System and method for imposing security on copies of secured items
First Claim
1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
- (a) determining whether a file being closed is a copy of an existing secured file; and
(b) modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when said determining (a) determines that the file being closed is a copy of an existing secured file.
4 Assignments
0 Petitions
Accused Products
Abstract
Improved approaches for securing files that are derived from secured files are disclosed. In general, a secured file can only be accessed by authenticated users with appropriate access rights or privileges. Each secured file is provided with a header portion and a data portion, where the header portion contains, or points to, security information. The security information is used to determine whether access to associated data portions of secured files is permitted. These improved approaches can thus impose security on files that are derived from secured files. In one embodiment, files that are deemed derived from a secured file include files that are copies of the secured file. In another embodiment, files that are deemed derived from a secured file include files having content substantially similar to the content of the secured file.
-
Citations
33 Claims
-
1. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
-
(a) determining whether a file being closed is a copy of an existing secured file; and
(b) modifying a header portion of the file being closed to include at least a part of the header portion for the existing secured file when said determining (a) determines that the file being closed is a copy of an existing secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for securing a copy of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
-
(a) receiving a request to open the secured file, the request being initiated by a user having user privileges;
(b) computing a first file signature based on at least a portion of the data portion of the secured file;
(c) temporarily storing the first file signature for the secured file;
(d) providing the data portion of the secured file to the user;
(e) subsequently receiving a request to close another file;
(f) computing a second file signature based on at least a portion of the data portion of the another file;
(g) determining whether the first file signature substantially matches the second file signature; and
(h) modifying the header portion of the another file to include at least the access rules of the secured file when said determining (g) determines that the first file signature substantially matches the second file signature, thereby securing the another file. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for securing copies of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said method comprising:
-
receiving, from a requester, a request to access the secured file;
determining whether the requestor is authorized to access the secured file based on at least the access rules within the header portion of the secured file;
when said determining determines that authorization is permitted, computing a file signature for at least a part of the data portion of the secured file, storing the file signature and at least a portion of the header portion in a security information table, decrypting data in the data portion, and returning the decrypted data to the requestor;
when said determining determines that authorization is not permitted, denying the requester access to the data portion;
determining whether a file being closed is a new file;
when said determining determines that the secured file is a new file, computing a new file signature for at least a part of a data portion of the new file, and comparing the new file signature with file signatures stored in the security information table;
when said comparing indicates that the new file signature matches one of the file signatures in the security information table, securing the new file in the same manner by which the secured file is secured.
-
-
30. A computer readable medium including at least computer program code for securing another file derived from of a secured file, the secured file having a header portion and a data portion, the header portion including at least access rules, and the data portion including at least data of the secured file, said computer readable medium comprising:
-
computer program code for receiving a request to open the secured file, the request being initiated by a user having user privileges;
computer program code for retrieving at least access rules from the header portion of the secured file;
computer program code for determining whether the request to access the secured file by the user is permitted based on a comparison of the retrieved access rules with the user privileges;
computer program code for providing the data portion of the secured file to the user when it is determined that the user is permitted to access the secured file;
computer program code for computing a first file signature based on at least a portion of the data portion of the secured file;
computer program code for temporarily storing the first file signature for the secured file;
computer program code for subsequently receiving a request to close another file;
computer program code for computing a second file signature based on at least a portion of the data portion of the another file;
computer program code for comparing the second file signature to the first file signature to produce comparison information;
computer program code for determining whether the another file should be secured based on the comparison information; and
computer program code for securing the another file when it is determined that the another file should be secured. - View Dependent Claims (31, 32, 33)
-
Specification