Securing data using integrated host-based data loss agent with encryption detection

US 20090232300A1
Filed: 03/14/2008
Published: 09/17/2009
Est. Priority Date: 03/14/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securing data in a computer system comprising:

detecting attempted connection or access to a data destination to which sensitive data may be written;

determining an encryption status of the data destination;

allowing the connection or access to the data destination when the data destination is encrypted; and

taking action to secure the sensitive data when the data destination is not encrypted.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securing data in a computer system provides the capability to secure information even when it leaves the boundaries of the organization using a data loss agent integrated with encryption software. A method for securing data in a computer system comprises detecting attempted connection or access to a data destination to which sensitive data may be written, determining an encryption status of the data destination, allowing the connection or access to the data destination when the data destination is encrypted, and taking action to secure the sensitive data when the data destination is not encrypted.

167 Citations

View as Search Results

30 Claims

1. A method for securing data in a computer system comprising:
- detecting attempted connection or access to a data destination to which sensitive data may be written;
  
  determining an encryption status of the data destination;
  
  allowing the connection or access to the data destination when the data destination is encrypted; and
  
  taking action to secure the sensitive data when the data destination is not encrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the data destination comprises a removable device and the encryption status is determined based on attributes of the removable device or data on the removable device.
  - 3. The method of claim 2, wherein the encryption status is determined by examining blocks and/or sectors written on the device to determine whether or not they are encrypted.
  - 4. The method of claim 1, wherein the data destination comprises a removable device and the encryption status is determined based on an encryption policy for the removable device.
  - 5. The method of claim 1, wherein the data destination comprises a removable device and the action taken comprises blocking access to the removable device or allowing restricted access to the removable device.
  - 6. The method of claim 5, wherein blocking access to the removable device comprises indicating that connection of the device failed and allowing restricted access to the removable device comprises allowing read-only access to the device.
  - 7. The method of claim 1, wherein the data destination comprises a removable device, the attempted access comprises attempting to write data to the removable device and the determination of the encryption status comprises:
    - detecting that the data being written includes sensitive data; and
      
      determining if the data being written is encrypted or if it will be encrypted during or after being written to the removable device.
  - 8. The method of claim 7, wherein the action taken comprises blocking writing of the data to the removable device.
  - 9. The method of claim 1, wherein the attempted access comprises attempting to send an email message having at least one attachment and the determination of the encryption status comprises determining if the at least one attachment is encrypted.
  - 10. The method of claim 9, wherein the action taken comprises blocking sending of the email message before the email message is sent.

11. A computer system having secure handling of data comprising:
- a processor operable to execute computer program instructions;
  
  a memory operable to store computer program instructions executable by the processor; and
  
  computer program instructions stored in the memory and executable to implement;
  
  a data loss prevention agent to detect attempted connection or access to a data destination to which sensitive data may be written and to query encryption software for an encryption status of the data destination, allow the connection or access to the data destination when the data destination is encrypted, and take action to secure the sensitive data when the data destination is not encrypted; and
  
  encryption software to determine an encryption status of the data destination.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the data destination comprises a removable device and the encryption software determines the encryption status based on attributes of the removable device or data on the removable device.
  - 13. The system of claim 12, wherein the encryption software determines the encryption status by examining blocks and/or sectors written on the device and comparing the content by reading the files using the file system interface to determine whether or not they are encrypted.
  - 14. The system of claim 11, wherein the data destination comprises a removable device and the encryption software determines the encryption status based on an encryption policy for the removable device.
  - 15. The system of claim 11, wherein the data destination comprises a removable device and the action taken by the data loss prevention agent comprises blocking access to the removable device or allowing restricted access to the removable device.
  - 16. The system of claim 15, wherein the data loss prevention agent blocking access to the removable device comprises indicating that connection of the device failed and allowing restricted access to the removable device comprises allowing read-only access to the device.
  - 17. The system of claim 11, wherein the data destination comprises a removable device, the attempted access comprises attempting to write data to the removable device and the encryption software determines the encryption status by:
    - detecting that the data being written includes sensitive data; and
      
      determining if the data being written is encrypted or if it will be encrypted during or after being written to the removable device.
  - 18. The system of claim 17, wherein the action taken by the data loss prevention agent comprises blocking writing of the data to the removable device.
  - 19. The system of claim 11, wherein the attempted access comprises attempting to send an email message having at least one attachment and the encryption software determines the encryption status by determining if the at least one attachment is encrypted.
  - 20. The system of claim 19, wherein the action taken by the data loss prevention agent comprises blocking sending of the email message or encrypting the at least one attachment before the email message is sent.

21. A computer program product for securing data in a computer system comprising:
- a computer readable storage medium;
  
  computer program instructions, recorded on the computer readable storage medium, executable by a processor, for detecting attempted connection or access to a data destination to which sensitive data may be written;
  
  determining an encryption status of the data destination;
  
  allowing the connection or access to the data destination when the data destination is encrypted; and
  
  taking action to secure the sensitive data when the data destination is not encrypted.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product of claim 21, wherein the data destination comprises a removable device and the encryption status is determined based on attributes of the removable device or data on the removable device.
  - 23. The computer program product of claim 22, wherein the encryption status is determined by examining blocks and/or sectors written on the device and comparing the content by reading the files using the file system interface to determine whether or not they are encrypted.
  - 24. The computer program product of claim 21, wherein the data destination comprises a removable device and the encryption status is determined based on an encryption policy for the removable device.
  - 25. The computer program product of claim 21, wherein the data destination comprises a removable device and the action taken comprises blocking access to the removable device or allowing restricted access to the removable device.
  - 26. The computer program product of claim 25, wherein blocking access to the removable device comprises indicating that connection of the device failed and allowing restricted access to the removable device comprises allowing read-only access to the device.
  - 27. The computer program product of claim 21, wherein the data destination comprises a removable device, the attempted access comprises attempting to write data to the removable device and the determination of the encryption status comprises:
    - detecting that the data being written includes sensitive data; and
      
      determining if the data being written is encrypted or if it will be encrypted during or after being written to the removable device.
  - 28. The computer program product of claim 27, wherein the action taken comprises blocking writing of the data to the removable device.
  - 29. The computer program product of claim 21, wherein the attempted access comprises attempting to send an email message having at least one attachment and the determination of the encryption status comprises determining if the at least one attachment is encrypted.
  - 30. The computer program product of claim 29, wherein the action taken comprises blocking sending of the email message or encrypting the at least one attachment before the email message is sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Weidhagen, Mattias, Werner, Eran, Zucker, Elad

Granted Patent

US 8,893,285 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/2
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/78   to assure secure storage of...

H04L 63/0428   wherein the data content is...

Securing data using integrated host-based data loss agent with encryption detection

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

167 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data using integrated host-based data loss agent with encryption detection

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links