최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0218010 (2014-03-18) |
등록번호 | US-9129120 (2015-09-08) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 6 인용 특허 : 471 |
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header
In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.
1. A storage device, comprising: a memory device storing a secured file; anda processor device configured to execute modules, the modules comprising:a document securing module configured to: send a file access request from a client device to an access control management module at a server, wherein a
1. A storage device, comprising: a memory device storing a secured file; anda processor device configured to execute modules, the modules comprising:a document securing module configured to: send a file access request from a client device to an access control management module at a server, wherein a user of the client device has been authenticated by the server and the file access request comprises a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, wherein the security information comprises one or more access rules corresponding to the secured file, and subsequently a private key is retrieved by the server to decrypt the encrypted security information from the header to obtain the access rules so as to determine whether the file access request should be granted; anddecrypt the secured file using a file key when a response received from the server includes at least the file key and indicates that the access control management module grants access to the secured file,wherein the processor device is further configured to provide the decrypted file in response to the file access request from the client device. 2. The storage device of claim 1, wherein the document securing module is further configured to send a file access request for each secured file from among a plurality of secured files. 3. The storage device of claim 1, wherein: the response comprises a user key, the storage device further comprising a key management module configured to store the user key; andthe document securing module is further configured to access the stored user key to access a plurality of secured files. 4. The storage device of claim 1, wherein the storage device is integrated within a client computing device operated by the user. 5. The storage device of claim 1, wherein the storage device is located with a computing device that is physically separate from a client computing device operated by the user, and wherein the client computing device is used to cause the file access request. 6. The storage device of claim 1, wherein: the document securing module is further configured to separate a header of the secured file. 7. An access control management module on a computing device, comprising: a key management module configured to store a file key that enables access to a secured file stored in a storage device;a network interface configured to receive a file access request from the storage device to access the secured file, the file access request comprising a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, and wherein the security information comprises one or more access rules corresponding to the secured file;a rules management module configured to retrieve a private key from the key management module to decrypt the encrypted security information from the header to obtain an access rule of the one or more access rules; anda processor device configured to determine whether to permit the file access request based upon the access rule and transmit the determination, wherein the processor device is further configured to execute the key management module and retrieve the file key from the key management module upon determining to permit access,wherein the network interface is further configured to transmit the file key to the storage device. 8. The access control management module of claim 7, wherein: the key management module is further configured to decrypt the encrypted security information from the header. 9. The access control management module of claim 7, wherein the file access request is generated based on a user request from a user to access the secured file stored in a memory of the storage device, the user being previously authenticated on a network connecting the storage device and the access control management module. 10. The access control management module of claim 7, wherein the file access request is generated based on a user request from a user to access the secured file stored in a memory of the storage device, the user not being previously authenticated on a network connecting the storage device and the access control management module. 11. The access control management module of claim 10, further comprising: a database configured to store a user credential and a computing device credential for a computing device from which the user is generating the user request; anda user monitoring module configured to: request authentication information from the user and an address of the computing device;compare the authentication information with the user credential and the address with the computing device credential; andauthenticate the user and the computing device when both comparisons result in matches;wherein the processor device is further configured to execute the user monitoring module, and wherein the user is authenticated before the file access request may be permitted. 12. The access control management module of claim 7, wherein the access rule comprises one or more of a plurality of access levels in a hierarchy, wherein each access level permits a different level of access to secured documents stored in the storage device. 13. A non-transitory computer-readable storage medium having control logic recorded thereon that, when executed by a processor in an access control management module, causes the processor to perform a method, comprising: receiving a file access request from a storage device to access a secured file stored in the storage device, the file access request comprising a header of the secured file, wherein the header comprises encrypted security information associated with the secured file, and wherein the security information comprises one or more access rules corresponding to the secured file;retrieving a private key to decrypt the encrypted security information from the header to obtain an access rule of the access rules;determining whether to permit the file access request based upon the access rule;transmitting the determination to the storage device;retrieving a file key from a key management module, the file key enabling access to the secured file; andtransmitting the file key to the storage device based upon determining to permit the file access request. 14. The non-transitory computer-readable storage medium of claim 13, the method further comprising: permitting access to the secured file when access privileges of a user that caused the file access request permit access to an access level of the access rule, the access rule comprising one or more of a plurality of access levels in a hierarchy, wherein each access level permits a different level of access to secured documents stored in the storage device. 15. The non-transitory computer-readable storage medium of claim 13, the method further comprising: permitting access to the secured file based upon a time of day of the file access request falling within an allowed time period of the access rule. 16. The non-transitory computer-readable storage medium of claim 13, the method further comprising: generating an error message when the access control management module determines that the file access request should be denied; andtransmitting the error message to the storage device. 17. A storage system, comprising: a server configured to send a file access request to a central access control server, wherein a requester associated with the file access request has been authenticated b the access control server and the file access request comprises a header of a secured file, wherein the header comprises encrypted security information associated with the secured file, wherein the security information comprises one or more access rules corresponding to the secured file, and subsequently a private key is retrieved by the access control server to decrypt the encrypted security information from the header to obtain the access rules so as to determine whether the file access request should be granted; anda document securing module, in the server, configured to decrypt the secured file using a file key when a response received from the access control server includes the file key and indicates that the central access control server grants access to the secured file,wherein the server is further configured to provide the decrypted file in response to the file access request. 18. The storage system of claim 17, wherein the server is configured to provide the decrypted file to the requestor. 19. The storage system of claim 17, wherein the requestor comprises a user. 20. The storage system of claim 17, wherein the requestor comprises an application. 21. The storage system of claim 17, wherein the requestor comprises a combination of a user and an application. 22. The storage system of claim 17, wherein: the request comprises a user key, the server further comprising a key management module configured to store the user key; andthe document securing module is further configured to access the stored user key to access a plurality of secured files. 23. The storage system of claim 17, wherein: the document securing module is further configured to separate a header of the secured file.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.