Dividing a data processing device into separate security domains
First Claim
1. A method for operating a computer data processing device in two or more data security domains, comprising:
- providing in data memory associated with said computer data processing device at least one external policy defining a first domain;
associating a first computer data processing device application with said first domain;
providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application awl without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system;
receiving an application request at said persistent control mechanism;
processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;
an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; and
responding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function.
3 Assignments
0 Petitions
Accused Products
Abstract
This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.
80 Citations
27 Claims
-
1. A method for operating a computer data processing device in two or more data security domains, comprising:
-
providing in data memory associated with said computer data processing device at least one external policy defining a first domain; associating a first computer data processing device application with said first domain; providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application awl without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system; receiving an application request at said persistent control mechanism; processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;
an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; andresponding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer data processing system including two or more electronically encoded data security domains, said system comprising:
-
electronic computer memory in electronic communication with said computer data processing device, said electronic computer memory holding in electronic encoded format at least one external policy defining a first domain; a first computer data processing device application encoded in in electronic data memory associated with said first domain and operating under electronic computer control; a persistent control mechanism in electronic format in electronic memory and operating under electronic computer control, said persistent control mechanism being bound to said application and implemented to operate electronically externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application and without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system; said persistent control mechanism being further implemented to receive electronically encoded application requests and process said electronically encoded application requests under electronic computer control, including determining how to process said application request using one or more of;
an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the request application and the data; andsaid persistent control mechanism responding electronically to said application request under electronic computer control by either blocking said request completely, modifying at least, one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium containing a computer program product for operating a computer data processing device, said computer program product being configured to enable said computer data processing device to operate securely in two or more data security domains, said computer program product being configured to enable said computer data processing device to perform actions comprising:
-
providing in data memory associated with said computer data processing device at least one external policy defining a first domain; associating a first computer data processing device application with said first domain; providing a persistent control mechanism, said persistent control mechanism being bound to said application and implemented externally to an operating system, said persistent control mechanism being configured to intercept and mediate requests between the application and the operating system in accordance with specifications contained within policies of said first domain without modifying said application and without requiring operating system privileges over said computer data processing device application associated with said first domain, said persistent control mechanism being subject to the policies of said first domain, and said persistent control mechanism being located logically between said first data processing device application and said operating system; receiving an application request at said persistent control mechanism; processing said application request by said persistent control mechanism, said persistent control mechanism determining how to process said application request using one or more of;
an aspect of a domain of the requesting application, a domain data associated with the application request, and policies for the domains of the requesting application and the data; andresponding to said application request by said persistent control mechanism by either blocking said request completely, modifying at least one aspect of a requested operation before permitting the modified operation to proceed, or redirecting said request to a different function. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification