Method and apparatus for combining encryption and steganography in a file control system
First Claim
1. A method for improving security of a file control system, the method comprising:
- performing, by a computer;
receiving a request from a user to view a file, and in response;
accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies;
whether the user is permitted to create an unencrypted copy of content from the file; and
adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file;
decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and
receiving another request from the user to create a copy of content from the file, and in response;
determining whether the security policy permits the user to create an unencrypted copy of the content from the file;
ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and
preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that improves security of a file control system. During operation the system receives a request from a user to decrypt a file. The system then decrypts the file. Next, the system adds a watermark to the decrypted file which allows the decrypted file to be subsequently traced back to the origin of the decrypted file, thereby improving security of the file control system. Note that the watermark can include a user identifier, an Internet Protocol (IP) address associated with the user, a hardware address or identifier associated with the user, a timestamp, or any other information that can be used to identify the origin of the decrypted file.
21 Citations
19 Claims
-
1. A method for improving security of a file control system, the method comprising:
performing, by a computer; receiving a request from a user to view a file, and in response; accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies; whether the user is permitted to create an unencrypted copy of content from the file; and adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file; decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and receiving another request from the user to create a copy of content from the file, and in response; determining whether the security policy permits the user to create an unencrypted copy of the content from the file; ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for improving security of a file control system, the method comprising:
-
receiving a request from a user to view a file, and in response; accessing a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies; whether the user is permitted to create an unencrypted copy of content from the file; and adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file; decrypting the file to permit the user to view the decrypted version of the file in response to determining that the security policy authorizes the user to view the decrypted version of the file, wherein said decrypting comprises said adding the watermark to the unencrypted copy of the content from the file; and receiving another request from the user to create a copy of content from the file, and in response; determining whether the security policy permits the user to create an unencrypted copy of the content from the file; ensuring that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein said ensuring comprises said adding the watermark to the unencrypted copy of the content from the file; and preventing an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing device for improving security of a file control system, wherein the computing device comprises a processor configured to execute code for:
-
a receiving mechanism configured to receive a request from a user to view a file and to receive another request from the user to create a copy of content from the file; a policy accessing mechanism configured to access a security policy associated with the file to determine whether the security policy authorizes the user to view a decrypted version of the file, wherein the security policy also specifies; whether the user is permitted to create an unencrypted copy of content from the file; and adding a watermark to the unencrypted copy of the content from the file whenever the file is decrypted, wherein the added watermark contains information usable to trace the unencrypted copy of the content from the file back to an origin of the decrypted version of the file; a decrypting mechanism configured to decrypt the file to permit the user to view the decrypted version of the file in response to the receiving mechanism receiving a request from the user to view the file and in response to the policy accessing mechanism determining that the security policy authorizes the user to view the decrypted version of the file, wherein the decrypting mechanism is configured to perform said adding the watermark to the unencrypted copy of the content from the file whenever the decrypting mechanism decrypts the file; and a content-copying mechanism configured to, in response to the receiving mechanism receiving another request from the user to create a copy of content from the file; determine whether the security policy permits the user to create an unencrypted copy of the content from the file; ensure that an unencrypted copy of the content from the file contains the watermark specified by the security policy if the security policy permits the user to create an unencrypted copy of the content from the file, wherein the decrypting mechanism is configured to perform said adding the watermark to the unencrypted copy of the content from the file whenever the decrypting mechanism decrypts the file; and prevent an unencrypted copy of the content from the file from being created if the security policy does not permit the user to create an unencrypted copy of the content from the file. - View Dependent Claims (16, 17, 18, 19)
-
Specification