Skip to content

Important Concepts in Infinity Vault

This document will explain important concepts to understand as you learn Infinity Vault for Office.

Composite View of Information in Infinity Vault

The first thing you will most likely do in Infinity Vault for Office, is to create a new document or convert an existing document. The concept of a document, now in Infinity Vault, needs to be reexamined. What you have is no longer a single document but a composite view of one or more secure sections of data. Each of these secure sections, which can be as granular as necessary, is individually encrypted to and visible only to you. Using the Security Editor sidebar, you can add various other permissions granting other individuals or groups access to any or all individual sections composing the composite "document" view of the information.

Once you have converted an existing document into Infinity Vault, it is highly recommended that you delete the local copy of the file. Deleting the local copy will ensure maximum protection for your data and prevent information leakage about the contents of a file, not to mention eliminating potential confusion about which version of a document you are editing.

Recommendation

When possible convert a blank document into Infinity Vault and then add the content for the document. This will ensure there is no information on the local system that could be compromised.

Security and Permissions in Infinity Vault

There are two Security Behaviors that can be applied within a security context:

  • OMIT - If a group or individual does not have READ or WRITE in a given security context, the content, and space that the content occupies are omitted from view.

  • REDACT - If a group or individual does not have READ or WRITE in a given security context, the content is replaced with a redaction character. The space that the content occupies will be filled with the redaction character giving the indication of the space occupied yet removed from view. Here is a brief example of redacted content: .

There are three types of permissions which will be helpful to understand:

  • Document Security

  • Security Styles

  • Endorsements

Document Security

Document Security can be described as the ability to control the structure of the information but not the actual content in the defined sections.

There are three permissions which apply to Document Security:

  • APPLY - The ability to apply security within the context of a document.

  • EXCLUDE - The ability to remove a secured section, including the content it contains, in the context of a document where the user does not hold any Security Style permissions.

  • GRANT - The ability to grant or revoke permissions in a given security context (document).

By default, in the Security Element Security Style, the individual converting the document into Infinity Vault is granted APPLY and GRANT.

To allow another individual or group the ability to manage Document Security, they would need to be added and granted the APPLY and GRANT permissions.

Security Styles

Security Styles grant individuals or groups the ability to manipulate the content in a given security context. There are three permissions which apply to Security Styles:

  • READ - The ability to view the content in a security context.

  • WRITE - The ability to modify the content in a security context.

  • GRANT - The ability to grant or revoke content related permissions in a security context.

By default, in the Security Element Security Style, the individual converting the document into Infinity Vault is granted all three rights and REDACT is selected as the default Security Behavior.

Note

The initial Security Context for a document converted into Infinity Vault encompasses the entire content as applied in the Security Element Security Style.

Both Document Security and Security Styles can be described as "OR" conditions. If you are individually granted permissions or you are a part of a group that has permissions you will have the highest cumulative level of permission granted.

Endorsements

Endorsements can be described as "AND" conditions which can be applied to a Security Style. In the brief scenario described above for Document Security and Security Styles, if an endorsement is added that you are not included in, your permissions would be revoked by that endorsement. A good analogy might be compartmented information. You may have the necessary clearance level but you may not be part of a specific program or compartment, and therefore not have access to the information.

Endorsements can be added in Document Security or a Security Style but are managed in a separate administrative interface.

Administrative Access

Unlike other systems, there is no concept of an overarching, all powerful, System Administrator. Information in a given security context is encrypted specifically to each individual possessing permissions and cannot be decrypted without a defined process entailing a consensus of key holders. Information could only be recovered and decrypted if all defined key-holders agree to do so.

Individuals may be added to the Infinity Vault system through an administrative interface but to be added to a group, for example, may require consensus of specific users in that group controlling access to verified individuals.

Named Containers and Saving Files in Infinity Vault

Similar to other systems is the concept of a default location where a file is saved. In most cases, it may be something like the Documents folder on the local file system.

While the concept is similar, the location or locations are different for Infinity Vault.

In Infinity Vault, for security considerations, the file is saved in the logged in users named container.

To save the file in additional locations, look for the dropdown button on Infinity Vault Save dialogs. You will most likely notice them when performing actions such as enabling Security Edit mode and when applying changes coming out of Security Edit mode.

Clicking the button will present a list of named containers to which the logged in user has access. To save the file in multiple containers or in another container, simply select, or unselect, the checkbox next to the desired option or options then click the Save Document button as usual.