The invention relates to a method and a device for accessing files of a secure file server. Furthermore, a computer network with such a device is proposed.
There exist solutions for providing files or, more specifically, data, especially by use of centralized computers (file server). Administrators are usually provided with rights that enable an expanded access to files and/or the computer network as compared to normal users. It is often the case that administrators gain access to the whole database.
It is precisely in the case of large computer networks that the manipulation and, in particular, the storage, of highly confidential data present a problem. For example, one goal is to keep the number of persons who have access to these data as small as possible. In particular, not all administrators should have access to highly confidential data. Therefore, it is often the case that dedicated and isolated areas that are protected, in particular, with firewalls and security zones, are defined. In order to make these areas available (maintenance, control, security, monitoring, etc.), it is necessary to have special operating teams that differ from the normal administrators and exhibit, in particular, a high degree of confidentiality. These additional operating teams often have to ensure around-the-clock support for the file servers. This feature incurs not only the costs for the additional hardware but also costs for the time-consuming administration of the file servers in the isolated areas. An additional drawback is that the operating teams have access to the highly confidential data.
With the prior art encryption applications it is possible to store data in an encrypted form on a storage medium. However, this method has the drawback that until the confidential data is encrypted, said confidential data may be accessed in the computer network as transparent data.
Furthermore, it is disadvantageous that the file server of certain file servers that are used by default is itself unprotected. Hence, such a file server also allows access to highly confidential data.
There are also solutions that define the access to the data files by use of a certificate and rights management. However, such solutions are cumbersome in terms of the administration and manipulation by the end user, in particular if several users have to access data files in one directory. In this case all users need the correct key (or rather the correct certificate). This is very complicated and time-consuming, for example, in a dynamic environment—that is, where various staff members work together in different teams—because a personal key, or more specifically a personal certificate, would have to be generated and managed for and distributed to each staff member/team combination.
The object of the present invention is to avoid the aforementioned drawbacks and to provide, in particular, a method for manipulating confidential data in a way that is efficient, largely secure and simple and transparent to the user.
The invention achieves this and other objects by providing a method for accessing files of a secure file server, wherein a user or a process is authenticated; the access to the files of the secure file server takes place by way of an encryption module of the secure file server; the encryption module comprises an encryption agreement of a centralized security application; and the access of the authenticated user or process to the secure file server takes place taking into consideration the encryption agreement.
In particular, the encryption agreement (policy) can be made available to the encryption module of the file server by the centralized security application, wherein the file server actively requests the encryption agreement, or wherein the encryption agreement is transferred to the file server without such a request.
The centralized security application is an application that runs preferably on a separate computer. The encryption agreement can have, for example, encryption rules and/or keys to access the data files of the secure server.
At this point it must be pointed out that the secure file server includes at least one computer that has an encryption module. The “secure file server” differs in this way from a server without an encryption module. In this case the actual security of the “secure” file server is not further quantified; this security can be provided, as a function of the application, for example, by use of suitable measures (structural measures, access control, additional software) in order to protect the “secure server.”
Furthermore, it must be pointed out that the centralized security application involves preferably an application that satisfies special security requirements. It can run, for example, on a specifically protected computer (for example, protected by special encryption hardware), to which only a small number of persons having a special fiduciary position have access. The centralized security application can provide encryption agreements for several secure file servers. The centralized arrangement facilitates the complex administration resulting from the high security requirements. Moreover, it is advantageous that the administration of the centralized security application requires only a reduced effort compared to the administration of a file server; and, thus as a result, operating persons for the centralized security application do not have to be available twenty-four hours a day, seven days a week.
The process can be a service in the computer network—for example, a system service of the secure file server.
In this context it is advantageous that the encryption agreement can be defined, or more specifically specified, in a very granular way. In particular, for example, the context information (for example, which process accesses which file(s)) can be used to control the access to files of the secure file server.
The approach described herein applies in general to servers that store confidential data. The file server mentioned herein can also be an application that processes sensitive data. The application is recognized by the signature of the service or by way of the executing user, and the encryption agreement can provide the assurance that only for this application are the data encrypted.
It is a further aspect of the invention that the user's access is controlled according to the following role model: if it involves an authorized user, then the files are encrypted and/or decrypted by the encryption module of the secure file server; if it involves an administrator, then access is allowed, but the files are neither encrypted nor decrypted; if it involves an unauthorized user, then access is blocked.
Correspondingly, it is possible to control the access of the process (for example, the system service). In particular, it is possible that the role model for users and/or processes are stored in the encryption agreement.
It is also a further development that the access of the authenticated user or process to the secure file server takes place by way of an encrypted connection taking the encryption agreement into consideration.
It is an additional improvement that the user is authenticated by way of his user identification.
In particular, the role of the user can be determined by use of his user identification. This feature is advantageous because the user authenticates himself to the system in a way that is known to him (for example, within the framework of logging onto the system), and his access to the secure file server is controlled transparently to the user (that is, without more effort on his part). For the authorized user the solution proposed herein represents, for example, an additional storage medium, which he can access (read and write access). At the same time the encryption takes place seamlessly preferably from the workstation computer to the secure file server (end to end encryption), so that there is no possibility of gaining access to the unencrypted data, based on the connection between the workstation computer and the secure file server.
The term “end to end” encryption is defined herein, in particular, as a two-step strategy. The encryption of the data files can be performed centrally on the file server; the path between the workstation computer (client) and the file server can be protected separately (encrypted).
In particular, it is a further development that the user is authenticated with a user identification by way of a workstation computer, and that an encrypted transfer of files between the workstation computer and the secure file server takes place.
It is also a further development that the encrypted transfer between the workstation computer and the secure file server takes place by means of the IPsec protocol. As an alternative it is possible that the encrypted transfer between the workstation computer and the secure file server takes place by means of encryption on a higher protocol level (for example, TLS/SSL).
Furthermore, it is a further development that the access or the attempted access to the secure file server is stored and/or monitored. As a result, it is advantageous that a security of the computer network and, in particular, the confidential files can be documented.
According to an additional further development, the process is authenticated by the centralized security application.
A subsequent improvement consists of the fact that the process is authenticated by use of a signature by the file server, in particular, the encryption module of the file server. This feature can ensure that the process was not manipulated. This assurance is especially important for such processes that have access to the confidential data of the secure server.
In one embodiment access to the files of the secure file server is controlled by way of the encryption agreement as a function of the type of process.
An alternative embodiment consists of the fact that the process is an anti-virus program that is given full access to the files of the secure file server by way of the encryption agreement.
Additional examples of processes that have full access to the files of the file server by way of the encryption agreement are: e-discovery processes, revision processes, indexing and search processes.
In a further embodiment the file contents are encrypted by the encryption module and that metadata of a file are not encrypted.
In another embodiment the data files of the secure file server are backed up, optionally together with the files of a normal file server, on a storage medium.
The storage medium can be a storage array and/or any back-up medium—for example, the local hard disk, archiving media. In this case it is an advantage that the data files of the secure file server can be treated just like the files of a normal file server. In particular, this feature makes it possible for the administrators to carry out, for example, the backup of the confidential data without being able to decrypt the data.
The aforementioned object is achieved with a device that is intended for making available data files and that includes: an encryption module, wherein the encryption module comprises an encryption agreement of a centralized security application; a processing unit that is configured in such a way that: (i) a user or a process can be authenticated; (ii) the access to the files takes place by way of the encryption module; and (iii) the access of the authenticated user or process takes place taking into consideration the encryption agreement.
For the sake of completeness it must be pointed out once more that the encryption agreement can be considered in addition to the authorization at the file server.
Correspondingly, the processing unit is configured for carrying out one of the additional actions described herein.
As a result, the aforementioned engineering object is also achieved with a device comprising a processing unit, wherein the processing unit is configured in such a way that the method described herein can be carried out.
The processing unit can be, for example, an analog or digital processing unit; it can also be designed as a processor and/or at least a partially hard-wired circuit configuration that is configured in such a way that the method can be carried out as described herein.
The processor can be any kind of processor, calculator or computer with the respective necessary periphery (memory, input/output interfaces, input/output devices, etc.) or can include such a processor. Furthermore, a hard-wired circuit unit—for example, an FPGA, an ASIC or any other integrated circuit—can be provided.
According to one embodiment, the device is a secure file server in a computer network. As stated above, the secure file server differs from a non-secure or also normal file server in that it has an encryption module.
The aforementioned object is also achieved by way of a computer network that includes at least one device, as described herein.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.