公开(公告)号：DE10051571A1

公开(公告)日：2001-04-26

申请号：DE10051571

申请日：2000-10-18

Applicant: IBM

Inventor： DAVIS MARK C ,  HIND JOHN R ,  PETERS MARCIA L ,  TOPOL BRAD B

IPC: G06F1/00 ,  G06F21/00 ,  H04L9/08 ,  H04L9/00 ,  G06F12/14

Abstract: Documents are subject to selective encoding for protecting the information against unintentional publication, and include XML-documents and XSL-processors, and following preparation of an input-document, one or several support objects are prepared, and then a document-type definition (DTD) corresponding to the given input document. Selected prescribed support objects are carried out during use of one or more style-sheets on the given input document, resulting in an interim document. One or several randomly generated encoding keys are then generated, and the selected elements of the interim documents are encoded, to prepared producing an encoded output document with zero or more unencoded elements. The find (result) documents is produced on a given client device, with encoding of the given received documents for a discrete user or process on the stated client device.

公开(公告)号：DE10051571B4

公开(公告)日：2006-06-29

申请号：DE10051571

申请日：2000-10-18

Applicant: IBM

Inventor： DAVIS MARK C ,  HIND JOHN R ,  PETERS MARCIA L ,  TOPOL BRAD B

IPC: H04L9/00 ,  G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  H04L9/08

Abstract: A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or "XSL", processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or "XML", document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.