System and Methodology Providing Secure Workspace Environment
First Claim
1. In a computer system, a method for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprising:
- creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed;
hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications;
during operation of the applications, encrypting the information to prevent unauthorized access;
in response to a request for access to the information, determining whether the request complies with the policy; and
if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.
1 Assignment
0 Petitions
Accused Products
Abstract
System and methodology providing a secure workspace environment is described. In one embodiment, for example, in a computer system, a method is described for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprises steps of: creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.
-
Citations
66 Claims
-
1. In a computer system, a method for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprising:
-
creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed;
hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications;
during operation of the applications, encrypting the information to prevent unauthorized access;
in response to a request for access to the information, determining whether the request complies with the policy; and
if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system providing a secured workspace for allowing users to run applications in a secured manner, the system comprising:
-
a computer running under control of an existing operating system;
a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed;
a module for intercepting particular functions of the existing operating system in order to allow the secured workspace to run under the existing operating system, said module permitting the secured workspace to obtain control over the information created during operation of the applications;
an encryption module for preventing unauthorized access to the information; and
a decryption module for providing authorized access to the information, in response to receiving a request that complies with the policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system providing a secured desktop environment that allows users to run application software securely, the system comprising:
-
a computer running under an operating system, said computer including application software for use by users; and
a secured desktop environment comprising;
a configurable policy specifying permitted operations of the application software and specifying permitted access to information created during operation of the application software;
a hooks engine for intercepting particular calls to the operating system, thereby allowing the secured desktop environment to control operations of the application software and control access to information created during operation of the application software; and
a module, operating in conjunction with said policy and said hooks engine, for preventing any operation of the application software that is not permitted and any access to the information that is not permitted. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A method for securing software programs that run under control of a computer operating system, the method comprising:
-
defining a configurable security policy that specifies operations of the software programs that are permitted;
patching certain files of the computer operating system, so that interactions between the software programs and the computer operating system may be monitored for compliance with the security policy; and
controlling operations of the software programs to prevent violation of the security policy. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A system for securing software programs that run under control of a computer operating system, the system comprising:
-
a configurable security policy that specifies operations of the software programs that are permitted;
means for patching certain files of the computer operating system, so that interactions between the software programs and the computer operating system may be monitored for compliance with the security policy; and
means for controlling operations of the software programs to prevent violation of the security policy. - View Dependent Claims (57, 58, 59, 60)
-
-
61. An improved desktop environment for use with an existing operating system, wherein the improvement comprises:
-
a policy specifying behavior of computer programs that is permitted;
injectable program code that intercepts interactions between the computer programs and the existing operating system, so that the computer programs may be monitored for compliance with the policy; and
wherein the desktop environment blocks any attempted behavior by the computer programs that would violate the policy. - View Dependent Claims (62, 63, 64, 65, 66)
-
Specification