SYSTEMS AND METHODS FOR FILE ACCESS AUDITING

US 20130198522A1
Filed: 04/08/2011
Published: 08/01/2013
Est. Priority Date: 04/08/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for forcing file access auditing, the method comprising:

receiving, by an auditing file system executing on a processor associated with a protected computing device, a request to access a protected file;

receiving, from a remote file access auditing server, a file key that allows access to data within the protected file; and

providing access to data within the protected file in response to the request by using the file key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device'"'"'s loss. A user may also disable future file access after a device'"'"'s loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file'"'"'s key, the user can prevent new accesses after the device is lost.

Citations

50 Claims

1. A computer-implemented method for forcing file access auditing, the method comprising:
- receiving, by an auditing file system executing on a processor associated with a protected computing device, a request to access a protected file;
  
  receiving, from a remote file access auditing server, a file key that allows access to data within the protected file; and
  
  providing access to data within the protected file in response to the request by using the file key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - storing the file key; and
      
      deleting the stored file key after a predetermined first amount of time elapses.
  - 3. The method of claim 2, further comprising:
    - receiving an acknowledgement from the remote file access auditing server of an additional request to access the protected file before the predetermined first amount of time elapses; and
      
      resetting the predetermined first amount of time to elapse before deleting the stored file key.
  - 4. The method of claim 1, further comprising:
    - protecting data within the protected file using a data key; and
      
      protecting the data key using the file key;
      
      wherein providing access to data within the protected file in response to the request by using the file key includes providing access to data within the protected file in response to the request by using the file key to access the data key, and by using the data key to provide access to the data within the protected file.
  - 5. The method of claim 1, further comprising:
    - receiving a request to update metadata associated with the protected file, wherein the request to update metadata includes one or more metadata changes; and
      
      transmitting, to a remote metadata access auditing server, a metadata update notification, wherein the metadata update notification includes the one or more metadata changes.
  - 6. The method of claim 5, further comprising:
    - protecting metadata associated with the protected file and further protecting the protected data key using a public key associated with the remote metadata access auditing server;
      
      wherein the metadata and protected data key remain protected using the public key at least until receipt of an acknowledgement of the metadata update notification from the metadata access auditing server.
  - 7. The method of claim 6, further comprising:
    - transmitting the protected metadata and the further protected data key to the metadata access auditing server; and
      
      receiving from the metadata access auditing server the protected data key in response to the metadata access auditing server retrieving the protected data key from the further protected data key by using a private key of the metadata access auditing server.
  - 8. The method of claim 5, further comprising:
    - protecting metadata associated with the protected file and further protecting the protected data key using identity-based cryptography, wherein a public key used for identity-based cryptography is based at least on a portion of the metadata associated with the protected file;
      
      wherein the metadata and protected data key remain protected using identity-based cryptography at least until receipt of an acknowledgement of the metadata update notification from the metadata access auditing server.
  - 9. The method of claim 8, further comprising:
    - transmitting, to the metadata access auditing server, a portion of metadata on which the public key was based; and
      
      receiving from the metadata access auditing server a private key usable to access the further protected data key, the private key corresponding to the public key.
  - 10. The method of claim 1, further comprising:
    - receiving, from a file access auditing server, one or more prefetched keys that allow access to data within files related to the protected file.
  - 11. The method of claim 1, wherein providing access to data within the protected file in response to the request by using the file key includes accessing data within the file using at least one of a public key cryptography algorithm, a symmetric key cryptography algorithm, an identity-based cryptography algorithm, or an all-or-nothing transformation algorithm.
  - 12. The method of claim 1, wherein receiving, from the remote file access auditing server, the file key that allows access to data within the protected file includes receiving the file key from a paired device that previously received the file key from the remote file access auditing server.
  - 13. The method of claim 1, further comprising using a trusted platform module (TPM) device to store one or more keys.

14-15. -15. (canceled)

16. A computer-implemented method for auditing access requests, the method comprising:
- receiving, by an access auditing server from a requesting device via a network, a request for a key associated with a protected resource;
  
  storing a record of the request in a key access log; and
  
  transmitting the key to the requesting device.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the record of the request includes an audit ID associated with the request and information sufficient to derive one or more of a date of the request, a time of the request, an origination location of the request, and a filename associated with the request.
  - 18. The method of claim 16, further comprising:
    - transmitting a set of stored request records in response to a report request for accesses during a specified time period.
  - 19. The method of claim 16, further comprising:
    - receiving a disablement request, the disablement request indicating a set of resources; and
      
      preventing transmission of keys associated with the set of resources after receiving the disablement request.

20-21. -21. (canceled)

22. A computer-implemented method for auditing file access requests, the method comprising:
- receiving, by a paired device from a protected device, a request for a file key associated with a protected file;
  
  transmitting, by the paired device, a request for the file key to a remote file access auditing server; and
  
  transmitting, to the protected device, a file key received from the remote file access auditing server.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The computer-implemented method of claim 22, further comprising:
    - determining, by the paired device, one or more file keys to pre-fetch; and
      
      transmitting, by the paired device, a request for the one or more file keys without having received a request from the protected device for the one or more file keys.
  - 24. The computer-implemented method of claim 23, wherein determining one or more file keys to pre-fetch comprises determining one or more file keys associated with other protected files related to the protected file.
  - 25. The computer-implemented method of claim 22, further comprising:
    - storing, by the paired device, the file key received from the remote file access auditing server;
      
      receiving a subsequent request from the protected device for the file key;
      
      storing, by the paired device, a record of the subsequent request for the file key; and
      
      transmitting the file key to the protected device.
  - 26. The computer-implemented method of claim 25, further comprising transmitting the record of the subsequent request for the file key to the remote file access auditing server in response to establishment of a network connection between the paired device and the remote file access auditing server.
  - 27. The computer-implemented method of claim 22, further comprising:
    - receiving, by the paired device from the protected device, a request to update metadata associated with a protected file; and
      
      storing, by the paired device, a record of the request to update the metadata.
  - 28. The computer-implemented method of claim 27, further comprising transmitting, by the paired device, the record of the request to update the metadata to the remote metadata access auditing server in response to establishment of a network connection between the paired device and the remote metadata access auditing server.

29-30. -30. (canceled)

31. A computer-implemented method for associating metadata with file access request audit logs, the method comprising registering a file with an auditing file system, wherein the file is associated with metadata, and wherein registering the file includes:
- allocating, by a client device, an audit ID for the file; and
  
  transmitting the audit ID and the metadata to a remote metadata access auditing server.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The computer-implemented method of claim 31, wherein the metadata includes at least one of a file name, a file path, a creating process, a file description, and an extended attribute.
  - 33. The computer-implemented method of claim 31, wherein registering the file further includes:
    - transmitting the audit ID to a remote file access auditing server;
      
      receiving a file key from the remote file access auditing server; and
      
      protecting contents of the file using the file key.
  - 34. The computer-implemented method of claim 31, wherein registering the file further includes:
    - generating a file key;
      
      protecting contents of the file using the file key; and
      
      transmitting the audit ID and the file key to a remote file access auditing server.
  - 35. The computer-implemented method of claim 33, wherein the remote file access auditing server is separate from the remote metadata access auditing server.
  - 36. The computer-implemented method of claim 31, further comprising updating the metadata associated with the file;
    - wherein updating the metadata associated with the file includes;
      
      receiving a request to update the metadata; and
      
      transmitting the updated metadata to the remote metadata access auditing server.
  - 37. The computer-implemented method of claim 36, wherein updating the metadata associated with the file further includes updating the metadata in a local storage device in response to receiving an acknowledgement from the remote metadata access auditing server that the updated metadata has been received.

38-39. -39. (canceled)

40. A computer-implemented method for auditing file accesses, the method comprising:
- allocating, by a client device, an audit ID for a file;
  
  transmitting the audit ID to a remote file access auditing server;
  
  receiving a file key from the remote file access auditing server; and
  
  protecting contents of the file using the file key.
- View Dependent Claims (41, 42, 43)
- - 41. The computer-implemented method of claim 40, wherein the file is associated with metadata, the method further comprising:
    - transmitting the audit ID and the metadata to a remote metadata access auditing server.
  - 42. The computer-implemented method of claim 41, wherein the remote metadata access auditing server is separate from the remote file access auditing server.
  - 43. The computer-implemented method of claim 41, further comprising:
    - receiving, from the remote file access auditing server, one or more key request records in response to a request for key request records associated with a given time period, wherein each key request record includes an audit ID; and
      
      transmitting, to the remote metadata access auditing server, a request for metadata associated with an audit ID of a key request record of the one or more key request records.

44-45. -45. (canceled)

46. A computer-implemented method for auditing file accesses, the method comprising:
- allocating, by a client device, an audit ID for a file;
  
  generating a file key;
  
  protecting contents of the file using the file key; and
  
  transmitting the audit ID and the file key to a remote file access auditing server.
- View Dependent Claims (47, 48, 49)
- - 47. The computer-implemented method of claim 46, wherein the file is associated with metadata, the method further comprising:
    - transmitting the audit ID and the metadata to a remote metadata access auditing server.
  - 48. The computer-implemented method of claim 47, wherein the remote metadata access auditing server is separate from the remote file access auditing server.
  - 49. The computer-implemented method of claim 47, further comprising:
    - receiving, from the remote file access auditing server, one or more key request records in response to a request for key request records associated with a given time period, wherein each key request record includes an audit ID; and
      
      transmitting, to the remote metadata access auditing server, a request for metadata associated with an audit ID of a key request record of the one or more key request records.

50-51. -51. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Washington
Original Assignee
University of Washington
Inventors
Kohno, Tadayoshi, Levy, Henry, Gribble, Steven, Geambasu, Roxana

Granted Patent

US 9,489,523 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/88   Detecting or preventing the...

G06F 2221/2101   Auditing as a secondary aspect

SYSTEMS AND METHODS FOR FILE ACCESS AUDITING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR FILE ACCESS AUDITING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links