Unified permissions control for remotely and locally stored files whose informational content may be protected by smart-locking and/or bubble-protection
First Claim
1. A machine readable medium storing instructions for instructing an instructable machine to carry out an access-constraining method for filed that reside either inside or outside the instructable machine, where the instructable machine has an internal, data-providing means that can provide data from an identified one of internal or external, plural digital data files in response to interceptable file-access requests, where each of said files is identifiable by a file name, said machine-implemented, access-constraining method being for protecting data and/or information of said files from unauthorized access by way of unauthorized ones of identifiable programs and/or at the behest of unauthorized, identifiable users, said internal/external access-constraining method comprising:
- (a) intercepting data access attempts made by access requesting programs for data in an identified one of files residing on an identified internal, removable, or external media;
(b) first testing for each intercepted data access attempt, to verify that the identified media on which the requested file resides is currently available, and if not, updating local records which track the current availability of the identified media to indicate the current non-availability of the media;
(c) second testing for each intercepted data access attempt, to determine if access constraining control information is already available internally for the identified file;
(d) if said second testing shows that the access constraining control information is not available in an internal and physically-secure storage area, attempting to securely import the missing, access constraining control information from the removable, or external media of primary residence of the identified file;
(e) if said import attempt shows that the missing, access constraining control information is unavailable, determining explicitly or implicitly if the missing information is necessary for allowing the intercepted access-request to complete normally to provide a grant of the request, and if the missing information is necessary, blocking the intercepted access-request from completing normally and thereby blocking the provision of said grant in response to the intercepted access-request.
2 Assignments
0 Petitions
Accused Products
Abstract
A machine system includes access-constraining mechanisms for protecting the information of certain classes of files from unauthorized intelligible access or from other kinds of access by way of requests supplied from unauthorized classes of programs which may be made at unauthorized periods of time and/or from unauthorized locations and/or under association with unauthorized users. Permission rules are provided for what constitutes an unauthorized access attempt for intelligible or another kind of access to the data of a given file. The given file may be a native one stored in a local machine or an external file stored in a remote server and/or on easily removable media. The machine system includes localizing means for Transparently and Temporarily Localizing (TTL'"'"'ing) external files and their respective access permission rules so that such may be processed within relatively physically-secure confines of the local machine. Such localized processing may include automatic decryption of confidential file data on a per-use basis and automatic later re-encrypting of modified data. Modified ones of TTL'"'"'ed files may be returned back to their non-local home after such processing.
186 Citations
17 Claims
-
1. A machine readable medium storing instructions for instructing an instructable machine to carry out an access-constraining method for filed that reside either inside or outside the instructable machine, where the instructable machine has an internal, data-providing means that can provide data from an identified one of internal or external, plural digital data files in response to interceptable file-access requests, where each of said files is identifiable by a file name, said machine-implemented, access-constraining method being for protecting data and/or information of said files from unauthorized access by way of unauthorized ones of identifiable programs and/or at the behest of unauthorized, identifiable users, said internal/external access-constraining method comprising:
-
(a) intercepting data access attempts made by access requesting programs for data in an identified one of files residing on an identified internal, removable, or external media; (b) first testing for each intercepted data access attempt, to verify that the identified media on which the requested file resides is currently available, and if not, updating local records which track the current availability of the identified media to indicate the current non-availability of the media; (c) second testing for each intercepted data access attempt, to determine if access constraining control information is already available internally for the identified file; (d) if said second testing shows that the access constraining control information is not available in an internal and physically-secure storage area, attempting to securely import the missing, access constraining control information from the removable, or external media of primary residence of the identified file; (e) if said import attempt shows that the missing, access constraining control information is unavailable, determining explicitly or implicitly if the missing information is necessary for allowing the intercepted access-request to complete normally to provide a grant of the request, and if the missing information is necessary, blocking the intercepted access-request from completing normally and thereby blocking the provision of said grant in response to the intercepted access-request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine readable medium storing instructions for instructing an instructable machine to carry out an nonresident file-closing method for files that reside removably or outside the instructable machine, where the instructable machine has an internal, data-providing means that can provide data from an identified one of internal or external, plural digital data files in response to interceptable file-open requests, where each of said files is identifiable by a file name, said machine-implemented, file-closing method being for protecting data and/or information of said nonresident files from unauthorized access by way of unauthorized ones of identifiable programs and/or at the behest of unauthorized, identifiable users, said nonresident file-closing method comprising:
-
(a) intercepting file-closing attempts made by access-completing parts of access-requesting programs, where the original access requests were for data in an identified one of files residing on an identified internal, removable, or external media; (b) first testing for each intercepted file-closing attempt, to verify that the identified media on which the to-be-closed file resides is currently available, and if not, updating local records which track the current availability of the identified media to indicate the current non-availability of the media; (c) second testing for each intercepted file-closing attempt, to determine if access constraining control information is available internally for the identified file; (d) if said second testing shows that the access constraining control information is not available in an internal and physically-secure storage area, determining explicitly or implicitly if the missing, access constraining control information must be locally present for allowing the intercepted file-closing request to complete normally, and if the missing information is necessary, blocking the intercepted file-closing request from completing normally in response to the intercepted file-closing request. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In an automated machine for executing one or more application programs, where the application programs access file data of a plurality of locally and externally stored files by causing interceptable file-OPEN requests and file-CLOSE requests to be sent to an operating system of said machine, and where data within a subset of the plurality of stored files is encrypted or otherwise access constrained;
- an automatic access constraining control mechanism comprising;
(a) OPEN intercept means for intercepting said interceptable file-OPEN requests; (b) selective OPEN continuance means, responsive to the OPEN intercept means, for determining whether an intercepted file-OPEN request is requesting an open of a file for which the request is to be denied based on associated access constrain rules; (c) local-use tracking means, responsive to the selective OPEN continuance means, for determining whether a localized copy of a to-be-opened, nonresident file, and a localized copy of nonresident access constraining rules associated with the to-be-opened, nonresident file, are already present in the machine, and if so, for allowing the intercepted file-OPEN request to continue on its way to the operating system such that the localized file copy will be accessed if so permitted by the localized copy of nonresident access constraining rules; (d) CLOSE intercept means for intercepting said interceptable file-CLOSE requests; and (e) selective CLOSE continuance means, responsive to the OPEN intercept means, for determining whether an intercepted file-CLOSE request is requesting a closing of a file for which the CLOSE request is to be denied based on associated access constrain rules.
- an automatic access constraining control mechanism comprising;
Specification