Protecting Encrypted Files Transmitted over a Network

US 20090150546A1
Filed: 02/19/2009
Published: 06/11/2009
Est. Priority Date: 09/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method for identifying a destination address being accessed by a window for a process operating on a computer system, the method comprising:

determining a foreground window for the process; and

examining a resource within the foreground window to determine a destination address that is being or is to be accessed by the process.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.

113 Citations

View as Search Results

20 Claims

1. A method for identifying a destination address being accessed by a window for a process operating on a computer system, the method comprising:
- determining a foreground window for the process; and
  
  examining a resource within the foreground window to determine a destination address that is being or is to be accessed by the process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, wherein the process pertains to a network browser operating on the computer system.
  - 3. A method as recited in claim 1, wherein the examining comprises:
    - determining that the process pertains to a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address that is being or is to be accessed by the network browser.
  - 4. A method as recited in claim 1, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.
  - 5. A method as recited in claim 1, wherein the resource comprises content or characteristics within the foreground window.
  - 6. A method as recited in claim 1, wherein the method is performed to inform a file security system about the destination address being or to be accessed by the process so that the file security system can restrict files accessible to the computer system from being transmitted to untrusted destinations via the process.
  - 7. A method as recited in claim 6, wherein the process pertains to a network browser operating on the computer system.
  - 8. A method as recited in claim 7, wherein the examining comprises:
    - determining that the process pertains to a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address that is being or is to be accessed by the network browser.
  - 9. A method as recited in claim 8, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.

10. A computer-readable medium having stored thereon, computer program code that, if executed by a device, causes the device to identify a destination address being accessed by a window for a process operating on a computer system by a method, the method comprising:
- determining a foreground window for the process; and
  
  examining a resource within the foreground window to determine a destination address that is being or is to be accessed by the process.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-readable medium as recited in claim 10, wherein the examining comprises:
    - determining that the process pertains to a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address that is being or is to be accessed by the network browser.
  - 12. The computer-readable medium as recited in claim 10, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.
  - 13. The computer-readable medium as recited in claim 10, wherein the method is performed to inform a file security system about the destination address being or to be accessed by the process so that the file security system can restrict files accessible to the computer system from being transmitted to untrusted destinations via the process.
  - 14. The computer-readable medium as recited in claim 13, wherein the process pertains to a network browser operating on the computer system.
  - 15. The computer-readable medium as recited in claim 14, wherein the examining comprises:
    - determining that the process pertains to a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address that is being or is to be accessed by the network browser.
  - 16. The computer-readable medium as recited in claim 15, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system

17. An address identification system comprising:
- an address identifier monitor configured to identify a destination address being accessed by a window for a process operating on a computer system, wherein the address identifier monitor comprises;
  
  a foreground window monitor configured to determine a foreground window for a process; and
  
  a resource examiner configured to examine a resource within the foreground window to determine a destination address that is being or is to be accessed by the process.
- View Dependent Claims (18, 19, 20)
- - 18. The system as recited in claim 17, wherein the resource examiner is further configured to:
    - determine that the process pertains to a network browser operating on the computer system; and
      
      examine the resource being displayed in the foreground window of the network browser to determine the destination address that is being or is to be accessed by the network browser.
  - 19. The system as recited in claim 17, wherein the address identifier monitor is further configured to separately identify destination addresses for each of a plurality of separate processes operating on the computer system.
  - 20. The system as recited in claim 17, wherein the address identifier monitor is further configured to inform a file security system about the destination address being or to be accessed by the process so that the file security system can restrict files accessible to the computer system from being transmitted to untrusted destinations via the process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
RYAN, Nicholas M.

Granted Patent

US 8,307,067 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

H04L 63/20 for managing network securi...

Protecting Encrypted Files Transmitted over a Network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting Encrypted Files Transmitted over a Network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links