최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0301311 (2011-11-21) |
등록번호 | US-8918839 (2014-12-23) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 7 인용 특허 : 469 |
A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user's current location. Upon detecting tha
A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user's current location. Upon detecting that a user has moved to a new location, the local server for the new location can be reconfigured to add support for the user, while simultaneously, the local server for the previous location is reconfigured to remove support for the user. As a result, security is enhanced while the access management can be efficiently carried out to ensure that only one access from the user is permitted at any time across an entire organization, regardless of how many locations the organization has or what access privileges the user may be granted.
1. A method for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, comprising: selecting, by one or more computing devices, one of the individually encrypted sub-headers based on a correspondence of a user or group iden
1. A method for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, comprising: selecting, by one or more computing devices, one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs; andaccessing the sub-header, by the one or more computing devices, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers. 2. The method of claim 1, wherein the secured item is a file. 3. The method of claim 1, wherein a designated application accesses the secured item identically to a corresponding non-secured item. 4. The method of claim 1, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents. 5. The method of claim 1, farther comprising: obtaining one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; anddecrypting the encrypted sub-header with the user key. 6. The method of claim 5, wherein the user key is a symmetric cipher key. 7. The method of claim 5, wherein the user key is an asymmetric cipher key. 8. The method of claim 1, wherein the access rules in the sub-headers restrict access to the encrypted data portion. 9. The method of claim 1, wherein the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups. 10. The method of claim 1, further comprising obtaining, from the one or more computing devices, an access privilege associated with the user or the group to which the user belongs. 11. The method of claim 1, further comprising determining whether the user or the group to which the user belongs is permitted to gain access to the encrypted data portion based on the access rules. 12. The method of claim 1, further comprising: comparing an access privilege associated with the user or the group to which the user belongs to the access rules;determining that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; anddetermining that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match. 13. The method of claim 1, further comprising decrypting the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the sub-header associated with the user or the group to which the user belongs links to or contains the file key. 14. The method of claim 13, wherein the file key is a symmetric cipher key. 15. The method of claim 13, wherein the file key is an asymmetric cipher key. 16. The method of claim 1, wherein the access rules are expressed in a markup language. 17. The method of claim 16, wherein the markup language is Extensible Access Control Markup Language. 18. The method of claim 16, wherein the markup language includes one or more of HTML, XML, or SGML. 19. The method of claim 1, wherein the user is a human user, software agent, or device. 20. A computer-readable storage device having computer-executable instructions stored thereon for accessing a secured item including a header comprising a group of individually encrypted sub-headers and an encrypted data portion, execution of which, by a computing device, causes the computing device to perform operations comprising: selecting one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs; andaccessing the sub-header, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers. 21. The computer-readable storage device of claim 20, wherein the secured item is a file. 22. The computer-readable storage device of claim 20, wherein a designated application accesses the secured item identically to a corresponding non-secured item. 23. The computer-readable storage device of claim 20, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents. 24. The computer-readable storage device of claim 20, further comprising: obtaining one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; anddecrypting the encrypted sub-header with the user key. 25. The computer-readable storage device of claim 24, wherein the user key is a symmetric cipher key. 26. The computer-readable storage device of claim 24, wherein the user key is an asymmetric cipher key. 27. The computer-readable storage device of claim 20, wherein the access rules in the sub-headers restrict access to the encrypted data portion. 28. The computer-readable storage device of claim 20, wherein the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups. 29. The computer-readable storage device of claim 20, farther comprising obtaining an access privilege associated with the user or the group to which the user belongs. 30. The computer-readable storage device of claim 20, further comprising determining whether the user or the group to which the user belongs is permitted to gain access to the encrypted data portion based on the access rules. 31. The computer-readable storage device of claim 20, further comprising: comparing an access privilege associated with the user or the group to which the user belongs to the access rules;determining that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; anddetermining that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match. 32. The computer-readable storage device of claim 20, further comprising decrypting the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the sub-header associated, with the user or the group to which the user belongs links to or contains the file key. 33. The computer-readable storage device of claim 32, wherein the file key is a symmetric cipher key. 34. The computer-readable storage device of claim 32, wherein the file key is an asymmetric cipher key. 35. The computer-readable storage device of claim 20, wherein the access rules are expressed in a markup language. 36. The computer-readable storage device of claim 35, wherein the markup language is Extensible Access Control Markup Language. 37. The computer-readable storage device of claim 35, wherein the markup language includes one or more of HTML, XML, or SGML. 38. The computer-readable storage device of claim 20, wherein the user is a human user, software agent, or device. 39. A system for accessing a secured item including a header comp sing a group of individually encrypted sub-headers and an encrypted data portion, said system comprising: a memory configured to store modules comprising: a selecting module configured to select one of the individually encrypted sub-headers based on a correspondence of a user or group identifier associated with the sub-header to a user or to a group to which the user belongs, andan accessing module configured to access the sub-header, wherein the sub-header comprises access rules applicable to the user or to the group to which the user belongs for the secured item and a file key for accessing the encrypted data portion,wherein others of the individually encrypted sub-headers correspond to other users or groups and comprise access rules applicable to the other users or groups and the file key, and wherein the access rules for the sub-header are encrypted separate from the access rules of the others of the individually encrypted sub-headers; andone or more processors configured to process the modules. 40. The system as recited in claim 39, wherein the secured item is a file. 41. The system as recited in claim 39, wherein a designated application accesses the secured item identically to a corresponding non-secured item. 42. The system as recited in claim 39, wherein the encrypted data portion contains one or more of an electronic document, a multimedia file, dynamic or static data, executable code, an image file, streaming audio, streaming video, audio files, databases, database tables, database table records, collections of electronic files, or collections of electronic documents. 43. The system as recited in claim 39, wherein the accessing module is further configured to: obtain one of a plurality of user keys based on the correspondence of the user or group identifier associated with the sub-header to the user key; anddecrypt the encrypted sub-header with the user key. 44. The system as recited in claim 43, wherein the user key is a symmetric cipher key. 45. The system as recited in claim 43, wherein the user key is an asymmetric cipher key. 46. The system as recited in claim 39, wherein the access rules in the subheaders restrict access to the encrypted data portion. 47. The system as recited in claim 39, wherein, the access rules applicable to the user or to the group to which the user belongs are applied independent of the access rules applicable to other users or groups. 48. The system as recited in claim 39, the accessing module further configured to obtain an access privilege associated with the user or the group to which the user belongs. 49. The system as recited in claim 39, further comprising a determining module configured to determine whether the user or the group to which the user belongs is permitted gain access to the encrypted data portion based on the access rules. 50. The system as recited in claim 39, further comprising a determining module configured to: compare an access privilege associated with the user or the group to which the user belongs to the access rules;determine that the user or the group is permitted to gain access to the encrypted data portion based on the comparing resulting in a match; anddetermine that the user or the group is not permitted to gain access to the encrypted data portion based on the comparing not resulting in a match. 51. The system as recited in claim 39, the accessing module further configured to decrypt the encrypted data portion with the file key when the user or the group to which the user belongs is permitted to gain access to the encrypted data portion, wherein the subheader associated with the user or the group to which the user belongs links to or contains the file key. 52. The system as recited in claim 51, wherein the file key is a symmetric cipher key. 53. The system as recited in claim 51, wherein the file key is an asymmetric cipher key. 54. The system as recited in claim 39, wherein the access rules are expressed in a markup language. 55. The system as recited in claim 54, wherein the markup language is Extensible Access Control Markup Language. 56. The system as recited in claim 54, wherein the markup language includes one or more of HTML, XML, or SGML. 57. The system as recited in claim 39, wherein the user is a human user, software agent, or device.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.