WO2007000761A2 - Method and apparatus for protecting files from none authorized access - Google Patents
Method and apparatus for protecting files from none authorized access Download PDFInfo
- Publication number
- WO2007000761A2 WO2007000761A2 PCT/IL2006/000743 IL2006000743W WO2007000761A2 WO 2007000761 A2 WO2007000761 A2 WO 2007000761A2 IL 2006000743 W IL2006000743 W IL 2006000743W WO 2007000761 A2 WO2007000761 A2 WO 2007000761A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- key
- disk
- server
- information
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000004891 communication Methods 0.000 claims abstract description 10
- 238000013500 data storage Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims description 2
- 238000011156 evaluation Methods 0.000 claims 1
- 239000013589 supplement Substances 0.000 claims 1
- 239000000872 buffer Substances 0.000 description 6
- 238000013475 authorization Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 101150012579 ADSL gene Proteins 0.000 description 2
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 2
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 101100277598 Sorghum bicolor DES3 gene Proteins 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- the patent describes a method and apparatus for protecting files from unauthorized access.
- the concept is to distribute an encrypted file and its encryption key across multiple media, which at least one is a removable, so whenever there is not a complete set the revocable of the data is impossible as only part of the information is available on a subset.
- the present invention relates to protecting data storage/retrieval, and more particularly, to protecting data from outside hacking while been connected to unsafe network and while been used by unauthorized user or program.
- the present invention protects data using internal storage and extra hardware, either a server on a local or wide band or another external storage through a series of processes including: checking accesses, disturbing the data, distribution and encrypting the information toward the storage transmitting the encrypted information, and decrypting and recombining the encrypted information toward the requested process.
- Information hereby may include beside the data itself, the encrypting and decrypting keys and possibly the accessing user and program identity using name, MD5 and other extraction of the program or user bio information as finger print or voice printing, or any other available bio info.
- External storage can be either server-Ian disk, any Ian protocol, workstation, portable, and removable media like disk on a key, smart cards, phone, pda or any any network token.
- Connection to external storage maybe physical bus or a network connection.
- Encrption is done from and to the device by the inteception filter driver.
- Commands for reading/writing the data from the data storage device are typically performed by the following process.
- the host device transmits request for open a file.
- a filter driver interprets the commands and check the file, is it allowed for read, write or execute and who is the user and the program who calls this. It can also check the time and a session token if allowed being access at this time.
- FIG. 1 is a block diagram of a distribution the information between a laptop or a workstation file, a server and disk on a key as a set of dual key access to the laptop file;
- FIG. 2 is a flow chart illustrating the back construction of the data
- FIG. 3 is a flow chart illustrating delegation of data from C server to B-removable media, as disk on a key or PDA or smart phone.
- FIG. 4 is a flow chart illustrating a method of backup of protected files, using two distinct keys set.
- FIG. 5 is a flow chart illustrating a method of restoring from a backup set of protected files created as in FIG. 4, assuming removable one of the set lost or destroyed. Files can be restored only when connected to server - lost of one medium (either A or B) still enables reading from second media.
- FIGS. 1 show basic diagrams of a writing to a data protecting apparatus, where is the key is construct from the Server and the removable media, like disk on a key. Then the encryption of the data is perform by the filter driver and distributed to the multiple sources- HDD, removable data and optional server data. Where authentication and authorization is first perform, like using a password or any identification key including identification the removable media as identity key. Then an authorization is perform - can file be access with current state, like the requested user, the requesting program, the safety of the communication, the time it been requested and any reasonable access control rule.
- FIGS. 2 show basic diagrams of a reading from data protecting apparatus, where is the key is construct from the Server and the removable media, like disk on a key. Then the decryption of the data is performing combining the three sources- HDD, removable data and server data. The result is return as a single data source.. .
- authentication and authorization is first perform, like using a password or any identification key including identification the removable media as identity key.
- an authorization is perform — can file be access with current state, like the requested user, the requesting program, the safety of the communication, the time it been requested and any reasonable access control rule.
