Method and system for protecting electronic data in enterprise environment
First Claim
1. A method for controlling access to a secured file that is classified to a classification level, comprising:
- determining if an attempt to access the secured file conforms to access rules embedded in the secured file;
reading the classification level from a header of the secured file; and
using, in a computing machine, a clearance key and a second key to decrypt a first key encrypted in a portion of the secured file in response to determining that the attempt to access the secured file conforms to the access rules, wherein two or more user identifiers are assigned to a security clearance level of the clearance key and are thereby granted access to use the clearance key, wherein the clearance key is used to decrypt the first key based on a determination that the security clearance level of the clearance key allows access to the secured file, based on the classification level of the secured file being equivalent to or less than the security clearance level.
5 Assignments
0 Petitions
Accused Products
Abstract
Even with proper access privilege, when a secured file is classified, at least security clearance (e.g. a clearance key) is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, referred to as a two-pronged access scheme, a security clearance key is generated and assigned in accordance with a user'"'"'s security access level. A security clearance key may range from most classified to non-classified. Depending on implementation, a security clearance key with a security level may be so configured that the key can be used to access secured files classified at or lower than the security level or multiple auxiliary keys are provided when a corresponding security clearance key is being requested. The auxiliary keys are those keys generated to facilitate access to secured files classified respectively less than the corresponding security or confidentiality level.
-
Citations
42 Claims
-
1. A method for controlling access to a secured file that is classified to a classification level, comprising:
-
determining if an attempt to access the secured file conforms to access rules embedded in the secured file; reading the classification level from a header of the secured file; and using, in a computing machine, a clearance key and a second key to decrypt a first key encrypted in a portion of the secured file in response to determining that the attempt to access the secured file conforms to the access rules, wherein two or more user identifiers are assigned to a security clearance level of the clearance key and are thereby granted access to use the clearance key, wherein the clearance key is used to decrypt the first key based on a determination that the security clearance level of the clearance key allows access to the secured file, based on the classification level of the secured file being equivalent to or less than the security clearance level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for controlling access to electronic data, comprising:
-
maintaining a user account, including a user identifier, a user key and a clearance key in response to determining that a user associated with the user identifier is authorized to access a classified file, wherein two or more user identifiers are assigned to a security clearance level of the clearance key and are thereby granted access to use the clearance key; comparing access privileges associated with the user identifier to a plurality of access rules in a portion of the file; retrieving a protection key from the file in response to a determination that the access privileges conform to the access rules; reading a classification level from a header of the file; and in response to determining that the file is classified, decrypting, in a computing machine, an encrypted cipher key in the file, with the protection key and the clearance key, to decrypt an encrypted data portion in the file, wherein the clearance key is used to decrypt the encrypted cipher key based on a determination that the security clearance level of the clearance key allows access to the file based on the classification level of the file being equivalent or less than the security clearance level. - View Dependent Claims (21, 22, 23)
-
-
24. A method for controlling access to an electronic file, comprising:
-
maintaining a user account including a user identifier, a user key, and a clearance key if the user identifier is authorized to access a classified file, wherein two or more user identifiers are assigned to a security clearance level of the clearance key and are thereby granted access to use the clearance key; encrypting, in a computing machine, the file with a cipher key; encrypting the cipher key with a protection key as well as the clearance key, and storing a classification level in a header of the file; applying a plurality of access rules to protect the protection key such that the protection key can be obtained by meeting the access rules by access privileges associated with the user identifier; and encrypting the access rule so that an authorized user identifier can decrypt the access rule by using an authenticated key, wherein the clearance key is configured to be used to decrypt the cipher key based on a determination that the security clearance level of the clearance key allows access to the file based on the classification level of the file being equivalent to or less than the security clearance level. - View Dependent Claims (25, 26, 27)
-
-
28. A non-transitory computer readable medium having instructions for controlling access to a secured file that is classified to a classification level stored thereon, the instructions comprising:
-
instructions to determine that access privileges associated with a user identifier conform to access rules embedded in the secured file; instructions to read the classification level from a header of the secured file; and instructions to use a clearance key and a second key to decrypt a first key encrypted in a portion of the secured file in response to determining that the access privileges associated with the user identifier conform to the access rules embedded in the secured file, wherein two or more user identifiers are assigned to a security clearance level of the clearance key and are thereby granted access to use the clearance key, wherein the clearance key is used to decrypt the first key based on a determination that the security clearance level of the clearance key allows access to the secured file, based on the classification level of the secured file being equivalent to or less than the security clearance level. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A method comprising:
-
reading a classification level from a header of a secured file; and using, in a computing machine, a clearance key to decrypt a file key encrypted in a portion of the secured file, wherein the clearance key is used to decrypt the file key, the clearance key allowing access to the secured file based on the classification level of the secured file being equivalent to or less than a security clearance level of the clearance key, and wherein two or more user identifiers are assigned to the security clearance level of the clearance key and are thereby granted access to use the clearance key. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification