Method and apparatus for securing electronic data
First Claim
1. A computer implemented method for securing a file, the method comprising:
- determining whether the file stored in a file system and being accessed is secured;
if the file is determined to be secured, activating a cipher module and loading the file from the file system through the cipher module into an application; and
if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module, wherein the file includes a header having a file key, the file key is encrypted with a user key, and the user key is different from the file key.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securing electronic data and keeping the electronic data secured at all times are disclosed. According to one embodiment, a client module in a client machine is configured to provide access control to secured documents that may be located in a local store, another computer machine or somewhere over a data network. The client module includes a document-securing module configured to operate in a path through which a document being accessed is caused to pass so that the document can be examined or detected for the security nature. If the document is secured, the document-securing module obtains a user or group key to decrypt security information in the secured document for access rules therein. If a user accessing the document is determined to have the access privilege to the secured document, a file key is retrieved from the security information and a cipher module is activated to decrypt the encrypted data portion with the file key. Likewise, if a document is to be secured, the cipher module encrypts clear data from the document to create the encrypted data portion. The document-securing module integrates proper or desired security information with the encrypted data portion to produce the secured document.
697 Citations
52 Claims
-
1. A computer implemented method for securing a file, the method comprising:
-
determining whether the file stored in a file system and being accessed is secured; if the file is determined to be secured, activating a cipher module and loading the file from the file system through the cipher module into an application; and if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module, wherein the file includes a header having a file key, the file key is encrypted with a user key, and the user key is different from the file key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer implemented method for securing a file, the method comprising:
-
determining if the file stored in a file system and being accessed includes a header, wherein existence of the header indicates that the file is secured, wherein the header includes a file key, the file key is encrypted with a user key, and the user key is different from the file key; activating a cipher module and loading the file from the file system through the cipher module into an application if the file is determined to be secured; and loading the file from the file system into the application without activating the cipher module if the file is determined to be non-secured.
-
-
8. A computer implemented method for securing a file, the method comprising:
-
determining if the file stored in a file system and being accessed has a flag, wherein existence of the flag indicates that the file is secured, wherein the file includes a header having a file key, the file key is encrypted with a user key, and the user key is different from the file key; activating a cipher module and loading the file from the file system through the cipher module into an application if the file is determined to be secured; and loading the file from the file system into the application without activating the cipher module if the file is determined to be non-secured.
-
-
9. A computer implemented method for securing a file, the method comprising:
-
determining whether the file stored in a file system and being accessed is secured, wherein the file includes a header and an encrypted portion, the header including or pointing to security information including a file key used to decrypt the encrypted portion, wherein the security information including the file key is encrypted with a user key, and wherein the security information further includes access rules to control how and by whom the file is to be accessed; if the file is determined to be secured, activating a cipher module, loading the file from the file system through the cipher module into an application, retrieving the file key, obtaining the user key, decrypting the security information with the user key to retrieve the file key, and decrypting the encrypted portion with the file key in the cipher module, and sending the file in clear mode to the application; and if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module. - View Dependent Claims (10)
-
-
11. A computer implemented method for securing a file, the method comprising:
-
maintaining a file key in a temporary memory space; encrypting the file with the file key in a cipher module to produce an encrypted portion; preparing security information for the encrypted portion, the security information being encrypted with a user key and including the file key and access rules to control access to the encrypted portion, wherein the access rules in the security information comprise user information identifying who has access to the encrypted portion and how the encrypted portion is to be accessed; and attaching the security information to the encrypted portion. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer implemented method for providing access control to a file, the method comprising:
-
forwarding a request to access the file to a file system manager in an operating system; activating a document securing module by the file system manager to determine whether the file stored in a file system driver and being accessed is secured, wherein the file includes a header having a file key, the file key is encrypted with a user key, and the user key is different from the file key; activating a cipher module if the file is determined to be secured; and loading the file from the file system driver through the cipher module into an application. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer-readable storage medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
determining whether the file stored in a file system and being accessed is secured; if the file is determined to be secured, activating a cipher module; and loading the file from the file system through the cipher module into an application; and if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module; wherein the file includes a header having a file key, the file key is encrypted with a user key, and the user key is different from the file key. - View Dependent Claims (25, 26)
-
-
27. A computer-readable storage medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
determining if the file stored in a file system and being accessed includes a header, wherein existence of the header indicates that the file is secured, wherein the header includes a file key, the file key is encrypted with a user key, and the user key is different from the file key; if the file is determined to be secured, activating a cipher module; and loading the file from the file system through the cipher module into the application; and if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module. - View Dependent Claims (28, 29)
-
-
30. A computer-readable storage medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
determining whether the file stored in a file system and being accessed is secured, wherein the file includes a header and an encrypted portion, the header including or pointing to security information including a file key used to decrypt the encrypted portion, wherein the security information including the file key is encrypted with a user key, and wherein the security information further includes access rules of how and by whom the file is to be accessed; if the file is determined to be secured, activating a cipher module; and loading the file from the file system through the cipher module into the application; retrieving the file key; obtaining the user key; decrypting the security information with the user key to retrieve the file key; decrypting the encrypted portion with the file key in the cipher module; and sending the file in clear mode to the application; and if the file is determined to be non-secured, loading the file from the file system into the application without activating the cipher module. - View Dependent Claims (31)
-
-
32. A computer-readable storage medium having stored thereon, computer-executable instructions that if executed by a computing device, cause the computing device to perform a method comprising:
-
maintaining a file key in a temporary memory space; encrypting the file with the file key in a cipher module to produce an encrypted file, wherein the file has been opened with an application and the cipher module operates transparently as far as a user executing the application is concerned; and storing, in a storage space, a secured file including the encrypted file and a header, wherein the header includes or points to security information including the file key, wherein the security information further includes access rules of how and by whom the file is to be accessed. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computing device for securing a file, comprising:
-
an application configured to access the file that includes security information and an encrypted portion, the security information further including a file key and access rules, the encrypted portion being an encrypted version of the file; and a cipher module configured to activate upon determining that the file being accessed is secured; wherein the security information is configured to be encrypted with a user key, is configured to be decrypted with the user key when authenticated, and includes access rules of how and by whom the file is to be accessed; and wherein the file key is configured to be retrieved to decrypt the encrypted portion only after the access rules have been successfully measured against access privilege. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification