POLICY GROUP BASED FILE PROTECTION SYSTEM, FILE PROTECTION METHOD THEREOF, AND COMPUTER READABLE MEDIUM

US 20150188910A1
Filed: 12/26/2013
Published: 07/02/2015
Est. Priority Date: 12/26/2013
Status: Abandoned Application

First Claim

Patent Images

1. A policy group based file protection method, adapted for a file protection system, which is used to have at least one client connecting to a server through an internet, and to protect a file, the file protection method comprising:

executing a file management driver on a client device associated with the client;

establishing a connection between the client device and the server, and transmitting an identity data of the client to the server, wherein the identity data comprises of an account data of the client and a device identification data of the client device;

the server determining whether the client belongs to a policy group according to the identity data;

when the server determines that the client belongs to the policy group, the server transmits a certificate corresponding to the policy group to the client device; and

when the file management driver of the client device detects a request from a file access application installed in the client device, for executing a file open procedure and opening the file, the file management driver determines whether to allow the file access application to execute the file open procedure and accessing the file based on the certificate received.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy group based file protection method is provided and includes the following steps. A file management driver is executed on the client device of the client. The identity data associated with a client is transmitted to the server when connection between the client and the server is established. The server determines whether the client belongs to a policy group according to the identity data. When the server determines that the client belongs to a policy group, the server transmits a certificate of the policy group to the client device. When the file management driver detects a request for executing a file open procedure, the file management driver determines whether to allow a file access application executing the file open procedure and opening the file based on the certificate received, wherein the request is executed by the file access application installed in the client device.

42 Citations

View as Search Results

14 Claims

1. A policy group based file protection method, adapted for a file protection system, which is used to have at least one client connecting to a server through an internet, and to protect a file, the file protection method comprising:
- executing a file management driver on a client device associated with the client;
  
  establishing a connection between the client device and the server, and transmitting an identity data of the client to the server, wherein the identity data comprises of an account data of the client and a device identification data of the client device;
  
  the server determining whether the client belongs to a policy group according to the identity data;
  
  when the server determines that the client belongs to the policy group, the server transmits a certificate corresponding to the policy group to the client device; and
  
  when the file management driver of the client device detects a request from a file access application installed in the client device, for executing a file open procedure and opening the file, the file management driver determines whether to allow the file access application to execute the file open procedure and accessing the file based on the certificate received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14)
- - 2. The file protection method according to claim 1, further comprising:
    - when the server determines that the client does not belong to the policy group, the server transmits an invalid identity message to the client device and the invalid identity message is displayed on a first operation interface of the client device.
  - 3. The file protection method according to claim 1, further comprising:
    - when the file management driver allows the client device to execute the file open procedure and access the file based on the certificate received, the file management driver operatively causes a file decryption program to execute a file decryption procedure and decrypt the file using the certificate received; and
      
      the file management driver permitting the file access application to open the file through the file open procedure.
  - 4. The file protection method according to claim 3, further comprising:
    - when the file management driver determines to not allow the file access application to execute the file open procedure to open the file based on the certificate received, the file management driver causes the client device to transmit a file access request of the file and the identity data to the server; and
      
      when the server determines that the file does not belong to the policy group according to the file access request and an access control list, the server transmits an invalid identity message to the client device.
  - 5. The file protection method according to claim 3, wherein the step of executing the file decryption procedure, further comprises:
    - the file decryption program accessing a memory unit of the client device to obtain a first decryption key corresponding to the file stored therein;
      
      the file decryption program obtaining a second decryption key of the policy group based on the certificate; and
      
      the file decryption program executing the file decryption procedure to decrypt the file according to the first decryption key and the second decryption key.
  - 6. The file protection method according to claim 3, wherein the step after opening the file, further comprises:
    - the file management driver determining whether the client device is executing a file closing procedure through the file access application;
      
      when the file management driver determines that the client device is executing the file closing procedure corresponding to the file, the file management driver drives a file encryption program to execute a file encryption procedure based on the certificate;
      
      the file encryption program generating a first encryption key corresponding to the file during the execution of the file encryption procedure;
      
      the file encryption program generating a second encryption key corresponding to the policy group according to the certificate; and
      
