Method and system for managing security tiers
First Claim
1. In a system for providing restrictive access to contents in secured files, each of the secured files classified in accordance with one of N security levels, a A method for reorganizing the N security levels without implicating accessibilities to the secured files, each of the secured files classified in accordance with one of the N security levels, the method comprising:
- determining, using a computing device, a new security level with respect to the N security levels, wherein a 1st security level is most restrictive and an Nth security level is least restrictive in among the N security levels;
generating, using the computing device, security parameters accordingly for the new security level, the new security level being ith less restrictive with respect to the 1st security level; and
mapping, using the computing device, an ith security level in the N security levels to an (i+1)th security level in the N security levels to accommodate the new security level such that there are now (N+1) security levels in the system, wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of the each of the secured files can be accessed.
5 Assignments
0 Petitions
Accused Products
Abstract
Techniques for reorganizing security levels without implicating accessibility to secured files classified in accordance to one of the security levels are disclosed. In a case of adding a new security level, the controllability or restrictiveness of the new security level is determined with respect to the most restrictive security level or the least security level in a set of existing security levels. A set of proper security parameters are then generated for the new security level and subsequently the existing security levels are reorganized to accommodate the new security level. In a case of removing a security level from the existing security levels, the security parameters for the security level to be deleted are either folded up or down to an immediate next security level, depending on implementation. As a result, the security parameters for the immediate next security level are updated to include those for the security level to be deleted such that the secured files classified at the security level to be deleted can still be accessed by those with proper clearance levels.
460 Citations
35 Claims
-
1. In a system for providing restrictive access to contents in secured files, each of the secured files classified in accordance with one of N security levels, a A method for reorganizing the N security levels without implicating accessibilities to the secured files, each of the secured files classified in accordance with one of the N security levels, the method comprising:
-
determining, using a computing device, a new security level with respect to the N security levels, wherein a 1st security level is most restrictive and an Nth security level is least restrictive in among the N security levels;
generating, using the computing device, security parameters accordingly for the new security level, the new security level being ith less restrictive with respect to the 1st security level; and
mapping, using the computing device, an ith security level in the N security levels to an (i+1)th security level in the N security levels to accommodate the new security level such that there are now (N+1) security levels in the system, wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of the each of the secured files can be accessed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a system for providing restrictive access to contents in secured files, at least some of the secured files classified in accordance with one of N security levels, a A method for reorganizing the N security levels without implicating accessibilities to the secured files, at least some of the secured files classified in accordance with one of the N security levels, the method comprising:
-
upon receiving a request to remove an ith security level out of the N security levels, determining, using a computing device, if an (i−
1)th security level is a 1st security level or if an (i+1)th security level is an Nth security levels , wherein the 1st security level is most restrictive and the Nth security level is least restrictive in among the N security levels;
whenif the (i−
1)th security level is not the 1st security level and the (i+1)th security level is not the Nth security levels , merging, using the computing device, the ith security level with either the (i−
1)th security level or the (i+1)th security level such that there are now (N−
1) security levels in the system,wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of the each of the secured files can be accessed. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In a A system for providing restrictive access to contents in secured files, each of the secured files classified in accordance with one of N security levels, the system comprising:
-
a first machine loaded with a software module to reorganize the N security levels without implicating accessibilities to the secured files, wherein the 1st security level is most restrictive and the Nth security level is least restrictive in the N security levels, when and wherein, if the software module is executed, the first machine performs operations of;
if a request of for deleting an ith security level out of the N security levels is received, determining if an (i−
1)th security level is a 1 st security level or if an (i+1)th security level is an Nth security levels , wherein the 1st security level is most restrictive and the Nth security level is least restrictive in the N security levels;
andwhenif the (i−
1)th security level is not the 1st security level and the (i+1)th security level is not the Nth security levels , merging the ith security level with either the (i−
1)th security level or the (i+1)th security level such that there are now (N−
1) security levels in the system; and
if a request of adding a new security level into the N security is received, determining a new security level with respect to the N security levels, wherein a 1 st security level is most restrictive and an Nth security level is least restrictive in the N security levels;
generating security parameters accordingly for the new security level, the new security level being ith less restrictive with respect to the 1st security level;
andmapping an ith security level in the N security levels to an (i+1)th security level in the N security levels to accommodate the new security level such that there are now (N+1) security levels in the system; and
a second machine, coupled to the first machine over a network, associated with a user that is granted with at least two keys to access one of the secured files classified at one of the N security levels, wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of the each of the secured files can be accessed. - View Dependent Claims (18, 19)
-
-
20. A tangible computer-readable storage medium having stored thereon instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
determining a new security level with respect to the N security levels, wherein a 1st security level is most restrictive and an Nth security level is least restrictive among the N security levels;
generating security parameters accordingly for the new security level, the new security level being ith less restrictive with respect to the 1st security level; and
mapping an ith security level in the N security levels to an (i+1)th security level in the N security levels to accommodate the new security level such that there are (N+1) security levels in the system, wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of the each of the secured files can be accessed. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A tangible computer-readable storage medium having stored thereon instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
upon receiving a request to remove an ith security level out of the N security levels, determining if an (i−
1)th security level is a 1st security level or if an (i+1)th security level is an Nth security level, wherein the 1st security level is most restrictive and the Nth security level is least restrictive among the N security levels;
if the (i−
1)th security level is not the 1st security level and the (i+1)th security level is not the Nth security level, merging the ith security level with either the (i−
1)th security level or the (i+1)th security level such that there are (N−
1) security levels in the system,wherein each of the secured files includes an encrypted data portion and a security portion that controls restrictive access to the encrypted data portion, the security portion including a file key encrypted by at least a first key and a second key and further protected by a set of rules, and wherein both of the first key and the second key must be obtained by a user whose access privilege is satisfied by the rules before the contents of each of the secured files can be accessed. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
Specification