Managing file access via a designated place
First Claim
1. A method for determining access to files via a designated store, the method comprising:
- associating a security template with the store;
retrieving the security template when a file is deposited in the store;
encrypting the file in accordance with the security template to produce an encrypted data portion;
generating a header to include security information from the security template; and
integrating the header with the encrypted data portion to produce a secured file.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for managing access to digital assets via a designated place or its sub-places are disclosed. The designated place may be a file folder, a directory, a local or remote store. The designated place is characterized by or associated with a securing module that causes all files stored in the designated place to have substantially similar security. In other words, a file to be secured can be simply dropped into the designated place and the securing module is configured to take actions to secure the file transparently in accordance with the security characteristics of the designated place. Likewise, a designated place can be set up to unsecure the secured files being deposited in the designated place, provided a user of the secured files is permitted to do so.
-
Citations
40 Claims
-
1. A method for determining access to files via a designated store, the method comprising:
-
associating a security template with the store;
retrieving the security template when a file is deposited in the store;
encrypting the file in accordance with the security template to produce an encrypted data portion;
generating a header to include security information from the security template; and
integrating the header with the encrypted data portion to produce a secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for determining access to files via a designated store, the method comprising:
-
associating a security template with the store;
retrieving the security template when a secured file is deposited by a user in the store, wherein the secured file includes a header and an encrypted data portion, the header including embedded security information controlling restrictive access to the encrypted data portion;
evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to revise the embedded security information of the secured file; and
superseding the embedded security information with current security information from the security template after the user is determined to be permitted to revise the embedded security information of the secured file. - View Dependent Claims (14, 15, 16, 17, 19)
-
-
18. A method for determining access to files via a designated store, the method comprising:
-
associating a security template with the store;
retrieving the security template when a secured file is deposited by a user in the store, wherein the secured file includes a header and an encrypted data portion, the header including embedded security information controlling restrictive access to the encrypted data portion;
evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to revise the embedded security information of the secured file; and
after the user is determined to be permitted to revise the embedded security information of the secured file, evaluating current security information in the template to determine whether the user is permitted to access files in the store;
after the user is determined not to be permitted to access the files in the store, adding a special access policy to the security information to be included in the header such that the user can still access the secured file secured in accordance with the security template associated with the store.
-
-
20. A method for determining access to files via a designated store, the method comprising:
-
associating a decryption module with the store;
when a secured file is deposited by a user in the store, the secured file including a header and an encrypted data portion and the header including embedded security information controlling restrictive access to the encrypted data portion, evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to unsecure the secured file;
after the user is determined to be permitted to unsecure the secured file, retrieving a file key from the header; and
decrypting the encrypted data portion to produce a plain file. - View Dependent Claims (21)
-
-
22. A system for determining access to files via a designated store, the system comprising:
-
a server machine providing management to the store, the server accessible by a first user to determine access policies for the store such that all secured files in the store have substantially similar security, wherein the store is associated with a security template;
at least a client machine coupled to the server machine over a first network, after a user of the client machine is authenticated by the server machine, the client machine communicating with the server machine to activate the security template, if the security template is already in the client machine, or download the security template from the server, if the security template is not already in the client machine, and wherein unsecured files deposited by the user into the store are secured in accordance with the security template. - View Dependent Claims (23, 24, 25)
-
-
26. A software product to be executed in a computer for determining access to files via a designated store, the software product comprising:
-
program code for associating a security template with the store;
program code for retrieving the security template when a file is deposited in the store;
program code for encrypting the file in accordance with the security template to produce an encrypted data portion;
program code for generating a header to include security information from the security template; and
program code for integrating the header with the encrypted data portion to produce a secured file. - View Dependent Claims (27, 28, 32, 33)
-
- 29. The software product of claim 29, wherein the access rules determine who and how the secured file can be accessed.
-
34. A software product to be executed in a computer for determining access to files via a designated store, the software product comprising:
-
program code for associating a security template with the store;
program code for retrieving the security template when a secured file is deposited by a user in the store, wherein the secured file includes a header and an encrypted data portion, the header including embedded security information controlling restrictive access to the encrypted data portion;
program code for evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to revise the embedded security information of the secured file; and
program code for superseding the embedded security information with current security information from the security template after the user is determined to be permitted to revise the embedded security information of the secured file. - View Dependent Claims (35, 36)
-
-
37. A software product to be executed in a computer for determining access to files via a designated store, the software product comprising:
-
program code for associating a security template with the store;
program code for retrieving the security template when a secured file is deposited by a user in the store, wherein the secured file includes a header and an encrypted data portion, the header including embedded security information controlling restrictive access to the encrypted data portion;
program code for evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to revise the embedded security information of the secured file; and
after the user is determined to be permitted to revise the embedded security information of the secured file, program code for evaluating current security information in the template to determine whether the user is permitted to access files in the store;
after the user is determined not to be permitted to access the files in the store, program code for adding a special access policy to the security information to be included in the header such that the user can still access the secured file secured in accordance with the security template associated with the store. - View Dependent Claims (38)
-
-
39. A software product to be executed in a computer for determining access to files via a designated store, the software product comprising:
-
program code for associating a decryption module with the store;
when a secured file is deposited by a user in the store, the secured file including a header and an encrypted data portion and the header including embedded security information controlling restrictive access to the encrypted data portion, program code for evaluating the embedded security information from the header of the secured file against access privilege of the user to determine whether the user is permitted to unsecure the secured file;
after the user is determined to be permitted to unsecure the secured file, program code for retrieving a file key from the header; and
program code for decrypting the encrypted data portion to produce a plain file. - View Dependent Claims (40)
-
Specification