Application of differential policies to at least one digital document

摘要

In a method (300) for applying differential policies on at least one digital document (120a-120n) having a plurality of atomic units (122a-122n) among a plurality of workflow participants (110a-110n), in which the atomic units are assigned with at least one of a plurality of the differential policies, the at least one digital document is tessellated (304) to identify the atomic units and the at least one of the differential policies assigned to the atomic units. In addition, the atomic units are aggregated (306) according to the at least one of the differential policies assigned to the atomic units and respective sets of keys are associated (308) to the aggregated atomic units, in which common sets of keys are associated with the aggregated atomic units assigned with the same policies.

主权项

1. A method for applying differential policies on at least one digital document among a plurality of workflow participants, said at least one digital document comprising a plurality of atomic units, wherein the atomic units are assigned with at least one of a plurality of the differential policies, said method comprising:
tessellating, using a processor, the at least one digital document to identify the atomic units and the at least one of the differential policies assigned to the atomic units; aggregating the atomic units into at least a first group of atomic units and a second group of atomic units according to the at least one of the differential policies assigned to the atomic units, wherein the atomic units in the first group of atomic units are assigned with a first policy and the atomic units in the second group of atomic units are assigned with a second policy, and wherein the first policy differs from the second policy; associating a first set of keys to the first group of aggregated atomic units and a second set of keys to the second group of aggregated atomic units; and identifying a level of access to the atomic units to be simultaneously granted to each of the workflow participants based upon the differential policies assigned to the atomic units, wherein each of said sets of keys comprises at least one of an encryption key, a decryption key, a signature key, and a verification key and, for each of the atomic units,
supplying the workflow participants identified to be granted a no access level with the verification key, while excluding the signature key, the encryption key, and the decryption key for that atomic unit;supplying the workflow participants identified to be granted a read only access level with the decryption key and the verification key, while excluding the encryption and the signature keys for that atomic unit; andsupplying the workflow participants identified to be granted with the modify access level with the encryption key, the decryption key, the signature key, and the verification key for the at least one atomic unit.