| 发明名称 |
Integrated file level cryptographical access control |
| 摘要 |
Provided herein are systems and methods for an Integrated File Level Cryptographical Access Control (IFLCAC). The system comprises, on a local computer, an encryption database to store information relating to encrypted files and encryption algorithms, a user interface communicatively linked to the encryption database, an administrator interface communicatively linked to the encryption database independently of the user interface, and a file system gateway communicatively linked to the encryption database that resides above and operates independently of the file system and transparently to any calling application on the local computer. Also provided are methods of using the IFLCAC system and a computer program product comprising a memory tangibly storing computer executable instructions for the IFLCAC system and method and one or more computer readable media tangibly storing computer executable instructions for the IFLCAC system and method. |
| 申请公布号 |
US9355267(B2) |
申请公布日期 |
2016.05.31 |
| 申请号 |
US201012661947 |
申请日期 |
2010.03.26 |
| 申请人 |
The University of Houston System |
发明人 |
Seifert Ryan |
| 分类号 |
H04L29/06;G06F21/62;G06F21/60 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Adler Benjamin Aaron |
| 主权项 |
1. A method for controlling access to secure files on a local computer, comprising:
a) installing a system for controlling access to secure files onto a local computer having a memory, a processor and one or more network connections, said system comprising:
an encryption database to store information relating to encrypted files and encryption algorithms;a user interface communicatively linked to the encryption database;an administrator interface communicatively linked to the encryption database independently of the user interface; anda file system gateway residing on the local computer as a layer above and independent of any file system on the computer and communicatively linked only to the encryption database, said file system gateway comprising a minifilter module configured to intercept the application call; b) intercepting an application call requesting access to file in a file system on the computer via the file system gateway comprising the system, said gateway performing the further actions of: c) determining if the call is one or both of a read request or a write request via said minifilter module; d) communicating to the file system gateway window service module the name and file path of the requested file through said minifilter module; e) querying the encryption database via the window service module and said minifilter module; f) retrieving encrypted file information from the encryption database through said minifilter module; g) receiving from the window service module encryption data for the requested file through said minifilter module; h) attaching the encryption data to an internal file object through said minifilter module; i) sending the application request down to the file system, said file system acting upon the request and returning information retrieved from the requested file up to the file system gateway; j) decrypting any secured information; and k) returning the decrypted information to the calling application, wherein the actions of the file system gateway are transparent to the calling application. |
| 地址 |
Houston TX US |
