525 results about "Document security" patented technology

Applications, systems and methods for efficiently accessing and controlling data of devices among multiple computers over a network. Peer-to-peer exchanges of data between private computers is made possible while providing seamless, firewall-compliant connectivity. Such functionality is available even among private users over a public network, and even when multiple firewalls must be passed through. A firewall compliant connection may be established between a local computer and at least one remote computer; at least one file on a storage device associated with one of the computers is selected, and securely sent to at least one other computer over the secure connections. Computers may be connected over a wide area network with or without a connection server, with or without a VPN.

An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.

A software engine runs in a compatible mode with off-the-shelf word processors, e-mail programs and presentation development software and other document development software. The software engine is used for the security classification of sensitive or national security classified information in electronic and resultant hard copy document formats. The software engine ensures that the individual considers all informational portions of a document, that appropriate document marks are employed, that document marks in their electronic format are persistent and that all necessary information, such as classification guides, standards and security regulations, provided by the organization to classify information is at hand and immediately available. In addition to the document sensitivity or classification determination and marking support, the software engine tracks and controls documents and the electronic media storing documents. It also provides warnings and alarms, ad hoc document security analysis and reporting capability to system security administrators with respect to document or network events or captured information that may be indicative of risk to the information requiring protection. The software also provides the ability for an organization to centrally establish and control a security classification or sensitivity marking hierarchy for automated security classification support.

The invention is a method for monitoring a file in a file security system, including providing a first file representation of a file in which the file is disposed at a first location and first processing the first file representation to provide first signals in accordance with the first file representation. The first signals are stored in a central repository disposed at a second location wherein the second location is remote from the first location. A second file representation of the file is provided wherein the file is disposed at a third location remote from the second location. Second processing of the second file representation is performed to provide second signals in accordance with the second file representation. The first signals are accessed from the central repository and the first signals are compared with the second signals. A status of the file is determined in accordance with the comparing.

Security of photographic identification documents is enhanced by providing machine-readable information that may be correlated to other information pertaining to the individual represented by the image, such other information being, for example, printed on the document adjacent to the photograph.

A document security management system for securely managing documents for users. The document management system comprises a document repository providing a facility for storing data files representing the documents. A key repository stores a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository. Each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document. A plurality of client terminals are operable to store and to retrieve the documents from the documentary repository for processing by a user. Each user is in possession of a digital certificate comprising a certificate key pair. The key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user. The client terminal is operable with the private key of the certificate key pair in possession of a user. The client terminal is operable to decrypt the private key of the encryption key pair using the private key of the certificate key pair of a user, and to retrieve the encrypted document from the document repository and to decrypt the document using the decrypted private key of the encryption key pair. Thus, in accordance with the present invention a two tier arrangement of private key/public key pairs is provided with a first private key/public key pair called the encryption key pair being associated with each of the documents and a second digital certificate private key/public key pair called a certificate key pair being associated with the users. A document management system according to the present invention is therefore provided with an improvement in security with respect to document management and document management security.

A web based data collaboration tool includes a dynamic international collaborative environment in which system partners, including customers, technology partners and suppliers, can exchange information between one another in a truly collaborative environment. The web based data collaboration tool includes unique “fine grain” security at both the document and sub-document level. This allows one source document to be shared between the system partners, including partners from different companies and those located in different countries, based upon an individual document/sub-document security profile. Further, the web based data collaboration tool includes a secure “Sandbox” for peer-to-peer sharing of sensitive documents and electronically incorporates a business area export representative (BAER) approval process that includes the required retention of International Traffic in Arms Regulations (ITAR) documents making the web based data collaboration tool fully ITAR compliant.

Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods.

A control and management system for defined areas such as loading docks, fire stations, and other designated defined areas, employs a card reader, vehicle sensing loop detectors and electric eyes, entrance door sensors and operators, truck securement devices, cameras, a control system with memory, and a wireless connection or internet/intranet connection, is provided to produce event log documentation. The event information is readily accessible by management or supervisory personnel, to see all of the recorded information concerning a specified event. Thus, an event can be readily reconstructed after the fact, using all available sensors and other information relevant to a manager or supervisor. This aids in locating lost packages, documents security procedures, preventing or detecting thefts and vandalism, and for other purposes. An alert can be issued whenever an abnormal or unauthorized event occurs during operations. A QR code reader can be provided for a cell phone with picture-taking capability, which communicates with the system to enable a person carrying the cell phone to scan QR codes at specified locations or on specified items or vehicles.

By asking the recipient of an encrypted received file to read aloud a check text, retrieved from a network server, that address, or URL, is encoded within the file name of the encrypted received file, the system of the invention automatically verifies the identity of the recipient, confirms that the file has been received by the intended recipient, and then decrypts the file. The utterances of text spoken by the recipient are processed by means of an automatic speech recognition component. The system determines whether the spoken text corresponds to the check text presented to the reader, in which case the system applies an automatic speaker recognition algorithm to determine whether the person reciting the check text has voice characteristics matching those of the intended recipient based on a previous enrollment of the intended recipient's voice to the system. When the system confirms the identity of the recipient, the decryption key is transmitted and the encrypted received file is automatically decrypted and displayed to the recipient. In a preferred embodiment, the system records and marks with a time-stamp the recipient's reciting of the voice check text, so that it can later be compared to the intended recipient's voice if the recipient repudiates reception.

Improved techniques for validating timestamps used in a client-server environment are disclosed. A client can associate client-provided timestamps with events that occur at the client. The client can then send event information as well as the timestamps to a server. Preferably, the event information and timestamps are sent in a batch pertaining to a plurality of events that have occurred at the client. The server, which has greater time accuracy, can then validate the client-provided timestamps. The server can also modify the client-provided timestamps so as to improve accuracy of the timestamps. Once modified, the timestamps can pertain to a range (e.g., window) of time during which the associated events can be known to have reliably occurred. In one embodiment, the client-server environment is a distributed file security system in which the events and event information pertain to audit files. The distributed file security system provides efficient and reliable techniques to ensure accuracy of client-provided timestamps.

Improved approaches for providing notifications in a distributed file security system are disclosed. The file security system includes a file security server that manages file security for a plurality of clients. When security criteria (e.g., security policies or rules) change at the file security system, typically the clients need to be notified so that they operate in accordance with the correct security criteria. The security criteria impacts whether a particular client (or its user) are able to access certain files being protected by the file security system. A client can be notified in different ways depending on network characteristics. In one embodiment, an appropriate way to perform notifications between the file security server and clients can be automatically determined, thus advantageously minimizing user impact and allowing the system to transparently adapt to different networks.

A system and method for providing a file security system with an approval process to implement security changes are disclosed. The approval process can be substantially automated as well as configurable and/or flexible. The approval process can make use of a set of approvers that can approve or deny a security change. Different security changes can require the approval of different approvers. The approvers can also be arranged into groups of approvers, and such groups can make use of a hierarchical arrangement.

The present invention uses invisible junctions which are a set of local features unique to every page of the electronic document to match the captured image to a part of an electronic document. The present invention includes: an image capture device, a feature extraction and recognition system and database. When an electronic document is printed, the feature extraction and recognition system captures an image of the document page. The features in the captured image are then extracted, indexed and stored in the database. Given a query image, the features in the query image are extracted and compared against those stored in the database to identify the query image. The feature extraction and recognition system of the present invention is integrated into a multifunction peripheral. This allows the feature extraction and recognition system to be used in conjunction with other modules to provide security and annotation applications.

An imaging apparatus is provided that is capable of maintaining document security control even in a case where document ID information cannot be identified from a physical document that is subject to an imaging operation. The imaging apparatus includes a read unit for reading image data from a physical document in response to an imaging request from a user, a user information acquisition unit for acquiring user information including a security attribute of the user, a document information acquisition unit for acquiring document information including a security attribute of the physical document, an operating condition selection unit for determining whether to authorize outputting of the image data read from the physical document based on the user information and the document information by referring to a predetermined rule, and a log management unit for storing the image data in association with the user information without allowing the image data to be output when the document information is not acquired at the document information acquisition unit.

Security element 2, 4 to be embedded in or applied to a security document so that it is visually recognizable from both sides of security document 1 is of multilayer construction and includes interference element I with a color shift effect and diffraction structures 8. Depending on the arrangement of the layers and existing diffraction structures 8 on transparent substrate S the color shift effect and/or the diffractive effects are perceptible from one or both sides of security element 2, 4. The security element is suitable in particular as two-sided windowed thread 4 and as label or transfer element 2 over hole 3.

An objective is to provide a key management apparatus in a document security and editing system that controls and manages the usage rights of a document, allows a user with usage rights to read and edit freely according to user qualification, and manages the usage rights in compliance with document management rules established by an organization. The key management apparatus includes an encryption key memory 11 that stores an encrypted document identifier of an encrypted document and an encryption key of the encrypted document; a usage rights set memory 13b that stores the encrypted document identifier and usage rights; a user group determiner 18b that determines the usage rights of a user; a usage rights issuer 16 that receives a read request using the encrypted document identifier, refers to the encryption key memory and the usage rights set memory, and sends the usage rights and the encryption key of the encrypted document; and an encryption information issuer 17 that receives an edit request, refers to the encryption key memory and the usage rights set memory, instructs to generate an identifier of a document to be encrypted and a encryption key of the document to be encrypted, and sends the generated identifier and the generated encryption key.

A holder for a carrying and displaying a variety of travel related documents. The holder has clear pockets where the travel related documents placed therein are easily accessible by the user, easily viewed by security and boarding personnel, and the documents securely retained both within the holder and by an attachment means to the traveler. The document holder may be configured with a variety of pockets, each pocket being coverable with a flap. The holder may be worn about the traveler with a lanyard directly attached to the document holder.

What is disclosed is a novel system and method for encoding/decoding data in a cover contone image via halftone dot orientation modulation. Arrays of halftone threshold values are used to determine a desired orientation, e.g. 0/90°±45° for a given single data value of the original message to be embedded. Message data is embedded as a function of halftone dot orientation. Detection modeling of the print-scan process enables the determination of dot orientation from the image scan via statistically motivated image moments. A probabilistic model of the print-scan channel conditions received moments on input orientation. Density values of the received moments are used to determine dot orientation for each halftone cell. The embedded data is retrieved based on the determined orientations. The present method is applicable to areas of data embedding, document security, and the like.

The invention discloses an identity-based file encryption transmission method which is applicable to a system of client/server architecture based on FTP. The method, based on identity based encryption algorithm, comprises the following steps: generation of public keys and private keys of a client and a server; identity authentication; negotiation of a symmetric key; transmission of encrypted files and secret key update and management. The identity based encryption (IBE) algorithm is used in the identity-based method, so that users can communicate safely and signature of each person is authenticated without exchanging the public keys and the private keys; besides, the file safety transmission method is low in cost, flexible in form, high in efficiency and good in safety.

A method, system and computer program product for automatically displaying the potential risk associated with cracking a password. While creating or modifying a password, feedback is provided describing the risk associated with cracking the password. Risk assessment may be presented as a percentage, accompanied by an explanation of why the value was ascertained. Risk feedback during password creation provides an opportunity to improve computer, document, and file security.