| 主权项 |
1. A method of providing transparent encryption for a web resource, the method comprising:
receiving, at a key manager operating on a first server, an encryption key policy; receiving, at the key manager, from the web resource, one or more user identifiers and one or more resource locators, wherein the web resource comprises a file store accessible to a plurality of users and is operated by a resource administrator; defining, at the key manager, an access control list based on a selection of user identifiers; associating, at the key manager, the access control list and the encryption key policy with a first resource locator from the one or more resource locators; generating, at the key manager, an encryption key and a key identifier for the first resource locator; establishing a secure communication channel between the first server and a second server; sending, from the first server, to the second server, encryption information using the secure communication channel, wherein the encryption information comprises: the encryption key, the key identifier, and the access control list; storing, at a transparent encryption module on the second server, the encryption key and the access control list in protected memory; receiving, at the transparent encryption module, from a client device, an input comprising a request to access a first resource stored in the web resource and a user identifier; determining, at the transparent encryption module, that the user identifier is included in the access control list for the first resource; encrypting, at the transparent encryption module, using the encryption key, data that is passed from the client device to the first resource; and decrypting, at the transparent encryption module, using the encryption key, data that is passed from the first resource to the client device. |
