System and method for controlling user access to encrypted data

摘要

Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

主权项

1. A method for providing user access to encrypted data on a user device, comprising:
receiving a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions specified for each of a plurality of users of the user device; creating and saving on an operating system (OS) of the user device a plurality of user accounts for the plurality of users, respectively, wherein the plurality of user accounts contain credentials for the plurality of users to access data files on the user device based on the respective data access conditions; receiving an encryption policy from a security center that identifies at least one of the plurality of user accounts in the OS of the user device; and encrypting at least a portion of the data files on the user device associated with the identified at least one user account based on the data encryption conditions specified in the received encryption policy for the user of the identified at least one user account.