Personal and enterprise security requirements and preferences impose various limitations on viewing, editing, transmitting and storing documents, notes and other types of information in content management systems. Providing flexible, secure and user-friendly methods of content protection is especially important for multi-platform content management systems, such as the Evernote service and software developed by the Evernote Corporation of Redwood City, Calif. These systems may be cloud centered, accessible from multiple client devices and may contain highly diversified content with different security and content protection needs for different documents. The need in such protection methods is magnified by widespread privacy and security concerns related to highly publicized and malicious hacker attacks targeting personal information and content.
Protection levels for sensitive information may significantly vary depending on an organization, task and type of information. Still, generally, increasing the security and protection of information increases overhead for maintaining, discovering, accessing and modifying the information. For example, utilizing hardware-based full disk encryption with as a Trusted Platform Module (TPM) elevates the risk of data loss in case of a broken TPM unit, which may create a single point of failure in the encryption chain. To minimize such risks, additional solutions may be deployed, including methods for creation, storage and management of recovery keys.
Similar problems are associated with an access to protected information: the more documents and other content are stored in encrypted formats, the more challenging it becomes accessing and searching the documents. Thus, industrial cryptographic solutions that don't allow searching within multiple units of encrypted content create a content discovery problem in large content collections. Notwithstanding substantial amounts of an academic work on search in encrypted information, including methods of searchable symmetric and public encryption and secure indexes, the results of such research lack applicability in many practical areas, including search efficiency. Consequently, production systems with searchable encrypted data have not been deployed on a broad scale. It should also be noted that even if the encrypted data were searchable, the content of retrieved documents would still be hidden from a user's view until decrypted. Subsequently, visual document selection and scanning, which are central for the current search paradigm, may be impossible or at least very impractical without decryption, adding another level of complexity to fully encrypted storage and retrieval of documents.
Evernote service and software offers a combined approach to protection of and search in private content collections based on partial protection of content in its notes. It includes selective encryption of user-defined portions of notes, as described in U.S. patent application Ser. No. 10/936,193 titled: “ELECTRONIC NOTE MANAGEMENT SYSTEM AND USER-INTERFACE”, filed on Sep. 7, 2004 by Pachikov, et al. and incorporated by reference herein. A user may select and password-encrypt one or more contiguous portions of note text which the user considers sensitive; encrypted content is replaced by rows of asterisks with a lock icon and is stored and transmitted in the encrypted form at every level of the cloud service and its client software where the note appears after synchronization. Such protected content may be permanently decrypted or temporarily displayed in response to user selection of an encrypted fragment and the user entering a corresponding password which may change from portion to portion. The rest of the note content remains open and visible and facilitates search and visual selection.
Notwithstanding significant benefits, this partial protection method requires a significant amount of manual work. The user has to visually identify, select and encrypt every contiguous piece of sensitive content, which increases a risk of overlooking and leaving unprotected pieces of sensitive information, especially in long documents.
Accordingly, it is desirable to provide a mechanism for automatic or semi-automatic protection of partial document content for content management systems.