최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0331083 (2008-12-09) |
등록번호 | US-RE43906 (2013-01-01) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 11 인용 특허 : 423 |
Digital assets are in a secured form that only those with granted access rights can access. Even with the proper access privilege, when a secured file is classified, at least a security clearance key is needed to ensure those who have the right security clearance can ultimately access the contents i
Digital assets are in a secured form that only those with granted access rights can access. Even with the proper access privilege, when a secured file is classified, at least a security clearance key is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, a secured file or secured document includes two parts: a header, and an encrypted data portion. The header includes security information that points to or includes access rules, a protection key and a file key. The access rules facilitate restrictive access to the encrypted data portion and essentially determine who the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion and protected by the protection key. If the contents in the secured file are classified, the file key is jointly protected by the protection key as well as a security clearance key associated with a user attempting to access the secured file.
1. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, a method for securing the electronic data in the format, the method comprising: generating an encrypted data portion by e
1. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, a method for securing the electronic data in the format, the method comprising: generating an encrypted data portion by encrypting the electronic data with a first key according to a predetermined cipher scheme;encrypting the first key with a second key, if the electronic data is not classified;encrypting the first key with the second key together with a clearance key, if the electronic data is classified;encrypting the second key to produce an encrypted version of the second key;applying access rules to protect the encrypted version of the second key; andintegrating a header with the encrypted data portion to produce a secured file, wherein the header includes the encrypted first key, the encrypted second key and the access rules. 2. The method of claim 1, wherein the access rules can be decrypted only with an authenticated user key associated with the user attempting to access the contents of the electronic data. 3. The method of claim 1, wherein the generating of the encrypted data portion comprises: determining a block size of blocks that are used to divide, respectively, the electronic data; andencrypting each of the blocks according to the predetermined cipher scheme. 4. The method of claim 1, wherein the encrypting of the first key with the second key together with the clearance key, if the electronic data is classified, comprises: encrypting the first key with the clearance key to produce an initial encrypted version of the first key; andencrypting the initial encrypted version of the first key with the second key to produce the encrypted version of the first key. 5. The method of claim 1, wherein the clearance key corresponds to a confidential level that determines what classified secured files the clearance key can be used to retrieve the first key. 6. The method of claim 5, wherein the confidential level ranges from most classified to non-classified. 7. The method of claim 5, wherein the clearance key can be used together with the second key, if the access rules have been measured successfully against access privilege of a user attempting to access the contents in the electronic data, to retrieve the first key in the secured file classified at or lower than the confidential level of the clearance key. 8. The method of claim 1, wherein the access rules are expressed in a descriptive language. 9. The method of claim 8, wherein the descriptive language is a markup language. 10. The method of claim 9, wherein the markup language is one of (i) SGML, (ii) HTML, (iii) WML, and (iv) XACML. 11. The method of claim 1, wherein the encrypting of the second key to produce the encrypted version of the second key comprises: obtaining a public user key associated with a user attempting to secure the electronic data; andencrypting the second key using the public user key according to the predeterminepredetermined cipher scheme. 12. The method of claim 1, wherein the encrypted version of the second key can be decrypted with a private user key associated with the user, provides that the private user key has been authenticated. 13. In a system for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, a method for accessing the electronic data, the method comprising: obtaining an authenticated user key associated with a user attempting to access the electronic data;retrieving access rules embedded in the format to determine if thea user has proper access privilege;retrieving a second key if the user is permitted to access the electronic data;if the contents in the electronic data are classified;, obtaining a clearance key associated with the user; using the second key and the clearance key to ultimately retrieve a first key;if the contents in the electronic data are not classified;, using the second key to retrieve the first key; anddecrypting, using the first key, an encryption data portion representing an encrypted version of the electronic data. 14. The method of claim 13, wherein the access rules are also encrypted. 15. The method of claim 14, wherein the retrieving of the access rules embedded in the format to determine if the user has proper access privilege comprises: obtaining an authenticated user key associated with the user attempting to access the electronic data;decrypting the access rules with the authenticated user key; andtesting if access privilege of the user is within the access rules. 16. The method of claim 13, wherein the access rules are expressed in a descriptive language and control who or how the electronic data can be accessed. 17. The method of claim 13, wherein the retrieving of the second key, if the user is permitted to access the electronic data, comprises: obtaining an authenticated user key associated with the user attempting to access the electronic data; anddecrypting the second key that is encrypted with the authenticated user key after it is determined that the user is permitted to access the electronic data. 18. The method of claim 13, wherein the using of the second key and the clearance key to ultimately retrieve the first key comprises obtaining the first key by sequentially using the second key and the clearance key to decrypt an encrypted version of the first key. 19. The method of claim 13, wherein the using of the second key and the clearance key to ultimately retrieve the first key comprises obtaining the first key by sequentially using the clearance key and the second key to decrypt an encrypted version of the first key. 20. The method of claim 13, wherein the method is executed in a client machine from which the user attempts to access the electronic data. 21. A machinenon-transitory computer readable medium having embodied thereon a program, the program being executable by a machine to perform a method for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the method comprising: generating an encrypted data portion by encrypting the electronic data with a first key according to a predetermined cipher scheme;encrypting the first key with a second key, if the electronic data is not classified;encrypting the first key with the second key together with a clearance key, if the electronic data is classified;encrypting the second key to produce an encrypted version of the second key;applying access rules to protect the encrypted version of the second key; andintegrating a header with the encrypted data portion to produce a secured file, wherein the header includes the encrypted first key, the encrypted second key and the access rules. 22. A machinenon-transitory computer readable medium having embodied thereon a program, the program being executable by a machine to perform a method for providing restrictive access to electronic data, wherein the electronic data is structured in a format that controls access to contents in the electronic data, the method comprising: obtaining an authenticated user key associated with a user attempting to access the electronic data;retrieving access rules embedded in the format to determine if thea user has proper access privilege;retrieving a second key if the user is permitted to access the electronic data;if the contents in the electronic data are classified;, obtaining a clearance key associated with the user; using the second key and the clearance key to ultimately retrieve a first key;if the contents in the electronic data are not classified;, using the second key to retrieve a first key; and decrypting, using the first key, an encryption data portion representing an encrypted version of the electronic data. 23. The method of claim 1, wherein the encrypting of the first key with the second key together with the clearance key, if the electronic data is classified, comprises: encrypting the first key with the second key to produce an initial encrypted version of the first key; andencrypting the initial encrypted version of the first key with the clearance key to produce the encrypted version of the first key. 24. A method, comprising: encrypting electronic data with a first key in a computing device;encrypting the first key with a second key, if the electronic data is not classified;encrypting the first key with the second key and a clearance key, if the electronic data is classified;encrypting the second key to produce an encrypted version of the second key; andintegrating a header to include the encrypted first key and the encrypted second key. 25. The method of claim 24, further comprising: applying encrypted access rules to protect the encrypted version of the second key. 26. The method of claim 24, wherein the encrypting electronic data with a first key further comprises: dividing the electronic data into one or more blocks of data; andencrypting each block of data. 27. The method of claim 24, wherein the clearance key corresponds to a security level. 28. The method of claim 24, wherein the encrypting of the second key further comprises: obtaining a public user key associated with a user; andencrypting the second key using the public user key. 29. A method, comprising: determining if a user has proper access privilege to electronic data;retrieving, at a computing device, a second key if the user is permitted to access the electronic data;if contents in the electronic data are classified, obtaining a clearance key associated with the user and using the second key and the clearance key to retrieve a first key;if the contents in the electronic data are not classified, using the second key to retrieve the first key; andusing the first key to decrypt an encrypted data portion representing an encrypted version of the electronic data. 30. The method of claim 29, wherein the determining further comprises: applying access rules to measure the access privilege of the user. 31. The method of claim 29, wherein the clearance key corresponds to a security level. 32. The method of claim 31, further comprising: using the clearance key and the second key to retrieve the first key when the electronic data are classified at or lower than the security level of the clearance key. 33. The method of claim 29, further comprising: decrypting the second key using a private user key associated with the user. 34. A system, comprising: a client module configured to control access to a secured document based on a user key;a store configured to store the secured document that includes a header with a file key and a protection key;a key store configured to store the user key and a clearance key, the clearance key being utilized to access the secured document when the secured document is also classified; anda cipher module configured to perform decrypting of the file key and the protection key, whereinthe client module is configured to determine if a user has access privileges to the secured file using the decrypted user key, and if successful,the cipher module is configured to (1) decrypt the protection key with the user key and decrypt the file key, or (2) decrypt the protection key and the clearance key with the user key and decrypt the file key, if the secured document is also classified. 35. A system, comprising: a processor; anda memory in communication with the processor, the memory for storing a plurality of processing instructions for directing the processor to:encrypt electronic data with a first key;encrypt the first key with a second key, if the electronic data is not classified;encrypt the first key with the second key and a clearance key, if the electronic data is classified;encrypt the second key to produce an encrypted version of the second key; andintegrate a header to include the encrypted first key and the encrypted second key. 36. A non-transitory computer-readable storage medium having computer program code recorded thereon that, as a result of execution by a processor, causes the processor to perform functions comprising: determining if a user has proper access privilege to electronic data;retrieving a second key if the user is permitted to access the electronic data;if the contents in the electronic data are classified, obtaining a clearance key associated with the user and using the second key and the clearance key to retrieve a first key;if the contents in the electronic data are not classified, using the second key to retrieve the first key; andusing the first key to decrypt an encrypted data portion representing an encrypted version of the electronic data. 37. A non-signal computer-readable medium having instructions stored thereon, the instructions comprising: instructions to encrypt electronic data with a first key;instructions to encrypt the first key with a second key, if the electronic data is not classified;instructions to encrypt the first key with the second key and a clearance key, if the electronic data is classified;instructions to encrypt the second key to produce an encrypted version of the second key; andinstructions to integrate a header to include the encrypted first key and the encrypted second key.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.