1. Field of the Invention
This invention relates generally to information handling networks for storing a document and more specifically to method and system for insuring that a document retrieved from storage is the document that was initially stored.
2. Description of the Related Art
Advances in network communications and Public Key Infrastructure (“PKI”) technology have prompted individuals and businesses to utilize electronic documentation for record keeping and storage of all types of documents. Database management systems coupled with computer memories capable of storing several gigabytes of data have made it practical for individuals and businesses to dispense with maintaining paper records. For individuals, important paper and electronic documents including videos and photos can be stored electronically for safe keeping. For business, electronic storage can help reduce the cost of storing large amounts of paper and facilitate the transfer of documents between parties. Typically, in business, data originating in one entity may have to be transmitted to others for any number of reasons such as for deposit or for deposit and review, etc. The data elements can be in the form of unstructured document files or structured records, such as bank account and other financial information. When storing unstructured data, it may be necessary to forward a document from an originating system to other computers in the same system or to computers residing on different systems for storage prior to forwarding the document for review such as a proposal for a joint venture or a bid tender.
In those instances where a document is to be reviewed by another, rather than circulating the document, the document owner can let an intended viewer know that it is available and provide the viewer with access to it. To review the document, the authorized viewer must be given access to the storage location of the document.
There are a number of reasons why an individual or business document owner will not want to store the document locally. If local document storage means giving open access, behind its firewall, to other entities, a security risk may be created. Access into local storage may also compromise the existence of the document as an inadvertent action by an owner or a viewer may result in the document file being erased. Additionally, in the business community, a document owner's local machine or LAN may not be available at all times to accommodate a review of a document by a third party.
One solution is to use the repository of a third party, particularly one in the business of providing the service of a secure data repository and is able to provide proof and accuracy of the receipt of a document being deposited.
An important consideration not addressed when storing documents is that the integrity and access to the data stored in the repository should not be dependent on the actions of the third party that administers the document repository. In other words, the data custodian should not be able, through either inadvertent or malicious actions, to modify the contents of the data without that action being detected by the system users. Moreover, the data custodian should not be able to alter a user's privilege to, or restriction from, access to a data element.
Private individuals have increasingly large number of important electronic documents including, but not limited to photos and videos. These documents are typically stored on an internal or external hard drive. The possibility of theft or failure of the devices on which the documents are stored is such that remote storage of the documents is desired.
Referring to FIG. 1, there is shown a prior art arrangement for a third party document storing entity. A document owner 100 such as desk top PC having a document in memory sends the document via connection 102 to remote document repository service such as store entity 104 that has a database. As the owner of the document deposited, the document owner can either assign permission to another to access the document or restrict permission to access to all others. For example, the document owner may assign a business partner having a PC 106 to have a “read” privilege, which means that the assigned business partner can retrieve the document via connection 108 to the store entity 104, but cannot make changes to the document.
In the prior art system, the document deposited by the document owner is normally not encrypted so that a business partner will be able to review the document on demand. This is because document decryption normally only requires access to a private key of the document owner. To deny access to the private key requires the document owner to either be available at all times online when decryption might be requested in order to perform the decryption itself, or the document owner must set up a procedure in advance to make the private key available directly to the business partner.
In prior art systems where documents are deposited for a period of time and are not encrypted as shown in FIG. 1, the store entity 104 must be trusted with maintaining the integrity of the document.
Currently there is no mechanism for actually demonstrating that the documents recovered from the external storage are those that were sent by the document owner to be stored. While it is possible after having copied a document to a remote storage, and then have it copied back to the sender, to check that the copy that was sent back to the document owner was actually stored. This only shows that the document was available at the time the second copy was made. It is no guarantee that it will still be there in the future or that the copy that is stored and that will be returned to the document owner at a future date will be an exact copy of the original document. The problem is exacerbated by the fact that the process must be automated and initiated by users who are not necessarily capable of determining whether the process has successful stored an exact copy of the document sent by an owner. Absent a method and system to determine that the document sent by an owner is the same as the copy of the document that is in storage may lead to a user believing that a true copy of the document has been stored when, in fact and as a result of a network failure, the process was not completed. This failure will first be apparent to the document owner when an unsuccessful attempt is made by the document owner to retrieve the document.
It cannot be assumed that a document that is sent electronically over the Internet or other open networks will arrive at a remote storage intact and tamper-free.