Recent parallel advances in network communications and public key infrastructure (“PKI”) technology have prompted businesses and institutions to begin to utilize electronic documentation for record-keeping and transactions of all types. With improvements in transmission integrity and security, it can be confidently assumed that documents sent electronically over the Internet and other open networks will arrive intact and tamper-free. Database management systems coupled with modem computer memories capable of storing several gigabytes of data have made it practical for businesses and institutions to simply dispense with maintaining paper records whose bulk necessitates real estate costs.
Typically, data originating in one entity may have to be transmitted to others for any number of reasons such as deposit, review, etc. The data elements could be of the form of unstructured document files or structured records, such as bank account and other financial information. Using the example of unstructured data, it may be necessary to forward a document from the originating system to other computers in the same system or to computers residing on different systems for the purposes of review. This could occur equally in a business situation (e.g., a proposal for a joint venture or complex bid tender) as in an institutional setting (e.g., a graduate thesis to be reviewed by faculty advisers prior to submission to a university thesis review committee). The document has been created electronically since this will facilitate revisions and additions (particularly if it is lengthy) without having to retype the entire document each time.
Having the document in an electronic form also facilitates review of it because the document in this form is easily transmissible. Intended reviewers can discover that a document is available by searching the system once they are given access to the storage location of the document.
There are a number of reasons, such as security, data integrity and system or network availability, why the document creator will not want to store the review document locally if it meant giving access, behind its firewall, to third parties. These reasons are discussed in greater detail in our concurrently filed patent application titled “System for Electronic Repository of Data Enforcing Access Control on Data Retrieval” Ser. No. 09/459,239, which is commonly assigned and which application is incorporated herein by reference.
Our concurrently-filed application is directed to a system in which the integrity and access to data stored in a repository is maintained independently of any action of the third party administrator of the repository.
The invention described in that application is very efficient for systems with large numbers of documents accessible to large numbers of users because the information on authorized user access to the documents is stored in a single, central location, that is, in the repository itself. Users obtain secure knowledge of their access to documents by a means external to the system.
The present invention is a modification in which the system itself contains the information on authorized user access, which is also secure from any actions of the third party administrator of the repository.