ENCRYPTION AND DECRYPTION METHOD FOR SHARED ENCRYPTED FILE
First Claim
1. An encryption and decryption method for a shared encrypted file in a system configured so that at least one client computer, at least one key management server and at least one file server are connected to one another by a network, the encryption and decryption method characterized in that:
- any application such as a document generating program and a file access control unit are provided in the client computer, and the key management server manages key management information for shared encrypted folders stored in the file server; and
the file access control unit in the client computer comprises a first step of temporarily catching a read request or a store request when the request to read or store a shared encrypted file is given from any application, receiving client authentication of the client computer from the key management server and acquiring a key list having pairs of UNC path names and encryption keys corresponding to shared encrypted folders of the file server allowed to be accessed by the client computer from the key management server, and a second step of accessing a shared encrypted folder as a destination of the read or store request in the shared encrypted folders of the file server and performing decryption or encryption of the shared encrypted file by using an encryption key of the key list corresponding to a UNC path name concerned with the UNC path name to be accessed when the UNC path name concerned is present in the key list.
1 Assignment
0 Petitions
Accused Products
Abstract
Encryption and decryption is achieved without the requirement for updating of the encryption key or re-encryption of an encrypted file when a shared encrypted file is generated, renamed or deleted.
In response to a request to read or store a shared encrypted file, a filter driver in a client computer receives client authentication from a key management server and acquires a key list having pairs of UNC path names and encryption keys corresponding to shared encrypted folders allowed to be accessed from the key management server. The filter driver accesses a shared encrypted folder as a destination of the read or store request and performs decryption or encryption of the shared encrypted file by using an encryption key of the key list corresponding to a UNC path name concerned with the UNC path name to be accessed when the UNC path name concerned is present in the key list.
34 Citations
3 Claims
-
1. An encryption and decryption method for a shared encrypted file in a system configured so that at least one client computer, at least one key management server and at least one file server are connected to one another by a network, the encryption and decryption method characterized in that:
-
any application such as a document generating program and a file access control unit are provided in the client computer, and the key management server manages key management information for shared encrypted folders stored in the file server; and the file access control unit in the client computer comprises a first step of temporarily catching a read request or a store request when the request to read or store a shared encrypted file is given from any application, receiving client authentication of the client computer from the key management server and acquiring a key list having pairs of UNC path names and encryption keys corresponding to shared encrypted folders of the file server allowed to be accessed by the client computer from the key management server, and a second step of accessing a shared encrypted folder as a destination of the read or store request in the shared encrypted folders of the file server and performing decryption or encryption of the shared encrypted file by using an encryption key of the key list corresponding to a UNC path name concerned with the UNC path name to be accessed when the UNC path name concerned is present in the key list. - View Dependent Claims (2)
-
-
3. In a system configured so that at least one client computer, at least one key management server and at least one file server are connected to one another by a network, a shared encrypted file encryption and decryption program executed by the client computer, characterized in that:
the encryption and decryption program comprises a first step of temporarily catching a read request or a store request when the request to read or store a shared encrypted file in the file server is given from any application in the client computer, receiving client authentication of the client computer from the key management server and acquiring a key list having pairs of UNC path names and encryption keys corresponding to shared encrypted folders of the file server allowed to be accessed by the client computer from the key management server, and a second step of accessing a shared encrypted folder as a destination of the read or store request in the shared encrypted folders of the file server and performing decryption or encryption of the shared encrypted file by using an encryption key of the key list corresponding to a UNC path name concerned with the UNC path name to be accessed when the UNC path name concerned is present in the key list.
Specification