Methods and systems for providing access control to secured data
First Claim
1. A storage device, comprising:
- a memory device storing a secured file; and
a processor device configured to execute modules, the modules comprising;
a document securing module configured to;
send a file access request from a client device to an access control management module at a server, wherein a user of the client device has been authenticated by the server and the file access request comprises a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, wherein the security information comprises one or more access rules corresponding to the secured file, and subsequently a private key is retrieved by the server to decrypt the encrypted security information from the header to obtain the access rules so as to determine whether the file access request should be granted; and
decrypt the secured file using a file key when a response received from the server includes at least the file key and indicates that the access control management module grants access to the secured file,wherein the processor device is further configured to provide the decrypted file in response to the file access request from the client device.
0 Assignments
0 Petitions
Accused Products
Abstract
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
-
Citations
23 Claims
-
1. A storage device, comprising:
-
a memory device storing a secured file; and a processor device configured to execute modules, the modules comprising; a document securing module configured to; send a file access request from a client device to an access control management module at a server, wherein a user of the client device has been authenticated by the server and the file access request comprises a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, wherein the security information comprises one or more access rules corresponding to the secured file, and subsequently a private key is retrieved by the server to decrypt the encrypted security information from the header to obtain the access rules so as to determine whether the file access request should be granted; and decrypt the secured file using a file key when a response received from the server includes at least the file key and indicates that the access control management module grants access to the secured file, wherein the processor device is further configured to provide the decrypted file in response to the file access request from the client device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An access control management module on a computing device, comprising:
-
a key management module configured to store a file key that enables access to a secured file stored in a storage device; a network interface configured to receive a file access request from the storage device to access the secured file, the file access request comprising a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, and wherein the security information comprises one or more access rules corresponding to the secured file; a rules management module configured to retrieve a private key from the key management module to decrypt the encrypted security information from the header to obtain an access rule of the one or more access rules; and a processor device configured to determine whether to permit the file access request based upon the access rule and transmit the determination, wherein the processor device is further configured to execute the key management module and retrieve the file key from the key management module upon determining to permit access, wherein the network interface is further configured to transmit the file key to the storage device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having control logic recorded thereon that, when executed by a processor in an access control management module, causes the processor to perform a method, comprising:
-
receiving a file access request from a storage device to access a secured file stored in the storage device, the file access request comprising a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, and wherein the security information comprises one or more access rules corresponding to the secured file; retrieving a private key to decrypt the encrypted security information from the header to obtain an access rule of the access rules; determining whether to permit the file access request based upon the access rule; transmitting the determination to the storage device; retrieving a file key from a key management module, the file key enabling access to the secured file; and transmitting the file key to the storage device based upon determining to permit the file access request. - View Dependent Claims (14, 15, 16)
-
-
17. A storage system, comprising:
-
a server configured to send a file access request to a central access control server, wherein a requester associated with the file access request has been authenticated b the access control server and the file access request comprises a header of a secured file, wherein the header comprises encrypted security information associated with the secured file, wherein the security information comprises one or more access rules corresponding to the secured file, and subsequently a private key is retrieved by the access control server to decrypt the encrypted security information from the header to obtain the access rules so as to determine whether the file access request should be granted; and a document securing module, in the server, configured to decrypt the secured file using a file key when a response received from the access control server includes the file key and indicates that the central access control server grants access to the secured file, wherein the server is further configured to provide the decrypted file in response to the file access request. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification