1. Field of the Invention
The invention relates generally to the field of securing stored digital data from unauthorized use.
The invention relates more specifically to the problem of providing an easily usable computer system that provides features such as automatic data decryption and automatic data re-encryption while operating within the context of an operating system under which application programs run in real-time and through which so-called ‘applets’ (e.g., ActiveX components or Java) or other downloaded programs (e.g., Trojan Horse programs) may be given temporary access to system resources.
2a. Cross Reference to Related Patents
The following U.S. patent is assigned to the assignee of the present application, is related to the present application, and its disclosure is incorporated herein by reference:
(A) U.S. Pat. No. 5,699,428 issued Dec. 16, 1997 to W. McDonnal et al and entitled, SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION WITHIN CONTEXT OF MULTI-THREADED OPERATING SYSTEM UNDER WHICH APPLICATIONS RUN IN REAL-TIME, said patent being based on U.S. application Ser. No. 08/586,511 filed Jan. 16, 1996.
2b. Cross Reference to Related Patents
The following U.S. patents are assigned to the assignee of the present application, are related to the present application and their disclosures are incorporated herein by reference:
(A) Ser. No. 08/944,397 filed Oct. 6, 1997, said application continuing from above-cited, Ser. No. 08/586,511 filed Jan. 1, 1996, said application having thereafter issued as U.S. Pat. No. 5,796,825 on Aug. 18, 1998;
(B) Ser. No. 08/642,217 filed May 6, 1996 by S. Lohstroh et al. and entitled, CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS, said application having thereafter issued as U.S. Pat. No. 5,953,419 on Sep. 14, 1999; and
(C) Ser. No. 08/518,191 filed Aug. 23, 1995 by Leo Cohen and entitled, SUBCLASSING SYSTEM FOR COMPUTER THAT OPERATES WITH PORTABLE-EXECUTABLE (PE) MODULES, said application having thereafter issued as U.S. Pat. No. 5,812,848 on Sep. 22, 1998.
3. Description of the Related Art
As knowledge of computers grows; and as use of networked computers and of digital data proliferates throughout society, the threat grows that unauthorized persons will either gain useful access to confidential, digitized information or tamper with such information.
A wide variety of materials may be stored in the form of digitized data and there may be many reasons for keeping in confidence, the information represented by such stored data, and for avoiding unauthorized changes to such data.
By way of example, stored digital data may represent financial records of one or more private persons or other legal entities (e.g., companies). The latter records may be stored as digital data in a computer that is operatively coupled to a network (e.g., the Internet). Each private entity (person or company) may wish to have his or her or its financial records kept in confidence such that the records are intelligibly accessible only to a select group of people. The method of access may be through a local keyboard or remotely via a communications network (e.g., LAN or WAN) so that a remotely located, authorized persons can quickly access the data when needed.
The above-identified U.S. Pat. No. 5,699,428 of W. McDonnal et al provides an On-The-Fly (OTF) decryption and re-encryption system which conveniently decrypts and re-encrypts file data for authorized users on an as-needed basis.
It is possible, however, that security may be inadvertently breached by the unwitting actions of an authorized user. The authorized user may have properly logged into the system and provided all the appropriate passwords which open access to a confidential file. Afterwards, the user may tap into the Internet or a like interactive, but untrustable channel. The tapped-into channel may then provide a path through which data-spying or data-tampering programs enter into the user's system. This can happen while information from a confidential file is exposed in plaintext format. Data-spying and/or data-tampering programs may then enter the system and surreptitiously transmit the exposed information and/or tamper with the plaintext data without the knowledge of the user.
By way of a more concrete example, suppose that after properly logging into the system and providing all appropriate passwords, the authorized user decides to connect via the Internet with a Web site or a like source of data that downloads ACTIVEX™ components or like kinds of ‘applets’ into the user's computer. As used herein, ‘applet’ refers to an application-like program that can execute on the user's computer with or without access limitations. The term ‘applet’, as used here, is not restricted here to well-behaved, JAVA™ applets that are inherently blocked from carrying out mischievous operations. (ACTIVEX™ is a trademark of MICROSOFT CORP. of Redmond, Wash. JAVA™ is a trademark of SUN MICROSYSTEMS INC. of California.) The term applies to all loadable applications, whether well behaved or not.
In most instances, the activities of the downloaded applet will be relatively benign. It may simply create an entertaining animation on the user's video monitor. There is no guarantee however, that a downloaded applet (e.g. and ActiveX component) will not at the same time stealthily attempt to transfer plaintext (exposed) information from the user's computer to an unauthorized recipient and/or that the downloaded applet will not at the same time stealthily attempt to modify plaintext (exposed) information then present in the user's computer. Such activities would constitute breaches of security. Such stealthy applet's are sometimes referred to as ‘Trojan Horses’. They tempt the user with benign outer appearances while deep inside they hide potentially-harmful functionalities.
The inloading of such mischievous applets (e.g. Trojan Horses) into a user's computer is not limited to those downloaded from the Internet. Users can inadvertently open the door to confidential information in their computers by inserting a diskette or CD-ROM or like data-conveying media which has a mischievous applet on it.
Mischievous applets (e.g. Trojan Horses) do not necessarily carry out their damaging deeds at the time of inloading. They may lie dormantly in wait and spring their undesired functionalities upon the computer system at a relatively later time (e.g. midnight of January 1 of the following year).
It is desirable to have a system that provides the conveniences of On-The-Fly decryption and re-encryption (OTF recryption) while at the same time guarding against current or future attack by mischievous applets.