摘要:
Improved system and approaches for decentralized key generation are disclosed. The keys that can be generated include both public keys and private keys. The public keys are arbitrary strings that embed or encode access restrictions. The access restrictions are used to enforce access control policies. The public keys are used to encrypt some or all portions of files. The private keys can be generated to decrypt the portions of the files that have been encrypted with the public keys. By generating keys in a decentralized manner, not only are key distribution burdens substantially eliminated but also off-line access to encrypted files is facilitated.
摘要:
Improved system and approaches for centralized storage of access restrictions which are associated with public keys are disclosed. The access restrictions serve to limit access to files secured by a security system. According to one aspect of the present invention, identifiers, or encoded versions thereof, are used as public keys to identify particular access restrictions. The identifiers to the access restrictions are used in a decentralized manner for public keys, while the access restrictions themselves are maintained in a centralized manner. As compared to the access restrictions, the public keys based on identifiers tend to be smaller and more uniform in size. The centralized storage of the access restrictions also facilitates subsequent changes to access restrictions for previously secured files. The improved system and approaches is particularly suitable in an enterprise environment.
摘要:
With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.
摘要:
A system and method for providing distributed access control are disclosed. A number of local servers are employed to operate largely on behalf of a central server responsible for centralized access control management. Such a distributed fashion ensures the dependability, reliability and scalability of the access control management undertaking by the central server. According to one embodiment, a distributed access control system that restricts access to secured items can include at least a central server having a server module that provides overall access control, and a plurality of local servers. Each of the local servers can include a local module that provides local access control. The access control, performed by the central server or the local servers, operates to permit or deny access requests to the secured items by requestors.
摘要:
Improved techniques for transferring files through a multi-tier computing environment are disclosed. The transfer of files across the multiple tiers of the computing environment can use staging at intermediate tiers to facilitate the file transfer. Each tier can include at least one computing machine that includes a file transfer manager. The file transfer managers at the computing machines in each of the multiple tiers serve to effectuate the file transfer through the multi-tier computing environment. In one embodiment, the multi-tier computing environment is a multi-tier file security system and the files being transferred are audit files.
摘要:
With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.
摘要:
Improved system and approaches for decentralized key generation are disclosed. The keys that can be generated include both public keys and private keys. The public keys are arbitrary strings that embed or encode access restrictions. The access restrictions are used to enforce access control policies. The public keys are used to encrypt some or all portions of files. The private keys can be generated to decrypt the portions of the files that have been encrypted with the public keys. By generating keys in a decentralized manner, not only are key distribution burdens substantially eliminated but also off-line access to encrypted files is facilitated.