The present application describes systems and techniques relating to document tracking, for example, performing document access auditing in a document control system.
Traditional document control systems have included servers that store and manage encryption keys for documents secured by the system, providing persistent protection for documents by requiring the server to be contacted before a secured document can be opened. Such systems have also provided offline capabilities by caching a cryptographic document key on a client to allow the client to open a document for a limited time when the user is offline, provided the document is first opened while online. Such systems have also been able to log document access information, including caching of log information while offline, for use in auditing document access.
Conventional document management systems have included document permissions information associated with documents that allow different groups of individuals to have different permissions, and conventional document viewing software applications have also included software plug-ins designed to translate document permissions information from a document management system format to a format used by the software application, i.e., a separate software plug-in required for each integration with a document management system. The eXtensible Rights Markup Language (XrML™) allows a document viewing application to understand resources and permissions from any system that complies with the XrML rules (XrML is a trademark of ContentGuard Holdings, Inc.). Moreover, document viewing applications have also enabled digital signing of a document with a user's private key, at the user's direction, to indicate consent to terms included in the document, and the XML Data Signatures specification (developed jointly by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C)) allows signing of various data portions in a document.
Many different encryption schemes have been used to secure documents. These have included symmetric encryption on a per-document basis, requiring individuals to remember passwords for individual documents, and combined asymmetric-symmetric encryption schemes (e.g., Pretty Good Privacy (PGP™) encryption) that provide the ability to decrypt multiple documents based on the user's single password. In the network multicast/broadcast context, various encryption protocols have also been used that cache encryption keys on clients. Many software products directly integrate with existing enterprise authentication systems (e.g., Lightweight Directory Access Protocol). Moreover, various systems have also provided functionality to allow users to find the most recent version of a distributed document, such as the Tumbleweed Messaging Management System™, which secures e-mail systems and can send a recipient of an email with an attached document an email notification when the original version of the attached document is updated, where the email notification has a URL (Universal Resource Locator) link back to the current document.
Additionally, both document management systems and document control systems have included document access tracking functionality, where document access information is recorded in a central location and used in auditing document access. Enabling a user to generate an audit of actions performed on a document that has been tracked by a system can have substantial benefits.