Method and system for using remote headers to secure electronic files

US 8,707,034 B1
Filed: 05/30/2003
Issued: 04/22/2014
Est. Priority Date: 05/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for restricting access to electronic data in a file, the method comprising:

determining, by a computing device, a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server machine remote from the file and containing at least a portion of security information related to the file;

encrypting, by the computing device, the electronic data using a file key;

encrypting, by the computing device, the file key using a public key associated with the remote header identifier to form an encrypted file key, wherein the encrypted file key is needed to decrypt the electronic data;

forming, by the computing device, a secured file, the secured file including;

a header portion, including at least the remote header identifier and the encrypted file key; and

a data portion, including at least the encrypted electronic data; and

retaining the secured file in place of the file;

wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured file.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved file security system that manages secured files (documents) is disclosed. The file security system provides centralized management and storage of security information that can be referenced by secured files. In other words, a secured file need not itself contain security information that is needed to determine whether access to the secured file is to be permitted. That is, at least a portion of the security information can be remotely stored and accessed by way of an identifier that is provided within the secured file. By centralizing storage of security information, the file security system is able to subsequently modify access criteria for secured files (documents) without having to physically make modifications to the secured files.

681 Citations

28 Claims

1. A method for restricting access to electronic data in a file, the method comprising:
- determining, by a computing device, a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server machine remote from the file and containing at least a portion of security information related to the file;
  
  encrypting, by the computing device, the electronic data using a file key;
  
  encrypting, by the computing device, the file key using a public key associated with the remote header identifier to form an encrypted file key, wherein the encrypted file key is needed to decrypt the electronic data;
  
  forming, by the computing device, a secured file, the secured file including;
  
  a header portion, including at least the remote header identifier and the encrypted file key; and
  
  a data portion, including at least the encrypted electronic data; and
  
  retaining the secured file in place of the file;
  
  wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein the determining the remote header identifier comprises determining the remote header identifier based on a category type associated with the electronic data.
  - 3. The method as recited in claim 1, further comprising, before encrypting the electronic data, generating the file key for the electronic data to be secured.
  - 4. The method as recited in claim 3, wherein the file key is randomly generated for the electronic data to be secured.
  - 5. The method as recited in claim 1, wherein the server machine stores a plurality of remote headers, and wherein at least one of the plurality of remote headers is used by at least one other file other than the secured file.
  - 6. The method as recited in claim 1, wherein the remote header is stored in a database and retrieved via the server machine, and wherein the database is operatively coupled to or is a part of the server machine.
  - 7. The method as recited in claim 1, wherein the security information employs an access rule.
  - 8. The method as recited in claim 1, wherein the security information employs a remote header private key encrypted by a public key.
  - 9. The method of claim 1, wherein the private key is encrypted by a group or user key.

10. A method for accessing a secured electronic file, the method comprising:
- obtaining a remote header identifier from a header portion of the secured electronic file, wherein the remote header identifier comprises a pointer or link to a remote header maintained at a server machine remote from the secured electronic file;
  
  receiving, from the server machine, the remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file, and wherein the server machine is configured to alter the security information in the remote header without changing the secured electronic file;
  
  obtaining an encrypted file key from the header portion of the secured electronic file;
  
  decrypting the encrypted file key using a cipher key associated with the remote header identifier to obtain a file key, wherein the security information comprises the cipher key and access rules indicating one or more user groups entitled to access the secured electronic file and at least one of a location or a time the one or more user groups are entitled to access the secured electronic file; and
  
  decrypting encrypted data within a data portion of the secured electronic file using the file key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method as recited in claim 10, wherein said method operates on a client machine that couples to the server machine over a network.
  - 12. The method as recited in claim 10, wherein the server machine stores a plurality of remote headers, and wherein at least one of the plurality of remote headers is used by at least a second secured electronic file.
  - 13. The method as recited in claim 12, wherein the server machine includes at least a header database that stores the plurality of remote headers.
  - 14. The method as recited in claim 10, wherein said cipher key comprises a private key used to decrypt the encrypted file key to obtain the file key.
  - 15. The method as recited in claim 10, wherein said decrypting the encrypted file key comprises using a key to decrypt a key block within the remote header that encrypts the file key.
  - 16. The method as recited in claim 10, wherein said method is performed by a file security system, wherein the secured electronic file is to be accessed by a requestor, and wherein said method denies the requestor access to the secured electronic file if the requestor is not authenticated by the file security system.
  - 17. The method as recited in claim 16, wherein said method is performed by a client machine of the file security system.

18. A method for restricting access to a document, the method comprising:
- retrieving a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header maintained at a server machine remote from the document, and wherein the remote header contains at least a portion of security information related to the document;
  
  encrypting, using an electronic processor, a data portion of the document using a file key to obtain encrypted data;
  
  encrypting the file key using a public key associated with the remote header identifier to obtain an encrypted file key;
  
  producing a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data; and
  
  retaining the secured document in place of the document;
  
  wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured document.
- View Dependent Claims (19, 20, 21)
- - 19. The method as recited in claim 18, wherein the file key is particular to the document.
  - 20. The method as recited in claim 18, wherein the category for the document is related to a folder in which the document resides.
  - 21. The method as recited in claim 18, wherein the secured document has a header portion and a data portion, and wherein said producing the secured document comprises:
    - integrating the remote header identifier and the encrypted file key to the header portion of the secured document; and
      
      integrating the encrypted data to the data portion of the secured document.

22. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
- instructions to determine a remote header identifier for a file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the file and containing at least a portion of security information related to the file;
  
  instructions to encrypt the electronic data using a file key;
  
  instructions to encrypt the file key using a public key associated with the remote header identifier;
  
  instructions to form a secured file, the secured file including at least a header portion including at least the remote header identifier, the encrypted file key, and a data portion including at least the encrypted electronic data; and
  
  instructions to retain the secured file in place of the file;
  
  wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the secured file and at least one of a location or a time the one or more user groups are entitled to access the secured file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server is configured to alter the security information in the remote header without changing the secured file.

23. An article of manufacture including a non-transitory computer-readable storage medium having instructions stored thereon, that, if executed by a computing device, cause the computing device to perform operations comprising:
- obtaining a remote header identifier from a header portion of a secured electronic file, wherein the remote header identifier comprises a pointer or link to a remote header maintained at a server remote from the secured electronic file;
  
  receiving, from the server, a remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file;
  
  obtaining an encrypted file key from the header portion of the secured electronic file;
  
  decrypting the encrypted file key using a cipher key associated with the remote header identifier to obtain a file key, wherein the security information comprises the cipher key and access rules indicating one or more user groups entitled to access the secured file and at least one of a location or a time the one or more user groups are entitled to access the secured file; and
  
  decrypting encrypted data within a data portion of the secured electronic file using the file key;
  
  wherein the server is configured to alter the security information in the remote header without changing the secured electronic file.

24. A file security system, comprising:
- a header manager configured to restrict access to headers for electronic files protected by said file security system; and
  
  a header database operatively connected to said header manager, said header database configured to store the headers, wherein each of the headers is uniquely associated with an electronic file, is identified by a header identifier, contains at least a portion of security information related to the electronic file, and is maintained at a server remote from the electronic file,wherein upon unsecuring a previously secured file, said file security system retrieves a particular header from said header database via said header manager, the particular header being identified by a particular header identifier provided in the previously secured file, the particular header identifier comprising a pointer or link to the particular header,wherein said file security system is configured to evaluate, using a computing device, whether to permit a requestor to access the previously secured file based on security information contained in the particular header that is identified by the particular header identifier;
  
  wherein the security information comprises a cipher key and access rules indicating one or more user groups entitled to access the previously secured file and at least one of a location or a time the one or more user groups are entitled to access the previously secured file, wherein the cipher key is configured to decrypt an encrypted file key used in securing the previously secured file, and wherein the cipher key is associated with the particular header identifier, and wherein the header manager is configured to alter the security information in the particular header without changing the previously secured file.

25. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
- instructions to retrieve a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the document and contains at least a portion of security information related to the document;
  
  instructions to encrypt, using an electronic processor, a data portion of the document using a file key to obtain encrypted data;
  
  instructions to encrypt the file key using a public key associated with the remote header identifier to obtain an encrypted file key;
  
  instructions to produce a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data; and
  
  instructions to retain the secured document in place of the document, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key;
  
  wherein the server is configured to alter the security information in the remote header without changing the secured document.

26. A system for restricting access to electronic data in a file, the system comprising:
- a computing device;
  
  wherein the computing device is configured to determine a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the file and containing at least a portion of security information related to the file;
  
  wherein the computing device is further configured to encrypt the electronic data using a file key;
  
  wherein the computing device is further configured to encrypt the file key using a public key associated with the remote header identifier;
  
  wherein the computing device is further configured to form a secured file, the secured file including at least a header portion including at least the remote header identifier and the encrypted file key and a data portion including at least the encrypted electronic data;
  
  wherein the computing device is further configured to retain the secured file in place of the file, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key; and
  
  wherein the computing device is further configured to alter the security information in the remote header without changing the secured file.

27. A system for accessing a secured electronic file, the system comprising:
- a computing device;
  
  wherein the computing device is configured to obtain a remote header identifier from a header portion of the secured electronic file, the remote header identifier comprising a pointer or link to a remote header maintained at a server remote from the secured electronic file;
  
  wherein the computing device is further configured to receive, from the server, a remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file;
  
  wherein the computing device is further configured to obtain an encrypted file key from the header portion of the secured electronic file;
  
  wherein the computing device is further configured to decrypt the encrypted file key using a public key associated with the remote header identifier to obtain a file key;
  
  wherein the computing device is further configured to decrypt encrypted data within a data portion of the secured electronic file using the file key, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the secured electronic file and at least one of a location or a time the one or more user groups are entitled to access the secured electronic file, and wherein the private key is used to decrypt the encrypted file key; and
  
  wherein the computing device is further configured to alter the security information in the remote header without changing the secured electronic file.

28. A system for restricting access to a document, the system comprising:
- a computing device;
  
  wherein the computing device is configured to retrieve a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header maintained at a server remote from the document that contains at least a portion of security information related to the document;
  
  wherein the computing device is further configured to encrypt a data portion of the document using a file key to obtain encrypted data;
  
  wherein the computing device is further configured to encrypt the file key using a public key associated with the remote header identifier to obtain an encrypted file key;
  
  wherein the computing device is further configured to produce a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data;
  
  wherein the computing device is further configured to retain the secured document in place of the document, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key; and
  
  wherein the computing device is further configured to alter the security information in the remote header without changing the secured document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Ryan, Nicholas M.
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US10/448,806
Time in Patent Office

3,980 Days
Field of Search

None
US Class Current

713/165
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

H04L 63/0442   wherein the sending and rec...

Method and system for using remote headers to secure electronic files

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

681 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for using remote headers to secure electronic files

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

681 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links