Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Architecture for Exchanging High Security Documents that Requires Multiple Approvals

IP.com Disclosure Number: IPCOM000029264D
Original Publication Date: 2004-Jun-21
Included in the Prior Art Database: 2004-Jun-21
Document File: 4 page(s) / 119K

Publishing Venue

IBM

Abstract

Disclosed is an architecture for handling high security documents. To encrypt a high security document, multiple encryption keys are used and each key is passed through a separate chain of approval. The secure document cannot be decrypted unless all the needed approvals are satisfied and unless the user receives all decryption keys.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 4

Architecture for Exchanging High Security Documents that Requires Multiple Approvals

The architecture described here below provides a way to handle high security documents. It supports the usage of multiple approval structures. To encrypt a high security document, multiple encryption keys are used. The decryption keys are exchanged between the Document Server and the user. Each decryption key is approved by at least one License Server before be being sent to the user. The proposed architecture also satisfies the approvals requested by the user. This is achieved by using each License Server as an approval entity or manager.

Figure 1, shown below, illustrates the methof for exchanging a decryption key between a Document Server and a end user through a License Server.

Figure 1, Traditional Scenario of Exchanging Secure Documents

Traditional Scenario for Exchanging Secure Documents : 1- The user "B" requests the encrypted high security document from the Document Server "A" along with some usage conditions. 2- "A" encrypts the high security document with the encryption key Ke. 3- "A" sends the encrypted document to "B". 4- The License Server sends its public key to "A". 5- "A" encrypts the decryption key Kd with the License Server public key (let the LSencrypted decryption key be [Kd]).
LS6- "A" sends [Kd] to the License Server. 7- "B" sends its public key to the License Server.

1

[This page contains 53 pictures or other non-text objects]

Page 2 of 4

LS8- The License Server decrypts [Kd] using its private key and re-encrypts the decryption USERkey Kd using the public key of "B" (let the encrypted decryption key be [Kd]) USER9- The License Server sends [Kd] to "B"
USER10- "B" decrypts [Kd] with its private key to obtain the decryption key "Kd". 11- Finally, "B" uses Kd to decrypt the encrypted document according to the specified usage conditions.

Note: Ke and Kd may be identical in case of symmetric encryption.

Simple Approval Chain The example here below describes how the approval chain according to the present disclosure can be achieved. Three decryption keys and three License Servers are used to approve the viewing of the requested document by the end user. Figure 2, shown below, illustrates a simple approval chain.

Figure 2, Simple Approval Chain.

Simple Approval Chain Scenario: 1-The end-user sends a request for the document to the Document Server. 2-The Document Server sends the encrypted document to the end-user. 3-The Document Server initiates a request for licenses to the License Servers that should approve the usage of the document. 4-Each license comprises one of the decryption keys for the document, this key is encrypted by the public key of the receiving License Server. 5-Each License Server checks if the end-user has the permission to use the document.

2

[This page contains 53 pictures or other non-text objects]

Page 3 of 4

6-If the end-user has the permission, the License Server decrypts the incoming decryption key and re-e...