Method and apparatus for sharing data from a secured environment

摘要

A method for sharing data from within a secure network perimeter includes providing a sharing folder associated with a first user for transferring data therefrom to destinations outside the secure perimeter. Data stored within the sharing folder is stored in a secured fashion. Semi-trusted applications are provided an ability to retrieve the secured data in a unsecured fashion for sharing of same. The semi-trusted applications are other than able to retrieve and share secured data from at least a folder other than the sharing folder in unsecured form.

主权项

1. A method comprising:
providing a security layer for maintaining security within a security perimeter; providing a sharing folder within the security perimeter; providing a first ciphered data file stored within the security perimeter outside the sharing folder, the first ciphered data file secured according to a first security protocol and accessible to trusted applications, and the first ciphered data file not accessible to semi-trusted applications in a deciphered form; providing a second ciphered data file stored within the security perimeter and within the sharing folder, the second ciphered data file secured according to the first security protocol and accessible to semi-trusted applications in a deciphered form; and using a semi-trusted application, transmitting the second ciphered data file in the deciphered form to a destination outside the secure system; wherein ciphering and deciphering of files is performed by the security layer, the security layer supporting access control based on a location of a ciphered file and a trust level of an application accessing said file, wherein the first ciphered data file and the second ciphered data file are exact copies of each other stored in each of two different locations, and wherein the semi-trusted applications are provided access to the first ciphered data file in its ciphered form.