- we read from B the first part of the encryption key reading from the server the second part of the encryption key then use this full key to combine and decrypted the data returning it o the application as unencrypted single source file.
- the information on the server is copy to the removable media with a time duration; where the removable media replace the server for predefine time. If the time expire the data from the server on the removable data is erased and the only way to recover it by reconnection to the server, thus protecting physical theft and limiting the available time for decryption the data brut force,.
- the second part is copy from server to removable data as well on time expiration that can be saved either on the removable media or the workstation portable.
- the missing keys part are read from server C and recover first half of the file with decryption key I and second half f the file with decryption key ⁇ , on A or if only B exists recover file using first half with key Ii and second half with key I.
- File VO is change by encryption and separated to two or more stream at write and vice versa on read. (Unless is no need as it is a backup file). To increase safety one of the media is physically can be separated from the main storage as a disk on a key, smart phone, net or any removable media.
- Time limit support is done by either hardware or software procedure which periodically or when file access is requested which disable access after pre define time or even erase file after a redemption period.
- Fig [4] and Fig [5] while shown for creating a backup and recovering from lost of one of the medium.
- the keys themselves can be a used for a decision on a function which decided which how to split out the files to the two half, such a function can be as example, adding the keys and looking cyclic on bit value of the result, if the byte will be at part I if 0 and at second part if 1. After Restoring it can be saved as a whole at C till either a good set of A+B is available.
- Backup method can also be apply for having a backup on the same machine set, even without any removable media. In this case it is safer to be place on two separate partitions of the disk.
- the half part of the key itself can be kept partly on the removable storage/smart card, while the second half kept in the remote server/local disk as second solution where communication is not available. Best performance distribution of key is 50% where one byte to one side and the other to the other side.
- an encrypted time limit/count can be storage.
- a backbone server may applied to supply or keep keys and missing data parts as well user current permission to the files, like user current role in enterprise or credit for media.
- Video On Demand an application may be used to store and retrieve the data of the media on the disk and combine with the missing part from remote on-line media storage. Ideally most of the file will be already exists on the disk so real time buffer from communication will be reduce to minimum. Video can be store before been request, in slow background ADSL connection toward the disk and scramble as in the invention, while for view only the missing part will be request as buffer, using still slow ADSL connection (slow as 0.5 Mbits /Seconds) to display the media to end user. More ever adding time limit or number of replaying of the media can be used.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The patent shows a way to protect your intellectual assets using distributed data and encryption keys across multiple domains, with session based token, as for protecting schema while been place on a portable or unprotected wide access network; While trying to remove one of the need domains or removing the protecting process assets it will be not fully readable, as it simply does not contains the plain data, neither the full encrypted data or the fully set of encrypted keys. While of server a drm like behavior is used. Security session time is pre set and if no communication is establish with the server within this maximum time, file is unreadable. Usage: to protect intellectual assets as: documents, drawing, strategic plains, music, images and movies will be call general name: document The domains can be: server, workstation, portable, network and removable media like smart disk on key, smart cards, phone, any network token, and possibly also a bio information sources like: eyes, finger, heart peace and egg. The document is encrypted on the fly using any technique of encryption process If killing the protecting skill, the data is meaningless Some of the time one of the domain may be missing, e.g the server like in the case of taking portable to a business trip. In this case you get a time constrain on the third removable media, which is store separately and when is missing not all data as well as the public or private key is fully exists on the one of the remaining domains. Also when the time constrain is false no data can be retrieve. This can be good for access only on working hour or for a duration of the travel. Also for Video on demand application this can prevent watching by unauthorized unpaid movie where either the Lan or the card is used as the missing bits parts.
Description
Method and apparatus for protecting files from none authorized access
[0001] Overview:
The patent describes a method and apparatus for protecting files from unauthorized access. The concept is to distribute an encrypted file and its encryption key across multiple media, which at least one is a removable, so whenever there is not a complete set the revocable of the data is impossible as only part of the information is available on a subset.
