최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0676474 (2003-09-30) |
등록번호 | US-8127366 (2012-02-28) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 14 인용 특허 : 434 |
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can
Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods.
1. A document security system for restricting access to secured documents, the system comprising: a processor;a policy system configured to enable the processor to store at least one process-driven security policy on a computer readable storage medium, wherein the process-driven security policy incl
1. A document security system for restricting access to secured documents, the system comprising: a processor;a policy system configured to enable the processor to store at least one process-driven security policy on a computer readable storage medium, wherein the process-driven security policy includes a plurality of different states and transition rules, wherein each of the different states is associated with one or more access restrictions, wherein at least one of the different states has distinct access restrictions for secured documents which reside in that state, and wherein the transition rules specify circumstances under which a secured document is to transition from one state to another, wherein the secured document includes at least a security information portion and an encrypted data portion, the security information portion including at least an encrypted file key, wherein the circumstances include the occurrence of internal and external events, wherein the external events originate from outside the policy system and wherein in response to detecting a transition from a previous state of the process-driven security policy for the secured document to a current state, the secured document is modified by decrypting the file key and then re-encrypting the file key, whereby the file key is encrypted differently for the current state than the previous state;wherein the policy system is configured to enable the processor to provide a reference to the process-driven security policy to a client computer, the reference referring to the process-driven security policy and an accessor user list resident on the policy system; andan access manager configured to enable the processor to access the process-driven security policy and determine whether a requestor is permitted to access a secured document based on the policy state associated therewith at the time access is requested, the requestor being listed in the accessor user list, and the corresponding one or more access restrictions thereof for the process-driven security policy. 2. The document security system as recited in claim 1, wherein the one or more access restrictions for the secured document are automatically changed in response to detecting a change in the state of the process-driven security policy for the secured document. 3. The document security system as recited in claim 1, wherein events cause the state of the process-driven security policy for the secured document to automatically transition from one state to another. 4. The document security system as recited in claim 3, wherein the internal events originate from the document security system and wherein external events originate from outside the document security system. 5. The document security system as recited in claim 4, wherein at least one of the external events originates from a document management system. 6. The document security system as recited in claim 1, wherein one or more of the corresponding one or more access restrictions for access to the secured document remain intact when the state of the process-driven security policy for the secured document changes. 7. The document security system as recited in claim 1, wherein events cause the state of the process-driven security policy to automatically transition from one state to another, wherein the process-driven security policy includes at least a first state, a second state, and a third state, and wherein a first event causes transition from the first state to the second state, and a second event causes transition from the second state to a third state. 8. The document security system as recited in claim 1, wherein events cause the state of the process-driven security policy to automatically transition from one state to another, wherein the process-driven security policy includes at least a first state and a second state, and wherein a first event causes transition from the first state to the second state. 9. The document security system as recited in claim 1, wherein the external events originate from a second document security system. 10. The document security system as recited in claim 9, wherein the transition rules are written in XML. 11. The document security system as recited in claim 1, wherein events cause the state of the process-driven security policy for the secured document to transition from a previous state to a current state, and wherein the secured document is modified in response to detecting a transition from the previous state of the process-driven security policy for the secured document to the current state. 12. The document security system as recited in claim 11, wherein the file key is decrypted in order to decrypt the encrypted data portion. 13. The document security system as recited in claim 11, wherein, in response to determining, by the access manager, that access to a secured document is permitted by a requestor, access to the secured document is available at a client machine associated with the requestor. 14. A method for transitioning at least one secured document through a security-policy state machine having a plurality of different states, each of the plurality of different states having distinct access restrictions for secured documents which reside in that state, the method comprising: receiving an event, wherein the event is one of a group of internal and external events, wherein the external events originate from outside the security-policy state machine;determining whether the event causes a state transition for the at least one secured document from a former state to a subsequent different state of the security-policy state machine;automatically transitioning from the former state to the subsequent different state of the security-policy state machine in response to determining that the event causes the state transition, wherein the at least one secured document includes at least a security information portion and an encrypted data portion, the security information portion including at least an encrypted file key, and wherein the transitioning comprises modifying the at least one secured document by decrypting the encrypted file key and then re-encrypting the file key, whereby the file key is encrypted differently for the current state than the former state; andproviding a reference to the security-policy state machine to a client computer, the reference referring to a current state of the security-policy state machine and an accessor user list resident in the security-policy state machine. 15. The method as recited in claim 14, wherein the security-policy state machine implements a process-driven security policy, and wherein each state of the security-policy state machine has different access restrictions. 16. The method as recited in claim 14, wherein each of the states of the security-policy state machine have different access policies. 17. The method as recited in claim 16, wherein the security-policy state machine is provided as part of a document security system, and wherein the different access policies of the security-policy state machine are enforced by the document security system. 18. The method as recited in claim 14, wherein the transitioning comprises modifying the secured document to reflect the subsequent state of the security-policy state machine. 19. The method as recited in claim 14, wherein the transitioning further comprises: retrieving the encrypted file key from the secured document;decrypting the encrypted file key to yield the file key;subsequently encrypting the file key in accordance with the subsequent state of the security-policy state machine; andstoring the secured document, the secured document including at least an encrypted data portion and the subsequently encrypted file key. 20. The method as recited in claim 14, wherein the transitioning further comprises: retrieving the encrypted file key from the secured document;obtaining a private state key associated with the former state of the security-policy state machine;decrypting the encrypted file key using the private file key;obtaining a public state key associated with the subsequent state of the security-policy state machine;subsequently encrypting the file key in accordance with the public state key; andstoring the secured document, the secured document including at least an encrypted data portion and the subsequently encrypted file key. 21. A method for imposing access restrictions on electronic documents, the method comprising: providing at least one process-driven security policy at a server computer, wherein the process-driven security policy is associated with a plurality of different states, and wherein each of the different states has distinct access restrictions for secured documents which reside in that state;providing a reference to the process-driven security policy to a client computer, the reference referring to the process-driven security policy and an accessor user list resident on the server computer;associating the reference to an electronic document;transitioning the process-driven security policy from one state to a current state in response to the occurrence of an event, wherein the event is one of a group of internal and external events, wherein the external events are external to the server computer, wherein the electronic document includes at least a security information portion and an encrypted data portion, the security information portion including at least an encrypted file key, and wherein the transitioning comprises modifying the electronic document by decrypting the encrypted file key and then re-encrypting the file key, whereby the file key is encrypted differently for the current state than the former state; andsubsequently determining at the server computer whether a requestor is permitted to access the electronic document, the access being based on a current state of the process-driven security policy and the requestor being listed in the accessor user list, the current state being informed to the server computer by sending the reference to the server computer. 22. The method as recited in claim 21, wherein the external events originate from a system external to the server computer. 23. The method as recited in claim 22, wherein the transitioning is performed at the server computer. 24. The method as recited in claim 21, wherein the associating associates the reference to a group of documents. 25. The method as recited in claim 21, wherein the method pertains to a group of electronic documents, and wherein all of the electronic documents of the group are always in the same state of the process-driven security policy. 26. The method as recited in claim 21, wherein the determining comprises evaluating the process-driven security policy of an electronic document at the server computer based on at least the security policy restrictions for the current state of the process-driven security policy for the electronic document. 27. A non-transitory computer readable storage medium having instructions stored thereon, the instructions comprising: instructions to detect an occurrence of an event, wherein the event is one of a group of internal and external events;instructions to determine whether the event causes a state transition for at least one secured document from a former state to a subsequent different state of a security-policy state machine having a plurality of different states, each of the plurality of different states having distinct access restrictions for secured documents which reside in that state; andinstructions to automatically transition from the former state to the subsequent different state of the security-policy state machine upon determining that the event causes the state transition, wherein the external events originate from outside the security-policy state machine, and wherein the at least one secured document includes at least a security information portion and an encrypted data portion, the security information portion including at least an encrypted file key, and wherein the transitioning comprises modifying the at least one secured document by decrypting the encrypted file key and then re-encrypting the file key, whereby the file key is encrypted differently for the current state than the former state; andinstructions to provide a reference to the process-driven security policy to a client machine, wherein the reference refers to the process-driven security policy and an accessor user list resident in the security-policy state machine. 28. A non-transitory computer readable storage medium having instructions stored thereon, the instructions comprising: instructions to provide at least one process-driven security policy at a server machine, wherein the process-driven security policy has a plurality of different states and transition rules associated therewith, wherein each of the different states has distinct access restrictions for secured documents which reside in that state, wherein the transition rules specify circumstances under which an electronic document is to transition from one state to another, wherein the circumstances include the occurrence of internal and external events, wherein the external events originate from outside the server machine, and wherein the at least one secured document includes at least a security information portion and an encrypted data portion, the security information portion including at least an encrypted file key, and wherein the transitioning comprises modifying the at least one secured document by decrypting the encrypted file key and then re-encrypting the file key, whereby the file key is encrypted differently for the current state than the former state;instructions to provide a reference to the process-driven security policy to a client machine, wherein the reference refers to the process-driven security policy and an accessor user list resident on the server machine;instructions to associate the reference to an electronic document;instructions to transform the process-driven security policy from one state to a current state; andinstructions to determine at the server computer whether a requestor is permitted to access the electronic document, wherein the access is based on a current state of the process-driven security policy and the requestor being listed in the accessor user list, and wherein the current state is informed to the server computer by sending the reference to the server computer.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.