| 摘要 |
<p>The invention provides an improved, machine-implemented method and apparatus for automatic decryption of file data on a per-use basis and automatic, optionally-delayed, re-encryption within the context of a multi-threaded operating system under which applications run in real-time where further provisions are made for preventing unauthorized applets or like programs from accessing information owner to try to access either at all or within a specified time period. Program Inclusion or Exclusion Lists and/or program-approving algorithms are employed for automatically denying access to files if requested via programs (e.g., applets) whose names are not identified for approval by a program-approving list or whose names are not otherwise identified for approval by a program-approving algorithm (e.g., the program is not associated with the name extension of the requested file). Such program-directed protection is referred to herein as "bubble protection" because only programs within an approved bubble are allowed intelligible access to files via the OTF recryption mechanism. In addition to excluding unauthorized programs from access to files via the "on-the-fly recryption" mechanism, the access rights to each specific file are further guarded. Individual users are asked to provide their respective "private" keys before being given access to a file's access key. A user may have logged into the system but not given permission to use his/her "private" key at the time connection is made to the Internet. The stealthy, Internet-sourced applet would be blocked from access by virtue of the user not having given permission to use his/her "private" key at the time of attempted, stealth access.</p> |
