Securing Data in a Networked Environment
First Claim
Patent Images
1. Apparatus for securing data comprising:
- a secure environment definer configured to define a secure environment within an existing user environment, said definer configured to define a boundary about said environment across which data cannot pass and a channel out of said secure environment, the secure environment definer further being configured to define a filter associated with said channel out of said secure environment, said filter being definable to control passage of data out of said secure environment.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus for securing data, comprising: an isolated processing environment having a boundary across which data cannot cross and a channel for allowing data to cross the boundary. A filter restricts data passage across the channel. Protected data is initially located in a secure area and is only released to such a secure processing environment so that access for authorized users to the secure data is available, but subsequent release of the secure data by the authorized users to the outside world is controlled.
-
Citations
39 Claims
-
1. Apparatus for securing data comprising:
a secure environment definer configured to define a secure environment within an existing user environment, said definer configured to define a boundary about said environment across which data cannot pass and a channel out of said secure environment, the secure environment definer further being configured to define a filter associated with said channel out of said secure environment, said filter being definable to control passage of data out of said secure environment. - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 19)
-
3. (canceled)
-
15. (canceled)
-
18. (canceled)
-
20. Apparatus for securing data, comprising:
-
an isolated processing environment, associated with a predefined classified area of data sources, having a boundary across which data cannot pass and a channel for passage of data across said boundary, the isolated processing environment being operable to receive a data unit from the classified area, wherein said isolated processing environment is installed on an endpoint computer; a data classifier, associated with said isolated processing environment, and configured to classify the data unit, according to a predefined policy; an output restrictor, associated with said channel and configured to restrict the outputting of the data unit across said channel, according to said classification; and an output data modifier associated with said output restrictor and configured to modify the output data unit, according to said classification.
-
-
21. (canceled)
-
22. Apparatus for securing data, comprising:
-
an isolated processing environment, associated with a predefined classified area of data sources, wherein said isolated processing environment is installed on an endpoint computer; and an input restrictor, associated with said isolating processing environment, and configured to restrict input of a data unit into said isolated processing environment, wherein said isolated processing environment is further operable to forward the input data unit to the classified area. - View Dependent Claims (23, 24)
-
-
25. Apparatus for securing data, comprising:
-
an isolated processing environment, associated with a predefined classified area of data sources, wherein said isolated processing environment is installed on an endpoint computer, said isolated processing environment comprising a boundary across which data cannot pass and a channel for allowing data to pass across said boundary; an input restrictor, associated with said channel, and configured to restrict input of a data unit into said isolated processing environment; and an input data modifier, associated with said input restrictor and configured to modify said input data unit according to a predefined policy; and
wherein said isolated processing environment is further operable to forward the input data unit to the classified area. - View Dependent Claims (27)
-
-
26. (canceled)
-
28. (canceled)
-
29. System for securing data, comprising:
-
at least two isolated processing environments, each environment comprising a boundary across which data cannot pass and a channel through which data may cross said boundary, each environment operatively associated with a respective predefined classified area of data sources thereby to receive a data unit from the classified area, and installed on an endpoint computer; and at least two output restrictors, each output restrictor associated with a channel of a respective one of said isolating processing environments and configured to control outputting of the received data unit from the isolated processing environment.
-
-
30. A computer program on a computer readable medium, for providing when run on a computer:
-
an isolated processing environment definer, operable to define an isolated processing environment comprising a boundary across which data may not pass and a channel through which data may cross said boundary, the environment being associatable with a predefined classified area of data sources on an endpoint computer; and an output restrictor, installable on the endpoint computer, and configured to restrict outputting of the data unit through said channel. - View Dependent Claims (31)
-
-
32. Method for securing data, comprising:
-
a) creating an isolated processing environment at an endpoint computer, by defining a boundary across which data may not pass and a channel across which data may pass across said boundary; b) receiving within said isolated processing environment a data unit originating from a predefined classified area associated with the isolated processing environment; and c) monitoring said channel in order to restrict outputting of the received data unit from said isolated processing environment. - View Dependent Claims (34, 36, 37)
-
-
33. (canceled)
-
35. (canceled)
-
38. Method for securing data, comprising:
-
a) creating an isolated processing environment at an endpoint computer, by defining a boundary across which data may not pass and a channel across which data may pass across said boundary; b) monitoring said channel to restrict input of data units to said isolated processing environment; and c) forwarding the restricted input data units from said isolated processing environment to a classified area associated with the isolated processing environment, thereby to protect data input to said classified area. - View Dependent Claims (39)
-
Specification