Shielding a Sensitive File
First Claim
Patent Images
1. An apparatus for shielding a sensitive file that can connect to a server computer via a network, comprising:
- an encryption-decryption unit for encrypting the sensitive file with an encryption key and decrypting the encrypted sensitive file with a decryption key corresponding to the encryption key, wherein an encryption key ID is embedded in the encrypted sensitive file, and the encryption key and the decryption key correspond to the encryption key ID;
an encryption key storing unit for storing the encryption key;
a decryption key storing unit for storing the decryption key;
a compliance requirements storing unit that stores security compliance requirements of the apparatus, wherein the security compliance requirements are sent from the server computer; and
a security requirements monitoring unit for determining whether the apparatus complies with the security compliance requirements or not in response to a read instruction or a write instruction of the sensitive file by application software, whereinwhen the apparatus complies with the security compliance requirements, said security requirements monitoring unit passes the encryption key and the encryption key ID corresponding to the encryption key from said encryption key storing unit to said encryption-decryption unit in response to the write instruction, orpasses the decryption key corresponding to the encryption key ID embedded in the encrypted sensitive file from said decryption key storing unit to said encryption-decryption unit in response to the read instruction.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide for shielding a sensitive file on a computer that can connect to a server computer via a network. The computer may determine whether it complies with security compliance requirements sent from another computer or not in response to a read instruction or a write instruction of the sensitive file by application software, and encrypt the sensitive file with an encryption key.
-
Citations
22 Claims
-
1. An apparatus for shielding a sensitive file that can connect to a server computer via a network, comprising:
-
an encryption-decryption unit for encrypting the sensitive file with an encryption key and decrypting the encrypted sensitive file with a decryption key corresponding to the encryption key, wherein an encryption key ID is embedded in the encrypted sensitive file, and the encryption key and the decryption key correspond to the encryption key ID; an encryption key storing unit for storing the encryption key; a decryption key storing unit for storing the decryption key; a compliance requirements storing unit that stores security compliance requirements of the apparatus, wherein the security compliance requirements are sent from the server computer; and a security requirements monitoring unit for determining whether the apparatus complies with the security compliance requirements or not in response to a read instruction or a write instruction of the sensitive file by application software, wherein when the apparatus complies with the security compliance requirements, said security requirements monitoring unit passes the encryption key and the encryption key ID corresponding to the encryption key from said encryption key storing unit to said encryption-decryption unit in response to the write instruction, or passes the decryption key corresponding to the encryption key ID embedded in the encrypted sensitive file from said decryption key storing unit to said encryption-decryption unit in response to the read instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for shielding a sensitive file on an apparatus that can connect to a server computer via a network, comprising:
-
determining whether the apparatus complies with security compliance requirements sent from the server computer or not in response to a read instruction or a write instruction of the sensitive file by application software, wherein the security compliance requirements are stored in a compliance requirements storing unit; when the security requirements are complied with, in response to the write instruction, executing encrypting the sensitive file with an encryption key, wherein the encryption key is stored in an encryption key storing unit; and embedding an encryption key ID corresponding to the encryption key in the encrypted file;
or,in response to the read instruction, executing decrypting the encrypted sensitive file with a decryption key corresponding to the encryption key ID embedded in the encrypted sensitive file, wherein the decryption key is stored in a decryption key storing unit. - View Dependent Claims (20, 21)
-
-
22. A method for shielding a sensitive file on an apparatus that can connect to a server computer via a network, comprising:
-
determining whether the apparatus complies with security compliance requirements sent from the server computer or not in response to a read instruction or a write instruction of the sensitive file by application software, wherein the security compliance requirements are stored in a compliance requirements storing unit; when the apparatus complies with the security compliance requirements, in response to the write instruction, executing encrypting the sensitive file with an encryption key, wherein the encryption key is stored in an encryption key storing unit; and embedding an encryption key ID corresponding to the encryption key in the encrypted file;
or,in response to the read instruction, executing decrypting the encrypted sensitive file with a decryption key corresponding to the encryption key ID embedded in the encrypted sensitive file, wherein the decryption key is stored in a decryption key storing unit, and when the apparatus does not comply with the security compliance requirements, executing deleting the encryption key stored in the encryption key storing unit and the decryption key stored in the decryption key storing unit; and requesting the server computer to send the security compliance requirements.
-
Specification