USRE47443EExpiredUtility
Document security system that permits external users to gain access to secured files
Est. expirySep 30, 2022(expired)· nominal 20-yr term from priority
Inventors:Klimenty Vainstein
G06F 21/6209G06F 21/6218
58
PatentIndex Score
0
Cited by
846
References
27
Claims
Abstract
A system includes a server with an access manager configured to restrict access to files of an organization and maintain at least encryption keys for internal and external users and an external access server connected to the server and coupled between the server and a data network. The data network is configured to allow the external users use of the external access server. The external access server is also configured to permit file exchange between the internal users and the external users via the server.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system comprising:
a server comprising an access manager configured to:
restrict access to a file of an organization having an internal user responsive to a request for the file, the file comprising a header portion including an access rule that restricts access to the file, and a content portion encrypted by a file key; and
determine whether a partner relationship exists between the organization and an external partner;
a database coupled to the server and configured to store an encryption key for use between the internal user and an the external partner comprising an external user, wherein the access manager is further configured to encrypt the file key, located within security information of the header portion of the file, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner and deny the request in response to determining that the partner relationship does not existing exist; and
an external access server operatively connected to the server and coupled between the server and a data network, the data network configured to allow the external user use of the external access server, wherein the external access server is configured to permit file exchange between the internal user and the external user via the server.
2. The system of claim 1 , wherein file exchange by between the internal and external users is permitted in response to the internal and external users being members of a common group.
3. The system of claim 1 , wherein the encryption key comprises a public-private key pair, and wherein the access manager is configured to encrypt the security information with the public key.
4. The system of claim 1 , wherein the server further comprises:
a central server; and
a local server operatively connected to the central server.
5. The system of claim 1 , wherein the data network includes at least a part of an Internet.
6. The system of claim 1 , wherein the external user is unaffiliated with the organization comprising the internal user.
7. The system of claim 1 , wherein:
the external user and the internal user are members of a common group; and
the external user is unable to change group membership and is unable to query group membership to determine members of the common group.
8. A method comprising:
maintaining, in a database, an encryption key for use between an organization comprising an internal user and an external partner comprising an external user;
receiving, by a server coupled to the database, a request to access a file, the file comprising a header portion including an access rule that restricts access to the filer and a content portion encrypted by a file key;
determining whether a partner relationship exists between the organization and the external partner;
encrypting the file key, located within security information of the header portion, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner; and
denying the request in response to determining that the partner relationship does not existing exist.
9. The method of claim 8 , further comprising permitting file exchange between the internal user and the external user through an external access server in response to the internal user and the external user being members of a common group.
10. The method of claim 8 , further comprising using a public-private key pair as the encryption key.
11. The method of claim 10 , further comprising:
encrypting the security information file key with the public key.
12. The method of claim 8 , further comprising:
communicating, in response to the security information file key being encrypted, the requested file via a data network.
13. The method of claim 8 , wherein the external user is unaffiliated with the organization comprising the internal user.
14. The method of claim 13 , further comprising:
blocking the external user from changing group membership and querying group membership to determine members of a common group, the common group comprising the internal user and the external user.
15. A computer-readable storage device having instructions stored thereon, execution of which, by a computing device associated with an organization, causes the computing device to perform operations comprising:
maintaining an encryption key for use between the organization comprising an internal user and an external partner comprising an external user;
receiving a request to access a file at the computing device, the file comprising a header portion including an access rule that restricts access to the file and a content portion encrypted by a file key;
determining whether a partner relationship exists between the organization and the external partner;
encrypting the file key, located within security information of the header portion, with the encryption key in response to a determining that the partner relationship existing exists between the organization and the external partner; and
denying the request in response to determining that the partner relationship does not existing exist.
16. The computer-readable storage device of claim 15 , the operations further comprising permitting file exchange between the internal user and the external user through an external access server in response to the internal user and the external user being members of a common group.
17. The computer-readable storage device of claim 15 , further comprising using a public-private key pair as the encryption key.
18. The computer-readable storage device of claim 17 , the operations further comprising:
encrypting the security information file key with the public key.
19. The computer-readable storage device of claim 15 , the operations further comprising:
communicating, in response to the security information file key being encrypted, the requested file via a data network.
20. The computer-readable storage device of claim 15 , wherein the external user is unaffiliated with the organization comprising the internal user.
21. A system comprising:
a server comprising an access manager configured to restrict access to a file of an organization responsive to a request for the file, the file comprising a header portion including an access rule that restricts access to the file, and a content portion encrypted by a file key; a database coupled to the server and configured to store an encryption key associated with an external user, wherein the access manager is further configured to encrypt the file key, located within security information of the header portion of the file, with the encryption key in response to determining that the encryption key associated with the external user is available and deny the request in response to the encryption key not existing; and an external access server operatively connected to the server and coupled between the server and a data network, the data network configured to allow the external user use of the external access server, wherein the external access server is configured to transmit the file to the external user via the data network.
22. The system of claim 21, wherein the encryption key comprises a public-private key pair, and wherein the access manager is configured to encrypt the security information with the public key.
23. The system of claim 21, wherein the server further comprises:
a central server; and a local server operatively connected to the central server.
24. The system of claim 21, wherein the data network includes at least a part of an Internet.
25. The system of claim 21, wherein the external user is unaffiliated with the organization.
26. The system of claim 21, wherein the external user is in a partner relationship with an internal user of the organization.
27. The system of claim 21, wherein the access manager is further configured to:
decrypt the header portion of the file using the encryption key associated with the external user; and evaluate the access rule against an access privilege of the external user to determine whether to permit access to the file.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.