CA2165649C - File encryption scheme - Google Patents
File encryption schemeInfo
- Publication number
- CA2165649C CA2165649C CA002165649A CA2165649A CA2165649C CA 2165649 C CA2165649 C CA 2165649C CA 002165649 A CA002165649 A CA 002165649A CA 2165649 A CA2165649 A CA 2165649A CA 2165649 C CA2165649 C CA 2165649C
- Authority
- CA
- Canada
- Prior art keywords
- file
- data
- encrypted
- computer
- storage device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
Abstract
A computer data storage system that includes a data storage device, and a processor for encrypting file data to produce encrypted file data and writing the encrypted file data to a computer file on the data storage device, wherein the computer file includes a file information header that contains information indicating that the computer file contains encrypted file data.
Description
._ , FILE ENCRYPTION SCHEME
BACKGROUND OF THE INVENTION
The disclosed invention is generally directed to computer security systems,- and more particularly to a computer system that wherein files stored on a data storage device are individually encrypted.
There is a recognized need for computer security such that confidential information stored in a computer system can be accessed only by authorized users. A commonly utilized element of computer security is encryption whereby information is encrypted in accordance with a predetermined "key" and decryption requires knowledge of the key. For example, a computer disk drive can be encrypted to make access to the information contained on the drive more difficult. Similarly, data communicated between computer systems can be encrypted so that the communication would be more difficult to understand if intercepted.
A consideration with known techniques of encryption at the level of a data storage device such as a disk drive, however, is the need to decrypt the entire contents of the data storage device, for example, as part of a startup process, so as to enable access to the contents of the data storage device, which would be time consuming and moreover would leave all of the contents of the data storage device unprotected. Also, the entire contents of the data storage device would have to be encrypted as part of a shutdown '~ ~'1~
process, which would also be time consuming. Moreover, encryption of a data storage device is typically done with a single key, and thus the entire contents of a data storage device would be vulnerable if the encryption key became known to unauthorized users.
A consideration with known techniques of encryption at the communication level includes degraded performance due to the need for encryption of the information to be transmitted. Further, to the extent that the received information is to be stored on an encrypted data storage device, all of the information stored on the device including the received information would have to be encrypted, after the contents of the data storage device and the received information are initially decrypted.
SUMMARY OF THE INVENTION
An object of an aspect of the invention is to provide a secure computer system that allows for encryption and decryption of less that the entire contents of a data storage device.
An object of an aspect of the invention is to provide a secure computer system that does not require a separate encryption process to transfer encrypted information to another computer system.
Other aspects of this invention are as follows:
A computer data storage system comprising:
a data storage device;
means for encrypting file data to produce encrypted file data;
means for writing said encrypted file data to a computer file on said data storage device, wherein said computer file includes a non-encrypted file information header that contains a pointer to an encryption key for said encrypted file data; and means for reading and decrypting said encrypted file data.
A method for storing data on a computer data storage device, comprising the steps of:
A
2a writing to the computer data storage device a file information header for a computer file on the computer data storage device, wherein the file information header contains a non-encrypted pointer to an encryption key;
encrypting file data to be stored in the computer file to produce encrypted file data;
writing the encrypted file data to the computer file;
reading the file information header and obtaining the encryption key;
reading the encrypted file data of the computer file; and decrypting the encrypted file data read from the computer file.
~~~~s~~
BRIEF DESCRIPTION OF THE DRAWINGS
The advantages and features of the disclosed invention will readily be appreciated by persons skilled in the art from the following detailed description when read in conjunction with the drawing wherein:
FIG. 1 is a schematic block diagram of a computer system in which file encryption in accordance with the invention can be implemented.
FIG. 2 is a schematic depiction of the logical organi-zation of an encrypted computer file in accordance with the invention.
FIG. 3 is a simplified flow diagram that schematically depicts the logic flow of an illustrative example of file encryption in accordance with the invention.
DETAILED DESCRIPTION OF THE DISCLOSURE
In the following detailed description and in the several figures of the drawing, like elements are identi-fied with like reference numerals.
Referring now to FIG. 1, schematically depicted therein by way of illustrative example is an overall block diagram of a computer hardware system in which file encryp-tion in the invention can be implemented. The system includes a central processor unit 11 which performs general digital operations for the computer system and a primary storage memory 13 which stores data and programs including processes which when executed by the central processor unit 11 implement file encryption in accordance with the inven-tion. By way of illustrative example, the primary storage memory 13 can include in accordance with conventional techniques random access memory as well as read only memory. The computer system further includes peripheral devices 15 such as a display 15a, a keyboard 15b, a data storage device 15c, a printer 15d, and a modem 15e. A data bus 17 provides for communication between the processor, the primary storage memory, and the peripheral devices.
In accordance with the invention, a computer file is stored on the data storage device 15c in encrypted form wherein encryption is performed at the file level such that encryption and decryption are performed on a file by file basis. As schematically illustrated in FIG. 2, an encrypt ed computer file is stored in a logical form of encrypted file data 51 (e. g., programs and user data) and a non-encrypted file header 53. By way of illustrative example, the file header 53 includes file control information such as operating system type 55.and a pointer 57 that points to the encryption key for the encrypted file data or one or more other pointers to the encryption key for the encrypted file data. The file data 51 contains user information such as a program or data, and can also contain further control information such as security access control labels.
Referring now to FIG. 3, set forth therein is a schematic flow diagram of the logic flow of an illustrative example of a file encryption procedure in accordance with the invention. The procedure of FIG. 3 is implemented by execution of one or more appropriately configured programs by the central processor unit 11 of FIG. 1. At 111 an application program makes a file operation call to the operating system utilized in the computer system of FIG. 1, and at 113 the file operation call is intercepted. A file operation call is typically a call to an operating system routine that performs a conventional file operation such as create, open, read, write, and close. Techniques for interception of operating system calls are well known in the art, and the particular nature of the intercept mecha-nism will depend on the particular operating system with which the invention is implemented, and can involve, for example, redirecting file operation calls to routines of ~~~5~~~
the invention. At 115 a determination is made as to whether the intercepted file operation call is a create file call. If yes, at 117 a computer file is created conventionally, for example, by calling or invoking the 5 normal create file routine that performs the operations involved in creating a file such as allocating data blocks, updating the operating system file control information, and inserting records into an appropriate directory or catalog that is conventionally utilized in operating systems to identify files stored on a data storage device and the data blocks allocated to the files. At 119, a file information header for the file is written on the data storage device in the data blocks allocated for the file, and at 121 control returns to the calling application program.
As used herein the term "normal" in the context of a file operation routine refers to a standard or built-in routine contained in a computer operating system for performing operations associated with or requested by a file operation call.
If the determination at 115 is no, at 123 a determina-tion is made as to whether the application program making the intercepted file operation call is exempt from the need to decrypt the file that is the subject of the intercepted file operation call. For example, a file copy program or a file transfer program can operate on files without decryption. Further examples of exempt applications would include electronic mail applications, back-up applications, and an application that implements the subject invention.
If the determination at 123 is yes, at 125 a call is made to the normal file operation routine that would have been called if the intercepted file operation call had not been intercepted.
If the determination at 123 is no, at 127 the file information header for the file that is the subject of the intercepted file operation call is read. At 129 a determi nation is made as to whether the intercepted file operation call is a write to file. If yes, at 131 the file data to be stored is encrypted to form encrypted file data, and the encrypted file data is written to the data storage device.
As described earlier, such file data can include file control labels as well as user data such as a program or data. The encryption and write operations are performed, for example, by encrypting the file data one portion at a time, buffering each encrypted file data portion in a file buffer, which can be contained in the memory 13 of FIG. 1, and calling the normal write to file routine to write the buffered encrypted file data portion to the data storage device.
