Securing decrypted files in a shared environment

US 20030056095A1
Filed: 09/14/2001
Published: 03/20/2003
Est. Priority Date: 09/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method for securing decrypted files in a shared environment comprising the steps of:

receiving a service request to open a document by a first driver in a kernel space;

issuing a call to a second driver in said kernel space to read a first file of said document located in a shared area, wherein said first file comprises encrypted data of said document;

transferring said encrypted data of said document to said first driver;

decrypting said encrypted data of said document; and

storing said decrypted data in a second file located in a non-shared area.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.

43 Citations

View as Search Results

33 Claims

1. A method for securing decrypted files in a shared environment comprising the steps of:
- receiving a service request to open a document by a first driver in a kernel space;
  
  issuing a call to a second driver in said kernel space to read a first file of said document located in a shared area, wherein said first file comprises encrypted data of said document;
  
  transferring said encrypted data of said document to said first driver;
  
  decrypting said encrypted data of said document; and
  
  storing said decrypted data in a second file located in a non-shared area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1 further comprising the steps of:
    - determining if said service request to open said document is transmitted by an authorized user to open said document in an authorized application.
  - 3. The method as recited in claim 2, wherein if said service request to open said document is a request transmitted by said authorized user to open said document in said authorized application then the method further comprises the step of:
    - determining if said service request to open said document is a request to open an encrypted file.
  - 4. The method as recited in claim 3, wherein if said service request to open said document is said request to open said encrypted file then the method further comprises the step of:
    - blocking said request to open said document to said second driver by said first driver.
  - 5. The method as recited in claim 1 further comprising the step of:
    - modifying said service request to request said document in said second file.
  - 6. The method as recited in claim 1 further comprising the step of:
    - receiving a request to save said second file.
  - 7. The method as recited in claim 6 further comprising the step of:
    - issuing a call to said second driver to write modifications to said second file.
  - 8. The method as recited in claim 7 further comprising the step of:
    - encrypting data in said second file; and
      
      replacing data in said first file with encrypted data from said second file in said shared area.
  - 9. The method as recited in claim 8 further comprising the step of:
    - deleting said second file from said non-shared area.
  - 10. The method as recited in claim 1, wherein said first driver is a driver configured to control service requests to encrypted files.
  - 11. The method as recited in claim 10, wherein said second driver interfaces a file system maintained in said kernel space.

12. A computer program product having a computer readable medium having computer program logic recorded thereon for securing decrypted files in a shared environment, comprising:
- programming operable for receiving a service request to open a document by a first driver in a kernel space;
  
  programming operable for issuing a call to a second driver in said kernel space to read a first file of said document located in a shared area, wherein said first file comprises encrypted data of said document;
  
  programming operable for transferring said encrypted data of said document to said first driver;
  
  programming operable for decrypting said encrypted data of said document; and
  
  programming operable for storing said decrypted data in a second file located in a non-shared area.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer program product as recited in claim 12 further comprises:
    - programming operable for determining if said service request to open said document is transmitted by an authorized user to open said document in an authorized application.
  - 14. The computer program product as recited in claim 13, wherein if said service request to open said document is a request transmitted by said authorized user to open said document in said authorized application then the computer program product further comprises:
    - programming operable for determining if said service request to open said document is a request to open an encrypted file.
  - 15. The computer program product as recited in claim 14, wherein if said service request to open said document is said request to open said encrypted file then the computer program product further comprises:
    - programming operable for blocking said request to open said document to said second driver by said first driver.
  - 16. The computer program product as recited in claim 12 further comprises:
    - programming operable for modifying said service request to request said document in said second file.
  - 17. The computer program product as recited in claim 12 further comprises:
    - programming operable for receiving a request to save said second file.
  - 18. The computer program product as recited in claim 17 further comprises:
    - programming operable for issuing a call to said second driver to write modifications to said second file.
  - 19. The computer program product as recited in claim 18 further comprises:
    - programming operable for encrypting data in said second file; and
      
      programming operable for replacing data in said first file with encrypted data from said second file in said shared area.
  - 20. The computer program product as recited in claim 19 further comprises:
    - programming operable for deleting said second file from said non-shared area.
  - 21. The computer program product as recited in claim 12, wherein said first driver is a driver configured to control service requests to encrypted files.
  - 22. The computer program product as recited in claim 21, wherein said second driver interfaces a file system maintained in said kernel space.

23. A system, comprising:
- a processor;
  
  a memory unit coupled to said processor, wherein said memory unit is operable for storing a computer program operable for securing decrypted files in a shared environment, wherein the computer program is operable for performing the following programming steps;
  
  receiving a service request to open a document by a first driver in a kernel space;
  
  issuing a call to a second driver in said kernel space to read a first file of said document located in a shared area, wherein said first file comprises encrypted data of said document;
  
  transferring said encrypted data of said document to said first driver;
  
  decrypting said encrypted data of said document; and
  
  storing said decrypted data in a second file located in a non-shared area.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system as recited in claim 23, wherein the computer program is further operable for performing the following programming step:
    - determining if said service request to open said document is transmitted by an authorized user to open said document in an authorized application.
  - 25. The system as recited in claim 24, wherein if said service request to open said document is a request transmitted by said authorized user to open said document in said authorized application then the computer program is further operable for performing the following programming step:
    - determining if said service request to open said document is a request to open an encrypted file.
  - 26. The system as recited in claim 25, wherein if said service request to open said document is said request to open said encrypted file then the computer program is further operable for performing the following programming step:
    - blocking said request to open said document to said second driver by said first driver.
  - 27. The system as recited in claim 23, wherein the computer program is further operable for performing the following programming step:
    - modifying said service request to request said document in said second file.
  - 28. The system as recited in claim 23, wherein the computer program is further operable for performing the following programming step:
    - receiving a request to save said second file.
  - 29. The system as recited in claim 28, wherein the computer program is further operable for performing the following programming step:
    - issuing a call to said second driver to write modifications to said second file.
  - 30. The system as recited in claim 29, wherein the computer program is further operable for performing the following programming steps:
    - encrypting data in said second file; and
      
      replacing data in said first file with encrypted data from said second file in said shared area.
  - 31. The system as recited in claim 30, wherein the computer program is further operable for performing the following programming step:
    - deleting said second file from said non-shared area.
  - 32. The system as recited in claim 23, wherein said first driver is a driver configured to control service requests to encrypted files.
  - 33. The system as recited in claim 32, wherein said second driver interfaces a file system maintained in said kernel space.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Rivera, David, Ward, James Peter, Elliott, Scott Thomas, Hoff, James Patrick, Long, Christopher Scott

Granted Patent

US 7,167,982 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2147   Locking files

H04L 63/04   for providing a confidentia...

Y10S 707/99953   Recoverability

Y10S 707/99955   Archiving or backup

Securing decrypted files in a shared environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Securing decrypted files in a shared environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links