최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0079583 (2011-04-04) |
등록번호 | US-8341406 (2012-12-25) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 1 인용 특허 : 466 |
With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The diffe
With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.
1. A method comprising: receiving, by at least one processing device, a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to
1. A method comprising: receiving, by at least one processing device, a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key;obtaining, by the at least one processing device, the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key; anddecrypting, by at the least one processing device, the header using the user key to produce the file key. 2. The method of claim 1, wherein obtaining the user key from the storage location comprises obtaining the user key from a central server keystore corresponding to a high level of security of the user key. 3. The method of claim 1, wherein obtaining the user key from the storage location comprises obtaining the user key from a local server keystore corresponding to an intermediate level of security of the user key. 4. The method of claim 1, wherein obtaining the user key from the storage location comprises obtaining the user key from a user keystore corresponding to a low level of security of the user key. 5. The method of claim 1, wherein obtaining the user key from the storage location comprises obtaining the user key from the storage location corresponding to a user group associated with the user key. 6. The method of claim 1, wherein obtaining the user key from the storage location comprises obtaining the user key from a persistent storage location that is mutually exclusive from one or more additional persistent storage locations. 7. The method of claim 6, wherein the user key is further available at a non-persistent storage location. 8. The method of claim 1, wherein obtaining the user key from the storage location comprises providing the header to a central server keystore configured to obtain the user key and decrypt the header using the user key. 9. The method of claim 8, further comprising: receiving the file key, decrypted from the header, from the central server keystore. 10. The method of claim 1, further comprising: caching the user key at a local cache. 11. The method of claim 10, further comprising: clearing the local cache after a predetermined duration. 12. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations comprising: receiving a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key;obtaining the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key; and decrypting the header using the user key to produce the file key. 13. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises obtaining the user key from a central server keystore corresponding to a high level of security of the user key. 14. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises obtaining the user key from a local server keystore corresponding to an intermediate level of security of the user key. 15. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises obtaining the user key from a user keystore corresponding to a low level of security of the user key. 16. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises obtaining the user key from the storage location corresponding to a user group associated with the user key. 17. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises obtaining the user key from a persistent storage location that is mutually exclusive from one or more additional persistent storage locations. 18. The computer-readable storage device of claim 17, wherein the user key is further available at a non-persistent storage location. 19. The computer-readable storage device of claim 12, wherein obtaining the user key from the storage location comprises providing the header to a central server keystore configured to obtain the user key and decrypt the header using the user key. 20. The computer-readable storage device of claim 19, the operations further comprising: receiving the file key, decrypted from the header, from the central server keystore. 21. The computer-readable storage device of claim 12, the operations further comprising: caching the user key at a local cache. 22. The computer-readable storage device of claim 21, the operations further comprising: clearing the local cache after a predetermined duration. 23. A system comprising: a memory storing: a receiving module configured to receive a request to access a header of a secured file, wherein the header comprises a file key, at least the header of the secured file is configured to be decrypted by a user key, and a data portion of the secured file is configured to be decrypted by the file key,an obtaining module configured to obtain the user key from a particular storage location that indicates a level of security of the user key, wherein the level of security is defined in a policy based on a degree of access privileges provided by the user key and a requirement that the user key be obtained from the particular storage location based on the level of security of the user key, anda decrypting module configured to decrypt the header using the user key to produce the file key; andone or more processors configured to process the modules. 24. The system of claim 23, wherein obtaining the user key from the storage location comprises obtaining the user key from a central server keystore corresponding to a high level of security of the user key. 25. The system of claim 23, wherein obtaining the user key from the storage location comprises obtaining the user key from a local server keystore corresponding to an intermediate level of security of the user key. 26. The system of claim 23, wherein obtaining the user key from the storage location comprises obtaining the user key from a user keystore corresponding to a low level of security of the user key. 27. The system of claim 23, wherein obtaining the user key from the storage location comprises obtaining the user key from the storage location corresponding to a user group associated with the user key. 28. The system of claim 23, wherein obtaining the user key from the storage location comprises obtaining the user key from a persistent storage location that is mutually exclusive from one or more additional persistent storage locations. 29. The system of claim 28, wherein the user key is further available at a non-persistent storage location. 30. The system of claim 23, wherein obtaining the user key from the storage location comprises providing the header to a central server keystore configured to obtain the user key and decrypt the header using the user key. 31. The system of claim 30, further comprising: a second receiving module configured to receive the file key, decrypted from the header, from the central server keystore. 32. The system of claim 23, further comprising: a caching module configured to cache the user key at a local cache. 33. The system of claim 32, further comprising: a clearing module configured to clear the local cache after a predetermined duration.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.