Economic Affairs 474080 A7 B7 printed by the Bureau ’s Consumer Cooperatives V. Description of the Invention (Other Types of Computers), 4 括 田 μ #,, 4 Other types of devices that are known to be connected to the Internet, including TV tops & People ', spoken clothes, handheld devices, personal digital assistants (PDAS), cell phones, or other wireless devices. The server computer 20__ is connected to and communicates with the Internet 15 asynchronously, And ^ includes digital recognition of special fields To allow full communication between client computers and feeders. The server computer 200 is ideally planned for a network servo state, such as implementing a hypertext transfer protocol (,, Ηττρπ), Provides various file management services (,, DMS ,,) system software, including file storage and retrieval, collaborative file sharing, and electronic file delivery and distribution. Server 20 can also plan to process this file. Invented file security method, and can be downloaded to personal computer 10 * n applets, or other " action codes " that can be executed on personal computers 10 and 11 to allow personal computers i 0 and i to process the present invention In a preferred embodiment, the DMS software can be implemented through a gateway interface (CGI), Java Servlets, or Enterprise Java

Beans (EJB) services and run on a web server. This allows the DMS system 17 to talk to the user via a web browser without the need for special client software. By using CGI, a user can enter information into the form displayed by a web browser. The information can be transmitted to the feeder computer 20 by using HTTP, and the routine can be executed on the server computer 20 through CG] [. The use of servlets (i.e. routines, written in the Java programming language and executable on a web server) or EJB services also allows users to talk to the DMS system 17 through a web browser. Although the present invention has been described herein as a web browser running on a personal computer accessing a DMS system, other devices and software may be used. In general (please read the note on the back before filling out this page). 丨 Binding --------- · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs -17- 474080

Description of the Invention (Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, any software capable of communicating and displaying web pages on DMS systems can be used to access the DMS system. In addition, as used herein, the term "web browser" includes rules Known browser software and, for example, Java app, can be downloaded from the DMS system and temporarily executed within the context of the web browser. This can be a relational or object database database 25 Storage: related to documents controlled by the server computer 20 and data stored in the storage body 30 (hereinafter, referred to as 'post data'), such as notes, instructions, characteristics, etc .; user and account information; transaction data ; Notification information; and authorization information. The database ^ can be implemented on the server computer 20 or a separate computer connected to the server computer 200. The storage body 30 is connected to the feeder computer 20 and stores electronic documents (Or "file"). The storage body 30 may provide a storage mechanism for storing electronic documents, and includes-or multiple hard disks, optical drives, raid_, and further includes -Or multiple storages,% to support different types of storage media. Storage 30 also contains remote storage, whose towel files are stored in a remote DMS feeder. If multiple storages are used, the dms system} 7 can include One place, deductive method, to decide where to store the stored documents, so as to equitably allocate the storage of the documents among all = bonesavers. The storage body 30 ideally contains an associative database of electronic documents and related documents. Information can be stored in a relational database or a case system. If the storage 30 contains a relational database, the unique key of the document will be generated and keyed, as it is suitable for smaller files (for example, < 】 KB) storage. If the dependent body 30 contains-a relational database, then in the relational database (please read the precautions on the back before filling this page) binding-

ϋ 1 n n I -18-

Dimensions of this paper 关 tose 绪 ^^ S) A4 size (2 redundant x 297 mm) 474080 A7

Doulu includes-, storage type, a storage path (ie, a location description) name, maximum size, and a state. When the storage body 30 contains more than the storage body, the state of each storage body can be set to "active", or, non-active ", and the file cannot be stored in one, non-active, f storage. If the storage body 0 contains file system storage, the file system can assign a unique name to each file, and the file can be stored directly on the hard disk, optical drive, etc. as if it is suitable for larger files. The notification server 35 includes software executed on the server computer 20 or on one or more separate computers connected to the server computer 20, such as assigning notifications to the DMS system via voice messages, emails, pagers, etc. 17 users, regarding the status of documents stored in the DMS system. A common key infrastructure server 4 (PKK), which also contains software running on the server computer 20, or one or more separate computers connected to the server computer 20, can handle digital authentication of DMS system users. The ρκι server 4 〇 can send the certificate to the user, track the certificate, and import, or obtain the certificate from it Έ: certification authority certification. Therefore, the digital certificate used in the DMS system 17 can be sent directly from a source other than the DMS system 17 or the DMS system i 7. To obtain certification from other sources, the DMS system 17 can communicate with other certification authorities or decide on a user to provide access to a copy of his or her digital certification. Digital authentication can be used by users to digitally sign documents for non-denial purposes, and can be used to securely transfer documents between users of dMS systems, or to share documents among a group of members. Figure 1 A's DMS system 17 has a single server computer 2 〇, but also contains -19-This paper size applies to China National Standard (CNS) A4 specifications (210 X 297 public love) (Please read the precautions on the back before (Fill in this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed 474080 V. Description of the invention (17) The multi-committee used in Nanyang will serve you. 2 m 1 π J 少 里 U 服 斋 私 驷. As shown in Figure IB, when a server computer is used, the load balancing device 45 can be used to balance = (Please read the precautions on the back before filling this page) The route between the server computer 20A and the server. The load balancing device ^ contains software running on the feeder computers 20A and 20B. Alternatively, load balancing may be included to include software running on a separate computer (not shown in the figure), and then connected to server computers 20A and 20B. Security text search In any network environment, it is important to post security issues. These issues are particularly important for a network environment where important confidential business documents can be transmitted, stored, and shared over a wide area network such as the Internet. There is no single 5 body that controls all communication links that send important documents. In addition, many businesses are hesitant to trust the secret files of an Internet file management service, such as DMS System 17, which they cannot control and transfer files over unsecured communication channels. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. The secure transmission of documents and other information over unsecured communication channels has been published in the past through the use of encryption technology. For example, Secure Socket Layer (SSL) provides a standard way to secure communication channels. For a file management system, however, it is not sufficient to secure the communication channel. Documents managed by the document management system must be securely "wrapped" so they cannot be viewed by illegal personnel on either end of the communication channel. In accordance with the principles of the present invention, the secure packaging or digital encapsulation technology that has been used for secure e-mail of electronic documents and other secure transmissions can be modified, and is suitable for use in other Internet document management services such as DMS 17 View. By using the method of the present invention, the document can be used in the Internet. -20- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 474080 A7 B7 V. Description of the invention (18 Intellectual Property of the Ministry of Economic Affairs Bureau employees consume cooperatives to send, share, and store securely on printed parts management services, without allowing unintended entities, including document management service providers, to view documents. In addition, the method of the present invention avoids the need to take tedious steps, For example, the —secure packaging ^ is downloaded from the file management service. When a file is transmitted or shared, it is spooned (ie, the file is decrypted), and it is re-encrypted for a new recipient or group member. ) 'Repackage' and give the repackaged file to the file management service. In the preferred embodiment of the present invention, this is achieved in accordance with established encryption standards and basic structures such as s / MIME and x.509. The method of the present invention includes a multi-tasking method that should be executed on a user's computer, such as a map? Personal computers 10 and n. In a second preferred embodiment, this can be achieved by taking an action code (such as an applet) from the DMS system and the JL to execute the action code on the user's computer. ^ The ActionScript for the user's computer contains java applets, or any other,. ° encoding that can be executed or interpreted by the user's computer. Mobile code ㈣ stand-alone is used in a web browser on the user's computer, or any other application that can be executed on the computer, to run on this document. Ideally, when the user registers with the DMS system 17, the mobile code can be transmitted to the user's computer, and if necessary, the computer of the DMS system user's computer can be used, and the sign can be two digits, so the user can ensure the mobile code Indeed, the method of the present invention utilizes many existing encryption techniques: with S / MIME and digital authentication as described above. According to this issue, two = users of network file management services can send people-digital authentication or petitions "Send them to the system-digital authentication. Dedicated keys are not based on the security principles of the application package 21-

(Please read the precautions on the back before filling this page.) ---- Order ---- Φ 474080 A7 Printed by the Consumer Cooperatives of Intellectual Property Bureau of the Ministry of Economic Affairs 5. The invention description (19) is provided to the system. However, part of the system of the present invention that can be executed on a user's computer can provide information where a user-specific key (e.g., from a file, from a smart card, etc.) is obtained. That is, reference is made to FIG. 2 which describes an overview of the method of the present invention. At step ιοι, a user prepares a file to be managed (ie, stored, shared, transmitted, etc.) through the DMS system 17. This step is ideally performed on the user's computer by using application software for user documentation. In step 102, the user may generate a file key pair, including a file common key and a file special key. The file key pair will be used by a common key deduction or a hybrid deduction to encrypt the file. Specifically, the file key pair will be a special " recipient " of the file on the file management system. The file key pair is not used to digitally sign or confirm the document. The other key pair is through the common key used by the system Encrypted deductive method is generated by a deductive quasi-key generation deductive method. The length of the key to be generated is determined at the desired strength. For files with small files or security needs, a relatively short key (such as a A 40-bit key) is sufficient to provide privacy, or to meet the appropriate output restrictions of encryption. For 値 to decide on their secret valuable documents. A longer key should be used. Generally, the key should be as long as necessary to protect it The file time is an appropriate degree. In a preferred embodiment, the file key pair is generated by an action code and transmitted to the user's computer through the DMS system 17 and executed on the user ’s knowledge, so DMS The system i 7 cannot access the file key pair. It should also be Jiang Yi = When a file key pair is established, the initiator of Magic Bull can save an encrypted file key pair for him-a copy. The initiator of the file key pair is a vice This ideal French 値 with its note (please read the notes on the back before filling this page)

P 'Paper size National collection of cns) A4 size ^ X 297 mm) -22- 474080 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 ------------ _B7 V. Description of invention (20) Yes Wrap it to the sponsor and upload it to the file management system, as described below, but may be stored locally on the sponsor's computer. At step 103, the public key of the document is packaged into a digital certificate, which can be digitally signed by the originator of the document. The digitally authenticated structure ideally conforms to the χ509 standard and will be described in more detail below. In a preferred embodiment, this step can be performed by a mobile code on the user's computer. It is not a good idea to wrap the file public key into an authentication, but it is better because it puts the file public key in a standard format. This standard format can be validated by a variety of existing software that can properly handle public key packaging for documents as certified. 1 ^ In step 104, the document-specific keys are packaged in a format that conforms to the PKCS # 8 standard of the syntax of the dedicated key information. The private key may be encrypted by using the private key of the key initiator, encrypted by using a password or other symmetric encryption, or encoded by using any standard encoding to protect the file private key. This step is ideally implemented by a mobile code running on the user's computer, so DMS system 17 cannot access the file-specific keys. When using a file common key, it is better to wrap the file special key in a standard format such as PKCS # 8, but it is not necessary. The authentication containing the public key of the file, and the packaging containing the private key of the file are then packaged together in an encrypted key block in step 105. Ideally, the encryption key block is S / MIME, which is encoded to each recipient of the file by using the recipient's public key. Alternatively, other encoding or encryption methods can be used to encode the encryption key block. Ideally, the encoding method used to encrypt the encryption key block also adds a digital signature to the encrypted block. This encoding is ideally performed by a mobile code on the user's computer. -23 · The size of this paper is applicable to the Chinese National Standard (CNS) A4 specification (21 × 297 mm) (Please read the precautions on the back before filling this page}.

• ^ 1 n n · ϋ one -0, n ϋ n n em— n I%-474080

Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs •• Recipients ’can be changed according to the document management services to be performed. For a delivery, the "recipient," will be the person who will deliver the file. For a file that is stored for later retrieval, the "file, recipient" will be the same as the originator of the file. To share with a group, the recipient is a member of the group, or a special group public key can be accessed by all members of the group. The recipient's public key is typically obtained by requesting each of these recipients from a certification authority, or by an authentication from the DMS system 17 through the PKI server 40. If no authentication is found for a recipient, the user has several options. For security-critical documents, users cannot send documents to recipients unless a trusted certificate can be found. As another option, the user can request the system to send to the intended recipients that a message was not found to obtain an authentication. A third option is to use a symmetric encryption method based on a known password between the user and the intended recipient to rule, file, and transfer it to the intended recipient. In another option, the user can optionally use a public key pair to transfer the document to the recipient. This temporary previous public key pair, including a temporary previous authentication, can be encrypted by using a pre-configured symmetric key and can be transmitted to the intended recipient. Finally, if security is not required, the sender optionally signs the document digitally and transmits it without encryption. At step 106, the authentication generated from the public key of the file at step 103 is used for S / MIME encoding (i.e., encryption and / or digital signature) of the file. s / mime encoding, or "wrapped π file contains file encryption and digital signature, file encryption digitally signs the file, or (if security or certification is required) the file is not encrypted ^ not signed + note μ 'When the file is digitally signed, the user Special keys are available (please read the precautions on the back before filling out this page) Install Τ n tame I nw ^ · n mem§ I fl · — 1 1 i -24-

474080 A7

Fifth, the description of the invention (22) in the signature. Since the file-specific keys do not provide any level of authentication, the file-specific keys are typically not used to sign documents. The S / MIME encoding of the document is ideal (please read the precautions on the back before filling this page) 疋 It is executed by the mobile code on the user's computer, so the DMS system cannot access the unencrypted version of the document. In step 107, the user uploads the code file to the DMS system, and the ideal is to record the child change. The document is then stored in storage 30, and information about the document is stored in database 25. In step 108, the encrypted key block containing the file key pair can be uploaded to the file management service of each file receiver, whose encrypted key block has been S / MIME encoded in step 105. The file management service can then notify recipients of available files. In addition, the encryption key block can be selectively transmitted directly to each recipient of the file, and the encryption key block has been s / mime encoded in step 105. Recipients can typically view the file by downloading the S / MIME-encoded file, which decrypts the encrypted key block by using their own private key, and then decrypts using the file's private key, or "unpack" the S / MIME-encoded file. The receiver's encrypted key block can ideally be stored in the database 25 or storage 30 as a document management service, which can be referenced by using a document identifier for each document and a unique identifier for the recipient. Printed in another preferred embodiment by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, the document can be S / MIME encoded using the public key (established in the authentication) of each of these recipients. And use the file public key encoding, and can be uploaded to the file management service and transmitted to each of these original recipients through the file management service. When they are offline, or not connected to the file management service, this Recipients with software that handles S / MIME messages are allowed to process documents. In addition, this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) -25- Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 474080 A7 ------- B7_______ V. Description of Invention (23) The software used to process S / MIME messages can be used to maintain compatibility to the extent that Processes documents without using any custom software or mobile code, while maintaining many of the advantages of the method of the present invention, such as document forwarding and sharing of situations described below. For forwarding or transmitting a document to a new recipient The processing is shown in Figure 3. In step 201, the original recipient can obtain a copy of the encrypted key block 'which contains the file key pair from the file management service. In a preferred embodiment, this can be done through Use the file identifier of the original recipient and the identifier of the recipient to request a cryptographic key block from the database 25 or storage 30. At step 202, the original recipient will use his or her private key to include the file The S / MIME-encoded encrypted key block of the key pair is unwrapped. This ideal can be accomplished by an action code executed on the original recipient's computer, so that the file management service will never be able to access the decrypted file key pair. Step 203 'The file key pair is S / MIME, edited, repackaged, using a new recipient authentication. This new encryption key block is uploaded to the file management service through the file management service in step 204 And optionally to a new recipient. The new encryption key block is ideally stored by a file management service in the database 25 or storage 30, so it can be referenced by the file identifier and by the identifier of the new recipient. The new recipient can use his or her private key to decrypt the file key pair, which can be used to decrypt the file. It should be noted that when the file key pair is repackaged, since the repackaging is typically removable, the original packaging should be removed Any digital signature of the user, so the history of the key pair is lost. If the user needs to save the history of the _ file transfer, (please read the precautions on the back before filling this page). Installation -------- Order- -------- ^^ 1 -26- 474080 A7 B7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. 5. Description of the invention (24) What is the original packaging document key pair signed by the sender? Save as part of new file key pair . The unencrypted file key pair can be signed using the sender's digital signature to the originally packaged file key pair, and this entire block can be repackaged using the new recipient's public key. By using this technique, the sender chain of a document key pair can be determined through digital signature tracking. Alternatively, a history can be maintained by recording the changes on a file management service. Since the "new pi recipients" in the above method can be a group or initial recipients, this same method can be used to move a received file into storage or a file into a group. Therefore, including transmission, storage, and Many services for shared document access can be supported by the above method. The advantage is that the above method allows documents to be stored, shared, and transmitted through a document management system, without adding additional needs or adding user access to one When grouping files, the files must be re-encrypted continuously. Because each file is encoded using a file key pair, all that needs to be added to a receiver is to encrypt the receiver's file key pair. No need to download and decrypt the entire file And re-encrypting the entire file by using the public key of the new file, which was necessary in previously known systems. For larger files, this represents a significant time and communication bandwidth savings because the file is It is stored through the file management service, and only has the phase, and smaller key blocks need to be downloaded and repackaged. T · In addition, both The entire program that generates the file key pair, the encoded file key pair, and the encoded file are processed by the user's computer, not the file management service, so the file management service never fails to access the _unencrypted version of the file or file key Yes. Because &, since the document management service cannot check the size of the paper stored, it applies the Chinese National Standard (CNS) A4 specification (210 x 297 mm (please read the precautions on the back before filling this page) ▼ m m. ϋ ϋ eatmm Mmmmme in Order -------- -27- 474080 A7 Documents printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs (5) Documents of Invention (25), so users do not need to rely too much on document management services. According to the principles of the present invention, these advantages are that additional levels derived from key management can be added to standard encryption methods. File 60 is a file common key of 62 by using the file key generated for file 60, simplified encoding, Instead of using the recipient's document public key for reading and encoding as shown in Figure 4A. The document key pair including the document public key 62a and the document dedicated key 62b. Then can be used by The recipient's public key 64 is S / MIME encoded. File access allows access to the file key pair 62 without downloading, decrypting, re-encrypting, and re-transmitting the file. 0 Additional levels of key management can also be based on The present invention is used. As shown in FIG. 4B, a small group of main levels can be added. File 60 is S / MIME encoded by using the file common key 62a as described above. File key pair 62 is obtained by using group key pair 70. The group common key 70a is S / MIME encoded. When a group is created by the group's sponsor or leader, a group key pair 70 will be generated and contains the group common key 70a and the group private key 70b. Then, The group key pair 70 can be S / MIME encoded by using the public key 72 of each member of the group. To unpack the file, a group member uses his or her private key to decrypt the group key pair 70. The group key 7013 can then be used to unlock the file key pair 62, so the file specific key 6 2b can be used to decrypt the file 60. By adding this extra level to key management, files can be used with the entire group without having to repackage the files for each group member. Each member has a copy of the group key pair 70, which provides them with access to any file using the file key pair coded to the group. -28- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page) Γ-Binding ---------% ·

4740SQ A7 ------ 2L .____— V. Description of the invention (26) For compatibility, as mentioned above, the document key pairs are intended to be packaged by using the certification of all group members Instead of just using group key pairs. In addition, to maintain compatibility with other software and standards, the document itself must be packaged by using team member certification and using document key pairs. Fig. 5 shows a method for adding a new member to a small group according to the method of the present invention. At step 3 01 'the group sponsor can download a copy of his or her group key pair from the file management service. In a preferred embodiment, the encrypted group key pair can be stored in storage 30 or database 25 and can be accessed by using a group identifier and a group member identifier. In step 302, the group sponsor can unpack a copy of his or her group key pair by using his or her private key. This step is ideally performed on the group sponsor's computer, so the file management system never has access to a decrypted group key pair. At step 3 03 'the group sponsor can repackage the group key pair by S / MIME encoding the group key pair by using the common key of the new group member. In addition, the team sponsor can use his or her private key to digitally sign the team key for authentication. The encoded group key pair may then be uploaded to the file management system and transmitted to the new group member via the file management system at step 304. The repackaged group key pair is ideally stored in the database 25 or bank 30 of the document management service, which can be accessed by using the group identifier of a new group member and a group member identifier. As long as the new group member has access to the group key pair, he or she can access any document that has a file key pair, and the file key pair is through the use of group 29- This paper standard applies Chinese National Standard (CNS) A4 specification (2l0 X 297 mm) (Please read the precautions on the back before filling out this page) Γ-Binding -------- Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention ( 27) The Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs prints key pairs and codes. The advantage is that this allows files to be securely shared with other team members without having to re-encrypt each team member's file. For those skilled in the art, it is obvious that the private sequence of adding a group member to FIG. 5 is the same as the method of forwarding a message described in FIG. Similarly, the method of generating the group key and the package file key pair by using the group key, and transmitting the group key to the group members is essentially the same as the method for generating the file key and the package file described in FIG. 2. It is generally expected that additional levels of key management can be used to advantage by reapplying the same approach to add and manage additional levels. For example, group keys can be packaged using additional levels of key pairs, groups allowed within groups, or groups within large access groups, or other nested structures of keys. In this way, for example, a file can be used to organize a group of special ministries, or a special region can be mastered by a person skilled in the art. It will be clear that a single file can be stored together, transmitted to the same recipient, Many files shared by the same team. As such, a document may contain archives or any collection of other information together throughout the package. If there are many multiple files to be managed, each of them can be individually packaged, or if they are to be managed together (ie, stored, transmitted, shared), they can be combined and processed together. It can also be understood that 'while the method of the present invention is described in terms of s / mIME and other known encryption and authentication standards, such as χ · 509, pKCS # 6, and PKCS # 8, these standards need not be used. Any similar encryption and packaging method can be used in accordance with the invention with minimal modification. However, using the standard would be better, because it allows the coexistence of software and common key infrastructure and (please read the precautions on the back before filling out this page) Install 1 immmmm i earn— 一 |, 口, i emmmt · ϋ fl — Nnn 1 1 p 1 x 297 mm) -30-474080 A7 V. Description of the invention (28 A system used to implement the method of the present invention. As mentioned above, for example, standard authentication formats can be used to package a document common key (or group common Key, etc.). Figure 6 shows a standard authentication portion used to package a public key for a document in a preferred embodiment. Digital authentication 80 includes a serial number block 82, and the serial number field contains the unique serial number of the certificate. In addition to the serial number block In addition to 82, the authentication 80 can be uniquely identified by using the prominent name holder 84. The prominent name field 84 contains a globally unique identifier, or the name for authentication. The prominent name can be a A large random random number, or a combination of random numbers and other information for identification and authentication. In a preferred embodiment of the present invention, the prominent name field 84 in a public key authentication of a document contains a significant The name includes a random number and the name of the document, and an optional reference for the certification of the document originator, an optional reference for the server, or the services of the AIB initiator, and any other descriptors and identifications Combination of information 0 Duration block 86 can provide a period during valid authentication 80. This includes a fixed expiration time, or some arbitrary time specified by the user. In a preferred embodiment of the present invention, The order time slot 86 is set according to the time of the document management service. For example, a user of a basic plan can establish a document public key authentication with a duration of 3 days, and a user who pays special attention to the plan can establish iL lasts 10 years of certification. Another preferred embodiment uses a duration related to the reasonable age of the document, and can be set on a document through a document (or group by group, etc.) basis. Bits 8 and 8 contain the distinguished name of the certified developer. (Please read the notes on the back before filling out this page)

