Multi-level cryptographic transformations for securing digital assets
First Claim
1. A computer-implemented method comprising:
- in response to a request from a requestor, obtaining security information from a header of a secure electronic file, the security information including at least encryption structure information, access rules to control access to the secure electronic file, user groups that are authorized to access the secure electronic file, and secrets used to decrypt the secure electronic file, wherein the secrets are associated with the user groups and security clearance levels authorized to access the secure electronic file, and wherein the access rules limit the availability of the secrets to requestors that;
are members of a user group that is authorized to access the secure electronic file; and
possess a security clearance level authorized to access the secure electronic file, wherein the security clearance level is associated with a content type and a confidentiality level of the secure electronic file;
attempting to decrypt, by a computing device, at least secure data of the secure electronic file for access by the requestor based on the encryption structure information, the access rules, the user groups, and the secrets; and
unsecuring, by the computing device, the secure data for access by the requestor in response to determining that at least the secure data of the secure electronic file is successfully decrypted.
4 Assignments
0 Petitions
Accused Products
Abstract
Enhanced multi-level cryptographic transformations that secure electronic files are disclosed. The secured electronic files contain not only secured data but also security information. The security information includes cryptographic structure information, access rules and secrets (e.g., keys). The cryptographic structure information explains the multi-level cryptographic transformations associated with securing or unsecuring the electronic files. The access rules and the secrets are used by the cryptographic transformations to secure the electronic files. Since the secured electronic files contain the cryptographic structure information, the particular cryptographic transformations (including their sequencing) can vary with each electronic file, if so desired. Typically, the secured electronic files are secured and managed by a file security system, such as a distributed security system.
709 Citations
35 Claims
-
1. A computer-implemented method comprising:
-
in response to a request from a requestor, obtaining security information from a header of a secure electronic file, the security information including at least encryption structure information, access rules to control access to the secure electronic file, user groups that are authorized to access the secure electronic file, and secrets used to decrypt the secure electronic file, wherein the secrets are associated with the user groups and security clearance levels authorized to access the secure electronic file, and wherein the access rules limit the availability of the secrets to requestors that; are members of a user group that is authorized to access the secure electronic file; and possess a security clearance level authorized to access the secure electronic file, wherein the security clearance level is associated with a content type and a confidentiality level of the secure electronic file; attempting to decrypt, by a computing device, at least secure data of the secure electronic file for access by the requestor based on the encryption structure information, the access rules, the user groups, and the secrets; and unsecuring, by the computing device, the secure data for access by the requestor in response to determining that at least the secure data of the secure electronic file is successfully decrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A tangible computer-readable medium having computer-executable instructions stored thereon for controlling-access to a secure electronic file, the instructions comprising:
-
in response to a request from a requestor, instructions to obtain security information from the header of a secure electronic file, the security information including at least encryption structure information, access rules to control access to the secure electronic file, user groups that are authorized to access the secure electronic file, and secrets used to decrypt the secure electronic file, wherein the secrets are associated with the user groups and security clearance levels authorized to access the secure electronic file, and wherein the access rules limit the availability of the secrets to requestors that; are members of a user group that is authorized to access the secure electronic file; and possess a security clearance level authorized to access the secure electronic file, wherein the security clearance level is associated with a content type and a confidentiality level of the secure electronic file; instructions to attempt to decrypt at least the secure data of the secure electronic file for access by the requestor based on the encryption structure information, the access rules, the user groups, and the secrets; and instructions to unsecure the secure data for access by the requestor in response to determining that at least the secure data of the secure electronic file is successfully decrypted.
-
-
14. A system, comprising:
-
a client device configured to produce a secure electronic file through a multi-stage encryption process, wherein the secure electronic file includes secure data that is secured by encryption and a header portion including at least security information, the security information including at least encryption structure information, access rules to control access to the secure electronic file, user groups that are authorized to access the secure electronic file, and secrets used to decrypt the secure electronic file, wherein the secrets are associated with the user groups and security clearance levels authorized to access the secure electronic file, and wherein the access rules limit the availability of the secrets to requestors that; are members of a user group that is authorized to access the secure electronic file; and possess a security clearance level authorized to access the secure electronic file, wherein the security clearance level is associated with a content type and a confidentiality level of the secure electronic file; wherein the encryption structure information interrelates the access rules, the user groups, and the secrets to describe the multi-stage encryption process or decryption thereof performed by the client device. - View Dependent Claims (15)
-
-
16. A computer-implemented method for securing a plurality of electronic files through a multi-stage encryption process to produce a plurality of secure electronic files, wherein each of the plurality of secure electronic files has a header and data portion, the method comprising:
-
encrypting, by a computing device, the data portion of the plurality of secure electronic files; and formatting, by the computing device, the header portion of the plurality of secure electronic files to include at least security information, wherein the security information includes at least encryption structure information, access rules to control access to the plurality of secure electronic files, user groups that are authorized to access the plurality of secure electronic files, and secrets used to decrypt the plurality of secure electronic files, wherein the secrets are associated with the user groups and security clearance levels authorized to access the plurality of secure electronic files, and wherein the access rules limit the availability of the secrets to requestors that; are members of a user group that is authorized to access the plurality of secure electronic files; and possess a security clearance level authorized to access the plurality of secure electronic files, wherein the security clearance level is associated with respective content types and confidentiality levels of the plurality of secure electronic files; wherein the encryption structure information interrelates the access rules, the user groups, and the secrets to describe the multi-stage encryption process or decryption thereof. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification