Abstract: Techniques for securing electronic data and keeping the electronic data secured at all times are disclosed. According to one embodiment, a client module in a client machine is configured to provide access control to secured documents that may be located in a local store, another computer machine or somewhere over a data network. The client module includes a document-securing module configured to operate in a path through which a document being accessed is caused to pass so that the document can be examined or detected for the security nature. If the document is secured, the document-securing module obtains a user or group key to decrypt security information in the secured document for access rules therein. If a user accessing the document is determined to have the access privilege to the secured document, a file key is retrieved from the security information and a cipher module is activated to decrypt the encrypted data portion with the file key.

Abstract: In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

Abstract: In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

Abstract: Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e.g., a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.

Abstract: Digital assets are in a secured form that only those with granted access rights can access. Even with the proper access privilege, when a secured file is classified, at least a security clearance key is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, a secured file or secured document includes two parts: a header, and an encrypted data portion. The header includes security information that points to or includes access rules, a protection key and a file key. The access rules facilitate restrictive access to the encrypted data portion and essentially determine who the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion and protected by the protection key.

Abstract: Techniques for managing access to digital assets via a designated place or its sub-places are disclosed. The designated place may be a file folder, a directory, a local or remote store. The designated place is characterized by or associated with a securing module that causes all files stored in the designated place to have substantially similar security. In other words, a file to be secured can be simply dropped into the designated place and the securing module is configured to take actions to secure the file transparently in accordance with the security characteristics of the designated place. Likewise, a designated place can be set up to unsecure the secured files being deposited in the designated place, provided a user of the secured files is permitted to do so.

Abstract: Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e.g., a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.