Secret File Access Authorization System With Fingerprint Limitation

US 20070209064A1
Filed: 03/24/2005
Published: 09/06/2007
Est. Priority Date: 03/26/2004
Status: Active Grant

First Claim

Patent Images

1. A secret file access authorization system with fingerprint limitation comprising the components as follows:

An authorization server provided with an authorization module, which provides a fingerprint template and an authorization secret key. An encryption server provided with an encryption module, which generates a decryption secret key by accepting the authorization secret key provided by the authorization module, and produces the encrypted secret files by encrypting the secret files to be encrypted. A certification server provided with an authorization module, which accepts the fingerprint template provided by the authorization module, accepts the decryption secret key provided by the encryption module and the authorization secret key claiming certification that is sent by the client, and judges and confirms providing the certified decryption secret key. At least one client machine, each is provided with a user module, which embeds the kernel encryption/decryption unit into the corresponding operation system kernel of the client, accepts the authorization secret key provided by the authorization module and the decryption secret key provided by the encryption module, sends the claiming certification respectively to certification module, opens the encryption/decryption unit with the certified authorization secret key and the certified decryption secret key which is returned after the certification module makes the certification, and reads/writes the encrypted secret files.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Secret file access authorization system with fingerprint limitation includes an authorization module, encryption module and certification module in a server linked by programs. A user module of least one client machine contains a kernel encryption/decryption unit embedded in the client operation system kernel, so access authorization to secure files scan be limited by environment or time fingerprint. Therein the authorization module provides an authorization secret key (ASK) and fingerprint template. The encryption module accepts the ASK and secret files to be encrypted, and provides decryption secret key (DSK). The user module accepts the ASK and encrypted secret files, and presents a claim for the ASK certification to the certification module. The certification module accepts the DSK and claim and the template, and provides the certified DSK for the user module, to start the kernel encryption/decryption unit in the user module, and achieve reading and writing of encrypted files.

40 Citations

View as Search Results

60 Claims

1. A secret file access authorization system with fingerprint limitation comprising the components as follows:
- An authorization server provided with an authorization module, which provides a fingerprint template and an authorization secret key. An encryption server provided with an encryption module, which generates a decryption secret key by accepting the authorization secret key provided by the authorization module, and produces the encrypted secret files by encrypting the secret files to be encrypted. A certification server provided with an authorization module, which accepts the fingerprint template provided by the authorization module, accepts the decryption secret key provided by the encryption module and the authorization secret key claiming certification that is sent by the client, and judges and confirms providing the certified decryption secret key. At least one client machine, each is provided with a user module, which embeds the kernel encryption/decryption unit into the corresponding operation system kernel of the client, accepts the authorization secret key provided by the authorization module and the decryption secret key provided by the encryption module, sends the claiming certification respectively to certification module, opens the encryption/decryption unit with the certified authorization secret key and the certified decryption secret key which is returned after the certification module makes the certification, and reads/writes the encrypted secret files.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 2. A secret file access authorization system with fingerprint limitation according to claim 1, the encryption server and the certification server are merged to constitute a system server, which is provided with the authorization module, the encryption module and the certification module.
  - 3. A secret file access authorization system with fingerprint limitation according to claim 1, the authorization server and the encryption server are merged to constitute an authorization-and-encryption server, which is provided with the authorization module and the encryption module.
  - 4. A secret file access authorization system with fingerprint limitation according to claim 1, the authorization server and the certification server are merged to constitute an authorization-and-certification server, which is provided with the authorization module and the certification module.
  - 5. A secret file access authorization system with fingerprint limitation according to claim 1, the encryption server and the certification server are merged to constitute an encryption-and-certification server, which is provided with the encryption module and the certification module.
  - 6. A secret file access authorization system with fingerprint limitation according to claim 1, the authorization module includes a password fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in parallel, as well as the authorization unit that is linked with the said three units which are set in parallel respectively by the bidirectional programs;
    - the authorization unit provides the authorization secret key;
      
      while the password fingerprint unit, the environment fingerprint sampling unit and the time fingerprint sampling unit that are set in parallel provide the fingerprint template altogether.
  - 7. A secret file access authorization system with fingerprint limitation according to claim 6, the authorization secret key is a binary string of a certain length.
  - 8. A secret file access authorization system with fingerprint limitation according to claim 7, the authorization secret key can be put into the authorized entity.
  - 9. A secret file access authorization system with fingerprint limitation according to claim 6, the fingerprint template is a binary string of a certain length.
  - 10. A secret file access authorization system with fingerprint limitation according to claim 1, the encryption module includes the secret key generation unit and the encryption unit, which are linked in sequence by the programs;
    - the secret key generation unit provides the decryption secret key after accepting the authorization secret key provided by the authorization module;
      
