Hybrid systems for securing digital assets

US 7,577,838 B1
Filed: 12/20/2002
Issued: 08/18/2009
Est. Priority Date: 12/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method for accessing a file in a store, the method comprising:

intercepting an access request from a user to access the file;

determining if the file is an encrypted file;

determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;

evaluating one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to the determination that the user is authorized to access the encrypted file;

retrieving a key in response to the evaluation indicating that the one or more access policies is met;

decrypting the encrypted file using the key; and

passing the decrypted file to the user.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Digital assets (e.g., files) are protected with a combination of more than one type of applicable security means. Techniques are developed to determine which of the security means to enforce in accordance with an access policy or policies when an access request is received. According to one embodiment, an interpreter or an access control module intercepts an access request from a requestor to access a secured file. The access control module is configured to determine if the access request is to be granted or denied to enforce security of the file through an access control technique and a cryptographic technique; and when the access request is granted, a key is retrieved to proceed with the access request.

482 Citations

29 Claims

1. A method for accessing a file in a store, the method comprising:
- intercepting an access request from a user to access the file;
  
  determining if the file is an encrypted file;
  
  determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;
  
  evaluating one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to the determination that the user is authorized to access the encrypted file;
  
  retrieving a key in response to the evaluation indicating that the one or more access policies is met;
  
  decrypting the encrypted file using the key; and
  
  passing the decrypted file to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the determining if the user is authorized to access the encrypted file comprises determining if the user is listed on an access control list (ACL).
  - 3. The method of claim 1, wherein the intercepting the access request comprises determining if the file is unsecured.
  - 4. The method of claim 1, wherein the evaluating the one or more access policies comprises evaluating a location of the user.
  - 5. The method of claim 1, wherein the evaluating the one or more access policies comprises evaluating the one or more access policies with respect to a time the access request is made.
  - 6. The method of claim 1, whereineach of the access policies includes rule items;
    - andevaluating the one or more access policies comprises comparing each of the rule items logically with at least one of parameters pertaining to the access privilege of the user.
  - 7. The method of claim 6, wherein said comparing of the rule items logically with at least one of the parameters comprises:
    - producing a success if the comparing indicates a respective one of the parameters is within a definition of a corresponding of the rule items;
      
      producing a failure if the comparing indicates a respective one of the parameters is not within or is beyond the definition of the corresponding of the rule items; and
      
      repeating the comparing until each rule item has been tested against its respective parameters.
  - 8. The method as recited in claim 7, wherein the comparing of the at least one of the parameters and the rule items is considered successful when each comparing produces a success result.
  - 9. The method as recited in claim 7, wherein the comparing of the at least one of the parameters and the rule items is considered not successful when a failure results from any of the comparing.
  - 10. The method of claim 1, wherein said retrieving a key comprises using a cryptographic technique and prompting to the user for a password.
  - 11. The method of claim 10, wherein using the cryptographic technique comprises using the password to decrypt a file containing the key.
  - 12. The method of claim 1, wherein the retrieving a key comprises automatically receiving the key associated with the user.
  - 13. The method of claim 1, wherein an operation of the method is transparent to the user.

14. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to control access to a file in a store by a method, comprising:
- intercepting an access request from a user to access the file;
  
  determining if the file is an encrypted file;
  
  determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;
  
  evaluating one or more access policies associated with the encrypted file or the store with respect to an access privilege of the user in response the determination that the user is authorized to access the encrypted file;
  
  retrieving a key in response to the evaluation indicating that the one or more access policies is met;
  
  decrypting the encrypted file using the key; and
  
  passing the decrypted file to the user.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The tangible computer-readable medium of claim 14, wherein determining if the user is authorized to access the encrypted file comprises determining if the user is listed on an access control list (ACL).
  - 16. The tangible computer-readable medium of claim 14, wherein the intercepting the access request comprises determining if the file is unsecured.
  - 17. The tangible computer-readable medium of claim 14, wherein the evaluating the one or more access policies comprises evaluating a location of the user.
  - 18. The tangible computer-readable medium of claim 14, wherein the evaluating the one or more access policies comprises evaluating the one or more access policies with respect to a time the access request is made.
  - 19. The tangible computer-readable medium of claim 14, wherein each of the access policies includes rule items;
    - and evaluating the one or more access policies comprises comparing each of the rule items logically with at least one of parameters pertaining to the access privilege of the user.
  - 20. The tangible computer-readable medium of claim 19, wherein said comparing of the rule items logically with respective parameters comprises:
    - producing a success if the comparing indicates a respective one of the parameters is within a definition of a corresponding of the rule items;
      
      producing a failure if the comparing indicates a respective one of the parameters is not within or is beyond the definition of the corresponding of the rule items; and
      
      repeating the comparing until each rule item has been tested against its respective parameters.
  - 21. The tangible computer-readable medium of claim 20, wherein the comparing of the respective parameters and the rule items is successful when each comparing is a success.
  - 22. The tangible computer-readable medium of claim 20, wherein the comparing of the respective parameters and the rule items is not successful when a failure results from any of the comparing.
  - 23. The tangible computer-readable medium of claim 14, wherein the retrieving a key comprises using a cryptographic technique and prompting the user to provide a password.
  - 24. The tangible computer-readable medium of claim 23, wherein said using the cryptographic technique comprises decrypting a file containing the key using the password.
  - 25. The tangible computer-readable medium of claim 14, wherein the retrieving a key comprises automatically receiving the key associated with the user.

26. A tangible computer-readable medium having instructions stored thereon, the instructions comprising:
- instructions to intercept an access request from a user to access a file in a store;
  
  instructions to determine if the file is an encrypted file;
  
  instructions to determine if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;
  
  instructions to evaluate one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the encrypted file;
  
  instructions to retrieve a key in response to the evaluation that indicates that the one or more access policies is met;
  
  instructions to decrypt the encrypted file using the key; and
  
  instructions to pass the decrypted file to the user.

27. A computer-implemented system comprising:
- a computer-readable storage medium configured to store a file; and
  
  an access control management module which if executed by a computing device of the computer-implemented system, causes the computing device to;
  
  intercept an access request from a user to access the file;
  
  determine if the file is an encrypted file;
  
  determine if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;
  
  evaluate one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the encrypted file;
  
  retrieve a key in response to an evaluation that indicates one or more access policies is met;
  
  decrypt the encrypted file using the key; and
  
  pass the decrypted file to the user.

28. A method for accessing a file in a store, the method comprising:
- intercepting a file access request from a user;
  
  determining if the store is a protected store;
  
  if the file is stored in the protected store, determining if the user is authorized to access the store;
  
  evaluating one or more access policies imposed upon the file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the store;
  
  retrieving a key in response to the evaluating indicates that the one or more access policies is met;
  
  using the key to unsecure the file; and
  
  passing the unsecured file to the user.
- View Dependent Claims (29)
- - 29. The method of claim 28, wherein the determining if the file is stored in a protected store comprises examining a path where the requested file resides.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Rossmann, Alain
Primary Examiner(s)
Song; Hosuk

Application Number

US10/325,013
Time in Patent Office

2,433 Days
Field of Search

726 1- 2, 726 26- 30, 713165-167, 713/189, 713/193
US Class Current

713/165
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Hybrid systems for securing digital assets

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

482 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid systems for securing digital assets

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

482 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links