Electronic data security system and method
First Claim
Patent Images
1. An electronic data security system comprising:
- an operating environment;
at least one Productivity Application capable of operating within the operating environment;
a Policy Administrator component, wherein the Policy Administrator component allows a data security system administrator to create, edit, and delete at least one security policy attribute which is associated with the system;
a Workgroup Management component, wherein the Workgroup Management component allows an operating environment user to create, edit, and delete at least one secure workgroup, including creating, editing, and deleting at least one attribute associated with each at least one secure workgroup;
a User Authentication component, wherein the User Authentication component controls identification of, and access by, the operating environment user to system resources and functions, including identifying at least one secure workgroup to which the operating environment user belongs;
a File Authority component, wherein the File Authority component interprets at least one security policy attribute and at least one attribute associated with at least one secure workgroup to which the operating environment user belongs to determine what actions the operating environment user can take on particular data associated with the Productivity Application; and
, a Runtime component, wherein the Runtime component coordinates communications between the other system components, the operating environment, and the at least one Productivity Application to protect the particular data associated with the Productivity Application.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system capable of providing seamless access to, and encryption of, electronic data. The security system integrates into an operating environment and intercepts calls between the operating environment and one or more Productivity Applications within the operating environment, thereby ensuring security policies are properly applied to all sensitive data wherever the data travels or resides.
132 Citations
33 Claims
-
1. An electronic data security system comprising:
-
an operating environment;
at least one Productivity Application capable of operating within the operating environment;
a Policy Administrator component, wherein the Policy Administrator component allows a data security system administrator to create, edit, and delete at least one security policy attribute which is associated with the system;
a Workgroup Management component, wherein the Workgroup Management component allows an operating environment user to create, edit, and delete at least one secure workgroup, including creating, editing, and deleting at least one attribute associated with each at least one secure workgroup;
a User Authentication component, wherein the User Authentication component controls identification of, and access by, the operating environment user to system resources and functions, including identifying at least one secure workgroup to which the operating environment user belongs;
a File Authority component, wherein the File Authority component interprets at least one security policy attribute and at least one attribute associated with at least one secure workgroup to which the operating environment user belongs to determine what actions the operating environment user can take on particular data associated with the Productivity Application; and
,a Runtime component, wherein the Runtime component coordinates communications between the other system components, the operating environment, and the at least one Productivity Application to protect the particular data associated with the Productivity Application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of protecting electronic data, comprising:
-
loading an operating environment to be used by a user;
loading a monitoring application within the operating environment, wherein the monitoring application performs the following as it loads;
authenticating the user;
if a Policy Server is available, retrieving Policy Block and User Configuration information from a Policy Server, processing the Policy Block and User Configuration information, and caching the Policy Block and User Configuration;
if a Policy Server is unavailable, processing the cached Policy Block and User configuration information;
evaluating the current user context to determine whether the user is at risk and preventing any access to protected electronic data if the user is at risk;
monitoring each application launched within the operating environment to determine whether the launched application is a Productivity Application;
if the launched application is not a Productivity Application, permitting the launched application to directly interact with the operating environment;
if the launched application is a Productivity Application, performing the following;
decrypting protected electronic data if the user is a member of the secure workgroup associated with the protected electronic data and making the decrypted data available to the Productivity Application;
loading data security policy attributes stored with the protected electronic data;
monitoring interactions between the Productivity Application and the operating environment and allowing, preventing, transforming, or redirecting the interactions based on system security policy attributes contained within the Policy Block and the data security policy attributes stored with the protected electronic data; and
permanently deleting any temporary files created by the Productivity Application when the temporary files are no longer in use. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of defining user access to protected electronic data, comprising:
-
permitting a system administrator to define a set of possible users;
permitting the system administrator to define a set of user groups;
permitting the system administrator to define a set of policy attributes applicable to at least one user group;
allowing a system user to create data which is to be protected;
allowing the system user to define a secure workgroup, such that members of secure workgroup are given access to the protected data;
creating at least one encryption key for the at least one secure workgroup;
encrypting the data which is to be protected using the encryption key for the secure workgroup;
inviting users, and members of user groups to join the secured workgroup; and
authenticating an invitee invitation and, if authenticated, providing the encryption key for the secure workgroup to the invitee. - View Dependent Claims (31, 32, 33)
-
Specification