If the determination at 129 is no, at 133 a determina tion is made as to whether the intercepted file operation call is a read. If yes, at 129 the file that is the subject of the intercepted file operation call is read and decrypted. The reading and decryption of the file can be achieved, for example, by calling the normal read file routine to read the encrypted file data into a file buffer, which can be contained in the memory 13 of FIG. 1, and then decrypting the buffered encrypted file data to produce decrypted file data. In accordance with conventional techniques, the encrypted file data is read into the file buffer one portion at a time, wherein the portion read is of a fixed size. The buffered encrypted data is then decrypted and copied to a destination location in the memory 13, and the next portion of the encrypted file data is read into the file buffer. After all of the encrypted file data has been read and decrypted, at 121 control returns to the application program that made the intercept-ed file operation call.
If the determination at 133 is no, control is trans-ferred to the normal file operation routine that would have been called had the intercepted file operation call not been intercepted.
The foregoing procedure essentially intercepts each file operation call and determines whether operations related to encryption and decryption of a file that is the subject of the file operation call are required. If not, the normal file operation routine that would have been invoked by the intercepted file operation call is invoked.
If operations related to encryption and decryption are required, the procedure of the invention performs such operations which include encrypting file to be written to the data storage device, invoking the normal file operation routine to write encrypted file data to the data storage device, invoking the normal file routine to read the encrypted file data from the data storage device, and decrypting the encrypted file data read from the data storage device.
While the foregoing illustrative example of the invention is based on encrypting all files stored on an operating system, it should be appreciated that encrypted and non-encrypted files can be mixed, in which case the procedure of FIG. 3 would be modified to include checking for whether a file to be created is to be encrypted. If not, the normal create file routine is called, and a file information header is not written for the file. Also, as to file operations involving an existing file, a determina-tion is made as to whether the existing file is encrypted, which can be determined, for example, from a catalog or directory record if a provision is made to include encryp-tion status in the catalog or directory record, or alterna-tively, the file can be read to determine whether it includes a file information header as described above relative to FIG. 1. If the existing file is not encrypted, the normal file operation is invoked by a call to the file operation routine that would have been called had the intercepted file operation call not been intercepted.
Effectively, all file operation requests are inter cepted, and procedures necessary to achieve file encryption and decryption are inserted between the file operations calls and the file operation routines that would normally be called by the intercepted file operation calls. Such inserted procedures, for example, generate the data re-quired for the file information header and then call to the normal write to file routine to write the file information header on the data storage device. Further, the inserted procedures generate the encrypted file data that is to be written on the data storage device, and then invoke the normal write to file routine to write the encrypted file data on the data storage device. For read purposes the inserted procedures invoke the normal read file routine to read the encrypted file data from the data storage device, and then decrypt the encrypted file data that has been read. The encryption and decryption procedures are trans-parent to the calling application program since the appli-cation program makes normal file operation calls and receives normal responses thereto.
The foregoing has been a disclosure of a computer file encryption scheme that encrypts files on a file by file basis, which advantageously allows files to be individually encrypted and decrypted without the need to encrypt and decrypt the entire contents of a data storage device, and without intervention by the user. The encryption scheme of the invention allows different files on the same storage device to have different encryption keys, which provides for increased security and reduces the amount of informa-tion that becomes vulnerable should an encryption key become inappropriately known. Also, only selected computer files are decrypted at any given time, which maintains the security of the remaining files.
Although the foregoing has been a description and illustration of specific embodiments of the invention, various modifications and changes thereto can be made by persons skilled in the art without departing from the scope and spirit of the invention as defined by the following claims.
BACKGROUND OF THE INVENTION
The disclosed invention is generally directed to computer security systems,- and more particularly to a computer system that wherein files stored on a data storage device are individually encrypted.
There is a recognized need for computer security such that confidential information stored in a computer system can be accessed only by authorized users. A commonly utilized element of computer security is encryption whereby information is encrypted in accordance with a predetermined "key" and decryption requires knowledge of the key. For example, a computer disk drive can be encrypted to make access to the information contained on the drive more difficult. Similarly, data communicated between computer systems can be encrypted so that the communication would be more difficult to understand if intercepted.
