Hybrid systems for securing digital assets
First Claim
1. A method for accessing a file in a store, the method comprising:
- intercepting an access request from a user to access the file;
determining if the file is an encrypted file;
determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted;
evaluating one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to the determination that the user is authorized to access the encrypted file;
retrieving a key in response to the evaluation indicating that the one or more access policies is met;
decrypting the encrypted file using the key; and
passing the decrypted file to the user.
6 Assignments
0 Petitions
Accused Products
Abstract
Digital assets (e.g., files) are protected with a combination of more than one type of applicable security means. Techniques are developed to determine which of the security means to enforce in accordance with an access policy or policies when an access request is received. According to one embodiment, an interpreter or an access control module intercepts an access request from a requestor to access a secured file. The access control module is configured to determine if the access request is to be granted or denied to enforce security of the file through an access control technique and a cryptographic technique; and when the access request is granted, a key is retrieved to proceed with the access request.
482 Citations
29 Claims
-
1. A method for accessing a file in a store, the method comprising:
-
intercepting an access request from a user to access the file; determining if the file is an encrypted file; determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted; evaluating one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to the determination that the user is authorized to access the encrypted file; retrieving a key in response to the evaluation indicating that the one or more access policies is met; decrypting the encrypted file using the key; and passing the decrypted file to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to control access to a file in a store by a method, comprising:
-
intercepting an access request from a user to access the file; determining if the file is an encrypted file; determining if the user is authorized to access the encrypted file in response to the determination that the file is encrypted; evaluating one or more access policies associated with the encrypted file or the store with respect to an access privilege of the user in response the determination that the user is authorized to access the encrypted file; retrieving a key in response to the evaluation indicating that the one or more access policies is met; decrypting the encrypted file using the key; and passing the decrypted file to the user. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A tangible computer-readable medium having instructions stored thereon, the instructions comprising:
- instructions to intercept an access request from a user to access a file in a store;
instructions to determine if the file is an encrypted file; instructions to determine if the user is authorized to access the encrypted file in response to the determination that the file is encrypted; instructions to evaluate one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the encrypted file; instructions to retrieve a key in response to the evaluation that indicates that the one or more access policies is met; instructions to decrypt the encrypted file using the key; and instructions to pass the decrypted file to the user.
- instructions to intercept an access request from a user to access a file in a store;
-
27. A computer-implemented system comprising:
-
a computer-readable storage medium configured to store a file; and an access control management module which if executed by a computing device of the computer-implemented system, causes the computing device to; intercept an access request from a user to access the file; determine if the file is an encrypted file; determine if the user is authorized to access the encrypted file in response to the determination that the file is encrypted; evaluate one or more access policies imposed upon the encrypted file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the encrypted file; retrieve a key in response to an evaluation that indicates one or more access policies is met; decrypt the encrypted file using the key; and pass the decrypted file to the user.
-
-
28. A method for accessing a file in a store, the method comprising:
-
intercepting a file access request from a user; determining if the store is a protected store; if the file is stored in the protected store, determining if the user is authorized to access the store; evaluating one or more access policies imposed upon the file or the store with respect to an access privilege of the user in response to a determination that the user is authorized to access the store; retrieving a key in response to the evaluating indicates that the one or more access policies is met; using the key to unsecure the file; and passing the unsecured file to the user. - View Dependent Claims (29)
-
Specification