SYSTEM AND METHOD FOR PROTECTING DIGITAL FILES

Abstract

A system for protecting digital files is provided. The system includes at least one client computer and a server connected to the at lease one server. Each client computer includes: a file identifier generating module, for generating a file identifier for a digital file; a key generating module, for generating a key for the digital file; and a data encoding module, for encrypting the digital file according to the key. The server includes an identification validating module for determining whether a user intending to access the digital file has a corresponding access right, according to the user's digital certificate information. A related method is also provided.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram illustrating a system for protecting digital files according to a preferred embodiment;

FIG. 2 is a block diagram illustrating the system in FIG. 1;

FIG. 3 is a data flow diagram illustrating a preferred method for protecting digital files;

FIG. 4 is a flowchart of the preferred method for protecting digital files; and

FIG. 5 is a detailed description of one step in FIG. 4, namely searching for an access right of a user intending to operate the digital file.

Claims

1. A system for protecting digital files, comprising at least one client computer, the at least one client computer comprising: a file identifier generating module for generating a file identifier for a digital file; a key generating module for generating a key for the digital file; anda data encoding module for encrypting the digital file according to the key; anda server connected to the at least one client computer, the server comprising:an identification validating module for determining whether a user intending to access the digital file has a corresponding access right, according to digital certificate information of the user.

2. The system as claimed in claim 1, wherein the server further comprises: an access control list generating module for generating an access control list of the digital file based on the file identifier, the access control list specifying access rights of different users to the digital file;a certificate generating module for generating a digital certificate for each user based on the access control list; anda certificate delivering module for delivering each digital certificate to a corresponding user.

3. The system as claimed in claim 1, wherein the file identifier generating module is further used for attaching the file identifier to the encrypted digital file.

4. The system as claimed in claim 1, wherein the data encoding module is further used for decrypting the encrypted digital file with the key, when the user intending to access the digital file has the corresponding access right.

5. The system as claimed in claim 1, wherein the identification validating module is further used for refusing the user to access the digital file, if the user does not have the corresponding access right to the digital file.

6. A computer-based method for protecting digital files, comprising the steps of: creating a digital file; generating a file identifier for the digital file;generating a key for the digital file;encrypting the digital file according to the key; searching for an access right of a user intending to access the digital file;determining whether the user has the corresponding access right according to digital certificate information of the user; andproviding the user with the key of the digital file and allowing the user to access the digital file, if the user has the corresponding access right.

7. The method as claimed in claim 6, wherein the encrypting step comprises the step of: attaching the file identifier to the encrypted digital file.

8. The method as claimed in claim 7, wherein the searching step comprises the steps of: determining whether the user has a digital certificate;obtaining the file identifier of the encrypted digital file, if the user has no digital certificate;obtaining an access control list of the encrypted digital file based on the file identifier;generating the digital certificate for the user according to the authority list; anddelivering the digital certificate to the user.

9. The method as claimed in claim 6, further comprising the step of: refusing the user to access the digital file, if the user has no corresponding access right.