Encrypting file system

US 20040059912A1
Filed: 09/08/2003
Published: 03/25/2004
Est. Priority Date: 05/07/1998
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device, and a processor, the method comprising:

(a) from within the application program, the user issuing one of a “

close,”

“

save”

or “

save as”

command for the document using the user input device;

(b) translating the command into an event;

(c) a crypto module trapping the event;

(d) the crypto module obtaining an encryption key value;

(e) the crypto module encrypting the document using the encryption key value;

(f) the crypto module passing control to an electronic document management system; and

(g) the electronic document management system executing the issued “

close,”

“

save”

or “

save as”

command;

whereby the electronic document is automatically encrypted without making a display on the display.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption method that is largely transparent to a user is accomplished by intercepting a change document or open document command, carrying out an encryption or decryption process, and then completing the command on an encrypted or decrypted file. The encryption method can be used in a wide variety of environments, such as an individual computer program, a database or electronic messaging over the Internet. The encryption method can select from a plurality of encryption algorithms.

149 Citations

View as Search Results

28 Claims

1. A method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device, and a processor, the method comprising:
- (a) from within the application program, the user issuing one of a “
  
  close,”
  
  “
  
  save”
  
  or “
  
  save as”
  
  command for the document using the user input device;
  
  (b) translating the command into an event;
  
  (c) a crypto module trapping the event;
  
  (d) the crypto module obtaining an encryption key value;
  
  (e) the crypto module encrypting the document using the encryption key value;
  
  (f) the crypto module passing control to an electronic document management system; and
  
  (g) the electronic document management system executing the issued “
  
  close,”
  
  “
  
  save”
  
  or “
  
  save as”
  
  command;
  
  whereby the electronic document is automatically encrypted without making a display on the display.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method of encrypting a document as set forth in claim 1 wherein the electronic document management system comprises a SQL database, a SQL database server and a SQL database client, the SQL database client being disposed in the general purpose computer.
  - 3. A method of encrypting a document as set forth in claim 1 where step (d) comprises the steps of the crypto module determining if the document should be encrypted, and if not, then skipping step (e), and if so, then:
    - the crypto module retrieving an encryption key name associated with the document; and
      
      the crypto module retrieving the encryption key value associated with the encryption key name.
  - 4. A method of encrypting a document as set forth in claim 3, wherein there are plural encryption key values and at least one encryption key value is associated with the user, the method further comprising the steps of:
    - the user submitting to an access module for user authentication;
      
      if the access module does not authenticate the user, then always skipping steps (d) and (e);
      
      else in step (d), the crypto module retrieving the encryption key value associated with the encryption key name and the user.
  - 5. A method of encrypting a document as set forth in claim 4, the general purpose computer further comprising a data reader device for reading user identification and encryption key values from a portable data storage device, the method further comprising the user presenting the portable data storage device to the data reader device, wherein the access module utilizes information stored in the portable data storage device to authenticate the user, and the encryption key value associated with the user is stored in the portable data storage device.
  - 6. A method of encrypting a document as set forth in claim 5, wherein the data reader device comprises a smart card reader and the portable data storage device comprises a smart card.
  - 7. A method of encrypting a document as set forth in claim 5, wherein the data reader device comprises a biometric recognition system and the portable data storage device comprises the user, wherein the access module utilizes unique information about the user for authentication, and the encryption key value is derived from at least one characteristic of the user.
  - 8. A method of encrypting a document as set forth in claim 1 wherein the electronic document management system comprises a database, the database including an indicator of whether the document should be encrypted, and step (c) further comprises, if the indicator in the database does not indicate that the document is to be encrypted, then skipping steps (d) and (e).
  - 9. A method of encrypting a document as set forth in claim 8, wherein if the indicator in the database does not indicate that the document is to be encrypted, then also skipping steps (f) and (g).
  - 10. A method of encrypting a document as set forth in claim 1 wherein the general purpose computer comprises a workstation, and there is further provided a file server, wherein the crypto module comprises a crypto server on the workstation, the access module comprises an access server on the file server and an access client on the workstation, and the electronic document management system comprises an EDM database on the file server, an EDM server on the file server, and an EDM client on the workstation.
  - 11. A method of encrypting a document as set forth in claim 1 wherein the operating system includes at least part of the electronic document management system.

12. A method of decrypting a document which is to be opened in an application program running in a general purpose computer, the general purpose computer including a display, user input device and a processor, the method comprising:
- (a) the user selecting the document to be opened in the application program using the user input device;
  
  (b) an “
  
  open”
  
  command issuing for the document to be opened in the application program;
  
  (c) translating the command into an event;
  
  (d) a crypto module trapping the event;
  
  (e) the crypto module retrieving a decryption key value;
  
  (f) the crypto module decrypting the document using the decryption key value;
  
  (g) the crypto module passing control to an electronic document management system; and
  
  (h) the electronic document management system executing the issued “
  
  open”
  
  command so that the document is opened in the application program;
  
  whereby the document is automatically decrypted without making a display on the display.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. A method of encrypting a document as set forth in claim 12 wherein the electronic document management system comprises a SQL database, a SQL database server and a SQL database client, the SQL database client being disposed in the general purpose computer.
  - 14. A method of decrypting a document as set forth in claim 12 wherein step (e) comprises the crypto module determining if the document should be decrypted, and if not, then skipping step (f), and if so, then:
    - the crypto module retrieving a decryption key name associated with the document; and
      
      the crypto module retrieving the decryption key value associated with the decryption key name.
  - 15. A method of decrypting a document as set forth in claim 14, wherein there are plural decryption key values and at least one decryption key value is associated with the user, the method further comprising the steps of:
    - the user submitting to an access module for user authentication;
      
      if the access module does not authenticate the user, then always skipping steps (e) and (f);
      
      else in step (e), the crypto module retrieving the decryption key value associated with the decryption key name and the user.
  - 16. A method of decrypting a document as set forth in claim 15, the general purpose computer further comprising a data reader device for reading user identification and decryption key values from a portable data storage device, the method further comprising the user presenting the portable data storage device to the data reader device, wherein the access module utilizes information stored in the portable data storage device to authenticate the user, and the decryption key value associated with the user is stored in the portable data storage device.
  - 17. A method of decrypting a document as set forth in claim 16, wherein the data reader device comprises a smart card reader and the portable data storage device comprises a smart card.
  - 18. A method of encrypting a document as set forth in claim 16, wherein the data reader device comprises a biometric recognition system and the portable data storage device comprises the user, wherein the access module utilizes unique information about the user for authentication, and the decryption key value is derived from at least one characteristic of the user.
  - 19. A method of encrypting a document as set forth in claim 12 wherein the electronic document management system comprises a database, the database including an indicator of whether the document should be decrypted, and step (d) further comprises, if the indicator in the database does not indicate that the document is to be decrypted, then skipping steps (e) and (f).
  - 20. A method of encrypting a document as set forth in claim 19, wherein if the indicator in the database does not indicate that the document is to be decrypted, then also skipping steps (g) and (h).
  - 21. A method of decrypting a document as set forth in claim 12 wherein the operating system includes at least a part of the electronic document management system.
  - 22. A method of decrypting a document as set forth in claim 12 wherein the general purpose computer comprises a workstation, and there is further provided a file server, wherein the crypto module comprises a crypto server on the workstation, the access module comprises an access server on the file server and an access client on the workstation, and the electronic document management system comprises an EDM database on the file server, an EDM server on the file server, and an EDM client on the workstation.

23. An electronic document management system for storing documents from an application in a workstation and retrieving documents from a file server to the application, the file server having a file system, the electronic document management system comprising:
- (a) an access server in the file server comprising software for handling user authentication and file system access control for the file server;
  
  (b) an access client in the workstation comprising software for enabling a user to sign on to the file server and obtain access to the file system on the file server;
  
  (c) an EDM server in the file server comprising software for controlling an EDM database and EDM indexes to the EDM database;
  
  (d) an EDM client in the workstation comprising software for interfacing the workstation to the EDM server and thereby allowing access by a user at the workstation to the EDM database; and
  
  (e) a crypto server comprising software for intercepting I/O requests by the application and transparently handling encryption of the documents and decryption of encrypted documents;
  
  wherein the access server and access client are functionally positioned between the EDM server and EDM client, and the crypto server is functionally positioned between the application and the EDM client.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. An electronic document management system as set forth in claim 23, wherein the crypto server software includes display commands, the display commands only for displaying error messages to the user.
  - 25. An electronic document management system as set forth in claim 23, wherein the crypto server includes interfaces to plural cryptographic systems.
  - 26. An electronic document management system as set forth in claim 25, the cryptographic systems comprising at least one of RSA, DES, Triple-DES, Blowfish, Triple Blowfish and IDEA.
  - 27. An electronic document management system as set forth in claim 23, the workstation further comprising a data reader device for reading user identification and key values from a portable data storage device, wherein the access client utilizes information stored in the portable data storage device to authenticate the user, and the crypto server obtains key values for encrypting and decrypting the documents from the portable data storage device via the data reader device.
  - 28. An electronic document management system as set forth in claim 27, wherein the data reader device comprises a smart card reader and the portable data storage device comprises a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
MAZ Technologies, Inc.
Inventors
Zizzi, Stephen

Granted Patent

US 7,096,358 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

G06Q 10/063   Operations research, analys...

G06Q 20/382   insuring higher security of...

G06Q 30/0643   Graphical representation of...

G06Q 40/08   Insurance

G06Q 50/16   Real estate

G06Q 99/00   Subject matter not provided...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 9/0866 : involving user or device id...

H04L 9/0897 : involving additional device...

H04L 9/32 : including means for verifyi...

H04L 9/3231 : Biological data, e.g. finge...

H04L 9/3247 : involving digital signatures

Y10S 707/99931 : Database or file accessing

Y10S 707/99935 : Query augmenting and refini...

Y10S 707/99937 : Sorting

View All

Encrypting file system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Encrypting file system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others