System for electronic repository of data enforcing access control on data retrieval
    1.
    发明授权
    System for electronic repository of data enforcing access control on data retrieval 有权
    用于数据检索的数据执行访问控制的电子数据库系统

    公开(公告)号:US06839843B1

    公开(公告)日:2005-01-04

    申请号:US09459239

    申请日:1999-12-10

    摘要: When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository's vault signs the encrypted document itself before storing the document in the electronic repository and returns to the originator's vault proof of deposit of the encrypted document in the form of a copy of the signed encrypted document. An access control list identifying access ownership privileges for the document are also stored in the repository. Updates to the access control list are under the control of document originator, or another computer designated by the document originator. When a request is made to view the document, it is made from the vault of the requesting party (a secure extension of the requesting party's work space) to the repository's vault. The repository's vault retrieves a copy of the encrypted document which it forwards, along with the requestor's identity to the originator's vault. The originator's vault verifies that the access control is valid, then verifies that the requestor is authorized to view the document from the access control list, then decrypts the document and forwards the decrypted document directly to the requestor's vault. The requestor provides proof of receipt of the decrypted document.

    摘要翻译: 当电子文档可供其他实体审阅时,将文档存储在由第三方管理的存储库或数据库中通常很方便。 提供了一种系统,其中文档的发起者能够确保其提交给第三方存储库的文档的完整性和安全性,而不必信任存储库的管理员。 文档发起者和存储库管理员都具有作为其各自工作空间的安全扩展的保管库环境。 文档发起者的保管库在将其发送到资源库的保管库之前对从发起方收到的文档进行加密。 在收到加密文件后,存储库的保管库在将文档存储在电子存储库中之前签署加密的文件本身,并以签名的加密文件的副本的形式返回到发件人的加密文件的保管证明。 识别文档的访问权限权限的访问控制列表也存储在存储库中。 访问控制列表的更新由文档发起者或由文档发起者指定的另一台计算机控制。 当请求查看文档时,它是从请求方的库(请求方的工作空间的安全扩展)到存储库的保管库。 存储库的保管库检索其转发的加密文档的副本以及请求者的身份到发起方的保管库。 发起者的保管库验证访问控制是否有效,然后验证请求者是否被授权从访问控制列表中查看文档,然后解密文档并将解密的文档直接转发到请求者的保管库。 请求者提供收到解密文件的证明。

    System for electronic repository of data enforcing access control on data search and retrieval
    2.
    发明授权
    System for electronic repository of data enforcing access control on data search and retrieval 失效
    用于数据搜索和检索访问控制的数据电子数据库系统

    公开(公告)号:US06950943B1

    公开(公告)日:2005-09-27

    申请号:US09459240

    申请日:1999-12-10

    摘要: When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository's vault signs the encrypted document itself before storing the document in the electronic repository and returning to the originator's vault proof of deposit of the encrypted document. When a request is made to view the document, it is made from the vault of the requesting party (a secure extension of the requesting party's work space) to the repository's vault. The repository's vault retrieves a copy of the encrypted document which it forwards, along with the requestor's identity to the originator's vault. The originator's vault verifies that the requester is authorized to view the document from the access control list using an access control list identifying access ownership privileges for the document stored in the vault itself. If the requestor has access, the originator's vault decrypts the document and forwards the decrypted document directly to the requestor's vault. The requestor must provide proof of receipt of the decrypted document.

    摘要翻译: 当电子文档可供其他实体审阅时,将文档存储在由第三方管理的存储库或数据库中通常很方便。 提供了一种系统,其中文档的发起者能够确保其提交给第三方存储库的文档的完整性和安全性,而不必信任存储库的管理员。 文档发起者和存储库管理员都具有作为其各自工作空间的安全扩展的保管库环境。 文档发起者的保管库在将其发送到资源库的保管库之前对从发起方收到的文档进行加密。 在收到加密文件后,存储库的保管库在将文件存储在电子储存库中之前签署加密的文件本身,并返回到发件人的保险库证明文件。 当请求查看文档时,它是从请求方的库(请求方的工作空间的安全扩展)到存储库的保管库。 存储库的保管库检索其转发的加密文档的副本以及请求者的身份到发起方的保管库。 发起者的保管库验证请求者是否被授权从访问控制列表中使用访问控制列表来查看文档,该访问控制列表标识存储在保管库本身中的文档的访问权限权限。 如果请求者有访问权限,则发起者的文件库将解密文档,并将解密的文档直接转发到请求者的文件库。 请求者必须提供收到解密文件的证明。