Methods and systems for providing access control to secured data
First Claim
1. A method comprising:
- configuring at least one computing device to perform the functions of;
associating an access level with a store, the access level comprising access rules;
retrieving the access rules based on a file being deposited in the store;
encrypting the file in accordance with the access rules to produce an encrypted data portion;
generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and
integrating the header with the encrypted data portion to produce a secured file.
9 Assignments
0 Petitions
Accused Products
Abstract
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
-
Citations
18 Claims
-
1. A method comprising:
-
configuring at least one computing device to perform the functions of; associating an access level with a store, the access level comprising access rules; retrieving the access rules based on a file being deposited in the store; encrypting the file in accordance with the access rules to produce an encrypted data portion; generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and integrating the header with the encrypted data portion to produce a secured file. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer readable storage device having computer program code stored thereon, execution of which, by a processing device, causes the processing device to perform operations comprising:
-
associating an access level with a store, the access level comprising access rules; retrieving the access rules based on a file being deposited in the store; encrypting the file in accordance with the access rules to produce an encrypted data portion; generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and integrating the header with the encrypted data portion to produce a secured file. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; and a memory storing a plurality of modules comprising; a first module configured to associate an access level with a store, the access level comprising access rules, a second module configured to retrieve the access rules based on a file being deposited in the store, a third module configured to encrypt the file in accordance with the access rules to produce an encrypted data portion, a fourth module configured to generate a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time, and a fifth module configured to integrate the header with the encrypted data portion to produce a secured file. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification