System and method for imposing security on copies of secured items
First Claim
1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, the method comprising:
- determining whether a file being closed is a copy of an existing secured file, wherein the determining comprises comparing a first signature of a portion of the file being closed with a second signature of a like portion of the existing secured file, and wherein when the first signature matches the second signature, the file being closed is deemed to be a copy of the existing secured file; and
modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when the determining determines that the file being closed is a copy of an existing secured file.
4 Assignments
0 Petitions
Accused Products
Abstract
Improved approaches for securing files that are derived from secured files are disclosed. In general, a secured file can only be accessed by authenticated users with appropriate access rights or privileges. Each secured file is provided with a header portion and a data portion, where the header portion contains, or points to, security information. The security information is used to determine whether access to associated data portions of secured files is permitted. These improved approaches can thus impose security on files that are derived from secured files. In one embodiment, files that are deemed derived from a secured file include files that are copies of the secured file. In another embodiment, files that are deemed derived from a secured file include files having content substantially similar to the content of the secured file.
-
Citations
32 Claims
-
1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, the method comprising:
-
determining whether a file being closed is a copy of an existing secured file, wherein the determining comprises comparing a first signature of a portion of the file being closed with a second signature of a like portion of the existing secured file, and wherein when the first signature matches the second signature, the file being closed is deemed to be a copy of the existing secured file; and modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when the determining determines that the file being closed is a copy of an existing secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, the method comprising:
-
receiving a request to open the secured file, the request being initiated by a requestor associated with user privileges, wherein the requestor is one or more of a user, a group of users, and a user application; computing a first file signature based on at least a portion of the data portion of the secured file; storing the first file signature for the secured file; providing the data portion of the secured file to the requestor; subsequently receiving a request to close another file; computing a second file signature based on at least a portion of the data portion of the another file; determining whether the first file signature substantially matches the second file signature; and modifying the header portion of the another file to include at least the access rules of the secured file when the determining step determines that the first file signature substantially matches the second file signature, thereby securing the another file. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for securing copies of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, the method comprising:
-
receiving, from a requester, a request to access the secured file; determining whether the requestor is authorized to access the secured file based on at least the access rules within the header portion of the secured file; when the determining determines that authorization is permitted, computing a file signature for at least a part of the data portion of the secured file, storing the file signature and at least a portion of the header portion in a security information table, decrypting data in the data portion, and returning the decrypted data to the requestor; when the determining determines that authorization is not permitted, denying the requester access to the data portion; determining whether a file being closed is a new file; when the determining determines that the secured file is a new file, computing a new file signature for at least a part of a data portion of the new file, and comparing the new file signature with file signatures stored in the security information table; and when the comparing indicates that the new file signature matches one of the file signatures in the security information table, securing the new file in the same manner by which the secured file is secured.
-
-
28. A computer readable medium having stored thereon computer program code that, if executed by a computer, causes the computer to perform a method for securing another file derived from of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, the method comprising:
-
receiving a request to open the secured file, the request being initiated by a requestor associated with user privileges, wherein the requestor is one or more of a user, a group of users, and a user application; retrieving at least access rules from the header portion of the secured file; determining whether the request to access the secured file by the requestor is permitted based on a comparison of the retrieved access rules with the user privileges; providing the data portion of the secured file to the requestor when it is determined that the requestor is permitted to access the secured file; computing a first file signature based on at least a portion of the data portion of the secured file; storing the first file signature for the secured file; subsequently receiving a request to close another file; computing a second file signature based on at least a portion of the data portion of the another file; comparing the second file signature to the first file signature to produce comparison information; determining whether the another file should be secured based on the comparison information; and securing the another file when it is determined that the another file should be secured. - View Dependent Claims (29, 30, 31)
-
-
32. A method for securing a copy of a secured file having a header portion and a data portion, wherein the header portion includes at least access rules, and wherein the data portion includes at least data of the secured file, the method comprising:
-
receiving a request to open the secured file, wherein the request is associated with a requestor having user privileges, wherein the requestor is one or more of a user, a group of users, and a user application; computing a first file signature based on at least a portion of the data portion of the secured file; storing the first file signature for the secured file; providing the data portion of the secured file to the requestor; subsequently receiving a request to close another file; computing a second file signature based on at least a portion of the data portion of the another file; determining whether the first file signature substantially matches the second file signature, wherein the determining operates to determine whether the length of the another file was zero while opened; modifying the header portion of the another file to include at least the access rules of the secured file when the determining determines that the first file signature substantially matches the second file signature, thereby securing the another file; and determining whether the another file is a new file, wherein the computing a second file signature through the modifying is bypassed such that the another file is not secured when the determining determines that the another file is not a new file.
-
Specification