METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA
First Claim
1. A method for determining access to electronic data via a designated store, the method comprising:
- associating an access level with the store, the access level comprising access rules;
retrieving the access rules when a file is deposited in the store;
encrypting the file in accordance with the access rules to produce an encrypted data portion;
generating a header to include security information from the access rules; and
integrating the header with the encrypted data portion to produce a secured file.
9 Assignments
0 Petitions
Accused Products
Abstract
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
230 Citations
89 Claims
-
1. A method for determining access to electronic data via a designated store, the method comprising:
-
associating an access level with the store, the access level comprising access rules; retrieving the access rules when a file is deposited in the store; encrypting the file in accordance with the access rules to produce an encrypted data portion; generating a header to include security information from the access rules; and integrating the header with the encrypted data portion to produce a secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium comprising computer program code that enables a processor to determine access to electronic data via a designated store, the computer program code comprising:
-
associating means for enabling a processor to associate an access level with the store, the access level comprising access rules; retrieving means for enabling a processor to retrieve the access rules when a file is deposited in the store; encrypting means for enabling a processor to encrypt the file in accordance with the access rules to produce an encrypted data portion; generating means for enabling a processor to generate a header to include security information from the access rules; and integrating means for enabling a processor to integrate the header with the encrypted data portion to produce a secured file. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system capable of determining access to electronic data via a designated store, comprising:
-
a first module configured to associate an access level with the store, the access level comprising access rules; a second module configured to retrieve the access rules when a file is deposited in the store; a third module configured to encrypt the file in accordance with the access rules to produce an encrypted data portion; a fourth module configured to generate a header to include security information from the access rules; and a fifth module configured to integrate the header with the encrypted data portion to produce a secured file. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for updating a key used by an access control system that limits access to a secured document, the method comprising:
-
(a) determining whether an old key should be updated; (b) obtaining a new key to be used in place of the old key that is to be updated when step (a) determines that the old key should be updated; (c) determining a user that is affected by the new key; (d) providing the new key to the user that is affected by the new key; (e) subsequently determining whether the user is requesting access to a secured document that is secured using the old key; and (f) when step (e) determines that the user is requesting access to a secured document that is secured using the old key, decrypting at least a portion of the secured document using the old key and then encrypting the at least a portion of the secured document using the new key. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer readable medium comprising computer program code that enables a processor to update a key used by an access control system that limits access to a secured document, said computer readable medium comprising:
-
computer program code enabling a processor to determine whether an old key should be updated; computer program code enabling the processor to obtain a new key to be used in place of the old key that is to be updated when said computer program code for determining determines that the old key should be updated; computer program code enabling the processor to determine a user that is affected by the new key; computer program code enabling the processor to provide the new key to the user that is affected by the new key; computer program code enabling the processor to subsequently determine whether the user is requesting access to a secured document that is secured using the old key; computer code enabling the processor to decrypt at least a portion of the secured document using the old key; and computer code enabling the processor to encrypt the at least a portion of the secured document using the new key, when the computer code for determining determines that the user is requesting access to a secured document that is secured using the old key. - View Dependent Claims (32, 33)
-
-
34. A system for maintaining keys for encryption and/or decryption of electronic files, said system comprising:
-
a key update monitor module configured to monitor a plurality of keys to determine when at least one of the keys is to be updated; a key generator operatively connected to the key update monitor module, said key generator generates at least one new key to be used to replace the at least one of the keys to be updated; a key distribution manager operatively connected to the key generator, wherein the key distribution manager distributes the at least one new key to one or more interested entities; and a key replacement manager that manipulates the files that are encrypted by the at least one old key to be re-encrypted with the at least one new key. - View Dependent Claims (35, 36, 37, 38)
-
-
39. A method for securing an electronic document, the method comprising:
-
(a) obtaining an electronic document to be secured; (b) assigning at least one data type to the electronic document; (c) obtaining a data type key associated with the data type that has been assigned; (d) encrypting at least a data portion of the electronic document using a first key, wherein the first key is the data type key or is acquired using the data type key; and (e) attaching security information to the encrypted data portion to produce a secured electronic document. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method for unsecuring an electronic document, the method comprising:
-
(a) identifying an electronic document to be unsecured for access by a requester; (b) determining a particular data type of the electronic document; (c) determining whether the requestor has permission to access electronic documents having the particular data type; (d) obtaining a data type key associated when determining step (c) determines that the requestor has permission to access electronic documents having the particular data type, the data type key being associated with the particular data type; (e) decrypting at least a data portion of the electronic document using at least a first key, wherein the first key is a data type key or the first key is acquired using the data type key; and (f) providing at least the unencrypted data portion to the requestor. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A computer program product comprising a computer readable medium having computer program logic recorded thereon enabling a processor to secure an electronic document, said computer program code comprising:
-
computer program code enabling a processor to obtain an electronic document to be secured; computer program code enabling a processor to assign a data type to the electronic document; computer program code enabling a processor to obtain a data type key associated with the data type that has been assigned; computer program code enabling a processor to encrypt at least a data portion of the electronic document using a first key, the first key being the data type key or acquired using the data type key; and computer program code enabling a processor to attach security information to the encrypted data portion to produce a secured electronic document.
-
-
65. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the format comprising:
-
a header including security information controlling the access to the contents in the electronic data, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules; an encrypted data portion generated by encrypting the electronic data with the first key according to a predetermined cipher scheme; and wherein the header is integrated with the encrypted data portion to generate a secured file. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
-
-
84. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the format comprising:
-
a header including an encrypted version of a first key, at least an encrypted version of a second key, access rules controlling the access to the contents in the electronic data, wherein the second key is symmetric and used to create the encrypted version of the first key as well as retrieve the first key when sufficient user access privileges are provided externally; an encrypted data portion generated by encrypting the electronic data with the first key according to a predetermined cipher scheme; and wherein the header is integrated with the encrypted data portion to generate a secured file. - View Dependent Claims (85, 86, 87, 88, 89)
-
Specification