Method and apparatus for encrypted electronic file access control
First Claim
Patent Images
1. A method of accessing an electronic file, comprising:
- querying a license server associated with an encrypted version of the electronic file in response to a read access request to the electronic file;
issuing a token from said license server according to an access policy when access to the electronic file is authorized; and
decrypting said encrypted version of said electronic file to a volatile memory using said token to produce the electronic file.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic file is specially encrypted and selectively decrypted into volatile memory to protect the decrypted electronic file from access except through the decrypting process.
46 Citations
21 Claims
-
1. A method of accessing an electronic file, comprising:
-
querying a license server associated with an encrypted version of the electronic file in response to a read access request to the electronic file;
issuing a token from said license server according to an access policy when access to the electronic file is authorized; and
decrypting said encrypted version of said electronic file to a volatile memory using said token to produce the electronic file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17)
-
-
16. A method of producing an electronic file having embedded access control, comprising:
-
encrypting the electronic file with a first key to produce an encrypted electronic file; and
associating said encrypted electronic file with an access executable and a license server having an access policy for the electronic file, both operable on a computing system, said license server responsive to an access request from said access executable to issue a first token to said access executable according to said first key and said access policy, and said access executable responsive to said first token to decrypt said encrypted electronic file into a volatile memory protected by said access executable.
-
-
18. A method of providing access to a process executing on a computing system of an encrypted electronic file containing a plain electronic file, comprising:
-
issuing an access instruction from the process to access the plain electronic file;
querying a license server associated with the encrypted electronic file in response to said access instruction;
issuing a token from said license server according to an access policy when access to the plain electronic file is authorized, said token containing access authorization instructions;
decrypting so much of the encrypted electronic file to a volatile memory as authorized by said access authorization instructions to write all or a portion of the plain electronic file into said volatile memory; and
providing controlled access of said portion of the plain electronic file in said volatile memory to the process while inhibiting all other accesses to said volatile memory by other processes.
-
-
19. A system for accessing an electronic file, comprising:
-
means for querying a license server associated with an encrypted version of the electronic file in response to a read access request to the electronic file;
means, coupled to said querying means, for issuing a token from said license server according to an access policy when access to the electronic file is authorized; and
means, coupled to said issuing means, for decrypting said encrypted version of said electronic file to a volatile memory using said token to produce the electronic file.
-
-
20. A system for producing an electronic file having embedded access control, comprising:
-
means for encrypting the electronic file with a first key to produce an encrypted electronic file; and
means, coupled to said encrypting means, for associating said encrypted electronic file with an access executable and a license server having an access policy for the electronic file, both operable on a computing system, said license server responsive to an access request from said access executable to issue a first token to said access executable according to said first key and said access policy, and said access executable responsive to said first token to decrypt said encrypted electronic file into a volatile memory protected by said access executable.
-
-
21. A system for providing access to a process executing on a computing system of an encrypted electronic file containing a plain electronic file, comprising:
-
means for issuing an access instruction from the process to access the plain electronic file;
means, coupled to said access instruction issuing means, for querying a license server associated with the encrypted electronic file in response to said access instruction;
means, coupled to said querying means, for issuing a token from said license server according to an access policy when access to the plain electronic file is authorized, said token containing access authorization instructions;
means, coupled to said token issuing means, for decrypting so much of the encrypted electronic file to a volatile memory as authorized by said access authorization instructions to write all or a portion of the plain electronic file into said volatile memory; and
means, coupled to said decrypting means, for providing controlled access of said portion of the plain electronic file in said volatile memory to the process while inhibiting all other accesses to said volatile memory by other processes.
-
Specification