System and method for providing manageability to security information for secured items
First Claim
1. A computer readable storage medium having stored thereon computer program code, that if executed by a processor, causes the processor to access a secured item among a plurality of secured items by a method, the method comprising:
- obtaining the secured item to be accessed, the secured item having a header portion and a data portion;
retrieving a security information pointer from the header portion of the secured item, wherein each of the plurality of secured items has the same security information pointer as the secured item, such that the plurality of secured items share common security information, wherein the security information includes at least an access rule and user privileges;
obtaining security information for the secured item using the security information pointer; and
permitting access to the secured item to the extent permitted by the security information, wherein the permitting comprises;
retrieving a file key from the header portion;
decrypting the data portion of the secured item using the file key;
retrieving at least one access rule from the security information; and
determining whether a requestor is permitted to access the secured item based on the at least one access rule and characteristics of the requestor.
5 Assignments
0 Petitions
Accused Products
Abstract
Improved approaches for accessing secured digital assets (e.g., secured items) are disclosed. In general, digital assets that have been secured (secured digital assets) can only be accessed by authenticated users with appropriate access rights or privileges. Each secured digital asset is provided with a header portion and a data portion, where the header portion includes a pointer to separately stored security information. The separately stored security information is used to determine whether access to associated data portions of secured digital assets is permitted. These improved approaches can facilitate the sharing of security information by various secured digital assets and thus reduce the overall storage space for the secured digital assets. These improved approaches can also facilitate efficient management of security for digital assets.
508 Citations
32 Claims
-
1. A computer readable storage medium having stored thereon computer program code, that if executed by a processor, causes the processor to access a secured item among a plurality of secured items by a method, the method comprising:
-
obtaining the secured item to be accessed, the secured item having a header portion and a data portion; retrieving a security information pointer from the header portion of the secured item, wherein each of the plurality of secured items has the same security information pointer as the secured item, such that the plurality of secured items share common security information, wherein the security information includes at least an access rule and user privileges; obtaining security information for the secured item using the security information pointer; and permitting access to the secured item to the extent permitted by the security information, wherein the permitting comprises; retrieving a file key from the header portion; decrypting the data portion of the secured item using the file key; retrieving at least one access rule from the security information; and determining whether a requestor is permitted to access the secured item based on the at least one access rule and characteristics of the requestor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for accessing a secured item among a plurality of secured items, the secured item having a header portion and an encrypted data portion, the header portion including a security information pointer and a file key, wherein each of the plurality of secured items has the same security information pointer as the secured item, such that the plurality of secured items share common security information, the system comprising:
-
a storage device configured to store the security information for the plurality of secured items, wherein the security information includes at least an access rule and user privileges; a first decryption module configured to; receive the security information pointer from the header portion of the secured item; receive the file key from the header portion of the secured item; and receive at least one access rule from the security information; an access analyzer operatively connected coupled to the storage device, the access analyzer configured to determine whether the encrypted data portion is permitted to be accessed by a requestor based on the security information, wherein the access analyzer determines whether the encrypted data portion is permitted to be accessed by the requestor based on the at least one access rule and characteristics of the requestor; and a second decryption module coupled to the access analyzer, the second decryption module configured to decrypt the encrypted data portion using the file key to produce an unencrypted data portion that the requestor is able to access, provided the access analyzer determines that the encrypted data portion is permitted to be accessed by the requestor. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method for accessing a secured file stored in a storage device, comprising:
-
obtaining the secured file to be accessed, the secured file having a header portion and a data portion, wherein the storage device is configured to store security information for a plurality of secured items, wherein the security information includes at least access rules; retrieving a security information pointer from the header portion of the secured file, wherein the plurality of secured items have the same security information pointer as the secured file, such that the plurality of secured items share the security information; obtaining, from the storage device, security information for the secured file using the security information pointer; and permitting access to the secured file to the extent permitted by the security information, wherein the permitting comprises; retrieving a file key from the header portion; decrypting the data portion of the secured file using the file key; retrieving at least one access rule from the security information; and determining whether a requestor is permitted to access the secured file based on the at least one access rule and requestor characteristics. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification