Method and system for file data access within a secure environment

US 20050273600A1
Filed: 05/24/2005
Published: 12/08/2005
Est. Priority Date: 02/03/2003
Status: Abandoned Application

First Claim

Patent Images

1. A computer data security system, comprising a file parser for determining if a computer file contains protected data;

a file decrypter for decrypting encoded files;

a file encrypter for re-encoding decrypted files that have been modified;

a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process; and

a process monitor for monitoring processes within a computer, comprising;

a command interceptor for intercepting a data access command issued by the process; and

a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer data security system, including a file parser for determining if a computer file contains protected data, a file decrypter for decrypting encoded files, a file encrypter for re-encoding decrypted files that have been modified, a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process, and a process monitor for monitoring processes within a computer, including a command interceptor for intercepting a data access command issued by the process, and a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible. A method is also described and claimed.

Citations

20 Claims

1. A computer data security system, comprising a file parser for determining if a computer file contains protected data;
- a file decrypter for decrypting encoded files;
  
  a file encrypter for re-encoding decrypted files that have been modified;
  
  a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process; and
  
  a process monitor for monitoring processes within a computer, comprising;
  
  a command interceptor for intercepting a data access command issued by the process; and
  
  a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer data security system of claim 1 wherein the data usage rights are derived from meta-data stored within a file containing protected data.
  - 3. The computer data security system of claim 1 wherein the data usage rights are derived from user privileges.
  - 4. The computer data security system of claim 1 wherein certain processes are tagged as conditionally protected, a conditionally protected process being restricted by data usage rights only when a restricted process is also running.
  - 5. The computer data security system of claim 4 wherein the conditionally protected processes are processes that can copy data from memory to memory.
  - 6. The computer data security system of claim 1 wherein certain processes are tagged as being blacklisted, a blacklisted processes preventing launch of a restricted process while the blacklisted process is running.
  - 7. The computer data security system of claim 1 wherein the intercepted data access command is an open file command.
  - 8. The computer data security system of claim 1 wherein the intercepted data access command is a save file command.
  - 9. The computer data security system of claim 1 wherein the intercepted data access command is an edit command.
  - 10. The computer data security system of claim 1 wherein the intercepted data access command is a print command.

11. A method for computer data security, comprising determining if a computer file contains protected data;
- decrypting encoded files;
  
  re-encoding decrypted files that have been modified;
  
  determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process;
  
  intercepting a data access command issued by the process; and
  
  blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 wherein the data usage rights are derived from meta-data stored within a file containing protected data.
  - 13. The method of claim 11 wherein the data usage rights are derived from user privileges.
  - 14. The method of claim 11 wherein certain processes are tagged as conditionally protected, a conditionally protected process being restricted by data usage rights only when a restricted process is also running.
  - 15. The method of claim 14 wherein the conditionally protected processes are processes that can copy data from memory to memory.
  - 16. The method of claim 11 wherein certain processes are tagged as being blacklisted, a blacklisted processes preventing launch of a restricted process while the blacklisted process is running.

17. A computer data security system, comprising:
- a file parser for determining if a computer file contains protected data;
  
  a file decrypter for decrypting encoded files into memory;
  
  a file encrypter for encrypting files containing protected data; and
  
  a security processor for indicating to a process that data it receives from memory is protected data.
- View Dependent Claims (18, 19, 20)
- - 18. The computer data security system of claim 17 further comprising a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process.
  - 19. The computer data security system of claim 17 further comprising a rights processor for determining data usage rights for a process that receives protected data from memory, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process.
  - 20. The computer data security system of claim 17 wherein said file encrypter encrypts a file generated by a process from protected data the process received from memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
El-Azar Seeman
Original Assignee
El-Azar Seeman
Inventors
Seeman, El-azar

Application Number

US11/135,554
Publication Number

US 20050273600A1
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2141 Access rights, e.g. capabil...

Method and system for file data access within a secure environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for file data access within a secure environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links