System and method for imposing security on copies of secured items

US 20030217281A1
Filed: 05/14/2002
Published: 11/20/2003
Est. Priority Date: 05/14/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:

(a) determining whether a file being closed is a copy of an existing secured file; and

(b) modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when said determining (a) determines that the file being closed is a copy of an existing secured file.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for securing files that are derived from secured files are disclosed. In general, a secured file can only be accessed by authenticated users with appropriate access rights or privileges. Each secured file is provided with a header portion and a data portion, where the header portion contains, or points to, security information. The security information is used to determine whether access to associated data portions of secured files is permitted. These improved approaches can thus impose security on files that are derived from secured files. In one embodiment, files that are deemed derived from a secured file include files that are copies of the secured file. In another embodiment, files that are deemed derived from a secured file include files having content substantially similar to the content of the secured file.

Citations

33 Claims

1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
- (a) determining whether a file being closed is a copy of an existing secured file; and
  
  (b) modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when said determining (a) determines that the file being closed is a copy of an existing secured file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method as recited in claim 1, wherein said modifying (b) of the is header portion of the file being closed operates to include at least the access rules from the header portion of the existing secured file within the header portion of the file.
  - 3. A method as recited in claim 1, wherein said determining (a) comprises comparing a first signature of a portion of the file being closed with a s econd signature of a like portion of the existing secured file.
  - 4. A method as recited in claim 3, wherein when the first signature matches the second signature, the file being closed is deemed to be a copy of the existing secured file.
  - 5. A method as recited in claim 3, wherein the signature is produced using a cyclic redundancy code.
  - 6. A method as recited in claim 3, wherein when the first signature substantially matches the second signature, the file being closed is deemed to be a copy of the existing secured file.
  - 7. A method as recited in claim 3, wherein when the first signature and the second signature are within a predetermined tolerance of being identical, the file being closed is determined to be a copy of the existing secured file.
  - 8. A method as recited in claim 3, wherein the portion of the file being closed for the first signature is a first block of data of the data portion of the file being rare closed, and wherein the like portion of the existing secured file for the second signature is a first block of data of the data portion of the existing secured file.
  - 9. A method as recited in claim 1, wherein said determining (a) comprises:
    - (a1) comparing a first signature of a portion of the file being closed with a second signature of a like portion of the existing secured file; and
      
      (a2) comparing a first file length for the file being closed with a second file length for the existing secured file.
  - 10. A method as recited in claim 9, wherein when both the first signature matches the second signature and the first file length matches the second file length, the file being closed is deemed to be a copy of the existing secured file.
  - 11. A method as recited in claim 9, wherein when both the first signature substantially matches the second signature and the first file length substantially matches the second file length, the file being closed is deemed to be a copy of the existing secured file.
  - 12. A method as recited in claim 3, wherein said modifying (b) of the header portion of the file being closed operates to include at least the access rules from the header portion of the existing secured file within the header portion of the file.
  - 13. A method as recited in claim 1, wherein said method further comprises:
    - (c) encrypting the file being closed unless already encrypted.
  - 14. A method as recited in claim 1, wherein said method further comprises:
    - subsequently receiving, from a requester, a request to access the file to be closed after the file has been closed; and
      
      determining whether the requestor is authorized to access the closed file based on at least the access rules within the header portion of the existing secured file.
  - 15. A method as recited in claim 1, wherein the file being closed is being closed with respect to a file system.
  - 16. A method as recited in claim 1, wherein said determining (a) determines whether the file being closed is at least an approximate copy of the existing secured file.
  - 17. A method as recited in claim 1, wherein said determining (a) determines whether the file being closed is an exact copy of the existing secured file.

18. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
- (a) receiving a request to open the secured file, the request being initiated by a user having user privileges;
  
  (b) computing a first file signature based on at least a portion of the data portion of the secured file;
  
  (c) temporarily storing the first file signature for the secured file;
  
  (d) providing the data portion of the secured file to the user;
  
  (e) subsequently receiving a request to close another file;
  
  (f) computing a second file signature based on at least a portion of the data portion of the another file;
  
  (g) determining whether the first file signature substantially matches the second file signature; and
  
  (h) modifying the header portion of the another file to include at least the access rules of the secured file when said determining (g) determines that the first file signature substantially matches the second file signature, thereby securing the another file.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. A method as recited in claim 18, wherein said method further comprises:
    - (i) encrypting the another file being closed unless already encrypted.
  - 20. A method as recited in claim 18, wherein said computing (b) of the first file signature is computed based on a decrypted version of at least a portion of the data portion of the secured file, and wherein said computing (f) of the second file signature is computed based on a decrypted version of at least a portion of the data portion of the another file.
  - 21. A method as recited in claim 18, wherein following said receiving (a) and prior to said computing (b), said method further comprises:
    - retrieving at least access rules from the header portion of the secured file; and
      
      determining whether the request to access the secured file by the user is permitted based on a comparison of the retrieved access rules with the user privileges.
  - 22. A method as recited in claim 21, wherein operations (b) through (h) are bypassed to deny the user access to the secured file when said determining determines that the user is not permitted access to the secured file.
  - 23. A method as recited in claim 21, wherein said providing (g) provides the data portion of the secured file to the user only when said determining determines that the user is permitted access to the secured file.
  - 24. A method as recited in claim 18, wherein said providing (d) comprises:
    - (d1) decrypting the data portion of the secured file; and
      
      (d2) providing the decrypted data portion of the secured file to the user.
  - 25. A method as recited in claim 18, wherein said storing (c) temporarily stores the first file signature together with at least the access rules of the header portion for the secured file.
  - 26. A method as recited in claim 25, wherein the temporary storage is in a security information table.
  - 27. A method as recited in claim 18, wherein said method further comprises:
    - (i) determining whether the another file is a new file; and
      
      wherein operations (e through (h) are bypassed such that the another file is not secured when said determining (i) determines that the another file is not a new file.
  - 28. A method as recited in claim 27, wherein said determining (i) of whether the another file is a new file operates to determine whether the length of the another file was zero while opened.

29. A method for securing copies of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
- receiving, from a requester, a request to access the secured file;
  
  determining whether the requestor is authorized to access the secured file based on at least the access rules within the header portion of the secured file;
  
  when said determining determines that authorization is permitted, computing a file signature for at least a part of the data portion of the secured file, storing the file signature and at least a portion of the header portion in a security information table, decrypting data in the data portion, and returning the decrypted data to the requestor;
  
  when said determining determines that authorization is not permitted, denying the requester access to the data portion;
  
  determining whether a file being closed is a new file;
  
  when said determining determines that the secured file is a new file, computing a new file signature for at least a part of a data portion of the new file, and comparing the new file signature with file signatures stored in the security information table;
  
  when said comparing indicates that the new file signature matches one of the file signatures in the security information table, securing the new file in the same manner by which the secured file is secured.

30. A computer readable medium including at least computer program code for securing another file derived from of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said computer readable medium comprising:
- computer program code for receiving a request to open the secured file, the request being initiated by a user having user privileges;
  
  computer program code for retrieving at least access rules from the header portion of the secured file;
  
  computer program code for determining whether the request to access the secured file by the user is permitted based on a comparison of the retrieved access rules with the user privileges;
  
  computer program code for providing the data portion of the secured file to the user when it is determined that the user is permitted to access the secured file;
  
  computer program code for computing a first file signature based on at least a portion of the data portion of the secured file;
  
  computer program code for temporarily storing the first file signature for the secured file;
  
  computer program code for subsequently receiving a request to close another file;
  
  computer program code for computing a second file signature based on at least a portion of the data portion of the another file;
  
  computer program code for comparing the second file signature to the first file signature to produce comparison information;
  
  computer program code for determining whether the another file should be secured based on the comparison information; and
  
  computer program code for securing the another file when it is determined that the another file should be secured.
- View Dependent Claims (31, 32, 33)
- - 31. A computer readable medium as recited in claim 30, wherein said computer program code for securing the another file operates to modify the header portion of the another file to include at least the access rules of the secured file.
  - 32. A computer readable medium as recited in claim 31, wherein said computer program code for securing the another file operates to encrypt the another file being closed unless already encrypted.
  - 33. A computer readable medium as recited in claim 31, wherein said computer program code for computing the first file signature does so based on a decrypted version of at least a portion of the data portion of the secured file, and wherein said computer program code for computing the second file signature does so based on a decrypted version of at least a portion of the data portion of the another file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
SecretSeal Inc.
Inventors
Ryan, Nicholas

Granted Patent

US 7,631,184 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2141 Access rights, e.g. capabil...

System and method for imposing security on copies of secured items

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for imposing security on copies of secured items

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links