In a file sharing environment, clients may be coupled to a server where the server may maintain files in a shared directory accessible by users, i.e., users of the clients. These files may store a variety of information including sensitive information.
The protection of sensitive data is becoming a very important issue. For example, data such as personnel records or customer credit card numbers may be stored in these files. Information may be misappropriated in these files when an unauthorized individual gains access to the server and copies information from some or all of its files. Those authorized to access the sensitive information may not even know that it has been copied.
To protect information, one type of security procedure involves encrypting the data, so that even if the data falls into the wrong hands, it cannot be read without a key. Many application level programs provide some form of such encryption. Subsequently, the files maintained in the shared directory may be encrypted.
However, in a file sharing environment, when a user of a client requests to open a particular document, e.g., Microsoft™ Word document, software on the server may be configured to decrypt the encrypted document requested and replace the encrypted document with a decrypted document. By replacing the encrypted document with the decrypted document in the shared directory, the decrypted document is accessible by multiple users in a file sharing environment. By having the decrypted document accessible by multiple users, information in the file is not protected and hence a user may perform unwanted activities, e.g., erase files, reading files containing credit card numbers, etc.
It would therefore be desirable to protect decrypted files in a file sharing environment.