Pervasive data security
First Claim
Patent Images
1. A computing device comprising:
- a processor;
at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
a memory for content and programming;
a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;
intercepting an operating system call performed by a calling application to create a particular version of a plurality of versions of an unencrypted asset;
requesting a first key for the unencrypted asset from a server, the first key corresponding to a user identity associated with the computing device and the particular version of the unencrypted asset;
upon receiving the first key for the particular version of the unencrypted asset from the server;
creating a secure resource by encrypting the unencrypted asset;
completing the operating system call;
sending an update message to the server, the update message including an indication to provide a second user identity with permission to access only the particular version of the unencrypted asset; and
upon failing to receive the first key in response to requesting the first key, suspending the operating system until receipt of the first key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system of securing data. A security client program stored in a memory of a user device intercepts an operating system call performed by a calling application of the user device for an unencrypted asset. A first key for the unencrypted asset from a server is requested. Upon receiving the first key for the unencrypted asset from a server, a secure resource is created by encrypting the unencrypted asset. Then, the operating system call is completed and an update message is sent to the server.
31 Citations
20 Claims
-
1. A computing device comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising; intercepting an operating system call performed by a calling application to create a particular version of a plurality of versions of an unencrypted asset; requesting a first key for the unencrypted asset from a server, the first key corresponding to a user identity associated with the computing device and the particular version of the unencrypted asset; upon receiving the first key for the particular version of the unencrypted asset from the server; creating a secure resource by encrypting the unencrypted asset; completing the operating system call; sending an update message to the server, the update message including an indication to provide a second user identity with permission to access only the particular version of the unencrypted asset; and upon failing to receive the first key in response to requesting the first key, suspending the operating system until receipt of the first key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An appliance server, comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; a program stored in the memory, wherein execution of the program by the processor configures the appliance server to perform acts, comprising; receiving a request for access to a particular version of a plurality of versions of a secure resource during an intercepted operating system call on a first user device; upon determining that the first user device is authorized to have access to the secure resource, sending a first encrypted message having a resource key to the first user device, such that the first encrypted message can be decrypted by a private key of the first user device; upon determining that the first user device has decrypted the first encrypted message to access the resource key, sending a second encrypted message having a resource item, such that the second encrypted message can be decrypted by the resource key; upon determining that the first user device has decrypted the second encrypted message to access the resource item, sending a third encrypted message having a resource data, such that the third encrypted message can be decrypted by the resource item, wherein the resource data is configured to decrypt the particular version of the secure resource; and upon determining that the first user device has failed to decrypt the first encrypted message to access the resource key, suspending the operating system until determining that the first user device has access to the resource key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computing device comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising; intercepting an operating system call performed by a calling application to create a particular version of a plurality of versions of an unencrypted asset; requesting a first key for the unencrypted asset from a server, the first key corresponding to a user identity associated with the computing device and the particular version of the unencrypted asset; upon receiving the first key for the particular version of the unencrypted asset from the server; creating a secure resource by encrypting the unencrypted asset; completing the operating system call; sending an update message to the server, the update message including an indication to provide a second user identity with permission to access only the particular version of the unencrypted asset; and upon failing to receive the first key in response to requesting the first key, encrypting the unencrypted asset using a local key and suspending the operating system until receipt of the first key. - View Dependent Claims (20)
-
Specification