The mature mobile network today empowers mobile employees to access Intranet documents via mobile devices and increases the productivity of company workers. Internal documents transmitted without encryption through the open mobile networks undoubtedly creates security holes for eavesdroppers. A common way to provide preliminary protections for an important document to be accessed outside the Intranet is to transmit the document after encryption. Such mechanisms, however, cannot assure the security of documents because the documents can be decrypted and then forwarded without protections once the ciphering keys were known. Therefore, we propose an approach to enhance the security of transmitted mobile documents, using the idea from digital rights managements. A confidential document is encrypted so that, except the targeted mobile user, none can read the confidential document without proper rights. The proposed approach utilizes the trusted computing platforms (TPM) technology to protect the rights object of a confidential document. A rights object can be as simple as a ciphering key of the document or as complicated as the usage-rules of the document. We use the public key in TPM to encrypt the rights object so that only the dedicated mobile device, i.e. the mobile user, may decrypt the rights object using the private key of the device. A malicious user can never decrypt the rights to access the transmitted document, which is encrypted. Moreover, the usage-rules in the rights object may specify whether the document can be further forwarded or be read more than once, and so on. Therefore, the proposed scheme provides maximum flexibilities for mobile employees to access confidential documents without compromising the security, in addition to the mobility and timeliness of mobile environments.
Hsueh, Sue-Chen and Kuo, Chien-Chih, "Securing Mobile Access of Confidential Documents by Integrating Trusted Computing Platforms with Digital Rights Managements" (2009). ICEB 2009 Proceedings (Macau, SAR China). 118.