      the encryption unit accepts the input of secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key provided by the secret key generation unit.
  - 11. A secret file access authorization system with fingerprint limitation according to claim 10, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the authorization secret key.
  - 12. A secret file access authorization system with fingerprint limitation according to claim 10, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key and the authorization secret key at the same time.
  - 13. A secret file access authorization system with fingerprint limitation according to claim 1, the certification module includes an environment fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint certification unit set in parallel by accepting the fingerprint template provided by the authorization module;
    - the certification interface unit linked with them by the bidirectional programs, which also accepts the decryption secret key provided by the encryption module and the certification secret key from the user module claiming certification respectively, and provides the certified decryption secret key for the user module.
  - 14. A secret file access authorization system with fingerprint limitation according to claim 1, the user module includes the application unit, the kernel encryption/decryption unit and the input/output unit, which are linked in sequence by the bidirectional programs;
    - as well as the authorization input unit, which accepts the authorization secret key and sends it into the kernel encryption/decryption unit;
      
      the kernel encryption/decryption unit provides the authorization secret key claiming certification for the certification module, and accepts the certified decryption secret key sent by the certification module; and
      
      the input/output unit is coupled with the encrypted secret files bidirectionally;
      
      the kernel encryption/decryption unit is embedded in the client operation system kernel.
  - 15. A secret file access authorization system with fingerprint limitation according to claim 14, the client operation system can be Microsoft Windows 95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE embedded operation system or Mac OS or Sun OS, Novell netware and other server or network operation systems.
  - 16. A secret file access authorization system with fingerprint limitation according to claim 14, the program used by the application unit can be Microsoft Office and its components or other desktop applications or embedded applications.
  - 17. A secret file access authorization system with fingerprint limitation according to claim 2, the authorization module includes a password fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in parallel, as well as the authorization unit that is linked with the said three units which are set in parallel respectively by the bidirectional programs;
    - the authorization unit provides the authorization secret key;
      
      while the password fingerprint unit, the environment fingerprint sampling unit and the time fingerprint sampling unit that are set in parallel provide the fingerprint template altogether.
  - 18. A secret file access authorization system with fingerprint limitation according to claim 3, the authorization module includes a password fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in parallel, as well as the authorization unit that is linked with the said three units which are set in parallel respectively by the bidirectional programs;
    - the authorization unit provides the authorization secret key;
      
      while the password fingerprint unit, the environment fingerprint sampling unit and the time fingerprint sampling unit that are set in parallel provide the fingerprint template altogether.
  - 19. A secret file access authorization system with fingerprint limitation according to claim 4, the authorization module includes a password fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in parallel, as well as the authorization unit that is linked with the said three units which are set in parallel respectively by the bidirectional programs;
    - the authorization unit provides the authorization secret key;
      
      while the password fingerprint unit, the environment fingerprint sampling unit and the time fingerprint sampling unit that are set in parallel provide the fingerprint template altogether.
  - 20. A secret file access authorization system with fingerprint limitation according to claim 5, the authorization module includes a password fingerprint unit, an environment fingerprint sampling unit and a time fingerprint sampling unit, which are set in parallel, as well as the authorization unit that is linked with the said three units which are set in parallel respectively by the bidirectional programs;
    - the authorization unit provides the authorization secret key;
      
      while the password fingerprint unit, the environment fingerprint sampling unit and the time fingerprint sampling unit that are set in parallel provide the fingerprint template altogether.
  - 21. A secret file access authorization system with fingerprint limitation according to claim 17, the authorization secret key is a binary string of a certain length.
  - 22. A secret file access authorization system with fingerprint limitation according to claim 18, the authorization secret key is a binary string of a certain length.
  - 23. A secret file access authorization system with fingerprint limitation according to claim 19, the authorization secret key is a binary string of a certain length.
  - 24. A secret file access authorization system with fingerprint limitation according to claim 20, the authorization secret key is a binary string of a certain length.
  - 25. A secret file access authorization system with fingerprint limitation according to claim 21, the authorization secret key can be put into the authorized entity.
  - 26. A secret file access authorization system with fingerprint limitation according to claim 22, the authorization secret key can be put into the authorized entity.
  - 27. A secret file access authorization system with fingerprint limitation according to claim 23, the authorization secret key can be put into the authorized entity.
  - 28. A secret file access authorization system with fingerprint limitation according to claim 24, the authorization secret key can be put into the authorized entity.
  - 29. A secret file access authorization system with fingerprint limitation according to claim 17, the fingerprint template is a binary string of a certain length.
  - 30. A secret file access authorization system with fingerprint limitation according to claim 18, the fingerprint template is a binary string of a certain length.
  - 31. A secret file access authorization system with fingerprint limitation according to claim 19, the fingerprint template is a binary string of a certain length.
  - 32. A secret file access authorization system with fingerprint limitation according to claim 20, the fingerprint template is a binary string of a certain length.
  - 33. A secret file access authorization system with fingerprint limitation according to claim 2, the encryption module includes the secret key generation unit and the encryption unit, which are linked in sequence by the programs;
    - the secret key generation unit provides the decryption secret key after accepting the authorization secret key provided by the authorization module;
      
