Protection against unintentional file changing

US 7,231,050 B1
Filed: 01/05/2001
Issued: 06/12/2007
Est. Priority Date: 07/21/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

identifying a user using unique information;

encrypting a first plurality of files in a computer using a first encryption key that is associated with said user;

responsive to said identifying, using a program and a first decryption key, corresponding to said first encryption key, to allow changes to be made to any of said first plurality of files associated with said user;

allowing reading of said first plurality of files using a second, recovery decryption key to decrypt the files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encrypted file system that uses the encryption of files in a computer to restrict access to the files. Encrypted files are associated with a user. A decryption key is required in order to allow changes to be made to any of those files. Other files, such as those files which are less sensitive, may be unencrypted, and may be accessed even when the user is unavailable. These files may be read only files. A duplicate decryption technique may be allowed to allow access to the files, if the decryption key becomes unavailable. Certificates can verify access to the different files.

48 Citations

View as Search Results

19 Claims

1. A method, comprising:
- identifying a user using unique information;
  
  encrypting a first plurality of files in a computer using a first encryption key that is associated with said user;
  
  responsive to said identifying, using a program and a first decryption key, corresponding to said first encryption key, to allow changes to be made to any of said first plurality of files associated with said user;
  
  allowing reading of said first plurality of files using a second, recovery decryption key to decrypt the files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as in claim 1, wherein said unique information includes a user password.
  - 3. A method as in claim 1, wherein said unique information includes a unique number indicative of hardware in the computer system.
  - 4. A method as in claim 1, further comprising designating a second plurality of files on the computer as read only, and storing unencrypted information in said read only files, but not allowing any changes to said read only files.
  - 5. A method as in claim 4, further comprising establishing a plurality of special files within said plurality of files, said special files being unencrypted read/write files, and establishing special security measures for said special files.
  - 6. A method as in claim 5, wherein said security measures include determining whether a specified program is actually accessing the file, and only allowing file access by said specified program.
  - 7. A method as in claim 1, further comprising detecting certain kinds of accesses based on specified security criteria, and maintaining a log of said accesses including information about a program that made said accesses.
  - 8. A method as in claim 1, further comprising selecting a first file, and designating said file as being encrypted, to change an encryption status of said first file.

9. A computer, comprising:
- a processor;
  
  a file accessing element, controlled by a controlling operation, said file accessing part encrypts certain files in the computer in a way that prevents access to specified files but allows access to other files unless first file decryption information is used to allow access to first encrypted files; and
  
  wherein said file accessing part also allows access to said specified files using second file decryption information to decrypt said certain files, said second file decryption information being different than said first file decryption information, where said second file decryption information is a recovery key intended for recovering said specified files if said first file decryption information is unavailable.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A computer as in claim 9, wherein said file accessing element allows access to all read only files, and prevents access to read/write files without said unique information.
  - 11. A computer as in claim 10, wherein said file accessing element allows access to certain read write files which are designated as being special, and also conducts a security check before allowing said access to said read write files.
  - 12. A computer as in claim 9, wherein said encrypting comprises obtaining personal information from a user, and using said personal information to form encryption and/or decryption operations.
  - 13. A computer as in claim 12, wherein said personal information is a password.
  - 14. A computer as in claim 9, further comprising a file storage part which includes removable memory, and wherein an encrypted file is decrypted prior to writing to said removable memory.
  - 15. A computer as in claim 9, wherein said file accessing element is part of an operating system.

16. A method comprising:
- identifying a first user;
  
  using an operating system associated program of a computer to designate a first plurality of files in a computer, as being associated with said first user and to encrypt said first plurality of files using a first encryption key that is associated with said first user;
  
  responsive to said identifying, using said operating system associated program in said computer to allow said first user to make any changes to any of said first plurality of files using said first encryption key associated with said first user to decrypt said first plurality of files, and to prevent reading contents of said first plurality of read/write files when said first user is not identified;
  
  identifying a second user;
  
  using an operating system associated program of a computer to designate a second plurality of files in a computer, as being associated with said second user and to encrypt said second plurality of files using a second encryption key that is associated with said second user;
  
  responsive to said identifying, using said operating system associated program in said computer to allow said second user to make any changes to any of said second plurality using said second encryption key associated with said second user to decrypt said second plurality of files, and to prevent reading contents of said second plurality of read/write files when said second user is not identified;
  
  allowing other unencrypted files on said system to be read when said first and second user is not identified, but preventing writing to said other unencrypted files;
  
  establishing special files on said system which are unencrypted but which can be written to and read by the system only after a specified security operation; and
  
  allowing reading of said first or second plurality of files using a separate, recovery decryption key to decrypt the files different than said first or second decryption key, and which is intended for recovery of files when said first or second decryption key becomes unavailable.

17. A method, comprising:
- obtaining an encryption and decryption code associated with a user of the computer system;
  
  determining specified files on the computer system having been designated as being encrypted; and
  
  encrypting said specified files on said computer system, using an encryption key that can be decrypted using either said decryption code for said user or with a second, recovery decryption key to decrypt said specified files, different than said first decryption key, and which is intended for recovery of files when said first decryption key becomes unavailable.
- View Dependent Claims (18, 19)
- - 18. A method as in claim 17, wherein encryption and decryption information is stored on a smart card.
  - 19. A method as in claim 17, further comprising identifying a user using a code from a biometric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Scott C Harris
Original Assignee
Illinois Computer Research LLC
Inventors
Harris, Scott C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Ellen C.

Application Number

US09/755,452
Time in Patent Office

2,349 Days
Field of Search

380/277, 380/286, 713182-185, 713/200, 395/600, 726/26, 726/28, 726/30, 726/2
US Class Current

380/286
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2147   Locking files

H04L 2209/60   Digital content management,...

H04L 9/0866   involving user or device id...

H04L 9/0897   involving additional device...

Protection against unintentional file changing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Protection against unintentional file changing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links