System and method for providing multi-location access management to secured items

US 8,918,839 B2
Filed: 11/21/2011
Issued: 12/23/2014
Est. Priority Date: 12/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, comprising:

selecting, by one or more computing devices, one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs; and

accessing the sub-header, by the one or more computing devices, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user'"'"'s current location. Upon detecting that a user has moved to a new location, the local server for the new location can be reconfigured to add support for the user, while simultaneously, the local server for the previous location is reconfigured to remove support for the user. As a result, security is enhanced while the access management can be efficiently carried out to ensure that only one access from the user is permitted at any time across an entire organization, regardless of how many locations the organization has or what access privileges the user may be granted.

Citations

57 Claims

1. A method for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, comprising:
- selecting, by one or more computing devices, one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs; and
  
  accessing the sub-header, by the one or more computing devices, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the secured item is a file.
  - 3. The method of claim 1, wherein a designated application accesses the secured item identically to a corresponding non-secured item.
  - 4. The method of claim 1, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents.
  - 5. The method of claim 1, farther comprising:
    - obtaining one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; and
      
      decrypting the encrypted sub-header with the user key.
  - 6. The method of claim 5, wherein the user key is a symmetric cipher key.
  - 7. The method of claim 5, wherein the user key is an asymmetric cipher key.
  - 8. The method of claim 1, wherein the access rules in the sub-headers restrict access to the encrypted data portion.
  - 9. The method of claim 1, wherein the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups.
  - 10. The method of claim 1, further comprising obtaining, from the one or more computing devices, an access privilege associated with the user or the group to which the user belongs.
  - 11. The method of claim 1, further comprising determining whether the user or the group to which the user belongs is permitted to gain access to the encrypted data portion based on the access rules.
  - 12. The method of claim 1, further comprising:
    - comparing an access privilege associated with the user or the group to which the user belongs to the access rules;
      
      determining that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; and
      
      determining that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match.
  - 13. The method of claim 1, further comprising decrypting the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the sub-header associated with the user or the group to which the user belongs links to or contains the file key.
  - 14. The method of claim 13, wherein the file key is a symmetric cipher key.
  - 15. The method of claim 13, wherein the file key is an asymmetric cipher key.
  - 16. The method of claim 1, wherein the access rules are expressed in a markup language.
  - 17. The method of claim 16, wherein the markup language is Extensible Access Control Markup Language.
  - 18. The method of claim 16, wherein the markup language includes one or more of HTML, XML, or SGML.
  - 19. The method of claim 1, wherein the user is a human user, software agent, or device.

20. A computer-readable storage device having computer-executable instructions stored thereon for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, execution of which, by a computing device, causes the computing device to perform operations comprising:
- selecting one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs; and
  
  accessing the sub-header, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The computer-readable storage device of claim 20, wherein the secured item is a file.
  - 22. The computer-readable storage device of claim 20, wherein a designated application accesses the secured item identically to a corresponding non-secured item.
  - 23. The computer-readable storage device of claim 20, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents.
  - 24. The computer-readable storage device of claim 20, further comprising:
    - obtaining one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; and
      
      decrypting the encrypted sub-header with the user key.
  - 25. The computer-readable storage device of claim 24, wherein the user key is a symmetric cipher key.
  - 26. The computer-readable storage device of claim 24, wherein the user key is an asymmetric cipher key.
  - 27. The computer-readable storage device of claim 20, wherein the access rules in the sub-headers restrict access to the encrypted data portion.
  - 28. The computer-readable storage device of claim 20, wherein the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups.
  - 29. The computer-readable storage device of claim 20, farther comprising obtaining an access privilege associated with the user or the group to which the user belongs.
  - 30. The computer-readable storage device of claim 20, further comprising determining whether the user or the group to which the user belongs is permitted to gain access to the encrypted data portion based on the access rules.
  - 31. The computer-readable storage device of claim 20, further comprising:
    - comparing an access privilege associated with the user or the group to which the user belongs to the access rules;
      
      determining that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; and
      
      determining that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match.
  - 32. The computer-readable storage device of claim 20, further comprising decrypting the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the sub-header associated, with the user or the group to which the user belongs links to or contains the file key.
  - 33. The computer-readable storage device of claim 32, wherein the file key is a symmetric cipher key.
  - 34. The computer-readable storage device of claim 32, wherein the file key is an asymmetric cipher key.
  - 35. The computer-readable storage device of claim 20, wherein the access rules are expressed in a markup language.
  - 36. The computer-readable storage device of claim 35, wherein the markup language is Extensible Access Control Markup Language.
  - 37. The computer-readable storage device of claim 35, wherein the markup language includes one or more of HTML, XML, or SGML.
  - 38. The computer-readable storage device of claim 20, wherein the user is a human user, software agent, or device.

39. A system for accessing a secured item including a header comp sing a group of individually encrypted sub-headers and an encrypted data portion, said system comprising:
- a memory configured to store modules comprising;
  
  a selecting module configured to select one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs, andan accessing module configured to access the sub-header, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers; and
  
  one or more processors configured to process the modules.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 40. The system as recited in claim 39, wherein the secured item is a file.
  - 41. The system as recited in claim 39, wherein a designated application accesses the secured item identically to a corresponding non-secured item.
  - 42. The system as recited in claim 39, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents.
  - 43. The system as recited in claim 39, wherein the accessing module is further configured to:
    - obtain one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; and
      
      decrypt the encrypted sub-header with the user key.
  - 44. The system as recited in claim 43, wherein the user key is a symmetric cipher key.
  - 45. The system as recited in claim 43, wherein the user key is an asymmetric cipher key.
  - 46. The system as recited in claim 39, wherein the access rules in the subheaders restrict access to the encrypted data portion.
  - 47. The system as recited in claim 39, wherein, the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups.
  - 48. The system as recited in claim 39, the accessing module further configured to obtain an access privilege associated with the user or the group to which the user belongs.
  - 49. The system as recited in claim 39, further comprising a determining module configured to determine whether the user or the group to which the user belongs is permitted gain access to the encrypted data portion based on the access rules.
  - 50. The system as recited in claim 39, further comprising a determining module configured to:
    - compare an access privilege associated with the user or the group to which the user belongs to the access rules;
      
      determine that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; and
      
      determine that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match.
  - 51. The system as recited in claim 39, the accessing module further configured to decrypt the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the subheader associated with the user or the group to which the user belongs links to or contains the file key.
  - 52. The system as recited in claim 51, wherein the file key is a symmetric cipher key.
  - 53. The system as recited in claim 51, wherein the file key is an asymmetric cipher key.
  - 54. The system as recited in claim 39, wherein the access rules are expressed in a markup language.
  - 55. The system as recited in claim 54, wherein the markup language is Extensible Access Control Markup Language.
  - 56. The system as recited in claim 54, wherein the markup language includes one or more of HTML, XML, or SGML.
  - 57. The system as recited in claim 39, wherein the user is a human user, software agent, or device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Vainstein, Klimenty, Hildebrand, Hal
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US13/301,311
Publication Number

US 20120137130A1
Time in Patent Office

1,128 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/102 Entity profiles

System and method for providing multi-location access management to secured items

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing multi-location access management to secured items

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links