      the encryption unit accepts the input of secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key provided by the secret key generation unit.
  - 34. A secret file access authorization system with fingerprint limitation according to claim 3, the encryption module includes the secret key generation unit and the encryption unit, which are linked in sequence by the programs;
    - the secret key generation unit provides the decryption secret key after accepting the authorization secret key provided by the authorization module;
      
      the encryption unit accepts the input of secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key provided by the secret key generation unit.
  - 35. A secret file access authorization system with fingerprint limitation according to claim 4, the encryption module includes the secret key generation unit and the encryption unit, which are linked in sequence by the programs;
    - the secret key generation unit provides the decryption secret key after accepting the authorization secret key provided by the authorization module;
      
      the encryption unit accepts the input of secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key provided by the secret key generation unit.
  - 36. A secret file access authorization system with fingerprint limitation according to claim 5, the encryption module includes the secret key generation unit and the encryption unit, which are linked in sequence by the programs;
    - the secret key generation unit provides the decryption secret key after accepting the authorization secret key provided by the authorization module;
      
      the encryption unit accepts the input of secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key provided by the secret key generation unit.
  - 37. A secret file access authorization system with fingerprint limitation according to claim 33, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the authorization secret key.
  - 38. A secret file access authorization system with fingerprint limitation according to claim 34, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the authorization secret key.
  - 39. A secret file access authorization system with fingerprint limitation according to claim 35, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the authorization secret key.
  - 40. A secret file access authorization system with fingerprint limitation according to claim 36, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the authorization secret key.
  - 41. A secret file access authorization system with fingerprint limitation according to claim 33, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key and the authorization secret key at the same time.
  - 42. A secret file access authorization system with fingerprint limitation according to claim 34, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key and the authorization secret key at the same time.
  - 43. A secret file access authorization system with fingerprint limitation according to claim 35, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key and the authorization secret key at the same time.
  - 44. A secret file access authorization system with fingerprint limitation according to claim 36, the encryption unit accepts the input of the secret files to be encrypted, and produces the encrypted secret files by using the decryption secret key and the authorization secret key at the same time.
  - 45. A secret file access authorization system with fingerprint limitation according to claim 2, the certification module includes an environment fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint certification unit set in parallel by accepting the fingerprint template provided by the authorization module;
    - the certification interface unit linked with them by the bidirectional programs, which also accepts the decryption secret key provided by the encryption module and the certification secret key from the user module claiming certification respectively, and provides the certified decryption secret key for the user module.
  - 46. A secret file access authorization system with fingerprint limitation according to claim 3, the certification module includes an environment fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint certification unit set in parallel by accepting the fingerprint template provided by the authorization module;
    - the certification interface unit linked with them by the bidirectional programs which also accepts the decryption secret key provided by the encryption module and the certification secret key from the user module claiming certification respectively, and provides the certified decryption secret key for the user module.
  - 47. A secret file access authorization system with fingerprint limitation according to claim 4, the certification module includes an environment fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint certification unit set in parallel by accepting the fingerprint template provided by the authorization module;
    - the certification interface unit linked with them by the bidirectional programs, which also accepts the decryption secret key provided by the encryption module and the certification secret key from the user module claiming certification respectively, and provides the certified decryption secret key for the user module.
  - 48. A secret file access authorization system with fingerprint limitation according to claim 5, the certification module includes an environment fingerprint certification unit, a password fingerprint certification unit, and a time fingerprint certification unit set in parallel by accepting the fingerprint template provided by the authorization module;
    - the certification interface unit linked with them by the bidirectional programs, which also accepts the decryption secret key provided by the encryption module and the certification secret key from the user module claiming certification respectively, and provides the certified decryption secret key for the user module.
  - 49. A secret file access authorization system with fingerprint limitation according to claim 2, the user module includes the application unit, the kernel encryption/decryption unit and the input/output unit, which are linked in sequence by the bidirectional programs;
    - as well as the authorization input unit, which accepts the authorization secret key and sends it into the kernel encryption/decryption unit;
      
