Multiple user stored data cryptographic labeling system and method

US 5,052,040 A
Filed: 05/25/1990
Issued: 09/24/1991
Est. Priority Date: 05/25/1990
Status: Expired due to Term

First Claim

Patent Images

1. A method of cryptographically labeling a data file of electronically stored data comprising the steps of:

generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;

generating at least one other field of said label, said field having portions to identify individual users and portions to identify the rights unique to each said user;

prefixing said label to the file;

encrypting the file in accordance with the control variables in said first field; and

allowing access to said file for any user only in accordance with said rights preidentified in a field of said file identified with said user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed a system and method of extending the labels on an encryption technique so that different users can utilize the same files under different rights established by both the user and the system administrator. This system and method take advantage of an extension of the file label which contains configuration capabilities and user rights and privileges to that file. The extended labeling is expandable so that several users can each be identified having specific rights and specific encryption capability with respect to the file.

Citations

19 Claims

1. A method of cryptographically labeling a data file of electronically stored data comprising the steps of:
- generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;
  
  generating at least one other field of said label, said field having portions to identify individual users and portions to identify the rights unique to each said user;
  
  prefixing said label to the file;
  
  encrypting the file in accordance with the control variables in said first field; and
  
  allowing access to said file for any user only in accordance with said rights preidentified in a field of said file identified with said user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method set forth in claim 1 further comprising the step of:
    - adding a portion to said other field associated with each identified user identifying rights assigned to said user by a system in which said data is being stored.
  - 3. The method set forth in claim 2 further comprising the step of:
    - generating a field of said label for controlling at least one alternate encryption/decryption technique for said associated file.
  - 4. The method set forth in claim 1 further comprising the step of:
    - adding a portion to said other field associated with each identified user identifying rights assigned to said user by another user.
  - 5. The method set forth in claim 1 further comprising the steps of:
    - encrypting said first field of said label in accordance with further control variables in a second field of said label.
  - 6. The method set forth in claim 1 further comprising the steps of:
    - providing a system for encrypting and decrypting the data file, wherein said encrypting is accomplished by using a reversible function.

7. A system for cryptographically labeling a data file of electronically stored data comprising:
- means for generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;
  
  means for generating at least one other field of said label, said field having portions to identify individual users and portions to identify the rights unique to each said user;
  
  means for prefixing said label to the file;
  
  means for encrypting the file in accordance with the control variables in said first field; and
  
  means for allowing access to said file for any user only in accordance with said rights preidentified in a field of said file identified with said user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system set forth in claim 7 further comprising:
    - means for adding a portion to said other field associated with each identified user'"'"'s identifying rights assigned to said user by a system in which said data is being stored.
  - 9. The system set forth in claim 8 further comprising:
    - means for generating a field of said label for controlling at least one alternate encryption/decryption technique for said associated file.
  - 10. The system set forth in claim 9 further comprising:
    - means for encrypting said first field of said label in accordance with further control variables in a second field of said label.
  - 11. The system set forth in claim 10 further comprising:
    - means for encrypting and decrypting the data file, wherein said encrypting is accomplished by a reversible function.
  - 12. The system set forth in claim 7 further comprising:
    - means for adding a portion to said other field associated with each identified user identifying rights assigned to said user by another user.

13. A system for encryption of a data file, said system comprising:
- means for generating a label for storage with each said data file;
  
  said label having an expandable field for controlling encryption and decryption of data to and from said file, said expandable field including;
  
  at least one user identification portion and a user rights portion associated with each said user identification portion;
  
  said user rights portion created under control of said user; and
  
  a user privileges portion associated with each said user;
  
  said user privileges portion created independent of said user.
- View Dependent Claims (14)
- - 14. The system set forth in claim 13 wherein said user rights portion includes means for establishing the decryption technique to be used with any particular data file.

15. A security system for use with data processing systems where labels are associated with each data file, said system including:
- means for establishing in a field of each said label, on a data file by data file basis, a unique identification of the encryption/decryption technique to be used with said file;
  
  means for encrypting and decrypting a particular data file in accordance with the encryption/decryption technique specified in said label associated with said data file; and
  
  means for controlling said established field by a creator of said data file.

16. A computer system including a CPU and a memory having files stored therein and accessible by at least one user, said system including an arrangement for controlling access to said files, said arrangement including cryptographically labeling a file of electronically stored data comprising:
- means for generating a file label comprising a first field containing control variables for encrypting and decrypting said file;
  
  means for generating at least one other field of said label, said field having portions to identify individual users and portions to identify the rights unique to each said user;
  
  means for prefixing said label to the file;
  
  means for encrypting the file in accordance with the control variables in said first field; and
  
  means for allowing access to said file for any user only in accordance with said rights preidentified in a field of said file identified with said user.
- View Dependent Claims (17, 18, 19)
- - 17. The system set forth in claim 16 further comprising:
    - means for adding a portion to said other field associated with each identified user'"'"'s identifying rights assigned to said user by a system in which said data is being stored.
  - 18. The system set forth in claim 16 further comprising:
    - means for generating a field of said label for controlling at least one alternate encryption/decryption technique for said associated file.
  - 19. The system set forth in claim 16 further comprising:
    - means for adding a portion to said other field associated with each identified user identifying rights assigned to said user by another user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Micronyx, Inc.
Inventors
Preston, Harold W., Rush, Jeffrey R.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
GREGORY, BERNARR E

Application Number

US07/529,107
Time in Patent Office

487 Days
Field of Search

364/200, 364/900, 380/3, 380/4, 380/23-25, 380/45-47, 380/49, 380/50, 340/825.31, 340/825.34
US Class Current

713/165
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 2221/2141   Access rights, e.g. capabil...

Multiple user stored data cryptographic labeling system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple user stored data cryptographic labeling system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links