Protection of sensitive data
First Claim
Patent Images
1. At least one non-transitory machine readable medium comprising one or more instructions that when executed by at least one processor of an electronic device, cause the at least one processor to:
- receive data via a network;
determine if the data includes sensitive information;
store the data in a secured area of memory if the data includes sensitive information;
monitor, by a security module, access to the data in the secured area of memory, wherein the secured area of memory is at a hypervisor level;
receive a request from an application to access the data in the secured area;
determine if the application is a trusted application; and
allow the request if the application is a trusted application;
ordeny the request if the application is not a trusted application; and
wherein the one or more instructions further cause the at least one processor to store the data in a non-secured area of memory if the data does not include sensitive information.
10 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device.
30 Citations
16 Claims
-
1. At least one non-transitory machine readable medium comprising one or more instructions that when executed by at least one processor of an electronic device, cause the at least one processor to:
-
receive data via a network; determine if the data includes sensitive information; store the data in a secured area of memory if the data includes sensitive information; monitor, by a security module, access to the data in the secured area of memory, wherein the secured area of memory is at a hypervisor level; receive a request from an application to access the data in the secured area; determine if the application is a trusted application; and allow the request if the application is a trusted application;
ordeny the request if the application is not a trusted application; and wherein the one or more instructions further cause the at least one processor to store the data in a non-secured area of memory if the data does not include sensitive information. - View Dependent Claims (2, 3, 4)
-
-
5. An electronic device comprising:
-
memory; and a hardware processor configured to execute a security module configured to; receive data via a network; determine if the data includes sensitive information; store the data in a secured area of memory if the data includes sensitive information; monitor access to data in a secured area of the memory, wherein the secured area of memory is at a hypervisor level; receive a request from an application to access the data in the secured area; determine if the application is a trusted application; and allow the request if the application is a trusted application;
ordeny the request if the application is not a trusted application; and wherein the hardware processor is further configured to store the data in a non-secured area of memory if the data does not include sensitive information. - View Dependent Claims (6, 7, 8)
-
-
9. A method comprising:
-
receiving, with a hardware processor of an electronic device, data via a network; determining, with the hardware processor, if the data includes sensitive information; storing, with the hardware processor, the data in a secured area of memory if the data includes sensitive information; monitoring, with the hardware processor, access to data in a secured area of memory, wherein the secured area of memory is at a hypervisor level; receiving, with the hardware processor, a request from an application to access the data in the secured area; determining, with the hardware processor, if the application is a trusted application; and allowing, with the hardware processor, the request if the application is a trusted application;
ordenying, with the hardware processor, the request if the application is not a trusted application; and wherein the hardware processor is further configured to store the data in a non-secured area of memory if the data does not include sensitive information. - View Dependent Claims (10, 11, 12)
-
-
13. A system for protecting data, the system comprising:
-
memory in an electronic device; a hardware processor in the electronic device, wherein the processor is configured to execute a security module configured to; receive data via a network; determine if the data includes sensitive information; store the data in a secured area of memory if the data includes sensitive information; monitor access to data in a secured area of the memory, wherein the secured area of memory is at a hypervisor level; receive a request from an application to access the data in the secured area; determine if the application is a trusted application; and allow the request if the application is a trusted application;
ordeny the request if the application is not a trusted application; and wherein the hardware processor is further configured to store the data in a non-secured area of memory if the data does not include sensitive information. - View Dependent Claims (14, 15, 16)
-
Specification