, I · nn 1_1 nnn Bn I ϋ i ϋ nnn flu I% Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 31-474080 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 V. Description of the invention (29) In terms of a document public key authentication, the development note holder bit 88 is a well-known name that includes a document key or sender public key authentication. For a small group of public keys, the developer billing field 88 contains a notable name for the group sponsor. The common key stop 90 is a common key included in the certified 80 package. If the authentication 80 is for a file, the common key block 90 contains a file common key. If the authentication 80 is for a group, the common key block 90 contains the group common key. The signing common key stop 92 is a copy of the common key included in the certification 80 package, which has been signed by a certified developer. For a document common key, the key will be signed by the originator or sender of the document. For a small group of public keys, the key will be signed by the group sponsor. The date field 9 4 contains the date when the certification was issued; it can also include the time when the certification was issued. Typically, this is the date and time when a digitally authenticated document or group common key was created and packaged. Policy block 96 is an optional field that contains information related to the use, rights, or attributes of the certificate. The authentication enforcement block 98 is also a selective block, which contains a reference to the certification implementation statement (typically as a URL). In addition to the above fields, it is obvious to those skilled in the art that other fields such as X.509 or other standards need to add authentication 80, without reaching the present invention. Although the present invention does not require authentication using all of the fields described above, these blocks can meet established standards and should include benefits in the use of standards such as X · 509 or PKCS. Although the specific embodiments of the present invention have been described above, it is obvious to those skilled in the art that various changes and modifications can reach the cost. The paper size applies the Chinese National Standard (CNS) A4 specification ⑽χ 297 公 ( (Please read the precautions on the back before filling out this page)

in an (mouth, t n ammmmf n n n a --- I 32- 474080

Fifth, the description of the invention (30), and does not detract from the present invention. For example, although the method and the Internet access file management service part of the present invention are described, it is a tool that can be used to transmit and share information with minimal modification. Hudu application. The appended patent application covers all such changes and modifications without departing from the true spirit and scope of the present invention. (Please read the precautions on the back before filling this page) Loading -------- Order · 丨 —— ^ ------ · Use a moderate amount of paper Printing

Claims (1)

A BCD which stores 474080 in a database The scope of the patent application is as described in the sixth method of the patent scope. The encryption key pair further includes ^ 'to provide a file identifier; to provide a recipient identifier; and other == secret key pairs, so it can be used by the file identifier and Recipient identification 8. The method of item 7 in the scope of patent application, in which 浐 Very, in one of the six people 1-Huizhong for one after another identifier system package 3 provides a unique file identifier. 9. Scope 7 of the patent, wherein the provision-recipient identifier includes provision of a unique recipient identifier. 1 0. As the coincidence of the scope of the patent application, the recipient is an electronic file =, the person, and the method further comprises the step of storing the electronic file in a file management system. &quot; · If g 'in the scope of the patent application, it further includes transferring or transmitting the electronic component from the receiver to a new receiver. A. As described in item n of the scope of patent application, transmitting the electronic file further includes: decrypting the encrypted key block by using a special key related to the receiver to generate the file key pair; f by using and Add a public key associated with the new recipient to add the file key pair to generate a new encrypted key block; and provide a new recipient with access to the new encrypted key block and the package file. U • If the scope of patent application is the first! Among the items, the recipient is a small group -2- This paper size is applicable to China National Standard (CNS) A4 (210X297 mm) 4 ^ 4〇 $ 〇 'The method further includes ... generating a small group of key pairs, the group key pair includes a small group of public keys and a small group of private keys; for each member of the group, by using the A common key to encrypt the group key pair of the group member to produce an individually encrypted copy of one of the remote group key pairs that violates the group member; and for each member of the group, providing access to the group member's The individual encrypted copy of the group key pair; wherein encrypting the file key pair includes encrypting the file key pair by using the group public key. 14. The method according to item 13 of the scope of patent application, wherein encrypting the group key pair * ——_ further includes digitally signing the group key pair. 15 · The method of claim 13 in the scope of patent application, further comprising adding a new ^ 1111 .— member to the group. 16 · The method according to item 15 of the scope of patent application, wherein a new member is added to the group, which includes; decrypting an individual encrypted copy of the group key pair of a group member to generate the group key pair; using the new Encrypting the group key pair with the public key of the member to generate a new encrypted copy of one of the group key pairs for the new member; and providing the new member with access to the new individual encrypted copy of the group key pair. 17 • The method of item 13 of the patent application scope further includes an additional level of management using keys. -3- This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) 474080 as B8 C8 D8 VI. Application for patent scope 1 8. If the application for the scope of item 1 of H, a file key pair is generated It further contains a public key wrapper for the document that will be treated as an authentication. 19 · If you apply for ^ in item 18 of the scope of patent application, where the certification conforms to a standard format. 20. The method of claim 19 in the scope of patent application, wherein the standard format includes X.509. 2 1 · The method according to item 18 of the scope of patent application, wherein the packaging is regarded as an authentication-the public key system of the document further contains a unique identification name that provides the authentication 02 2-a type that can be used across the Internet A server providing secure document management services on the road. The server includes a memory, and the memory contains one or more downloadable routines. When the remote computer is loaded and executed on the remote computer, Each of the one or more downloadable routines can cause a remote computer to perform a function. The one or more downloadable routines include: a file key generation routine that can cause the remote computer to generate a A file key pair of an electronic file, the file key pair including a file common key and a file special key; a document packaging routine that can cause the remote computer to package the electronic document by using the file common key to generate A packaged document; a one-key encryption routine that may cause the remote computer to encrypt the file key pair by using a recipient public key associated with a recipient to generate an encrypted key block; and An upload routine may cause the remote computer to upload the encrypted file and the encrypted key block to the server. -4- This paper size applies to China National Standard (CNS) A4 specification (210 X 297 mm) 474080 A8 B8 C8 D8 VI. Patent application scope 2 3 · If the patent application scope item 2 or 2 of the server, one or The plurality of downloadable routines further include an authentication which may cause the remote computer to obtain a recipient authentication from a file management service or from an authentication authority. 24. The server as claimed in claim 22, wherein the document packaging routine includes a document encryption routine that encrypts the file through the public key of the file. 25. The server of claim 24, wherein the file encryption routine includes a hybrid encryption deduction method. 2 6. If the server of the scope of patent application 22, the document packaging routine contains a document digital signature routine, which can be digitized to sign the document. Device, wherein the memory system further includes a program-controlled routine that can cause the server to store the packaged document and the encrypted key block and provide the recipient with access to the packaged document and the encrypted key block Piece. Within implementation. 28. In the request of the scope of patent scope 22, one or more downloadable routines include applets' web browser on the remote computer 2 9 · If the scope of patent application is 2 2 Item server, one or more of which are downloadable ‘The computer transfers the electronic file to a new recipient, downloads the encrypted key block from the server, and decrypts the encrypted key by using a dedicated key associated with the recipient This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 474080 A8 B8 C8 patent application block to generate the file key pair; encrypt the file by using a common key associated with the new recipient Key pair 'to generate a new encrypted key block; and uploading the new encrypted key block to the server. 30. If the server of the 22nd item of the patent application scope, wherein the recipient is a The small &lt; 0MWiat | ltgn group 'and one or more downloadable routines further include a small group of routines which share the electronic file with members of the group through the remote computer: generate a small set of key pairs for the group, The group key pair includes a group of public keys and a group of private keys; the group key pair of each member of the group is encrypted by using a public key associated with the group member to generate the group key pair of the group member One of the individual encrypted copies; and uploading the individual encrypted copy of the group key pair of each member of the group to the server; wherein the key encryption routine may cause the remote computer to use the small The public key is used to encrypt the file key pair. 3 1. If the server of the scope of patent application No. 30, the group routine further causes the remote computer to digitally sign the group key pair. 3 2. In the server of scope item 30, one or more downloadable routines further include a nested key management routine, which can cause the remote computer to use an extra level of key management. 3 3 · If the scope of patent application The feeder of item 30, wherein the one or more downloadable routines further includes a new member routine that can add a new member to a group by using the remote computer: -6- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 4? 40a8A8 B8 C8 D8 ', the scope of the patent application for downloading a group of sponsors from the server to the individual encryption of the group key pairs • Copy; decrypt the individually encrypted copy of the group key pair by using the private key of the group sponsor to generate the group key pair; encrypt the group key pair by using the public key of the new member to generate the A new individual encrypted copy of the group key pair of the new member; and uploading a new individually encrypted copy of the group key pair to the server. 3 4 · If the device in the scope of patent application No. 33, the new member routine further causes Yuanyun Computer to digitally sign the new individual encrypted copy of the group key pair. 3 5 · A computer that provides secure file management services. The computer includes a memory, and the memory system includes one or more routines. The one or more routines include: a file key generation routine, which A file key pair that can cause the computer to generate an electronic file, the file key pair including a file common key and a file special key; a document packaging routine that can cause the computer to package the electronic by using the file common key File to generate a packaged document; a one-key encryption routine that can cause the computer to double-key the file by using a recipient's public key associated with a recipient to generate an encrypted key block; And-upload routine 'which may cause the computer to upload the packaged file and the encrypted key block to a file management system. 3 6 · If the item No. 35 of the scope of patent application is only for <% of the month, one or more of them ^ 080 ^ 080 A8 B8 37 ΓΓ code, which can be downloaded to the computer through a file management system. . ^ 凊 This is the 35th in the scope of patents, where the document packaging routine is ^. -Another encryption routine, which can be encrypted by using this electronic file. Liver 38. The brain of the 37th patent, the document encryption routine includes a hybrid encryption deduction method. ~~ 39 .: The computer for which the scope of patent application is No. 35, wherein the document packaging routine contains a document digital signature routine for digitally signing the electronic document. 040 · = ^ 35 of the scope of patent application ^ Brain, where one or more of the routines step forward includes a transfer routine to allow the recipient to forward the document to a new recipient through the computer; download the encrypted key from the file management system Block; decrypting the encrypted key block by using a dedicated key associated with the recipient to generate the file key pair; encrypting the file key pair by using a public key associated with the new recipient, To generate a new encryption key block; and upload the new encryption key block to the file management system. 4 1 · If the computer of the scope of patent application No. 35, the recipient is a group 'and a Or the plurality of routines further includes a group of routines that can share the electronic document with members of the group through the computer: generating a group of key pairs for the group, the group key pairs containing / group common keys and a Small group Key; by using a common key related to the side group members, the group is closely related to the group-8-D8 々, the group key pair of each member of the patent application scope, to generate one of the group key pairs of the group members individually An encrypted copy; and uploading the individual encrypted copy of the group key pair of each member of the group to the file management system; wherein the key encryption routine may cause the remote computer to use the group public key to pair the file key pair Encryption. 42. 43. 44. If the scope of the patent application is in item 4 丨, the group routine further causes the computer to sign the key pair of the group digitally. If the computer in the scope of patent application 41, one or more of them The routine system further includes a new member routine, which can be used to add a new member to a group through the computer in order to download the group key of the group sponsor to the individual from the one piece management system An encrypted copy; decrypting the individual encrypted copy of the group key pair by using the private key of the group sponsor to generate the group key pair; by using the new member's Encrypt the group key pair with a key to generate a new individual encrypted copy of one of the group key pairs of the new member; and upload the new individual encrypted copy of the child group to the file management system 43 items! Brain, in which the new step makes the computer to the new individual force of the group key pair. Digital copy signed-9 · 114080 No. 558 in the original patent application (90 • Patent scope a security management An electronic file method comprising: ----- generating a file key pair of the electronic file, the file key pair including a file common key and a file special key; and packaging by using the file common key The file to generate a packaged file; determine a recipient of the file; encrypt the file key pair by using a recipient public key associated with the recipient to generate an encrypted key block; provide the recipient Can store the file and the encrypted key block 2. For item A in the scope of the patent application, where the document is packaged by using the public key of the document, the file contains S / MIME for encoding the document by the public key of the document. Hold As in the method of claiming item 1 of the patent, wrapping the file with a key includes encrypting the file. Where the file public key is used to make the file public As in the method of claim 3, encrypting the file with a key includes encrypting the file with a key. By using the file public encryption deduction method in order to The method of claiming item 1 of the patent scope is to use the document to wrap the document by using the key. The document contains E digital signatures, such as the mystery of item 1 of the patent application scope, which provides == pieces: encrypted key pairs. The system is included in the file management system; save the package of the child 'and store the encrypted key pair in the database.