Method and system for file data access within a secure environment
First Claim
1. A computer data security system, comprising a file parser for determining if a computer file contains protected data;
- a file decrypter for decrypting encoded files;
a file encrypter for re-encoding decrypted files that have been modified;
a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process; and
a process monitor for monitoring processes within a computer, comprising;
a command interceptor for intercepting a data access command issued by the process; and
a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible.
0 Assignments
0 Petitions
Accused Products
Abstract
A computer data security system, including a file parser for determining if a computer file contains protected data, a file decrypter for decrypting encoded files, a file encrypter for re-encoding decrypted files that have been modified, a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process, and a process monitor for monitoring processes within a computer, including a command interceptor for intercepting a data access command issued by the process, and a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible. A method is also described and claimed.
-
Citations
20 Claims
-
1. A computer data security system, comprising
a file parser for determining if a computer file contains protected data; -
a file decrypter for decrypting encoded files;
a file encrypter for re-encoding decrypted files that have been modified;
a rights processor for determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process; and
a process monitor for monitoring processes within a computer, comprising;
a command interceptor for intercepting a data access command issued by the process; and
a command blocker for blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for computer data security, comprising
determining if a computer file contains protected data; -
decrypting encoded files;
re-encoding decrypted files that have been modified;
determining data usage rights for a process that has been launched, the data usage rights restricting the process by limiting permissible data access commands that can be issued by the process;
intercepting a data access command issued by the process; and
blocking the intercepted command if the intercepted command accesses protected data, and if the data usage rights indicate that the command is not permissible. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer data security system, comprising:
-
a file parser for determining if a computer file contains protected data;
a file decrypter for decrypting encoded files into memory;
a file encrypter for encrypting files containing protected data; and
a security processor for indicating to a process that data it receives from memory is protected data. - View Dependent Claims (18, 19, 20)
-
Specification