A consideration with known techniques of encryption at the level of a data storage device such as a disk drive, however, is the need to decrypt the entire contents of the data storage device, for example, as part of a startup process, so as to enable access to the contents of the data storage device, which would be time consuming and moreover would leave all of the contents of the data storage device unprotected. Also, the entire contents of the data storage device would have to be encrypted as part of a shutdown '~ ~'1~
process, which would also be time consuming. Moreover, encryption of a data storage device is typically done with a single key, and thus the entire contents of a data storage device would be vulnerable if the encryption key became known to unauthorized users.
A consideration with known techniques of encryption at the communication level includes degraded performance due to the need for encryption of the information to be transmitted. Further, to the extent that the received information is to be stored on an encrypted data storage device, all of the information stored on the device including the received information would have to be encrypted, after the contents of the data storage device and the received information are initially decrypted.
SUMMARY OF THE INVENTION
An object of an aspect of the invention is to provide a secure computer system that allows for encryption and decryption of less that the entire contents of a data storage device.
An object of an aspect of the invention is to provide a secure computer system that does not require a separate encryption process to transfer encrypted information to another computer system.
Other aspects of this invention are as follows:
A computer data storage system comprising:
a data storage device;
means for encrypting file data to produce encrypted file data;
means for writing said encrypted file data to a computer file on said data storage device, wherein said computer file includes a non-encrypted file information header that contains a pointer to an encryption key for said encrypted file data; and means for reading and decrypting said encrypted file data.
A method for storing data on a computer data storage device, comprising the steps of:
A
2a writing to the computer data storage device a file information header for a computer file on the computer data storage device, wherein the file information header contains a non-encrypted pointer to an encryption key;
encrypting file data to be stored in the computer file to produce encrypted file data;
writing the encrypted file data to the computer file;
reading the file information header and obtaining the encryption key;
reading the encrypted file data of the computer file; and decrypting the encrypted file data read from the computer file.
~~~~s~~
BRIEF DESCRIPTION OF THE DRAWINGS
The advantages and features of the disclosed invention will readily be appreciated by persons skilled in the art from the following detailed description when read in conjunction with the drawing wherein:
FIG. 1 is a schematic block diagram of a computer system in which file encryption in accordance with the invention can be implemented.
FIG. 2 is a schematic depiction of the logical organi-zation of an encrypted computer file in accordance with the invention.
FIG. 3 is a simplified flow diagram that schematically depicts the logic flow of an illustrative example of file encryption in accordance with the invention.
DETAILED DESCRIPTION OF THE DISCLOSURE
In the following detailed description and in the several figures of the drawing, like elements are identi-fied with like reference numerals.
Referring now to FIG. 1, schematically depicted therein by way of illustrative example is an overall block diagram of a computer hardware system in which file encryp-tion in the invention can be implemented. The system includes a central processor unit 11 which performs general digital operations for the computer system and a primary storage memory 13 which stores data and programs including processes which when executed by the central processor unit 11 implement file encryption in accordance with the inven-tion. By way of illustrative example, the primary storage memory 13 can include in accordance with conventional techniques random access memory as well as read only memory. The computer system further includes peripheral devices 15 such as a display 15a, a keyboard 15b, a data storage device 15c, a printer 15d, and a modem 15e. A data bus 17 provides for communication between the processor, the primary storage memory, and the peripheral devices.
In accordance with the invention, a computer file is stored on the data storage device 15c in encrypted form wherein encryption is performed at the file level such that encryption and decryption are performed on a file by file basis. As schematically illustrated in FIG. 2, an encrypt ed computer file is stored in a logical form of encrypted file data 51 (e. g., programs and user data) and a non-encrypted file header 53. By way of illustrative example, the file header 53 includes file control information such as operating system type 55.and a pointer 57 that points to the encryption key for the encrypted file data or one or more other pointers to the encryption key for the encrypted file data. The file data 51 contains user information such as a program or data, and can also contain further control information such as security access control labels.
