1. Field of the Invention
The present invention relates to the area of protecting electronic data in an enterprise environment, and more particularly, relates to method and apparatus for providing flexible mechanisms for securing data assets and accessing secured data assets.
2. Description of Related Art
Attacks on e-businesses by hackers might grab newspaper headlines, but the costliest crimes, and the most difficult ones to prevent, are likely to be committed by internal hackers with inside knowledge. Examples of the internal hackers may include departing employees and consultants who have extensive knowledge about an enterprise and can break into its internal networks, accessing files and folders containing information confidential to the enterprise.
Many businesses and organizations have been looking for effective ways to protect their proprietary information. Typically, businesses and organizations have deployed firewalls, Virtual Private Networks (VPNs), and Intrusion Detection Systems (IDS) to provide protection. These systems are essential sophisticated filters aimed at securing defined perimeters by preventing unauthorized access to computing resources and data within the perimeter while allowing controlled access to the resources and data within the perimeter. Unfortunately, these various security means have been proven insufficient to reliably protect proprietary information residing on its internal networks. Numerous examples have shown that some of the defenses can be easily breached by determined outsiders, resulting in the security breach of valuable enterprise data. Further, internal hackers are the insiders that are already behind the perimeter defenses, thus giving them direct access to some sensitive data assets.
Another limitation of the perimeter based solutions is that the data assets may be protected while they are inside the secured perimeter, meaning that if for any reason and by any means the data asset is moved to a location outside the perimeter, the data asset is no longer protected. With the widespread use of Email, mobile computers, and wireless communications, it is becoming easier to move data assets beyond the secured perimeter, which can result in very serious security breaches whether the move outside the perimeter is malicious or inadvertent as it often happens with misdirected Emails. Still another limitation of the perimeter based solutions is that if a data asset must be moved from one secured perimeter to another, the sender must rely on the integrity of the destination perimeter. Sometimes the destination is a different company or a remote office in a different country and there can be no guarantee that the perimeter measures at these locations are sufficient to ensure an adequate level of security.
Currently, there have been two distinct methods for protecting data assets: access control techniques and cryptographic techniques. Each of the methods has been found to have its unique features and advantages as well as limitations.
The access control techniques depend upon one or more software modules that control access to a given data asset based on a set of conditions. For example, an access control technique is often implemented as part of an operating system (e.g., Microsoft Windows) and known under the acronym ACL for Access Control List. ACL is used to control access to files in a certain file system directory or folder with conditions determining the access being granted or denied. One of the advantages of the access control techniques for protecting data assets is its flexibility. Complex access conditions may be expressed in a way the software module(s) can interpret, which makes it possible to implement sophisticated access policies without great complexity. A file or set of files could, for example, be restricted for access by employees of a certain division during work days or only during certain hours of the days.
One of the limitations of the access control techniques, however, is that only a moderate level of security is provided. This arises from the fact that the techniques are based on software modules to interpret a set of conditions and intercepts the user's access attempt, thus a sophisticated user may bypass, replace, or modify the software modules so as to gain unauthorized access. For example, ACL for example may be circumvented by editing the data that encodes the access conditions with a disk editor or by moving the disk that contains the protected information to another file system that does not recognize or implement the access conditions.
The cryptographic techniques depend upon one or more cipher schemes to protect the proprietary information. With an encryption process, one party can protect the contents of the data from access by an unauthorized third party, yet the intended party can read the data using a corresponding decryption process. The whole point of cryptography is to keep the contents of the data or plaintext secret from eavesdroppers.
FIG. 1 shows that a plaintext 100 undergoes an encryption process 102 that produces an encrypted or ciphertext 104. The ciphertext 104 is illegible and means nothing more than a sequence of digits. To reveal the original plaintext 100, the ciphertext 104 must undergo a decryption process 106. Both encryption and decryption processes 102 and 106 are respectively proceeded with an encryption key 110 or a decryption key 112. Depending on implementation, the keys 110 and 112 may be identical or different. In any case, an intended party must posses a valid key to proceed with an encrypted file (e.g., the ciphertext 104) to recover the plaintext 108.
One of the advantages of the cryptographic techniques is that it is generally difficult to break into the ciphertext. Unless one has a valid key to access the data, the data could not be retrieved (decrypted) without a significant investment in time and resources to crack the encryption. It is currently believed that the investment required to crack an encrypted data asset may be made arbitrarily high by simply increasing the length of the key. Another one of the advantages of the cryptographic techniques is that the protection is intrinsic to the data asset and that the protection persists even if the asset is moved to a different system, even if the OS or the file access mechanism are modified. Changes to a software module used to access the data asset could not affect the protection because the protection is the result of the asset itself being encrypted not the result of a software module allowing or disallowing the access.
One of the limitations of cryptography is that it is inflexible. It does not provide means of expressing access conditions. It is the mere possession of a valid key that determines access to secured data. In certain respect, the conditions that can be expressed boil down to a binary condition: valid key or invalid key. This makes it difficult sometimes to provide access control to certain confidential information with cryptography because more sophisticated access control conditions are often required in a business environment.
For example, a group of authorized users need to access a secured file, thus a key must be issued to each of the users. Inevitably, the management of the keys becomes an issue to deal with, such as secure generation, distribution, and storage of the keys. Once a key is randomly generated, it must remain secret to avoid unfortunate mishaps (such as impersonation). In practice, most attacks on public-key systems are probably aimed at the key management level, rather than at the cryptographic algorithm itself.
Therefore, there is a need to provide flexible ways to secure data assets at all times.