Secured data format for access control
First Claim
1. A system for providing access control management to electronic data, wherein the electronic data is structured in a format that provides restricted access to the electronic data therein, comprising:
- a module configured to generate a header comprising a plurality of sets of encrypted security information corresponding to respective one of a plurality of groups of users, wherein the encrypted security information comprises a file key and access rules to control the restricted access to the electronic data and configured to generate an encrypted data portion encrypted with a plurality of file keys, each of the file keys corresponding to each of the sets, wherein the header is associated with the encrypted data portion to generate a secured file;
a module configured to obtain a respective one of the file keys associated with a corresponding one of the plurality of groups and to decrypt the set of the plurality of sets of encrypted security information associated with the respective one of the groups to allow access by the respective one of the groups according to the access rules;
a module configured to retrieve the respective one of the file keys from a memory store if the secured file is newly generated and the secured file is being stored in a storage place; and
a module configured to delete the one or more file keys from a memory store as soon as the newly generated secured file is stored in the storage place.
6 Assignments
0 Petitions
Accused Products
Abstract
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
-
Citations
39 Claims
-
1. A system for providing access control management to electronic data, wherein the electronic data is structured in a format that provides restricted access to the electronic data therein, comprising:
-
a module configured to generate a header comprising a plurality of sets of encrypted security information corresponding to respective one of a plurality of groups of users, wherein the encrypted security information comprises a file key and access rules to control the restricted access to the electronic data and configured to generate an encrypted data portion encrypted with a plurality of file keys, each of the file keys corresponding to each of the sets, wherein the header is associated with the encrypted data portion to generate a secured file; a module configured to obtain a respective one of the file keys associated with a corresponding one of the plurality of groups and to decrypt the set of the plurality of sets of encrypted security information associated with the respective one of the groups to allow access by the respective one of the groups according to the access rules; a module configured to retrieve the respective one of the file keys from a memory store if the secured file is newly generated and the secured file is being stored in a storage place; and
a module configured to delete the one or more file keys from a memory store as soon as the newly generated secured file is stored in the storage place. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for providing access control management to electronic data, wherein the electronic data is structured in a format that provides restricted access to the electronic data therein, comprising:
-
a module configured to generate a header including plurality of encrypted file keys and a rule block having N encrypted segments, each of the N encrypted segments including a plurality of access rules facilitating the restricted access to a file including the electronic data, wherein N>
=1 and an encrypted data portion including the electronic data encrypted according to a predetermined cipher;wherein the header is associated with the encrypted data portion to generate a secured file, and the file key can be retrieved to decrypt the encrypted data portion only when one of the respective Plurality of access rules in one of the N encrypted segments are measured successfully against access privileges associated with a one of a respective plurality of groups of designated users accessing the secured file; a module configured to retrieve the respective one of the file keys from a memory store if the secured file is newly generated and being stored in a storage place; and a module configured to delete the one or more file keys from a memory store as soon as the newly generated secured file is stored in the storage place. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. In a system for providing access control management to electronic data, wherein the electronic data is structured in a format that provides restricted access to the electronic data therein, a method for generating the format, comprising:
-
obtaining one of a plurality of file keys; encrypting the electronic data with one of a plurality of file keys according to a predetermined cipher to produce plurality of encrypted data portions; integrating a header comprising a plurality of sets of encrypted security information with the encrypted data portion to generate a secured file, wherein the encrypted security information comprises the file key and access rules to control the restricted access to the electronic data in the secured file, each set of the plurality of sets of encrypted security information associated with a corresponding one of a plurality of groups of users; if the secured file is being stored in a storage place, retrieving the file key from a memory store; and deleting the file key from a memory store as soon as the secured file is stored in the storage place. - View Dependent Claims (35, 36, 37, 38, 39)
-
Specification