Method and system for securing digital assets using process-driven security policies
First Claim
1. A method for limiting access to an electronic document, comprising:
- associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restrictions;
associating, by the one or more computing devices, an identifier representing a user or a group of users with the first state of the process-driven security policy;
associating, by the one or more computing devices, the electronic document with at least the first state of the process-driven security policy having a set of access restrictions on the electronic document;
limiting access to the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and
changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy.
-
Citations
19 Claims
-
1. A method for limiting access to an electronic document, comprising:
-
associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restrictions; associating, by the one or more computing devices, an identifier representing a user or a group of users with the first state of the process-driven security policy; associating, by the one or more computing devices, the electronic document with at least the first state of the process-driven security policy having a set of access restrictions on the electronic document; limiting access to the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for imposing access restrictions on an electronic document, comprising:
-
associating, by one or more computing devices, an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions; imposing the set of access restrictions associated with the first state on the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A tangible computer-readable medium having stored thereon computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method for imposing access restrictions on an electronic document, the method comprising:
-
associating an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions; imposing the set of access restrictions associated with the first state on the electronic document by encrypting at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification