Fire locker and mechanisms for providing and using same
First Claim
1. A method of using a file management component to protect a file, the method comprising:
- receiving a file from an object;
using a data storage system to seal the file to the file management component, said data storage system being enabled to receive data from a specified category of components and to seal received data to one or more of said components such that the data cannot be unsealed by any component to which the data is not sealed, the file management component being one of said specified category of components;
restricting access to said file based on whether an object that issues a request for the file is authorized to open said file, a determination as to whether said object that issues the request is authorized being made by the file management component which causes the file to be unsealed from said data storage system if said object that issues the request is authorized to open the file.
3 Assignments
0 Petitions
Accused Products
Abstract
A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment'"'"'s sealing functionality to seal data items for the file locker'"'"'s exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the requestor'"'"'s trustworthiness, authenticity, and/or identity. The file locker may be used to extend the protected environment'"'"'s sealing functionality to legacy applications, without the legacy applications having to implement agents that can run in the protected environment and access the sealing functionality directly.
-
Citations
33 Claims
-
1. A method of using a file management component to protect a file, the method comprising:
-
receiving a file from an object;
using a data storage system to seal the file to the file management component, said data storage system being enabled to receive data from a specified category of components and to seal received data to one or more of said components such that the data cannot be unsealed by any component to which the data is not sealed, the file management component being one of said specified category of components;
restricting access to said file based on whether an object that issues a request for the file is authorized to open said file, a determination as to whether said object that issues the request is authorized being made by the file management component which causes the file to be unsealed from said data storage system if said object that issues the request is authorized to open the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
- 12. A file locker comprising logic that receives a file, causes said file to be sealed to the file locker such that the file is unsealable only by the file locker, receives a request from an object for said file, verifies that said object is entitled to receive said file, and either provides or fails to provide said file to said object according to whether said object is entitled to receive said file.
-
23. A computer-readable medium encoded with computer-executable instructions to perform a method comprising:
-
receiving a file at a file management component;
sealing the file to said file management component;
receiving, from a requester, a request for said file;
verifying that said requestor is entitled to receive said file;
if said requestor is entitled to receive said file then unsealing said file and providing said file to said requestor, and otherwise not unsealing said file and not providing said file to said requestor. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification