Document Instance Protection Framework

Organization Name

SAP SE

Inventor(s)

Ramachandra Mahapatra of Bangalore (IN)

Sateesh Babu Chilamakuri of Tirupati (IN)

Document Instance Protection Framework - A simplified explanation of the abstract

This abstract first appeared for US patent application 17970898 titled 'Document Instance Protection Framework

Abstract: Embodiments integrate with an authorization service (e.g., OAUTH) to implement document protection. In response to a document scheduling request, a protection engine reads a protection policy including a sensitivity label, from the authorization service. The protection engine encrypts content of the document, and stores the document including the encrypted content and a header, in a non-transitory computer readable storage medium (e.g., a database). At a conclusion of the document scheduling phase, the protection engine may send a status (e.g., successful; failed) of the document scheduling. Next, in response to receiving a subsequent document view request, the protection engine references the header to communicate with the authorization service. The protection engine decrypts the content based upon information received from the authorization service, and provides the document including decrypted content for viewing.

• Simplified Explanation:

An authorization service is used to protect documents by encrypting their content based on a sensitivity label and storing them securely. The protection engine decrypts the content when authorized users request to view the document.

• Key Features and Innovation:

- Integration with an authorization service for document protection - Encryption of document content based on sensitivity label - Secure storage of encrypted documents - Decryption of content for authorized viewing

• Potential Applications:

- Secure document sharing in organizations - Protection of sensitive information in documents - Compliance with data protection regulations

• Problems Solved:

- Unauthorized access to sensitive documents - Ensuring document confidentiality and integrity - Simplifying document protection processes

• Benefits:

- Enhanced document security - Controlled access to sensitive information - Streamlined document protection and viewing processes

• Commercial Applications:

Title: Secure Document Protection Technology This technology can be used in industries such as healthcare, finance, and legal services to protect confidential documents and ensure compliance with data security regulations. It can also be valuable for government agencies and research institutions dealing with sensitive information.

• Prior Art:

Readers can explore prior art related to document protection technologies, encryption methods, and authorization services to understand the evolution of similar solutions in the field.

• Frequently Updated Research:

Researchers may be conducting studies on improving document protection algorithms, enhancing encryption techniques, and optimizing authorization processes for secure document sharing.

Questions about Secure Document Protection Technology: 1. How does this technology ensure document confidentiality and integrity? This technology ensures document confidentiality and integrity by encrypting the content based on a sensitivity label and decrypting it only for authorized users, thus preventing unauthorized access.

2. What are the potential commercial applications of this technology? The potential commercial applications of this technology include secure document sharing in industries such as healthcare, finance, and legal services, as well as compliance with data protection regulations to protect sensitive information.

Original Abstract Submitted

Embodiments integrate with an authorization service (e.g., OAUTH) to implement document protection. In response to a document scheduling request, a protection engine reads a protection policy including a sensitivity label, from the authorization service. The protection engine encrypts content of the document, and stores the document including the encrypted content and a header, in a non-transitory computer readable storage medium (e.g., a database). At a conclusion of the document scheduling phase, the protection engine may send a status (e.g., successful; failed) of the document scheduling. Next, in response to receiving a subsequent document view request, the protection engine references the header to communicate with the authorization service. The protection engine decrypts the content based upon information received from the authorization service, and provides the document including decrypted content for viewing.