Just-in-time encryption
First Claim
Patent Images
1. A computer program product for just-in-time encryption of files detected on an endpoint, the computer program product comprising computer executable code embodied in a nontransitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
- adding a file system extension to the endpoint, the file system extension providing use of a key to access files whenever a security state of the endpoint is not compromised and withholding use of the key whenever the security state of the endpoint is compromised;
for a plurality of unsecure files existing on the endpoint, initializing encryption of the plurality of unsecure files with a background process using the key when the file system extension is added to the endpoint to provide a plurality of encrypted files;
monitoring the security state of the endpoint;
providing access to the plurality of encrypted files by a process other than the background process executing on the endpoint using the file system extension;
detecting an access, by the process, to a new file not yet encrypted by the background process with the key for secure use on the endpoint;
if the security state of the endpoint is not compromised, encrypting the new file with the background process using the key immediately upon detecting the access by the process to add the new file the plurality of encrypted files; and
if the security state of the endpoint is compromised, deleting the key from the endpoint to prevent access by the process to the plurality of encrypted files, initiating a remediation of the endpoint, and in response to successful remediation of the endpoint, recovering the key to the endpoint from a remote key management system.
4 Assignments
0 Petitions
Accused Products
Abstract
On an endpoint that encrypts local files to protect against data leakage and other harmful malware events, newly detected files are dynamically encrypted when they are detected as long as the endpoint is not compromised. If a compromised state is detected, the newly detected file will not be added to the encrypted files until the endpoint can be remediated and the compromised state resolved.
-
Citations
14 Claims
-
1. A computer program product for just-in-time encryption of files detected on an endpoint, the computer program product comprising computer executable code embodied in a nontransitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
-
adding a file system extension to the endpoint, the file system extension providing use of a key to access files whenever a security state of the endpoint is not compromised and withholding use of the key whenever the security state of the endpoint is compromised; for a plurality of unsecure files existing on the endpoint, initializing encryption of the plurality of unsecure files with a background process using the key when the file system extension is added to the endpoint to provide a plurality of encrypted files; monitoring the security state of the endpoint; providing access to the plurality of encrypted files by a process other than the background process executing on the endpoint using the file system extension; detecting an access, by the process, to a new file not yet encrypted by the background process with the key for secure use on the endpoint; if the security state of the endpoint is not compromised, encrypting the new file with the background process using the key immediately upon detecting the access by the process to add the new file the plurality of encrypted files; and if the security state of the endpoint is compromised, deleting the key from the endpoint to prevent access by the process to the plurality of encrypted files, initiating a remediation of the endpoint, and in response to successful remediation of the endpoint, recovering the key to the endpoint from a remote key management system.
-
-
2. A method for just-in-time encryption of files detected on an endpoint, the method comprising:
-
adding a file system extension to the endpoint, the file system extension providing use of a key to access files whenever a security state of the endpoint is not compromised and withholding use of the key whenever the security state of the endpoint is compromised; for a plurality of unsecure files existing on the endpoint, initializing encryption of the plurality of unsecure files with a background process using the key when the file system extension is added to the endpoint to provide a plurality of encrypted files; monitoring the security state of the endpoint; providing access to the plurality of encrypted filed by a process other than the background process executing on the endpoint using the file system extension; detecting an access, by the process, to a new file not yet encrypted by the background process with the key for secure use on the endpoint; if the security state of the endpoint is not compromised, encrypting the new file with the background process using the key immediately upon detecting the access by the process to add the new file to the plurality of encrypted files; and if the security state of the endpoint is compromised, deleting the key from the endpoint to prevent access by the process to the plurality of encrypted files, initiating a remediation of the endpoint, and in response to successful remediation of the endpoint, recovering the key to the endpoint from a remote key management system. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
an endpoint; a first memory on the endpoint storing a key; a second memory on the endpoint storing a file system extension, the file system extension providing use of the key to access files whenever a security state of the endpoint is not compromised and withholding use of the key whenever the security state of the endpoint is compromised; a process executing on a processor on the endpoint; a background process executing on the processor on the endpoint to initially encrypt a plurality of unsecure files existing on the endpoint when the file system extension is added to the endpoint to provide a plurality of encrypted files encrypted by the key and stored in the second memory; and a security agent executing on the processor, the security agent configured to monitor a security state of the endpoint and to detect a potential security compromise of the endpoint, wherein the processor is configured to detect an access to a new file while the background process is executing to encrypt the plurality of unsecure files, the new file existing on the second memory as one of the plurality of unsecure files prior to initializing encryption of the plurality of unsecure files and not yet encrypted with the key for secure use on the endpoint, if the security state of the endpoint is not compromised, encrypt the new file with the background process using the key immediately upon access by the process to add the new file to the plurality of encrypted files encrypted by the key, and if the security state of the endpoint is compromised, delete the key from the endpoint to prevent access by the process to the plurality of encrypted files, initiate a remediation of the endpoint, and in response to successful remediation of the endpoint, recover the key to the endpoint from a remote key management system. - View Dependent Claims (13, 14)
-
Specification