Referring now to FIG. 3, set forth therein is a schematic flow diagram of the logic flow of an illustrative example of a file encryption procedure in accordance with the invention. The procedure of FIG. 3 is implemented by execution of one or more appropriately configured programs by the central processor unit 11 of FIG. 1. At 111 an application program makes a file operation call to the operating system utilized in the computer system of FIG. 1, and at 113 the file operation call is intercepted. A file operation call is typically a call to an operating system routine that performs a conventional file operation such as create, open, read, write, and close. Techniques for interception of operating system calls are well known in the art, and the particular nature of the intercept mecha-nism will depend on the particular operating system with which the invention is implemented, and can involve, for example, redirecting file operation calls to routines of ~~~5~~~
the invention. At 115 a determination is made as to whether the intercepted file operation call is a create file call. If yes, at 117 a computer file is created conventionally, for example, by calling or invoking the 5 normal create file routine that performs the operations involved in creating a file such as allocating data blocks, updating the operating system file control information, and inserting records into an appropriate directory or catalog that is conventionally utilized in operating systems to identify files stored on a data storage device and the data blocks allocated to the files. At 119, a file information header for the file is written on the data storage device in the data blocks allocated for the file, and at 121 control returns to the calling application program.
As used herein the term "normal" in the context of a file operation routine refers to a standard or built-in routine contained in a computer operating system for performing operations associated with or requested by a file operation call.
If the determination at 115 is no, at 123 a determina-tion is made as to whether the application program making the intercepted file operation call is exempt from the need to decrypt the file that is the subject of the intercepted file operation call. For example, a file copy program or a file transfer program can operate on files without decryption. Further examples of exempt applications would include electronic mail applications, back-up applications, and an application that implements the subject invention.
If the determination at 123 is yes, at 125 a call is made to the normal file operation routine that would have been called if the intercepted file operation call had not been intercepted.
If the determination at 123 is no, at 127 the file information header for the file that is the subject of the intercepted file operation call is read. At 129 a determi nation is made as to whether the intercepted file operation call is a write to file. If yes, at 131 the file data to be stored is encrypted to form encrypted file data, and the encrypted file data is written to the data storage device.
As described earlier, such file data can include file control labels as well as user data such as a program or data. The encryption and write operations are performed, for example, by encrypting the file data one portion at a time, buffering each encrypted file data portion in a file buffer, which can be contained in the memory 13 of FIG. 1, and calling the normal write to file routine to write the buffered encrypted file data portion to the data storage device.
If the determination at 129 is no, at 133 a determina tion is made as to whether the intercepted file operation call is a read. If yes, at 129 the file that is the subject of the intercepted file operation call is read and decrypted. The reading and decryption of the file can be achieved, for example, by calling the normal read file routine to read the encrypted file data into a file buffer, which can be contained in the memory 13 of FIG. 1, and then decrypting the buffered encrypted file data to produce decrypted file data. In accordance with conventional techniques, the encrypted file data is read into the file buffer one portion at a time, wherein the portion read is of a fixed size. The buffered encrypted data is then decrypted and copied to a destination location in the memory 13, and the next portion of the encrypted file data is read into the file buffer. After all of the encrypted file data has been read and decrypted, at 121 control returns to the application program that made the intercept-ed file operation call.
If the determination at 133 is no, control is trans-ferred to the normal file operation routine that would have been called had the intercepted file operation call not been intercepted.
The foregoing procedure essentially intercepts each file operation call and determines whether operations related to encryption and decryption of a file that is the subject of the file operation call are required. If not, the normal file operation routine that would have been invoked by the intercepted file operation call is invoked.
If operations related to encryption and decryption are required, the procedure of the invention performs such operations which include encrypting file to be written to the data storage device, invoking the normal file operation routine to write encrypted file data to the data storage device, invoking the normal file routine to read the encrypted file data from the data storage device, and decrypting the encrypted file data read from the data storage device.
