Systems and methods for a cryptographic file system layer
First Claim
Patent Images
1. A method comprising:
- receiving using a programmed hardware processor an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files;
in response to receiving the identification, beginning a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files;
monitoring a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and
in response to detecting that the data access request is associated with the designated directory location;
intercepting the data access request, wherein the intercepting is transparent to a user of the computer system;
retrieving a data file associated with the data access request;
modifying the data file by performing a cryptographic operation on the data file to generate a modified data file that comprises a substantially random distribution of the data file, wherein the distribution results in a reordering of at least two units of data in the data file;
generating a modified data access request including an identifier associated with the modified data file;
sending the modified data access request to the file system layer or the application layer; and
in response to sending the modified data access request, resuming the process to modify the one or more data files in the designated directory location.
3 Assignments
0 Petitions
Accused Products
Abstract
The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving using a programmed hardware processor an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files; in response to receiving the identification, beginning a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files; monitoring a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and in response to detecting that the data access request is associated with the designated directory location; intercepting the data access request, wherein the intercepting is transparent to a user of the computer system; retrieving a data file associated with the data access request; modifying the data file by performing a cryptographic operation on the data file to generate a modified data file that comprises a substantially random distribution of the data file, wherein the distribution results in a reordering of at least two units of data in the data file; generating a modified data access request including an identifier associated with the modified data file; sending the modified data access request to the file system layer or the application layer; and in response to sending the modified data access request, resuming the process to modify the one or more data files in the designated directory location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
a programmed hardware processor in communication with non-transient computer-readable memory, the programmed hardware processor configured to; receive an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files; in response to receiving the identification, begin a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files; monitor a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and in response to detecting that the data access request is associated with the designated directory location; intercept the data access request, wherein the intercepting is transparent to a user of the computer system; retrieve a data file associated with the data access request; modify the data file by performing a cryptographic operation on the data file to generate a modified data file that comprises a substantially random distribution of the data file, wherein the distribution results in a reordering of at least two units of data in the data file; generate a modified data access request including an identifier associated with the modified data file; send the modified data access request to the file system layer or the application layer; and in response to sending the modified data access request, resume the process to modify the one or more data files in the designated directory location. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification