Protection against unintentional file changing
First Claim
Patent Images
1. A method, comprising:
- identifying a user using unique information;
encrypting a first plurality of files in a computer using a first encryption key that is associated with said user;
responsive to said identifying, using a program and a first decryption key, corresponding to said first encryption key, to allow changes to be made to any of said first plurality of files associated with said user;
allowing reading of said first plurality of files using a second, recovery decryption key to decrypt the files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable.
2 Assignments
0 Petitions
Accused Products
Abstract
An encrypted file system that uses the encryption of files in a computer to restrict access to the files. Encrypted files are associated with a user. A decryption key is required in order to allow changes to be made to any of those files. Other files, such as those files which are less sensitive, may be unencrypted, and may be accessed even when the user is unavailable. These files may be read only files. A duplicate decryption technique may be allowed to allow access to the files, if the decryption key becomes unavailable. Certificates can verify access to the different files.
48 Citations
19 Claims
-
1. A method, comprising:
-
identifying a user using unique information; encrypting a first plurality of files in a computer using a first encryption key that is associated with said user; responsive to said identifying, using a program and a first decryption key, corresponding to said first encryption key, to allow changes to be made to any of said first plurality of files associated with said user; allowing reading of said first plurality of files using a second, recovery decryption key to decrypt the files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer, comprising:
-
a processor; a file accessing element, controlled by a controlling operation, said file accessing part encrypts certain files in the computer in a way that prevents access to specified files but allows access to other files unless first file decryption information is used to allow access to first encrypted files; and wherein said file accessing part also allows access to said specified files using second file decryption information to decrypt said certain files, said second file decryption information being different than said first file decryption information, where said second file decryption information is a recovery key intended for recovering said specified files if said first file decryption information is unavailable. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
identifying a first user; using an operating system associated program of a computer to designate a first plurality of files in a computer, as being associated with said first user and to encrypt said first plurality of files using a first encryption key that is associated with said first user; responsive to said identifying, using said operating system associated program in said computer to allow said first user to make any changes to any of said first plurality of files using said first encryption key associated with said first user to decrypt said first plurality of files, and to prevent reading contents of said first plurality of read/write files when said first user is not identified; identifying a second user; using an operating system associated program of a computer to designate a second plurality of files in a computer, as being associated with said second user and to encrypt said second plurality of files using a second encryption key that is associated with said second user; responsive to said identifying, using said operating system associated program in said computer to allow said second user to make any changes to any of said second plurality using said second encryption key associated with said second user to decrypt said second plurality of files, and to prevent reading contents of said second plurality of read/write files when said second user is not identified; allowing other unencrypted files on said system to be read when said first and second user is not identified, but preventing writing to said other unencrypted files; establishing special files on said system which are unencrypted but which can be written to and read by the system only after a specified security operation; and allowing reading of said first or second plurality of files using a separate, recovery decryption key to decrypt the files different than said first or second decryption key, and which is intended for recovery of files when said first or second decryption key becomes unavailable.
-
-
17. A method, comprising:
-
obtaining an encryption and decryption code associated with a user of the computer system; determining specified files on the computer system having been designated as being encrypted; and encrypting said specified files on said computer system, using an encryption key that can be decrypted using either said decryption code for said user or with a second, recovery decryption key to decrypt said specified files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable. - View Dependent Claims (18, 19)
-
Specification