Abstract: Various techniques for allowing non-secured clients to access secured data of an enterprise from a public network without compromising security integrity of the enterprise are disclosed. According to one embodiment, a server, referred to as an interface server, is designated to interface with non-secured clients and coupled between a private network and a public network. The server can be one of local servers in a security system employed in an enterprise. In certain respect, the interface server is analogously placed in a “Demilitarized Zone”, hence also referred to as a DMZ server. Through the DMZ server, some of the secured data in the enterprise can be accessed by the non-secured clients without compromising the security integrity of the enterprise.

Abstract: Even with proper access privilege, when a secured file is classified, at least security clearance (e.g. a clearance key) is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, referred to as a two-Opronged access scheme, a security clearance key is generated and assigned in accordance with a user's security access level. A security clearance key may range from most classified to non-classified. Depending on implementation, a security clearance key with a security level may be so configured that the key can be used to access secured files classified at or lower than the security level or multiple auxiliary keys are provided when a corresponding security clearance key is being requested. The auxiliary keys are those keys generated to facilitate access to secured files classified respectively less than the corresponding security or confidentiality level.

Abstract: An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.

Abstract: Techniques for managing access to digital assets via a designated place or its sub-places are disclosed. The designated place may be a file folder, a directory, a local or remote store. The designated place is characterized by or associated with a securing module that causes all files stored in the designated place to have substantially similar security. In other words, a file to be secured can be simply dropped into the designated place and the securing module is configured to take actions to secure the file transparently in accordance with the security characteristics of the designated place. Likewise, a designated place can be set up to unsecure the secured files being deposited in the designated place, provided a user of the secured files is permitted to do so.

Abstract: Improved approaches for communicating changes to security policies (or rules) in a distributed security system are disclosed. Depending on the status of an affected user in the system, the changes can be delivered to the user if the user is logged in the system or effectuated in a state message in a local server and the state message is delivered to the user next time the user is logged in the system. If a local server is not operative at the time that a change request is received for a user of the local server, the change request is redirected to another local server. The user is directed to the another local server to affect the change request. As a result, various changes are guaranteed to be delivered to the affected users without compromising the network efficiency.