Method and system for using remote headers to secure electronic files
First Claim
1. A method for restricting access to electronic data in a file, the method comprising:
- determining, by a computing device, a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server machine remote from the file and containing at least a portion of security information related to the file;
encrypting, by the computing device, the electronic data using a file key;
encrypting, by the computing device, the file key using a public key associated with the remote header identifier to form an encrypted file key, wherein the encrypted file key is needed to decrypt the electronic data;
forming, by the computing device, a secured file, the secured file including;
a header portion, including at least the remote header identifier and the encrypted file key; and
a data portion, including at least the encrypted electronic data; and
retaining the secured file in place of the file;
wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured file.
4 Assignments
0 Petitions
Accused Products
Abstract
An improved file security system that manages secured files (documents) is disclosed. The file security system provides centralized management and storage of security information that can be referenced by secured files. In other words, a secured file need not itself contain security information that is needed to determine whether access to the secured file is to be permitted. That is, at least a portion of the security information can be remotely stored and accessed by way of an identifier that is provided within the secured file. By centralizing storage of security information, the file security system is able to subsequently modify access criteria for secured files (documents) without having to physically make modifications to the secured files.
681 Citations
28 Claims
-
1. A method for restricting access to electronic data in a file, the method comprising:
-
determining, by a computing device, a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server machine remote from the file and containing at least a portion of security information related to the file; encrypting, by the computing device, the electronic data using a file key; encrypting, by the computing device, the file key using a public key associated with the remote header identifier to form an encrypted file key, wherein the encrypted file key is needed to decrypt the electronic data; forming, by the computing device, a secured file, the secured file including; a header portion, including at least the remote header identifier and the encrypted file key; and a data portion, including at least the encrypted electronic data; and retaining the secured file in place of the file; wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for accessing a secured electronic file, the method comprising:
-
obtaining a remote header identifier from a header portion of the secured electronic file, wherein the remote header identifier comprises a pointer or link to a remote header maintained at a server machine remote from the secured electronic file; receiving, from the server machine, the remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file, and wherein the server machine is configured to alter the security information in the remote header without changing the secured electronic file; obtaining an encrypted file key from the header portion of the secured electronic file; decrypting the encrypted file key using a cipher key associated with the remote header identifier to obtain a file key, wherein the security information comprises the cipher key and access rules indicating one or more user groups entitled to access the secured electronic file and at least one of a location or a time the one or more user groups are entitled to access the secured electronic file; and decrypting encrypted data within a data portion of the secured electronic file using the file key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for restricting access to a document, the method comprising:
-
retrieving a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header maintained at a server machine remote from the document, and wherein the remote header contains at least a portion of security information related to the document; encrypting, using an electronic processor, a data portion of the document using a file key to obtain encrypted data; encrypting the file key using a public key associated with the remote header identifier to obtain an encrypted file key; producing a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data; and retaining the secured document in place of the document; wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key, and wherein the server machine is configured to alter the security information in the remote header without changing the secured document. - View Dependent Claims (19, 20, 21)
-
-
22. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
-
instructions to determine a remote header identifier for a file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the file and containing at least a portion of security information related to the file; instructions to encrypt the electronic data using a file key; instructions to encrypt the file key using a public key associated with the remote header identifier; instructions to form a secured file, the secured file including at least a header portion including at least the remote header identifier, the encrypted file key, and a data portion including at least the encrypted electronic data; and instructions to retain the secured file in place of the file; wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the secured file and at least one of a location or a time the one or more user groups are entitled to access the secured file, and wherein the private key is used to decrypt the encrypted file key, and wherein the server is configured to alter the security information in the remote header without changing the secured file.
-
-
23. An article of manufacture including a non-transitory computer-readable storage medium having instructions stored thereon, that, if executed by a computing device, cause the computing device to perform operations comprising:
-
obtaining a remote header identifier from a header portion of a secured electronic file, wherein the remote header identifier comprises a pointer or link to a remote header maintained at a server remote from the secured electronic file; receiving, from the server, a remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file; obtaining an encrypted file key from the header portion of the secured electronic file; decrypting the encrypted file key using a cipher key associated with the remote header identifier to obtain a file key, wherein the security information comprises the cipher key and access rules indicating one or more user groups entitled to access the secured file and at least one of a location or a time the one or more user groups are entitled to access the secured file; and decrypting encrypted data within a data portion of the secured electronic file using the file key; wherein the server is configured to alter the security information in the remote header without changing the secured electronic file.
-
-
24. A file security system, comprising:
-
a header manager configured to restrict access to headers for electronic files protected by said file security system; and a header database operatively connected to said header manager, said header database configured to store the headers, wherein each of the headers is uniquely associated with an electronic file, is identified by a header identifier, contains at least a portion of security information related to the electronic file, and is maintained at a server remote from the electronic file, wherein upon unsecuring a previously secured file, said file security system retrieves a particular header from said header database via said header manager, the particular header being identified by a particular header identifier provided in the previously secured file, the particular header identifier comprising a pointer or link to the particular header, wherein said file security system is configured to evaluate, using a computing device, whether to permit a requestor to access the previously secured file based on security information contained in the particular header that is identified by the particular header identifier; wherein the security information comprises a cipher key and access rules indicating one or more user groups entitled to access the previously secured file and at least one of a location or a time the one or more user groups are entitled to access the previously secured file, wherein the cipher key is configured to decrypt an encrypted file key used in securing the previously secured file, and wherein the cipher key is associated with the particular header identifier, and wherein the header manager is configured to alter the security information in the particular header without changing the previously secured file.
-
-
25. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
-
instructions to retrieve a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the document and contains at least a portion of security information related to the document; instructions to encrypt, using an electronic processor, a data portion of the document using a file key to obtain encrypted data; instructions to encrypt the file key using a public key associated with the remote header identifier to obtain an encrypted file key; instructions to produce a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data; and instructions to retain the secured document in place of the document, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key; wherein the server is configured to alter the security information in the remote header without changing the secured document.
-
-
26. A system for restricting access to electronic data in a file, the system comprising:
-
a computing device; wherein the computing device is configured to determine a remote header identifier for the file, the remote header identifier comprising a pointer or link to a remote header that is maintained at a server remote from the file and containing at least a portion of security information related to the file; wherein the computing device is further configured to encrypt the electronic data using a file key; wherein the computing device is further configured to encrypt the file key using a public key associated with the remote header identifier; wherein the computing device is further configured to form a secured file, the secured file including at least a header portion including at least the remote header identifier and the encrypted file key and a data portion including at least the encrypted electronic data; wherein the computing device is further configured to retain the secured file in place of the file, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the file and at least one of a location or a time the one or more user groups are entitled to access the file, and wherein the private key is used to decrypt the encrypted file key; and wherein the computing device is further configured to alter the security information in the remote header without changing the secured file.
-
-
27. A system for accessing a secured electronic file, the system comprising:
-
a computing device; wherein the computing device is configured to obtain a remote header identifier from a header portion of the secured electronic file, the remote header identifier comprising a pointer or link to a remote header maintained at a server remote from the secured electronic file; wherein the computing device is further configured to receive, from the server, a remote header that corresponds to the remote header identifier and contains at least a portion of security information related to the secured electronic file, wherein the remote header is uniquely associated with the secured electronic file; wherein the computing device is further configured to obtain an encrypted file key from the header portion of the secured electronic file; wherein the computing device is further configured to decrypt the encrypted file key using a public key associated with the remote header identifier to obtain a file key; wherein the computing device is further configured to decrypt encrypted data within a data portion of the secured electronic file using the file key, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the secured electronic file and at least one of a location or a time the one or more user groups are entitled to access the secured electronic file, and wherein the private key is used to decrypt the encrypted file key; and wherein the computing device is further configured to alter the security information in the remote header without changing the secured electronic file.
-
-
28. A system for restricting access to a document, the system comprising:
-
a computing device; wherein the computing device is configured to retrieve a remote header identifier associated with a category for the document, the remote header identifier comprising a pointer or link to a remote header maintained at a server remote from the document that contains at least a portion of security information related to the document; wherein the computing device is further configured to encrypt a data portion of the document using a file key to obtain encrypted data; wherein the computing device is further configured to encrypt the file key using a public key associated with the remote header identifier to obtain an encrypted file key; wherein the computing device is further configured to produce a secured document, the secured document including at least the remote header identifier, the encrypted file key and the encrypted data; wherein the computing device is further configured to retain the secured document in place of the document, wherein the security information comprises a private key corresponding to the public key and access rules indicating one or more user groups entitled to access the document and at least one of a location or a time the one or more user groups are entitled to access the document, and wherein the private key is used to decrypt the encrypted file key; and wherein the computing device is further configured to alter the security information in the remote header without changing the secured document.
-
Specification