METHOD AND SYSTEM FOR ENCRYPTED FILE ACCESS

US 20090210721A1
Filed: 01/28/2009
Published: 08/20/2009
Est. Priority Date: 01/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method for file access in a file encryption system, comprising:

receiving an access request for an encrypted file by an application;

determining the application making the access request;

checking if the application is authorised for access; and

if authorised, allowing the access request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for encrypted file access are provided. The method includes the steps of: receiving (502, 552) an access request for an encrypted file (401-403) by an application (110); determining (503, 553) the application (110) making the access request; checking (505, 555) if the application (110) is authorised for access; and if authorised, allowing the access request. The access request may be a read or write access by a destination or source application (110). If the application (110) is authorised for access, the method checks (508, 558) if the application (110) is authorised for unencrypted access; and if so, allowing unencrypted file access.

Citations

23 Claims

1. A method for file access in a file encryption system, comprising:
- receiving an access request for an encrypted file by an application;
  
  determining the application making the access request;
  
  checking if the application is authorised for access; and
  
  if authorised, allowing the access request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as claimed in claim 1, including:
    - if the application is authorised for access, checking if the application is authorised for unencrypted access; and
      
      if so, allowing unencrypted file access.
  - 3. The method as claimed in claim 1, wherein determining the application making the access request includes:
    - calculating a hash value of the contents of the application.
  - 4. The method as claimed in claim 3, wherein calculating a hash value of the contents of the application applies a hash function to the executable file of the application.
  - 5. The method as claimed in claim 1, wherein checking if the application is authorised for access includes checking a record of file types to which an application is authorised for access.
  - 6. The method as claimed in claim 5, wherein checking a record of file types to which an application is authorised for access includes checking the record for the hash value of the application.
  - 7. The method as claimed in claim 5, wherein the record of file types to which an application is authorised for access is administered by a security policy.
  - 8. The method as claimed in claim 7, wherein the security policy has a secure user interface for updating by an administrator.
  - 9. The method as claimed in claim 7, wherein the security policy is a group policy for a plurality of file encryption systems.
  - 10. The method as claimed in claim 1, wherein the access request is a read request by a destination application.
  - 11. The method as claimed in claim 10, wherein an application authorised for read access, but not for unencrypted read access, is allowed access to the encrypted file.
  - 12. The method as claimed in claim 1, wherein the access request is a write request by a source application.
  - 13. The method as claimed in claim 12, wherein an application authorised for write access, but not for unencrypted write access, is allowed access to the encrypted file by writing an encrypted file.

14. A computer software product for encrypted file access, the product comprising a computer-readable storage medium, storing a computer in which program comprising computer-executable instructions are stored, which instructions, when read executed by a computer, perform the following steps:
- receiving an access request for an encrypted file by an application;
  
  determining the application making the access request;
  
  checking if the application is authorised for access; and
  
  if authorised, allowing the access request.

15. A method of providing a service to a customer over a network, the service comprising:
- receiving an access request for an encrypted file by an application;
  
  determining the application making the access request;
  
  checking if the application is authorised for access; and
  
  if authorised, allowing the access request.

16. A file encryption system comprising:
- an application identifier for identifying an application making an access request for an encrypted file;
  
  a data store of application permissions for accessing file types;
  
  means for checking if an application is authorised for access of a file; and
  
  means for providing access to the file.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system as claimed in claim 16, including:
    - means for checking if the application is authorised for unencrypted access; and
      
      encryption or decryption means for providing access to the unencrypted file.
  - 18. The system as claimed in claim 16, wherein the application identifier includes a hash function for calculating a hash value of the contents of the application.
  - 19. The system as claimed in claim 18, wherein the hash function for calculating a hash value of the contents of the application applies the hash function to the executable file of the application.
  - 20. The system as claimed in claim 16, wherein the data store of application permissions for accessing file types, identifies applications by the hash value.
  - 21. The system as claimed in claim 20, including a security means to administer the data store of application permissions for accessing file types.
  - 22. The system as claimed in claim 21, wherein the security means has a secure user interface for updating security policy by an administrator.
  - 23. The system as claimed in claim 20, wherein the security means administers a group policy for a plurality of file encryption systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Phillips, Anthony H.

Granted Patent

US 8,352,735 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 63/20   for managing network securi...

METHOD AND SYSTEM FOR ENCRYPTED FILE ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ENCRYPTED FILE ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links