1. Field of the Invention
The present invention relates to file security. More particularly, the present invention relates to a method and apparatus for protecting and accessing secure files that are stored on a file system. Among other uses, the invention may be used to protect files stored on routers which are generally accessible over the Internet.
2. Background
A number of mechanisms have been deployed to address the issue of file security on a file system. Security mechanisms often involve a user name and corresponding password that identifies the sender or client. A database is used to verify the password and provide the user with specific pre-authorized privileges.
Such password schemes are common on Internet servers storing secure information. A typical scheme acts as a gatekeeper, requiring a client to be positively identified before being allowed to access secure server files.
Routers are a vital part of the Internet. In general, routers are devices that receive packets of information via a data communications network input port and direct these packets of information through an output port. Routers are used to interconnect networks. For example, they may be used to interconnect local area networks (LANs) to wide area networks such as the Internet. In this capacity, they accept Internet packets destined for the LAN and also direct packets generated within the LAN to the Internet.
Routers also function as servers, receiving requests from clients or processes and responding to those requests. Therefore, routers are programmed with routines for appropriately responding to a variety of requests. These routines are referred to herein as request handlers.
One of the functions of routers is implementing network security. As the interface between a LAN and the Internet, routers may serve as the means of encrypting outgoing packets and decrypting incoming packets. Therefore, they often store files containing crucial and highly confidential information relating to security. Such files may include cryptographic keys. It is important that only authorized clients are able to access such crucial information.
Security on Internet routers is a new and evolving area. While a router connecting a LAN to the Internet must be generally accessible via the Internet, it may be desirable that the router be involved in encrypting and decrypting messages as they exit and enter the LAN. Thus, highly confidential cryptographic keys may be stored as files in the memory of a router. The need to devise methods and devices to protect these confidential files has recently become apparent. This invention addresses this newly recognized need.