While the foregoing illustrative example of the invention is based on encrypting all files stored on an operating system, it should be appreciated that encrypted and non-encrypted files can be mixed, in which case the procedure of FIG. 3 would be modified to include checking for whether a file to be created is to be encrypted. If not, the normal create file routine is called, and a file information header is not written for the file. Also, as to file operations involving an existing file, a determina-tion is made as to whether the existing file is encrypted, which can be determined, for example, from a catalog or directory record if a provision is made to include encryp-tion status in the catalog or directory record, or alterna-tively, the file can be read to determine whether it includes a file information header as described above relative to FIG. 1. If the existing file is not encrypted, the normal file operation is invoked by a call to the file operation routine that would have been called had the intercepted file operation call not been intercepted.
Effectively, all file operation requests are inter cepted, and procedures necessary to achieve file encryption and decryption are inserted between the file operations calls and the file operation routines that would normally be called by the intercepted file operation calls. Such inserted procedures, for example, generate the data re-quired for the file information header and then call to the normal write to file routine to write the file information header on the data storage device. Further, the inserted procedures generate the encrypted file data that is to be written on the data storage device, and then invoke the normal write to file routine to write the encrypted file data on the data storage device. For read purposes the inserted procedures invoke the normal read file routine to read the encrypted file data from the data storage device, and then decrypt the encrypted file data that has been read. The encryption and decryption procedures are trans-parent to the calling application program since the appli-cation program makes normal file operation calls and receives normal responses thereto.
The foregoing has been a disclosure of a computer file encryption scheme that encrypts files on a file by file basis, which advantageously allows files to be individually encrypted and decrypted without the need to encrypt and decrypt the entire contents of a data storage device, and without intervention by the user. The encryption scheme of the invention allows different files on the same storage device to have different encryption keys, which provides for increased security and reduces the amount of informa-tion that becomes vulnerable should an encryption key become inappropriately known. Also, only selected computer files are decrypted at any given time, which maintains the security of the remaining files.
Although the foregoing has been a description and illustration of specific embodiments of the invention, various modifications and changes thereto can be made by persons skilled in the art without departing from the scope and spirit of the invention as defined by the following claims.
Claims (2)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A computer data storage system comprising:
a data storage device;
means for encrypting file data to produce encrypted file data;
means for writing said encrypted file data to a computer file on said data storage device, wherein said computer file includes a non-encrypted file information header that contains a pointer to an encryption key for said encrypted file data; and means for reading and decrypting said encrypted file data.
a data storage device;
means for encrypting file data to produce encrypted file data;
means for writing said encrypted file data to a computer file on said data storage device, wherein said computer file includes a non-encrypted file information header that contains a pointer to an encryption key for said encrypted file data; and means for reading and decrypting said encrypted file data.
2. A method for storing data on a computer data storage device, comprising the steps of:
writing to the computer data storage device a file information header for a computer file on the computer data storage device, wherein the file information header contains a non-encrypted pointer to an encryption key;
encrypting file data to be stored in the computer file to produce encrypted file data;
writing the encrypted file data to the computer file;
reading the file information header and obtaining the encryption key;
reading the encrypted file data of the computer file; and decrypting the encrypted file data read from the computer file.
