The invention relates to protection against unauthorized access to files stored in a computer network. The object of the invention is to provide a computer system which makes it possible to selectively limit the access to files without requiring extra measures when copies are made within the computer system and without requiring encryption.
The invention makes use of a gate device in a communication channel between a network domain and an external connection such as a connection to the Internet. The gate device is arranged to check for the presence of a security tag in all files sent to the external connection via the communication channel. Depending on the presence or absence of this security tag, the gate device limits the free sending of the file to the external connection.
Applications for this invention are typically environments where distribution of files needs restriction. Especially firewall and network security device manufacturers could benefit from this technology.
A file is provided with a security tag, based on which a selective check is performed by the gate device for the access possibilities to the file outside the network domain. Within the local network every user has access to the file. But out of that, access is limited. Thus, a domain specific protection is provided. In principle, the invention can be applied to all forms of file sending, for instance sending as part of e-mail protocols (SMTP), as part of file transfer protocols (FTP), as part of hyperlink protocols (HTTP) or any other sort of protocol.
License - Intellectual PropertyWO2004017599
COMPUTER NETWORK PROTECTION