System and method for providing manageability to security information for secured items

US 20030110169A1
Filed: 04/26/2002
Published: 06/12/2003
Est. Priority Date: 12/12/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for accessing a secured file, said method comprising the acts of:

(a) obtaining the secured file to be accessed, the secured file having a header portion and a data portion;

(b) retrieving a security information pointer from the header portion of the secured file;

(c) obtaining security information for the secured file using the security information pointer; and

(d) permitting access to the secured file to the extent permitted by the security information.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for accessing secured digital assets (e.g., secured items) are disclosed. In general, digital assets that have been secured (secured digital assets) can only be accessed by authenticated users with appropriate access rights or privileges. Each secured digital asset is provided with a header portion and a data portion, where the header portion includes a pointer to separately stored security information. The separately stored security information is used to determine whether access to associated data portions of secured digital assets is permitted. These improved approaches can facilitate the sharing of security information by various secured digital assets and thus reduce the overall storage space for the secured digital assets. These improved approaches can also facilitate efficient management of security for digital assets.

145 Citations

42 Claims

1. A method for accessing a secured file, said method comprising the acts of:
- (a) obtaining the secured file to be accessed, the secured file having a header portion and a data portion;
  
  (b) retrieving a security information pointer from the header portion of the secured file;
  
  (c) obtaining security information for the secured file using the security information pointer; and
  
  (d) permitting access to the secured file to the extent permitted by the security information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method as recited in claim 1, wherein said permitting (d) of access comprises the acts of:
    - (d1) retrieving a file key from the header portion; and
      
      (d2) decrypting the data portion of the secured file using the file key.
  - 3. A method as recited in claim 1, wherein a requester desires to access the secured file, the requester having requester characteristics, and wherein said permitting (d) of access comprises the acts of:
    - (d1) retrieving at least one access rule from the security information; and
      
      (d2) determining whether the requestor is permitted to access the secured file based on the at least one access rule and the requestor characteristics.
  - 4. A method as recited in claim 3, wherein the requester characteristics include at least a group association for the requester.
  - 5. A method as recited in claim 3, wherein the at least one access rule is provided in a markup language format.
  - 6. A method as recited in claim 3, wherein when said determining (d2) determines that the requester is permitted to access the secured file, then said permitting (d) further comprises the acts of:
    - (d3) retrieving a file key from the header portion; and
      
      (d4) decrypting the data portion of the secured file using the file key.
  - 7. A method as recited in claim 1, wherein a requester desires to access the secured file, and wherein said method further comprises the acts of:
    - (e) decrypting, following said obtaining (c) and before said (d) permitting, the security information.
  - 8. A method as recited in claim 7, wherein said decrypting (e) of the security information is performed using a key associated with the requestor.
  - 9. A method as recited in claim 8, wherein the key associated with the requester is a user key.
  - 10. A method as recited in claim 7, wherein a requester desires to access the secured file, the requestor having requester characteristics, and wherein said permitting (d) of access comprises the acts of:
    - (d1) retrieving at least one access rule from the security information; and
      
      (d2) determining whether the requester is permitted to access the secured file based on the at least one access rule and the requestor characteristics.
  - 11. A method as recited in claim 10, wherein the requestor characteristics include at least a group association for the requester.
  - 12. A method as recited in claim 10, wherein the at least one access rule is provided in a markup language format.
  - 13. A method as recited in claim 10, wherein when said determining (d2) determines that the requester is permitted to access the secured file, then said permitting (d) further comprises the acts of:
    - (d3) retrieving a file key from the header portion; and
      
      (d4) decrypting the data portion of the secured file using the file key.
  - 14. A method as recited in claim 1, wherein the security information includes at least access rules, and the header portion includes at least the security information pointer and an encrypted key.
  - 15. A method as recited in claim 14, wherein when said determining (d2) determines that the requester is permitted to access the secured file, then said permitting (d) further comprises the acts of:
    - (d1) retrieving the encrypted key from the header portion;
      
      (d2) decrypting the encrypted key to produce an unencrypted key; and
      
      (d3) decrypting the data portion of the secured file using the unencrypted key.
  - 16. A method as recited in claim 15, wherein the encrypted key is an encrypted file key.
  - 17. A method as recited in claim 16, wherein a requestor desires to access the secured file, and wherein said decrypting (d2) is performed using a key associated with the requester.

18. A computer readable medium including at least computer program code for accessing a secured item, said computer readable medium comprises:
- computer program code for obtaining the secured item to be accessed, the secured item having a header portion and a data portion;
  
  computer program code for retrieving a security information pointer from the header portion of the secured item;
  
  computer program code for obtaining security information for the secured item using the security information pointer; and
  
  computer program code for permitting access to the secured item to the extent permitted by the security information.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 19. A computer readable medium as recited in claim 18, wherein said computer program code for permitting access comprises:
    - computer program code for retrieving a file key from the header portion; and
      
      computer program code for decrypting the data portion of the secured item using the file key.
  - 20. A computer readable medium as recited in claim 18, wherein a requestor desires to access the secured item, the requester having requester characteristics, and wherein said computer program code for permitting comprises:
    - computer program code for retrieving at least one access rule from the security information; and
      
      computer program code for determining whether the requestor is permitted to access the secured item based on the at least one access rule and the requester characteristics.
  - 21. A computer readable medium as recited in claim 20, wherein the requestor characteristics include at least a group association for the requestor.
  - 22. A computer readable medium as recited in claim 20, wherein the at least one access rule is provided in a markup language format.
  - 23. A computer readable medium as recited in claim 20, wherein when said computer program code for determining determines that the requester is permitted to access the secured item, then said computer program code for permitting further comprises:
    - computer program code for retrieving a file key from the header portion; and
      
      computer program code for decrypting the data portion of the secured item using the file key.
  - 24. A computer readable medium as recited in claim 18, wherein a requestor desires to access the secured item, and wherein said method further comprises:
    - computer program code for decrypting the security information after being obtained and before being used to determine whether access is permitted.
  - 25. A computer readable medium as recited in claim 24, wherein said computer program code for decrypting the security information uses a key associated with the requester.
  - 26. A computer readable medium as recited in claim 25, wherein the key associated with the requestor is a user key.
  - 27. A computer readable medium as recited in claim 24, wherein a requester desires to access the secured item, the requester having requestor characteristics, and wherein said computer program code for permitting access comprises:
    - computer program code for retrieving at least one access rule from the security information; and
      
      computer program code for determining whether the requester is permitted to access the secured item based on the at least one access rule and the requester characteristics.
  - 28. A computer readable medium as recited in claim 27, wherein the requestor characteristics include at least a group association for the requestor.
  - 29. A computer readable medium as recited in claim 27, wherein the at least one access rule is provided in a markup language format.
  - 30. A computer readable medium as recited in claim 27, wherein when said computer program code for determining determines that the requestor is permitted to access the secured item, then said computer program code for permitting further comprises:
    - computer program code for retrieving a file key from the header portion; and
      
      computer program code for decrypting the data portion of the secured item using the file key.
  - 31. A computer readable medium as recited in claim 18, wherein the security information includes at least access rules, and the header portion includes at least the security information pointer and an encrypted key.
  - 32. A computer readable medium as recited in claim 31, wherein when said computer program code for determining determines that the requestor is permitted to access the secured file, then said computer program code for permitting further comprises:
    - computer program code for retrieving the encrypted key from the header portion;
      
      computer program code for decrypting the encrypted key to produce an unencrypted key; and
      
      computer program code for decrypting the data portion of the secured file using the unencrypted key.
  - 33. A computer readable medium as recited in claim 32, wherein the encrypted key is an encrypted file key.
  - 34. A computer readable medium as recited in claim 33, wherein a requestor desires to access the secured file, and wherein said computer program code for decrypting the encrypted key is performed using a key associated with the requester.
  - 35. A computer readable medium as recited in claim 18, wherein the secured item is a secured file.
  - 36. A computer readable medium as recited in claim 18, wherein the secured file is a secured document.

37. A system for accessing a secured item, the secured item having a header portion and an encrypted data portion, the header portion including a pointer and an encrypted key, said system comprising:
- a storage device, said storage device storing security information for a plurality of different secured items, the pointer serving to locate the security information associated with secured item;
  
  a first decryption module, said first decryption module receiving the encrypted key from the header portion of the secured item and decrypting the encrypted key to obtain a key;
  
  an access analyzer operatively connected to said storage device, said access rules analyzer determines whether the encrypted data portion is permitted to be accessed by a requestor based on the security information; and
  
  a second decryption module operatively connected to said access analyzer, said second decryption module decrypting the encrypted data portion using the key to produce an unencrypted data portion that the requestor is able to access, provided said access analyzer determines that the encrypted data portion is permitted to be accessed by the requestor.
- View Dependent Claims (38)
- - 38. A system as recited in claim 37, wherein the security information includes at least an access rule, and wherein the requestor has user privileges associated therewith, and wherein said access analyzer determines whether the encrypted data portion is permitted to be accessed by the requester based on the access rule and the user privileges.

39. A data structure for a secured file, said data structure comprising:
- a header portion containing at least a pointer to separately stored security information and a key, at least the key portion of said header portion is encrypted; and
  
  a data portion containing at least encrypted data of the secured file.
- View Dependent Claims (40, 41, 42)
- - 40. A data structure as recited in claim 39, wherein the pointer is used to access the separately stored security information which is in turn used to determine whether a particular requester for access to the secured file is permitted, and then when access is permitted, providing the key to the requestor so that the encrypted data in said data portion can thereafter be decrypted and thus accessed.
  - 41. A data structure as recited in claim 39, wherein the pointer points to a database that stores the separately stored security information for a plurality of secured files.
  - 42. A data structure as recited in claim 39, wherein like separately stored secured information can be shared by a plurality of secured files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardian Data Storage LLC
Original Assignee
SecretSeal Inc.
Inventors
Zuili, Patrick, Vainstein, Klimenty

Application Number

US10/132,712
Publication Number

US 20030110169A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

A61K 2123/00   Preparations for testing in...

A61K 38/00   Medicinal preparations cont...

C12N 15/1137   against enzymes viral enzym...

C12N 2310/315   Phosphorothioates

C12N 2310/321   2'-O-R Modification

C12N 2310/341   Gapmers, i.e. of the type =...

C12N 2310/346   having a combination of bac...

C12N 2310/3525   MOE, methoxyethoxy

C12N 9/16   acting on ester bonds (3.1)

C12Y 301/03048   Protein-tyrosine-phosphatas...

G01N 33/5088   of vertebrates

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/105 : Multiple levels of security

H04L 63/12 : Applying verification of th...

H04L 67/01 : Protocols

View All

System and method for providing manageability to security information for secured items

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing manageability to security information for secured items

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links