1. Field of Disclosure
The present disclosure relates generally to the field of securing stored digital data from unauthorized use.
The present disclosure relates more specifically to the problem of providing an easily usable computer system that provides features such as automatic data decryption and automatic data re-encryption (SmartLocking™) and/or bubble protection and/or other kinds of like-constraints to access while operating within the context of an operating system that allows files to be transferred over an unsecured network link or between easily-removable forms of storage media.
2a. Cross Reference to Related Patents
The disclosures of the following U.S. patents are incorporated herein by reference:
(A) U.S. Pat. No. 5,699,428 issued Dec. 16, 1997 to W. McDonnal et al and entitled, SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION WITHIN CONTEXT OF MULTI-THREADED OPERATING SYSTEM UNDER WHICH APPLICATIONS RUN IN REAL-TIME;
(B) U.S. Pat. No. 5,796,825 issued Aug. 18, 1998 to W. McDonnal et al and entitled, SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION WITHIN CONTEXT OF MULTI-THREADED OPERATING SYSTEM UNDER WHICH APPLICATIONS RUN IN REAL-TIME;
(C) U.S. Pat. No. 5,953,419 issued Sep. 14, 1999 to S. Lohstroh et. al. and entitled, CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS; and
(D) U.S. Pat. No. 5,812,848 issued Sep. 22, 1998 to Leonardo Cohen and entitled, SUBCLASSING SYSTEM FOR COMPUTER THAT OPERATES WITH PORTABLE-EXECUTABLE (PE) MODULES.
2b. Cross Reference to Co-Pending Applications
The following co-pending U.S. patent applications are owned by the owner of the present application, and their disclosures are incorporated herein by reference:
(A) Ser. No. 09/047,316 filed Mar. 24, 1998 by David Grawrock and originally entitled, BUBBLE-PROTECTED SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION, and re-filed Jun. 14, 2001 under 37 CFR 1.53(d) as a CPA with the same title, naming David Grawrock et al. as inventors, now abandoned; and
(B) U.S. Ser. No. 09/564,672 filed May 3, 2000, now U.S. Pat. No. 6,339,828 as a divisional of U.S. Ser. No. 08/864,297, now U.S. Pat. No. 6,081,893 May 28, 1997 by David Grawrock et al and originally entitled, SYSTEM FOR SUPPORTING SECURED LOG-IN OF MULTIPLE USERS INTO A PLURALITY OF COMPUTERS USING COMBINED PRESENTATION OF MEMORIZED PASSWORD AND TRANSPORTABLE PASSPORT RECORD.
2c. Reservation of Extra-Patent Rights and Resolution of Conflicts
After this disclosure is lawfully published, the owner of the present patent application has no objection to the reproduction by others of textual and graphic materials contained herein provided such reproduction is for the limited purpose of understanding the present disclosure of invention and of thereby promoting the useful arts and sciences. The owner does not however disclaim any other rights that may be lawfully associated with the disclosed materials, including but not limited to, copyrights in any computer program listings or artworks or other works provided herein, and to trademark or trade dress rights that may be associated with coined terms or artworks provided herein and to other otherwise-protectable subject matter included herein or otherwise derivable herefrom.
If any disclosures are incorporated herein by reference and such incorporated disclosures conflict in part or whole with the present disclosure, then to the extent of conflict, and/or broader disclosure, and/or broader definition of terms, the present disclosure controls. If such incorporated disclosures conflict in part or whole with one another, then to the extent of conflict, the later-dated disclosure controls.
3. Description of Related Art
As time passes, public knowledge about computers grows; and use of networked computers and of digital data proliferates throughout society. At the same time, a danger grows that unauthorized persons will learn how to gain useful (e.g., intelligible) access to confidential, digitized information and/or how to maliciously destroy or tamper with digitized data; particularly as digitized data and data-manipulating programs are allowed to flow in and out through unsecured transmission channels.
A wide variety of materials may be stored in the form of digitized data and there may be many reasons for keeping in confidence, the information represented by such stored data, and for avoiding unauthorized changes to such data.
By way of example, stored digital data may represent financial records of one or more private persons or other legal entities (e.g., companies). The latter records may be stored as digital data in a computer that is operatively coupled to a network (e.g., the Internet). Each private entity (person or company) may wish to have his or her or its financial records kept in confidence such that the records are intelligibly or otherwise accessible only to a select group of people. The method of access may be through a local keyboard and monitor, or remotely via a communications network (e.g., LAN or WAN). The latter case may allow remotely located, authorized persons to quickly access the data when needed.
The above-identified U.S. Pat. No. 5,699,428 of W. McDonnal et. al. provides an On-The-Fly decryption and re-encryption system (OTF-recryption system) which conveniently decrypts and automatically re-encrypts local file data for authorized users on an as-needed basis, thereby reducing risk that plaintext data will be exposed in a nontemporary manner; say because an authorized but forgetful user failed to re-encrypt a decrypted file.
The above-identified U.S. application Ser. No. 09/047,316 and its CPA counterpart of Jun. 14, 2001, which were originally entitled, “BUBBLE-PROTECTED SYSTEM FOR . . . ” provide a system that can co-exist with OTF-recryption and can further protect files from attack by Trojan-horse applets.
The systems of both of the above-identified U.S. Pat. No. 5,699,428 and the above-identified U.S. application Ser. No. 09/047,316 are designed to work primarily with locally-stored files. Unfortunately, in networked systems, in addition to being stored locally; file data may often be stored on one or more remote file servers and transferred over potentially-nonsecured links to the location of a local user. Security may be inadvertently breached if a plaintext version of confidential information is sent over a nonsecured link. On the other hand, network response speed may suffer if resources are wasted to non-selectively encrypt all information including non-confidential information before transmitting its representative data over the non-secured link. As such, it would be advantageous to have a selective method that can further co-exist with one or both of the OTF-recryption method of U.S. Pat. No. 5,699,428 and the Bubble-protection (and volume encryption) methods of U.S. application Ser. No. 09/047,316.
The problem of files being moved from remote to local sites is not limited to telecommunication networks. The so-called sneaker-net is a further part of the problem. There is a continuing proliferation of use of high-density removable media such as removable hard disks or Re-Writable Compact Disks (CD-RW's or DVD-RW's) or the like which makes it easier for unauthorized persons to potentially intercept an unguarded one of such high-density removable media and steal it or copy its contents into a portable notebook computer. Then, if any confidential information was left in plaintext form on such intercepted media, its confidentiality may be compromised. Moreover, even non-confidential information may be tampered with or destroyed.
It is desirable to have a ubiquitous system that allows for telecommunicative networking, and even sneaker-networking while at the same time providing the safeguards and conveniences of On-The-Fly decryption and re-encryption (OTF recryption) and/or Bubble-protection for such specific files as may need such protection.