Method and system for protecting electronic data in enterprise environment
First Claim
1. A method comprising:
- reading a classification level of a secured file from a header portion of the secured file; and
decrypting, by a computing machine, a file key using a clearance key, in response to a security clearance level of the clearance key being greater than or equal to the classification level of the secured file,wherein the file key is encrypted in a portion of the secured file, andwherein at least two user identifiers are assigned a security clearance level corresponding to the security clearance level of the clearance key, the at least two user identifiers are thereby granted access to use the clearance key, and represent members of a group of users assigned to the security clearance level, and access to use the clearance key is granted to members in the group, such that members in the group can access the secured file with the clearance key.
1 Assignment
0 Petitions
Accused Products
Abstract
Even with proper access privilege, when a secured file is classified, at least security clearance (e.g. a clearance key) is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, referred to as a two-0pronged access scheme, a security clearance key is generated and assigned in accordance with a user'"'"'s security access level. A security clearance key may range from most classified to non-classified. Depending on implementation, a security clearance key with a security level may be so configured that the key can be used to access secured files classified at or lower than the security level or multiple auxiliary keys are provided when a corresponding security clearance key is being requested. The auxiliary keys are those keys generated to facilitate access to secured files classified respectively less than the corresponding security or confidentiality level.
-
Citations
27 Claims
-
1. A method comprising:
-
reading a classification level of a secured file from a header portion of the secured file; and decrypting, by a computing machine, a file key using a clearance key, in response to a security clearance level of the clearance key being greater than or equal to the classification level of the secured file, wherein the file key is encrypted in a portion of the secured file, and wherein at least two user identifiers are assigned a security clearance level corresponding to the security clearance level of the clearance key, the at least two user identifiers are thereby granted access to use the clearance key, and represent members of a group of users assigned to the security clearance level, and access to use the clearance key is granted to members in the group, such that members in the group can access the secured file with the clearance key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium having instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations comprising:
-
reading a classification level of a secured file from a header portion of the secured file; and decrypting a file key using a clearance key, in response to a security clearance level of the clearance key being greater than or equal to the classification level of the secured file, wherein the file key is encrypted in a portion of the secured file, and wherein at least two user identifiers are assigned a security clearance level corresponding to the security clearance level of the clearance key, the at least two user identifiers are thereby granted access to use the clearance key, and represent members of a group of users assigned to the security clearance level, and access to use the clearance key is granted to members in the group, such that members in the group can access the secured file with the clearance key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
one or more processors; and a memory storing software modules executed by the one or more processors comprising; a reading module configured to read a classification level of a secured file from a header portion of the secured file, and a decrypting module configured to decrypt a file key using a clearance key, in response to a security clearance level of the clearance key being greater than or equal to the classification level of the secured file, wherein the file key is encrypted in a portion of the secured file, and wherein at least two user identifiers are assigned a security clearance level corresponding to the security clearance level of the clearance key, the at least two user identifiers are thereby granted access to use the clearance key, and represent members of a group of users assigned to the security clearance level, and access to use the clearance key is granted to members in the group, such that members in the group can access the secured file with the clearance key. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification