Computers have fast become a common tool used by companies and industries to conduct business activities. Further, computers have affected almost every aspect of how businesses are run and are used not only by high-level decision makers, but also by secretaries and shipping clerks. Management may use computers to store important client contacts while secretaries may use computers to store documents and spreadsheets. In addition, human resources may use computers to store employee records and payroll. As one can see, computers can affect a large part of how businesses function. As computer use has expanded, so has the need to store computer files generated by company personnel. Hence, network drives were developed to help workers store vast amounts of data files and by networking a company's computers together, workers can generally access the files from different computers throughout the company and even from remote locations.
Because many departments within a company store their data files, some of them confidential, on the same network as other departments, one who has access to the network may also have access to all the data files stored on it. Hence, a shipping clerk may have access to confidential employee records if both are stored on the network drive and this would be undesirable. Therefore, it is desired to restrict access to certain files only to authorized users. One way to do this is to load the software applications that are typically used to access the files only on authorized users' computers. For example, load the text processing software application Word® only on secretaries' computers. Without Word® loaded on a shipping clerk's computer, he should not be able to read a Word® file. However, one can still access the Word® files, without using the Word® software application, through the use of other applications, such as the application WordPerfect® or simply by loading Word® onto his or her computer.
Also known in the art of computer software applications are various methods for restricting access to certain users by requiring authorized users to enter a password in order to log on, or enter, a computer system. Likewise, certain applications can also be restricted by password as well. By requiring a password, not only is the application restricted, but, theoretically, so are the data files created by the application that can be retrieved once the user has successfully logged into the application.
Controlling access rights to certain files, directories, and drives on the network, however, can be unwieldy to manage and may be secure but prevents access by some who might do work. Usually, access rights are set up by password but are often notoriously insecure with users selecting their phone numbers, pets' names, or children's names as passwords. Further, some users may also tape their passwords to the monitors or desks, or keep the passwords in their desk drawers.
Network security problems are exacerbated by the rise of the Internet since virtually everyone on the Internet theoretically may have access to every file stored on every computer with Internet access. The Internet has also given rise to heightened privacy concerns throughout the computer industry. Governments throughout the world, particularly the United States and Europe, have or are considering various pieces of legislation to protect consumer privacy.
In order to restrict access rights or put security measures in place, developers may need to modify their software applications. This may be complicated and difficult when the applications have been substantially completed because the developers may need to rewrite vast portions of the applications' source codes in order to incorporate the added security measures. Furthermore, developers may need to hire new programmers with special skills in areas such as encryption. End users, such as companies, may also need to retrain employees who are affected by the changes in the application source codes for these changes may affect the way the applications are used.
Once security measures and/or access rights are installed, only authorized users should theoretically be able to access the files in prior systems. However, unauthorized users may still be able to access protected data files if such files are decrypted using traditional methods. One such method would be for an encrypted file to be copied to a temporary directory, whereby the user can then edit the temporary file. Once the user saves changes to the file, the file is then reencrypted. However, the temporary file is left unencrypted and accessible to unauthorized users during the entire period it is being used.
With other known encryption methods, users have had to repeatedly designate each file to be encrypted and/or decrypted. This included newly created files and old files that were edited. With this kind of involvement, users may neglect or forget to reencrypt a file that was recently decrypted for editing purposes. In addition, while designating multiple files to be encrypted, users may inadvertently encrypt a file that is meant to be unencrypted. As one can see, human error and time pressures may frustrate a company's desire for protecting files.
Further, many software developers may desire to add data security and/or encryption to their existing software applications in the form of an add on feature that allows security to be added without modifying the existing applications. This add on feature enables developers to simply and easily enhance their products without modifying an application's source code. This add on security feature may also appeal to end users, such as companies, who want to add security measures to their existing applications without having to retrain employees or hire computer programmers to modify the applications.
In addition to securing data files, end users may also want to back them up, or copy them, in the event the original files are accidentally lost or destroyed. However, not all back up systems can provide copies of the destroyed data files. For example, in the unfortunate event that the building is destroyed by fire, it is likely that any backed up copies stored in the building will be destroyed along with the original files. It may also be beneficial to provide a way of backing up files as an add on feature that can be added to existing applications without the need to modify them.
Further, other add on features may be provided such as a way of tracking and auditing modifications to files. This add on feature would be able to identify who made the modifications, when they occurred, and what kinds of modifications were made.
What is desired, therefore, is to create a system for encrypting data files of application programs without placing unencrypted copies of the files on a storage device, without modifying the application program itself, and without requiring user intervention. It is also desired to create a system for adding features to application programs, such as encrypting/decrypting and/or backing up an application's data files, preferably to a remote location. It is further desired to create a system capable of tracing and auditing file modifications.