BACKGROUND OF THE TNYENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to protecting data storage/retrieval, and more particularly, to protecting data from outside hacking while been connected to unsafe network and while been used by unauthorized user or program.
[0004] 2. Description of the Related Art
[0005] The current art know to protect file by authentication with password, hardware key, or biometric data, then an optional rule base decide whatever to enable access, further decrypt the file data by a giving key. Digital Right Management can even set time limit on the usage.
[0006] Prior art: Be aware of Publication No. 2000-298942 entitled "Disk Storage Device and Copy Preventing System Applied to This Device".
[0007] However the current invention suggest to distribute both the key and the data on multiple target, where at least one of them is a removable medium, so in case of
unauthorized access to single source either read or write, of trying to decrypted the data without the key will fail as only part of the information of key, data and file distribution is partly available.
SUMMARY OF THE INVENTION
[0008] The present invention protects data using internal storage and extra hardware, either a server on a local or wide band or another external storage through a series of processes including: checking accesses, disturbing the data, distribution and encrypting the information toward the storage transmitting the encrypted information, and decrypting and recombining the encrypted information toward the requested process.
[0009] Information hereby may include beside the data itself, the encrypting and decrypting keys and possibly the accessing user and program identity using name, MD5 and other extraction of the program or user bio information as finger print or voice printing, or any other available bio info.
[0010] External storage can be either server-Ian disk, any Ian protocol, workstation, portable, and removable media like disk on a key, smart cards, phone, pda or any any network token.
[0011 ] Connection to external storage maybe physical bus or a network connection.
[0012] Encrption is done from and to the device by the inteception filter driver.
[0013] Commands for reading/writing the data from the data storage device such as a hard disk drive (HDD) are typically performed by the following process.
[0014] First, the host device transmits request for open a file.
[0015] Then, a filter driver interprets the commands and check the file, is it allowed for
read, write or execute and who is the user and the program who calls this. It can also check the time and a session token if allowed being access at this time.
[0016] Then if it is for read or executed allow it build the information from multiple various sources such as client disk, disk on a key storage, or from server network, after decrypting..
[0017] Then, if it is for write and allowed it split the information to several multiple targets and write them encrypted to the various targets such as client disk, disk on a key storage, or from server network, encrypted.
[0018] The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0019] FIG. 1 is a block diagram of a distribution the information between a laptop or a workstation file, a server and disk on a key as a set of dual key access to the laptop file;
[0020] FIG. 2 is a flow chart illustrating the back construction of the data
[0021] FIG. 3 is a flow chart illustrating delegation of data from C server to B-removable media, as disk on a key or PDA or smart phone.
[0022] FIG. 4 is a flow chart illustrating a method of backup of protected files, using two distinct keys set.
[0023] FIG. 5 is a flow chart illustrating a method of restoring from a backup set of protected files created as in FIG. 4, assuming removable one of the set lost or destroyed. Files can be restored only when connected to server - lost of one medium (either A or B) still enables reading from second media.
DETAILED DESCRIPTION OF THE INVENTION
[0024] The present invention will now be described more fully with reference to the attached drawings, in which exemplary embodiments thereof are shown.
[0025] FIGS. 1 show basic diagrams of a writing to a data protecting apparatus, where is the key is construct from the Server and the removable media, like disk on a key. Then the encryption of the data is perform by the filter driver and distributed to the multiple sources- HDD, removable data and optional server data. Where authentication and authorization is first perform, like using a password or any identification key including identification the removable media as identity key. Then an authorization is perform - can file be access with current state, like the requested user, the requesting program, the safety of the communication, the time it been requested and any reasonable access control
rule. Then we read from B the first part of the encryption key, reading from the server the second part of the encryption key then use this full key to encrypted the data in a function which can be reversed while distribution the data between A and B, as for example each second bytes to another location. The invention even hold for using also C and other places as distributed targets.
[0026] Furthermore the decision which byte will be written on which pat can even be decide based on the key itself, as for example, going sequential and in loop on the key bits and if bit zero place a byte on A else on B, repeat till all data is written.
[0027] FIGS. 2 show basic diagrams of a reading from data protecting apparatus, where is the key is construct from the Server and the removable media, like disk on a key. Then the decryption of the data is performing combining the three sources- HDD, removable data and server data. The result is return as a single data source.. . Where authentication and authorization is first perform, like using a password or any identification key including identification the removable media as identity key. Then an authorization is perform — can file be access with current state, like the requested user, the requesting program, the safety of the communication, the time it been requested and any reasonable access control rule. Then we read from B the first part of the encryption key, reading from the server the second part of the encryption key then use this full key to combine and decrypted the data returning it o the application as unencrypted single source file.
[0028] Referring to FIGS. 3, where is a portable is taking out the server connection for a pre define know the time, the information on the server is copy to the removable media with a time duration; where the removable media replace the server for predefine time. If the time expire the data from the server on the removable data is erased and the only way to recover it by reconnection to the server, thus protecting physical theft and limiting the available time for decryption the data brut force,. After authentication, as for example looking on information on the removable media information as id key or password based,
the second part is copy from server to removable data as well on time expiration that can be saved either on the removable media or the workstation portable.
[0029] Referring to FIGS. 4, where an extra non exact backup is created on set A/B is described as follow: First authenticate and authorized as in previous cases, then read two keys from server and kept a copy there. Copy the first part of key I and second part of key π to removable B. Then copy second part of key II and first part of key I to workstation/portable A, (where part can be simply halved). When a file involves writing split the files to two parts. The first half of the file write with key I at A and key II at B and the other half with key II at A and key I at B. I
[0030] Referring to FIGS 5, after authentication and authorization, the missing keys part are read from server C and recover first half of the file with decryption key I and second half f the file with decryption key π, on A or if only B exists recover file using first half with key Ii and second half with key I.
[0031] further scope of the technique is now described
[0032] File VO is change by encryption and separated to two or more stream at write and vice versa on read. (Unless is no need as it is a backup file). To increase safety one of the media is physically can be separated from the main storage as a disk on a key, smart phone, net or any removable media.
[0033] Time limit support is done by either hardware or software procedure which periodically or when file access is requested which disable access after pre define time or even erase file after a redemption period.
[0034] Fig [4] and Fig [5] while shown for creating a backup and recovering from lost of one of the medium. Furthermore the keys themselves can be a used for a decision on a function which decided which how to split out the files to the two half, such a function can be as example, adding the keys and looking cyclic on bit value of the result, if the
byte will be at part I if 0 and at second part if 1. After Restoring it can be saved as a whole at C till either a good set of A+B is available.
[0035] Backup method can also be apply for having a backup on the same machine set, even without any removable media. In this case it is safer to be place on two separate partitions of the disk.
BEST MODE FOR CARRYING OUT THE INVENTION
[0036] Have a key storage/generator available at center site or alternatively generate the key out of the Hardware/software of the site.
[0037] Get the full keyboard seed into station, and this can be extend with a new key based on user identification on a smart card or password or hardware configuration like MAC address
[0038] Distribute / scramble the data you want to protect based on the key using weight factor that set which portion should be kept on main storage and what portion should be kept at removable / server for retrieval later on. Using some determinate function as using cyclic key bit values to decide where to place a bit or byte of the data.
[0039] The half part of the key itself can be kept partly on the removable storage/smart card, while the second half kept in the remote server/local disk as second solution where communication is not available. Best performance distribution of key is 50% where one byte to one side and the other to the other side.
[0040] Using same key and a standard DES3 encryption will be applied to the result data further protect the data
[0041 ] Along with the key an encrypted time limit/count can be storage.
[0042] On restoring the data you need the missing authentication first, like a password/smart card or removable media
[0043] Build back the key using alternative bytes from the two sources
[0044] Decrypt the time limit/counts of access and test for acceptance with the key. If accept continue
[0045] Decrypt the data on the hard disk and on the second source: either removable storage or data arrive from communication, using multiple buffers submits.
[0046] Decrypt the data of each source with the key
[0047] Reconstruct the two sets of data to one file, in a loop , using the buffers, sending unscramble buffers ready for view/play in real time or edit. Request a buffer whenever a missing part is needed.
INDUSTRIAL APPLICABELIT Y
[0048] On windows OS use a filter or mini filter to give a system level kernel extension support to process the above or via a GUI program for specific files handling, like in drag drop application. Access Control List may be applied to extend the access per users. User authentication and rights can be used to limit access for user which change it status in the organization.
[0049] A backbone server may applied to supply or keep keys and missing data parts as well user current permission to the files, like user current role in enterprise or credit for media.
[0050] On application like Video On Demand an application may be used to store and retrieve the data of the media on the disk and combine with the missing part from remote on-line media storage. Ideally most of the file will be already exists on the disk so real time buffer from communication will be reduce to minimum. Video can be store before been request, in slow background ADSL connection toward the disk and scramble as in the invention, while for view only the missing part will be request as buffer, using still slow ADSL connection (slow as 0.5 Mbits /Seconds) to display the media to end user. More ever adding time limit or number of replaying of the media can be used.
Claims
1. The invention is applicable to protect sensitive data, especially in case of theft virtual or physical theft, thus protect and compete with any Digital Right Management solution or any enterprise eDRM/ACL schema.
2. The claim may protect the data by distribution of information according a key, where encryption may apply before or the distribution, which cause scrambling of the information.
3. The information can be document, media, programs and any materiel that is either sensitive, like army, police, business as in SOX (S-Oxley) requirement or should be protected by copyright, mostly media and programs.
4. The information can be place part on hard disk/flush storage and part on a removable media, smart card, PDA, phone or via an on-line wire/wireless communication and be supplied backed in reasonable, even for real time process.
5. The schema may apply to protect any type of document, including any media, movies and programs, which exist in end point computer as well as any intermediate servers/central media server, which is intended to keep copyright and eliminate copy operation.
6. In another aspect of the present invention, the data storage/retrieval system may include time limitation, when a connection to a server doesn't exits. In this case a copy of the missing information is copy to the disk in separate removable external storage as above, like disk on a key, removable disk, or via communication to a phone or PDA or any other storage medium. If no communication is established within pre define time, certainties secured files will not be available for reading or executing anymore, till a new communication will be establish.
7. In a further aspect of the present invention, some file will not be readable, according to its security tag or access list, when the filter driver is removed or when the security of the system is low mainly access to a file is based on security classification compared to current security evaluation, as while connection to a public unencrypted network or if unknown program is running or request access to the file.
8. In yet another aspect of the present invention, the information may be available on when at least three sources exits, the client disk or network to the client itself, the server connection and removable media as disk on a key. Biosensor may supplement or replace one of the external source but not necessary.
9. The present invention may be practiced to particular advantage when the data is store on a portable device as laptop, PDA, phone where as physical theft and network security is low.
10. This invention thus ensure protecting of critical private files are best for portable workstation, when one of the device is left unattended or stolen, the data is not available as a full information set, as for example stolen the portable or a portable/workstation is left without the accomplish disk on a key, or a lost of a disk of a key. Where the users are advised to separate the two mediums, having disk on key on themselves all time
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IL16943105 | 2005-06-27 | ||
IL169431 | 2005-06-27 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007000761A2 true WO2007000761A2 (en) | 2007-01-04 |
WO2007000761A3 WO2007000761A3 (en) | 2011-05-19 |
Family
ID=37595523
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2006/000743 WO2007000761A2 (en) | 2005-06-27 | 2006-06-26 | Method and apparatus for protecting files from none authorized access |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007000761A2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011080079A1 (en) * | 2009-12-29 | 2011-07-07 | Siemens Aktiengesellschaft | Method and system for making edrm-protected data objects available |
CN101448255B (en) * | 2007-11-27 | 2011-09-07 | 飞力凯网路股份有限公司 | Service provision system, service provision server as well as information terminal equipment |
US20130205135A1 (en) * | 2012-02-03 | 2013-08-08 | Daniel Joseph Lutz | System and method of storing data |
US8861726B2 (en) * | 2009-04-08 | 2014-10-14 | Thales | Method for generating cryptographic half-keys, and associated system |
CN104992212A (en) * | 2015-07-24 | 2015-10-21 | 大连大学 | Intelligent card system for travel |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050114672A1 (en) * | 2003-11-20 | 2005-05-26 | Encryptx Corporation | Data rights management of digital information in a portable software permission wrapper |
-
2006
- 2006-06-26 WO PCT/IL2006/000743 patent/WO2007000761A2/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050114672A1 (en) * | 2003-11-20 | 2005-05-26 | Encryptx Corporation | Data rights management of digital information in a portable software permission wrapper |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101448255B (en) * | 2007-11-27 | 2011-09-07 | 飞力凯网路股份有限公司 | Service provision system, service provision server as well as information terminal equipment |
US8861726B2 (en) * | 2009-04-08 | 2014-10-14 | Thales | Method for generating cryptographic half-keys, and associated system |
WO2011080079A1 (en) * | 2009-12-29 | 2011-07-07 | Siemens Aktiengesellschaft | Method and system for making edrm-protected data objects available |
CN102667795A (en) * | 2009-12-29 | 2012-09-12 | 西门子公司 | Method and system for making edrm-protected data objects available |
US20130205135A1 (en) * | 2012-02-03 | 2013-08-08 | Daniel Joseph Lutz | System and method of storing data |
US8874909B2 (en) * | 2012-02-03 | 2014-10-28 | Daniel Joseph Lutz | System and method of storing data |
CN104992212A (en) * | 2015-07-24 | 2015-10-21 | 大连大学 | Intelligent card system for travel |
CN104992212B (en) * | 2015-07-24 | 2017-10-03 | 大连大学 | Tourism smart card system |
Also Published As
Publication number | Publication date |
---|---|
WO2007000761A3 (en) | 2011-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8799651B2 (en) | Method and system for encrypted file access | |
US8315394B2 (en) | Techniques for encrypting data on storage devices using an intermediate key | |
US7003674B1 (en) | Disk drive employing a disk with a pristine area for storing encrypted data accessible only by trusted devices or clients to facilitate secure network communications | |
US8204233B2 (en) | Administration of data encryption in enterprise computer systems | |
CN110352413B (en) | Policy-based real-time data file access control method and system | |
US20030208686A1 (en) | Method of data protection | |
US20050021948A1 (en) | Secure single drive copy method and apparatus | |
US20070014403A1 (en) | Controlling distribution of protected content | |
KR100861822B1 (en) | Data management method | |
JP2003067256A (en) | Data protection method | |
JP2003058840A (en) | Information protection management program utilizing rfid-loaded computer recording medium | |
JP2005536951A (en) | Apparatus, system, and method for securing digital documents in a digital device | |
US20080123858A1 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
US20090296937A1 (en) | Data protection system, data protection method, and memory card | |
WO2007000761A2 (en) | Method and apparatus for protecting files from none authorized access | |
JP4947562B2 (en) | Key information management device | |
US8738531B1 (en) | Cryptographic distributed storage system and method | |
CN113342896B (en) | Scientific research data safety protection system based on cloud fusion and working method thereof | |
Corner et al. | Protecting file systems with transient authentication | |
JP2007226545A (en) | Information management device, information management method and information management program | |
TWI444849B (en) | System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof | |
JP4765262B2 (en) | Electronic data storage device, program | |
EP1130494A2 (en) | Distributed cryptography technique for protecting removable data storage media | |
CN111737722B (en) | Method and device for safely ferrying data between intranet terminals | |
JP2003016724A (en) | Method for managing information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06745182 Country of ref document: EP Kind code of ref document: A2 |