IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0677049
(2003-09-30)
|
등록번호 |
US-7703140
(2010-05-20)
|
발명자
/ 주소 |
- Nath, Satyajit
- Vainstein, Klimenty
- Ouye, Michael Michio
|
출원인 / 주소 |
- Guardian Data Storage, LLC
|
대리인 / 주소 |
Sterne, Kessler, Goldstein & Fox PPLC
|
인용정보 |
피인용 횟수 :
48 인용 특허 :
315 |
초록
▼
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy.
대표청구항
▼
What is claimed is: 1. A method for limiting access to an electronic document, comprising: associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restricti
What is claimed is: 1. A method for limiting access to an electronic document, comprising: associating, by one or more computing devices, a classifier with a first state of a process-driven security policy having a plurality of states, with different states having different sets of access restrictions; associating, by the one or more computing devices, an identifier representing a user or a group of users with the first state of the process-driven security policy; associating, by the one or more computing devices, the electronic document with at least the first state of the process-driven security policy having a set of access restrictions on the electronic document; limiting access to the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. 2. The method as recited in claim 1, wherein the identifier is a user ID or a group ID. 3. The method as recited in claim 1, wherein the process-driven security policy is provided as part of a document security system. 4. The method as recited in claim 1, wherein said method further comprises: creating the electronic document; and assigning the identifier to the created electronic document. 5. The method as recited in claim 1, wherein the process-driven security policy is provided as part of a document security system, and wherein said method further comprises: creating a plurality of electronic documents; and assigning the identifier and the classifier to the created electronic documents associated with the first state. 6. The method of claim 1, wherein the event occurs at or is received at a client machine. 7. The method as recited in claim 1, wherein the event is a user-triggered event. 8. A method for imposing access restrictions on an electronic document, comprising: associating, by one or more computing devices, an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions; imposing the set of access restrictions associated with the first state on the electronic document by encrypting, by the one or more computing devices, at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing, by the one or more computing devices, the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. 9. The method as recited in claim 8, wherein the event is a user-triggered event. 10. The method as recited in claim 8, wherein the event occurs at or is received at the client machine. 11. The method as recited in claim 8, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document. 12. The method as recited in claim 8, wherein said method is performed on a plurality of documents on a document-by-document basis. 13. The method as recited in claim 8, wherein at the client machine, a plurality of electronic documents is in one of the states of the process-driven security policy. 14. A tangible computer-readable medium having stored thereon computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method for imposing access restrictions on an electronic document, the method comprising: associating an electronic document with at least a first state of a plurality of states of a process-driven security policy, the first state associated with a classifier and with an identifier representing a user or a group of users, with different states having different set of access restrictions; imposing the set of access restrictions associated with the first state on the electronic document by encrypting at least a portion of the electronic document using a group key corresponding to the identifier and a state key corresponding to the classifier and requiring at least both the group key and the state key to decrypt at least the portion of the electronic document; and changing the state of the process-driven security policy for the electronic document automatically without user or administrator interaction from the first state to a second state in response to an internal or external system event, wherein the changed state is based on a transition rule associated with the event. 15. The tangible computer-readable medium as recited in claim 14, wherein the event is a user-triggered event. 16. The tangible computer-readable medium as recited in claim 14, wherein the event occurs at or is received at the client machine. 17. The tangible computer-readable medium as recited in claim 14, wherein the electronic document includes security information, and the security information includes at least an indication of the state of the process-driven security policy for the electronic document. 18. The tangible computer-readable medium as recited in claim 14, wherein the process-driven security policy is imposed on a plurality of documents on a document-by-document basis. 19. The tangible computer-readable medium as recited in claim 14, wherein at the client machine, a plurality of electronic documents is in one of the states of the process-driven security policy.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.