US 9,811,646 B2
Method, secure device, system and computer program product for securely managing files
Michael Baentsch, Gross (CH); Peter Buhler, Horgen (CH); Harold D Dykeman, Richterswil (CH); Reto J Hermann, Buttikon (CH); Frank Hoering, Zurich (CH); Michael P Kuyper-Hammond, Kaltbrunn (CH); Diego Alejandro Ortiz-Yepes, Adliswil (CH); and Thomas D Weigold, Thalwil (CH)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Appl. No. 13/822,137
Filed by Michael Baentsch, Gross (CH); Peter Buhler, Horgen (CH); Harold D Dykeman, Richterswil (CH); Reto J Hermann, Buttikon (CH); Frank Hoering, Zurich (CH); Michael P Kuyper-Hammond, Kaltbrunn (CH); Diego Alejandro Ortiz-Yepes, Adliswil (CH); and Thomas D Weigold, Thalwil (CH)
PCT Filed Aug. 8, 2011, PCT No. PCT/IB2011/053526
§ 371(c)(1), (2), (4) Date May 28, 2013,
PCT Pub. No. WO2012/035451, PCT Pub. Date Mar. 22, 2012.
Claims priority of application No. 10177226 (EP), filed on Sep. 16, 2010.
Prior Publication US 2013/0232584 A1, Sep. 5, 2013
Int. Cl. G06F 21/12 (2013.01); G06F 21/10 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/121 (2013.01) [G06F 21/10 (2013.01); G06F 21/6218 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method for securely managing files, comprising the steps of:
providing a secure device, wherein the secure device is protected by design against malicious software or malware and does not include client interfaces for software installation that would expose the secure device to malware, wherein the secure device is adapted to establish a connection to a server that is not the secure device, via a host connected to the server through a telecommunication network;
encrypting a file at the secure device, using an encryption key, wherein the encryption key is stored (i) on a smart card or an internal memory of the device which is not externally accessible, or (ii) entered by the user at the device;
receiving a request for accessing the file stored on the secure device, wherein the file requires an updated use permission from the server to access the file stored on the secured device;
establishing a connection between the secure device and the server, via the host;
in response to receiving, at the secure device, use permission data sent from the server, updating, at the secure device, a use permission required to access the file stored on the secured device according to the use permission data;
receiving at the secure device a decryption key for decrypting the file, the decryption key sent from the server through the connection established between the secure device and the server; and
processing the request, at the secure device, according to the updated use permission required to access the file stored on the secure device.