Intermediate encryption for exposed content
First Claim
Patent Images
1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on an endpoint, performs the steps of:
- providing a first key to a process executing on the endpoint, the first key providing access to a plurality of files on the endpoint;
detecting a potential security compromise to the endpoint;
in response to detecting the potential security compromise, providing a second key to the process different than the first key;
encrypting a first one of the plurality of files that is open by the process with the second key;
storing the first one of the plurality of files after encryption with the second key;
revoking the first key from the process to prevent access to other ones of the plurality of files by the process;
initiating a remediation of the potential security compromise; and
if the potential security compromise is resolved, returning the first key to the process and transcribing the first one of the plurality of files for access using the first key.
4 Assignments
0 Petitions
Accused Products
Abstract
An endpoint encrypts local files with a key to protect file contents. If the endpoint or processes on the endpoint becomes exposed to potentially harmful locations or resources, the key can be revoked to prevent access to encrypted files on the endpoint. In order to facilitate continued operation of the endpoint, files that are currently open can be encrypted with a second key so that the corresponding data is isolated from the other encrypted files while remaining accessible to current users.
114 Citations
20 Claims
-
1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on an endpoint, performs the steps of:
-
providing a first key to a process executing on the endpoint, the first key providing access to a plurality of files on the endpoint; detecting a potential security compromise to the endpoint; in response to detecting the potential security compromise, providing a second key to the process different than the first key; encrypting a first one of the plurality of files that is open by the process with the second key; storing the first one of the plurality of files after encryption with the second key; revoking the first key from the process to prevent access to other ones of the plurality of files by the process; initiating a remediation of the potential security compromise; and if the potential security compromise is resolved, returning the first key to the process and transcribing the first one of the plurality of files for access using the first key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
providing a first key to a process executing on an endpoint, the first key providing access to a plurality of files on the endpoint; detecting a potential security compromise to the endpoint; in response to detecting the potential security compromise, providing a second key to the process different than the first key; encrypting a first one of the plurality of files that is open by the process with the second key; revoking the first key from the process to prevent access to other ones of the plurality of files by the process; and if the potential security compromise is resolved, returning the first key to the process and transcribing the first one of the plurality of files for access using the first key. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
an endpoint; a first memory on the endpoint storing a first key; a second memory on the endpoint storing a plurality of files encrypted by the first key; a process executing on a processor on the endpoint, the process using the first key to access a first one of the plurality of files; and a security agent executing on the processor, the security agent configured to detect a potential security compromise to the endpoint, wherein the processor is configured to provide, in response to detecting the potential security compromise, a second key to the process different than the first key, to respond to the potential security compromise by encrypting the first one of the plurality of files with the second key, to provide access by the process to the second key, and to revoke the first key from the process to prevent access by the process to other ones of the plurality of files. - View Dependent Claims (20)
-
Specification