      the file encryption program executing the file encryption procedure to encrypt the file with an encryption data by using the first encryption key and the second encryption key.
  - 7. The file protection method according to claim 6, wherein the file encryption program generates the first encryption key using a symmetric encryption algorithm, and generates the second encryption key based on the certificate using an asymmetric encryption algorithm.
  - 8. The file protection method according to claim 1, wherein the step of connecting the client and the server, further comprises:
    - when the client is unable to connect to the server, the file management driver executes an offline working procedure;
      
      when the file management driver determines that the client is accessing the file with the file open procedure using the client device, the file management driver determines whether to allow the client device to execute the file open procedure and access the file according to an offline certificate stored in the client device; and
      
      when the file management driver allows the client device to the file according to the offline certificate, the file management driver drives a file decryption program to execute a file decryption procedure according to the offline certificate.
  - 9. The file protection method according to claim 8, wherein the step of the file management driver determining whether to allow the client device to execute the file open procedure and access the file according on the offline certificate, further comprising:
    - the file management driver determining whether an expiration date of the offline certificate is within a predefined file access expiration date; and
      
      when the file management driver determines that the expiration date of the offline certificate exceeds the predefined file access expiration date, prohibits the client device from executing the file open procedure and opening the file, and displays a file access prohibited message is on the client device.
  - 14. A computer readable recording medium, wherein the computer readable recording medium stores a computer executable program, when the computer readable recording medium is read by a processor, the processor executes the computer executable program and implements the steps according to claim 1.

10. A policy group based file protection system, comprising:
- a server having a certificate corresponds to at least one policy group stored therein; and
  
  at least one client having a client device comprising;
  
  a file management driver, configured for transmitting an identity data of the client device to the server so as to obtain the certificate corresponding to policy group, and the file management driver determining whether to allow the client device to access a file belonging to the policy group according to the certificate.a first memory unit, storing the certificate and the identity data, wherein the identity data comprises of an account data of the client and a device identification data of the client device; and
  
  a first processing unit, coupled to the first memory unit, operatively executing the file management driver;
  
  wherein when the file management driver is executed, the file management driver operative to transmit the identity data to the server, and the server determines whether the client belongs to the policy group according to the identity data;
  
  wherein when the server determines that the client belongs to the policy group, the server transmits the certificate corresponding to the policy group to the client device;
  
  wherein while the file management driver is executed, the file management driver operatively determines whether to allow a file access application executing the file open procedure accessing the file based on the certificate received, upon detecting a request for executing a file open procedure, wherein the file access application installed in the client device.
- View Dependent Claims (11, 12, 13)
- - 11. The file protection system according to claim 10, wherein the client device further comprising:
    - a file encryption program, configured for operatively executing a file encryption procedure to encrypt the file with an encryption data while the first processing unit executing the file management driver;
      
      a file decryption program, configured for operatively executing a file decryption procedure to decrypt the file while the first processing unit is executed by the file management driver; and
      
      a first communication unit, configured for connecting to the server.
  - 12. The file protection system according to claim 10, wherein the client device further comprising:
    - a first operation interface, configure for providing the client to input an account data;
      
      wherein, when the server determines that the client does not belong to the policy group, the server transmits a message of an invalid identity to the client device and displayed on the first operation interface.
  - 13. The file protection system according to claim 12, wherein the server further comprising:
    - a second operation interface, configured for an operator to input a configuration data corresponding to the policy group and operatively generating a policy group data, wherein the policy group data comprises the identity data of the client an access control list, and the certificate of the policy group;
      
      wherein the server determines whether the file belongs to the policy group according to the access control list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iswind Digital Engineering Incorporated
Original Assignee
Iswind Digital Engineering Incorporated
Inventors
TSAI, RAPHAEL

Application Number

US14/141,363
Publication Number

US 20150188910A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/6209   to a single file or object,...

H04L 63/0823   using certificates cryptogr...

H04L 63/205   involving negotiation or de...

POLICY GROUP BASED FILE PROTECTION SYSTEM, FILE PROTECTION METHOD THEREOF, AND COMPUTER READABLE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY GROUP BASED FILE PROTECTION SYSTEM, FILE PROTECTION METHOD THEREOF, AND COMPUTER READABLE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links