CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS

摘要

A system is disclosed for automatically distributing secured versions (*Sys_D_key*) of a file decryption key (Sys_D_key) to a plurality of file users by way of the file's security label. The label is defined to contain a plurality of Access-Control-Entries Records (ACER's) where each ACER includes a respective secured version (*Sys_D_key*) of the file decryption key. Each such secured version (*Sys_D_key*) is decipherable by a respective ACER private key. Each ACER may include respective other data such as: (a) ACER-unique identifying data for uniquely identifiying the ACER or an associated user; (b) decryption algorithm identifying data for identifying the decryption process to be used to decrypt the encrypted *DATA* portion of the file; and (c) special handling code for specifying special handling for the code-containing ACER. The label is preferably covered by a digital signature but includes an extension buffer that is not covered by the digital signature. Users who wish to have an ACER of their own added to the label may submit add-on requests by writing to the extension buffer.