      the kernel encryption/decryption unit provides the authorization secret key claiming certification for the certification module, and accepts the certified decryption secret key sent by the certification module; and
      
      the input/output unit is coupled with the encrypted secret files bidirectionally;
      
      the kernel encryption/decryption unit is embedded in the client operation system kernel.
  - 50. A secret file access authorization system with fingerprint limitation according to claim 3, the user module includes the application unit, the kernel encryption/decryption unit and the input/output unit, which are linked in sequence by the bidirectional programs;
    - as well as the authorization input unit, which accepts the authorization secret key and sends it into the kernel encryption/decryption unit;
      
      the kernel encryption/decryption unit provides the authorization secret key claiming certification for the certification module, and accepts the certified decryption secret key sent by the certification module; and
      
      the input/output unit is coupled with the encrypted secret files bidirectionally;
      
      the kernel encryption/decryption unit is embedded in the client operation system kernel.
  - 51. A secret file access authorization system with fingerprint limitation according to claim 4, the user module includes the application unit, the kernel encryption/decryption unit and the input/output unit, which are linked in sequence by the bidirectional programs;
    - as well as the authorization input unit, which accepts the authorization secret key and sends it into the kernel encryption/decryption unit;
      
      the kernel encryption/decryption unit provides the authorization secret key claiming certification for the certification module, and accepts the certified decryption secret key sent by the certification module; and
      
      the input/output unit is coupled with the encrypted secret files bidirectionally;
      
      the kernel encryption/decryption unit is embedded in the client operation system kernel.
  - 52. A secret file access authorization system with fingerprint limitation according to claim 5, the user module includes the application unit, the kernel encryption/decryption unit and the input/output unit, which are linked in sequence by the bidirectional programs;
    - as well as the authorization input unit, which accepts the authorization secret key and sends it into the kernel encryption/decryption unit;
      
      the kernel encryption/decryption unit provides the authorization secret key claiming certification for the certification module, and accepts the certified decryption secret key sent by the certification module; and
      
      the input/output unit is coupled with the encrypted secret files bidirectionally;
      
      the kernel encryption/decryption unit is embedded in the client operation system kernel.
  - 53. A secret file access authorization system with fingerprint limitation according to claim 49, the client operation system can be Microsoft Windows 95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE embedded operation system or Mac OS or Sun OS, Novell netware and other server or network operation systems.
  - 54. A secret file access authorization system with fingerprint limitation according to claim 50, the client operation system can be Microsoft Windows 95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE embedded operation system or Mac OS or Sun OS, Novell netware and other server or network operation systems.
  - 55. A secret file access authorization system with fingerprint limitation according to claim 51, the client operation system can be Microsoft Windows 95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE embedded operation system or Mac OS or Sun OS, Novell netware and other server or network operation systems.
  - 56. A secret file access authorization system with fingerprint limitation according to claim 52, the client operation system can be Microsoft Windows 95/98/ME/NT/2000/XP/2003 Server or Linux/Unix or Pocket, Symbian OS, Windows CE embedded operation system or Mac OS or Sun OS, Novell netware and other server or network operation systems.
  - 57. A secret file access authorization system with fingerprint limitation according to claim 49, the program used by the application unit can be Microsoft Office and its components or other desktop applications or embedded applications.
  - 58. A secret file access authorization system with fingerprint limitation according to claim 50, the program used by the application unit can be Microsoft Office and its components or other desktop applications or embedded applications.
  - 59. A secret file access authorization system with fingerprint limitation according to claim 51, the program used by the application unit can be Microsoft Office and its components or other desktop applications or embedded applications.
  - 60. A secret file access authorization system with fingerprint limitation according to claim 52, the program used by the application unit can be Microsoft Office and its components or other desktop applications or embedded applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shanghai Sanlen Info Security Company Limited
Original Assignee
Shanghai Sanlen Info Security Company Limited
Inventors
Qin, Yunchuan, Zhou, Jungang

Granted Patent

US 7,890,993 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

G06F 2221/2151   Time stamp

Y04S 40/20   Information technology spec...

Secret File Access Authorization System With Fingerprint Limitation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Secret File Access Authorization System With Fingerprint Limitation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links