writing to the computer data storage device a file information header for a computer file on the computer data storage device, wherein the file information header contains a non-encrypted pointer to an encryption key;
encrypting file data to be stored in the computer file to produce encrypted file data;
writing the encrypted file data to the computer file;
reading the file information header and obtaining the encryption key;
reading the encrypted file data of the computer file; and decrypting the encrypted file data read from the computer file.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US26869594A | 1994-06-30 | 1994-06-30 | |
US08/268,695 | 1994-06-30 | ||
PCT/US1995/006329 WO1996000942A1 (en) | 1994-06-30 | 1995-05-19 | File encryption scheme |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2165649A1 CA2165649A1 (en) | 1995-12-31 |
CA2165649C true CA2165649C (en) | 1999-11-02 |
Family
ID=23024080
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002165649A Expired - Fee Related CA2165649C (en) | 1994-06-30 | 1995-05-19 | File encryption scheme |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP0715734A1 (en) |
JP (1) | JPH08509087A (en) |
KR (1) | KR960705275A (en) |
AU (1) | AU2596795A (en) |
CA (1) | CA2165649C (en) |
NO (1) | NO960817L (en) |
WO (1) | WO1996000942A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH113284A (en) * | 1997-06-10 | 1999-01-06 | Mitsubishi Electric Corp | Information storage medium and its security method |
KR100820971B1 (en) * | 2001-10-11 | 2008-04-10 | 엘지전자 주식회사 | Method for recording and reproducing a decryption key in compression audio file |
US9081982B2 (en) | 2011-04-18 | 2015-07-14 | Raytheon Company | Authorized data access based on the rights of a user and a location |
KR102523794B1 (en) * | 2020-11-17 | 2023-04-21 | 주식회사 한글과컴퓨터 | Electronic device that supports tree-structured cataloging of a table inserted into an electronic document and the operating method thereof |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4757533A (en) * | 1985-09-11 | 1988-07-12 | Computer Security Corporation | Security system for microcomputers |
US4864616A (en) * | 1987-10-15 | 1989-09-05 | Micronyx, Inc. | Cryptographic labeling of electronically stored data |
-
1995
- 1995-05-19 CA CA002165649A patent/CA2165649C/en not_active Expired - Fee Related
- 1995-05-19 JP JP8503140A patent/JPH08509087A/en not_active Withdrawn
- 1995-05-19 AU AU25967/95A patent/AU2596795A/en not_active Abandoned
- 1995-05-19 EP EP95920547A patent/EP0715734A1/en not_active Withdrawn
- 1995-05-19 KR KR1019960701005A patent/KR960705275A/en not_active Application Discontinuation
- 1995-05-19 WO PCT/US1995/006329 patent/WO1996000942A1/en not_active Application Discontinuation
-
1996
- 1996-02-28 NO NO960817A patent/NO960817L/en not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
KR960705275A (en) | 1996-10-09 |
NO960817D0 (en) | 1996-02-28 |
JPH08509087A (en) | 1996-09-24 |
AU2596795A (en) | 1996-01-25 |
CA2165649A1 (en) | 1995-12-31 |
EP0715734A1 (en) | 1996-06-12 |
NO960817L (en) | 1996-04-18 |
WO1996000942A1 (en) | 1996-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6378071B1 (en) | File access system for efficiently accessing a file having encrypted data within a storage device | |
US7536524B2 (en) | Method and system for providing restricted access to a storage medium | |
US5748744A (en) | Secure mass storage system for computers | |
US7185205B2 (en) | Crypto-pointers for secure data storage | |
US6249866B1 (en) | Encrypting file system and method | |
US5999622A (en) | Method and apparatus for protecting widely distributed digital information | |
EP0885417B1 (en) | Access control/crypto system | |
US7293173B2 (en) | Methods and systems for protecting information in paging operating systems | |
US6185686B1 (en) | Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information | |
US20060117178A1 (en) | Information leakage prevention method and apparatus and program for the same | |
WO2001025932A1 (en) | Back-channeling in a memory vault system | |
US9152813B2 (en) | Transparent real-time access to encrypted non-relational data | |
US20030056095A1 (en) | Securing decrypted files in a shared environment | |
KR950029930A (en) | Method and device for securing file access | |
US20090222500A1 (en) | Information storage device and method capable of hiding confidential files | |
EP0849658A2 (en) | Secure data processing method and system | |
CN115758420B (en) | File access control method, device, equipment and medium | |
WO2002019592A2 (en) | Method of automatically encrypting and decrypting file in kernel mode, method of moving file pointer using the same, and computer readable recording medium on which programs of above methods are recorded | |
CA2165649C (en) | File encryption scheme | |
CN107330336A (en) | The instant encryption and decryption method and system of (SuSE) Linux OS memory pages | |
US6804784B1 (en) | Back-channeling in a memory vault system | |
JPH05233460A (en) | File protection system | |
JP2005346150A (en) | Information processor, information processing method, program, and recording medium | |
CN112084528B (en) | Customer privacy data identification and protection method based on data model | |
US20220405431A1 (en) | System and Method for Managing Secure Files in Memory |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |