| 摘要 |
A method and system for protecting objects stored on network servers are presented. An object server runs computer software that designates which objects are to be protected and the security policy for that object. If the object server receives a request for a protected object, the object server creates an enhanced request containing encrypted data related to the request and the requested object; this enhanced request is redirected to a security server which authenticates the request, retrieves the requested object, encrypts the object using a one-time encryption key, and combines the encrypted object with mobile code, the security policy, and object controls to implement the policy. This package is then sent to the requester, which executes the mobile code, resulting in the instantiation of the security policy and object controls on the requester computer. The mobile code will execute tests to ensure proper instantiation of the object controls. A one-time decryption key may be requested by and provided to the requester providing the object controls were properly instantiated. The requested object is rendered subject to the security policy and object controls.
|
