Methods and systems for providing access control to secured data

US 8,543,827 B2
Filed: 03/27/2008
Issued: 09/24/2013
Est. Priority Date: 12/12/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

configuring at least one computing device to perform the functions of;

associating an access level with a store, the access level comprising access rules;

retrieving the access rules based on a file being deposited in the store;

encrypting the file in accordance with the access rules to produce an encrypted data portion;

generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and

integrating the header with the encrypted data portion to produce a secured file.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

Citations

18 Claims

1. A method comprising:
- configuring at least one computing device to perform the functions of;
  
  associating an access level with a store, the access level comprising access rules;
  
  retrieving the access rules based on a file being deposited in the store;
  
  encrypting the file in accordance with the access rules to produce an encrypted data portion;
  
  generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and
  
  integrating the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 3. The method as recited in claim 2, wherein the streaming audio is one or more of audio streams created from applications, audio and real time audio streams.
  - 4. The method as recited in claim 2, wherein the images are one or more of bitmapped graphics format files and image files created from applications.
  - 5. The method as recited in claim 2, wherein the multimedia files are one or more of video files, multimedia files created from applications, video files created from applications, multimedia objects created from applications, and executable code.
  - 6. The method as recited in claim 2, wherein the audio files are one or more of playlists, audio and files created from applications.

7. A computer readable storage device having computer program code stored thereon, execution of which, by a processing device, causes the processing device to perform operations comprising:
- associating an access level with a store, the access level comprising access rules;
  
  retrieving the access rules based on a file being deposited in the store;
  
  encrypting the file in accordance with the access rules to produce an encrypted data portion;
  
  generating a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time; and
  
  integrating the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer readable storage device as recited in claim 7, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 9. The computer readable storage device as recited in claim 8, wherein the streaming audio is one or more of audio streams created from applications and real time audio streams.
  - 10. The computer readable storage device as recited in claim 8, wherein the images are one or more of bitmapped graphics format files and image files created from applications.
  - 11. The computer readable storage device as recited in claim 7, wherein the multimedia files are one or more of video files, multimedia files created from applications, video files created from applications, multimedia objects created from applications, and executable code.
  - 12. The computer readable storage device as recited in claim 7, wherein the audio files are one or more of playlists audio and files created from applications.

13. A system comprising:
- a processor; and
  
  a memory storing a plurality of modules comprising;
  
  a first module configured to associate an access level with a store, the access level comprising access rules,a second module configured to retrieve the access rules based on a file being deposited in the store,a third module configured to encrypt the file in accordance with the access rules to produce an encrypted data portion,a fourth module configured to generate a header portion of the encrypted file to include encryption related security information from the access rules, wherein the access rules control at least a physical or network location from which a request for access to the file originates so as to permit access from a single access location at a time, anda fifth module configured to integrate the header with the encrypted data portion to produce a secured file.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system as recited in claim 13, wherein the electronic data is one or more of:
    - streaming audio, streaming video, streaming multimedia, electronic files, electronic documents, images, executable code, audio files, databases, database tables, database table records, collections of electronic files;
      
      collections of electronic documents, stored passwords, stored ciphers, public encryption keys, private encryption keys, and multimedia files.
  - 15. The system as recited in claim 14, wherein the streaming audio is one or more of audio streams created from applications and real time audio streams.
  - 16. The system as recited in claim 14, wherein the images are one or more of bitmapped graphics format files and image files created from applications.
  - 17. The system as recited in claim 14, wherein the multimedia files are one or more of video files, multimedia files created from applications, video files created from applications, multimedia objects created from applications, and executable code.
  - 18. The system as recited in claim 14, wherein the audio files are one or more of playlists and files created from applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Garcia, Denis Jacques Paul, Ouye, Michael Michio, Rossmann, Alain, Gilbertson, Eric, Huang, Weiqing, Humpich, Serge, Vainstein, Klimenty, Ryan, Nicholas Michael, Crocker, Steven Toye
Primary Examiner(s)
Chai, Longbit

Application Number

US12/057,015
Publication Number

US 20090100268A1
Time in Patent Office

2,007 Days
Field of Search

713/184
US Class Current

713/184
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Methods and systems for providing access control to secured data

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing access control to secured data

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links