ELECTRONIC DOCUMENT PROTECTION SYSTEM
TECHNICAL FIELD This invention relates in general to document security, and in particular to a system for protecting electronic documents.
BACKGROUND Computer networks are being used extensively to enable groups of two or more people to communicate. For example, many offices utilize local area networks that enable employees to communicate with each other via electronic mail (e-mail). In addition, individual computers or local area networks may be linked to form a broad-based network to facilitate communications between remote persons. The Internet is but one example of such a broad-based network. One effect of the increasing use of computer networks for communication is that electronic documents are fast replacing paper documents in both business and non-business environments. For example, letters, specifications, control drawings, spreadsheets, artwork, blueprints, video images, output from electronic scanners and routine business forms can be represented in electronic form and transferred as electronic documents using computers. Moreover, electronic representation of documents will increase as automated equipment becomes more prevalent in offices and homes.
Like paper documents, many electronic documents are routinely circulated among several persons, and consequently, it is often desirable to control the distribution or alteration of the document to ensure that the electronic document was not altered after origination. However, without some form of protection, electronic documents are easily forwarded, printed, copied or otherwise altered in a manner that may escape detection.
One solution to this problem is embodied in document configuration management systems, which provide security by using a software-implemented
locking mechanism that locks documents into a software library. A document is "signed" by checking it out of the library, modifying it if desired, then checking it back into the software library with appropriate comments. The party that checked out and returned the document may be considered to have "approved" it. The returned document can then be viewed by other users with confidence that it has not been modified since it was last replaced. However, document configuration management systems suffer from numerous disadvantages. For example, they require a central configuration management server that must be available to all users. Linking all users to the central configuration management server is impractical for loosely coupled systems, such as the Internet.
Accordingly, document configuration management systems are ill-suited for widespread use by unaffiliated or loosely affiliated users.
A second generally known technique for providing electronic document security is referred to as public key encryption. Many specific types of public key encryption techniques are known. For example, the National Institute of Science and Technology (NIST) has adopted a Digital Signature Standard based on public key encryption. The electronic information is encrypted using the signator's private key within a public key encryption technique. Subsequent successful decryption and hash confirmation by the recipient verifies the integrity of the document and identity of the signator.
In private key encryption techniques, the private key is not mathematically related to any other key. Accordingly, the private key is required for decryption. In general, public key encryption techniques use a public key and a private key that are mathematically related. However, it is practically impossible to derive the private key from the public key. As the name suggests, the public key can be known by anyone and the private key is secret and should be protected from modification and disclosure.
However, electronic signature and document configuration management systems which provide document security do not currently work within the
structure of today's highly integrated electronic office tool sets, and are not easy to use, particularly for computer novices. Little effort has been expended to make such techniques accessible to the average computer user, who has a relatively low level of computer expertise. Accordingly, there is a need for electronic data security techniques that are transparent, user-friendly, that provide a sufficient degree of security that will deter forgery and alterations, and that can be used in a wide variety of computer systems.
BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic chart depicting an electronic document protection system in accordance with the invention.
FIG. 2 is a schematic chart depicting an alternate embodiment of an electronic document protection system in accordance with the invention.
FIG. 3 is a schematic chart depicting a third embodiment of an electronic document protection system in accordance with the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT In an electronic document protection system, a protection flag is associated with a source file by a protection component in order to define a level of protection for the file. At the destination, another protection component reads the protection flag and communicates it to the operating system and/or the application program. The security of the file is controlled by enabling or disabling selected operational functionalities of the operating system and/or the application program at the destination in response to the communication from the protection component.
While the specification concludes with claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures. Referring now to FIG. 1, a preferred
embodiment of the electronic document protection system according to the present invention contains a source 100 that has an electronic document or file 120 and a protection component 140. The file 120 is the 'electronic document' that is desired to be protected from alteration, printing, forwarding, etc. The destination 1 10 typically contains a second protection component 150, an operating system (OS) 160 and one or more application programs 170. At the heart of the system are the first protection component 140 and the second protection component 150. The first step in the protection process is for the first protection component 140 to associate a protection flag 130 with the file 120. The values of the flag components set by the protection component 140 are based on the level of security desired by the owner of the file. In a typical situation, the protection flag is invisible and/or inaccessible to the user. In one embodiment, the flags associated with the file are binary flags which have a number of bits in the flag. Each bit corresponds to one aspect of the level or type of protection that is desired to be achieved. For example, the value of a bit is set to 'one7 when a user of the file is to be prevented from gaining access to specific functionality associated with that bit (such as, but not limited to, saving files, saving the file with a different name, saving the file in a different format, creating a duplicate copy of the file, export, insert, clipboard, printing or forwarding). The value of the bit by default is zero which means the user of the file will have access to functionality associated with the bit. The bits in the flag can be grouped together by their functionality such as operating system functions, application program functions and graphical user interface functions. Although the protection flags are described here as binary flags, many other schemes that are well known in the software art can be used to represent the flag. The value of the flags can be encrypted using well-known algorithms of the prior art and embedded in a pre-specified location inside the file. The embedded flag is an integral part of the file content and hence is copied or moved with the file. Embedding the flag within the file is one way of associating the protection flag 130 with the file 120.
An alternate method is to store a list of file names and associated protection flags in the protection component 140 and send them over the communication link 180 on demand by elements of destination 1 10.
At the destination, whenever the file is accessed for any operation either by the operating system or by the application program, the second protection component 150 reads the value of the bits in the embedded flag and communicates the relevant values to the operating system 160 and/or the application program 170. The operating system and/or the application program in turn enables or disables their specific functions in response to the communication from the protection component 150. Some common access, operation and manipulation functions of operating systems that are relevant to this invention are copying files, renaming files, moving files and duplicating files. In essence, all of these functionalities are related to accessing and creating a duplicate of the original file at the operating system level. Some application program-level file operation functions that are widely known in the art and are relevant to this invention are saving files, saving file with a different name, saving file in a different format and creating a duplicate copy of the file. Other functions of the application program that can be controlled through the flag include export, insert, clipboard and printing. In a typical environment, when a computer user accesses the protected file through the application program, the view of the file provided to the user has all the protection levels enforced, thus preventing the user from creating duplicate copies of the original content in whole or in parts.
Both the first and the protection component can be implemented using standard software techniques well known in the art. Though the source and destination are shown as separate elements in FIG. 1 , they can reside in the same physical device. Optionally, a communication link 180 is used to transfer the file 120 from the source 100 to the destination 1 10 if the source and destination are not the same physical device.
Referring now to FIG 2, an alternate embodiment of the invention is depicted. In this embodiment a graphical user interface (GUI) 190 is present in the destination in addition to the operating system and the application program. The protection component 1 50 communicates the flag values to the graphical user interface as well as to the operating system and the application program. The typical graphical user interface level functions that will be controlled through the flag bits include clipboard, screen capture and screen dumps.
In yet another embodiment shown in FIG. 3, the source 300 contains a computer 305 which has a file system 325 and source software protection component 340. The file system 325 contains a file 320 and a fiag 330 is associated with the file. The first step in the protection process is for the protection component 340 to associate the protection flag 330 with the file 320. The values of the flag components set by the protection component 340 are based on the level of security desired by the owner of the file. When a user at the destination requests to use or see the file 320, the file with the embedded flags is transferred over the communication link 380 to the computer 306. Some of the common forms of communication link 380 are the Internet, intranets established within a company, local area networks which are geographically located in close proximity and wide-area networks that are dispersed over long- distances. The mechanism of transfer over the communication link can be any of the industry standard methods such as hypertext transfer protocol (HTTP), electronic mail in various forms (e-mail) and file transfer protocol (FTP). At the destination, whenever the file is accessed for any operation the second protection component 350 reads the value of the bits either in the embedded flag or the flag transferred over the communication link and communicates the relevant values to the operating system 360, the application program 370 and the graphical user interface. The operating system 360, the application program 370 and the graphical user interface 390 enable or disable their specific functions in response to the communication from the protection component
350. Some common access, operation and manipulation functions of operating system that are relevant to this invention are copying files, renaming files, moving files and duplicating files. In essence, all of these functionalities are related to accessing and creating a duplicate of the original file at the operating system level. The application program level file operation functions that are widely known in the art and relevant to this invention are saving files, saving file with a different name, saving file in a different format and creating a duplicate copy of the file. Other functions of the application program that will be controlled through the flag bits include export, insert, clipboard and printing. In summary, our invention overcomes the deficiencies in the prior art by providing an electronic document protection method and system. Security information is embedded in a document by a flag in a predetermined format, and the flag is read by the OS or an application program to invoke predetermined restrictions on the operations that can be performed on that document. While the preferred embodiments of the invention have been illustrated and described, it will be clear that the invention is not so limited. Numerous modifications, changes, variations, substitutions and equivalents will occur to those skilled in the art without departing from the spirit and scope of the present invention as defined by the appended claims.
What is claimed is: