System and method for providing different levels of key security for controlling access to secured items
First Claim
Patent Images
1. A method comprising:
- receiving, by at least one processing device, a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key;
obtaining, by the at least one processing device, the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key; and
decrypting, by at the least one processing device, the header using the user key to produce the file key.
1 Assignment
0 Petitions
Accused Products
Abstract
With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.
-
Citations
33 Claims
-
1. A method comprising:
-
receiving, by at least one processing device, a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key; obtaining, by the at least one processing device, the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key; and decrypting, by at the least one processing device, the header using the user key to produce the file key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations comprising:
-
receiving a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key; obtaining the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key; and decrypting the header using the user key to produce the file key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system comprising:
-
a memory storing; a receiving module configured to receive a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key, an obtaining module configured to obtain the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key, and a decrypting module configured to decrypt the header using the user key to produce the file key; and one or more processors configured to process the modules. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification