Secure Virtual File Management System
First Claim
1. A virtual file management system (VFMS) providing secure movement of managed content across a plurality of storage domains and one or more mobile devices, the VFMS comprising:
- a data infrastructure coupled to and collecting metadata of the plurality of storage domains and the one or more mobile devices, the plurality of storage domains distributively storing the managed content, the data infrastructure organizing the managed content into a virtual file system;
a client application running on the one or more mobile devices configured to retrieve and use the virtual file system to process a data request of a user, the data request comprising the transfer of a portion of the managed content from a source location to a target location, the target location comprising one or more of local storage of the one or more mobile devices and the plurality of storage domains;
the data infrastructure comprising a policy definition and decision component that generates and maintains policies defining controls for encryption operations applied to the portion in connection with the transfer;
the client application processing the data request using the virtual file system, the processing the data request including retrieving the policies and enforcing the policies by applying the controls on the one or more mobile devices, the controlled encryption operations including applying one or more of a file level encryption and a master key encryption, the master key encryption comprising the client application encrypting the portion on the one or more devices and interfacing with the data infrastructure using a client side library to place the encrypted portion in a container and to retrieve the encrypted portion from the container using one or more master keys maintained by the data infrastructure, the client application exposing the client side library to one or more mobile applications running on the one or more mobile devices, the one or more mobile applications using the client side library to apply the controlled encryption operations in accessing the container.
5 Assignments
0 Petitions
Accused Products
Abstract
A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives. A client application hosted on the mobile devices is coupled to the data infrastructure and the storage domains and includes an enforcement component that communicates with the policy definition and decision component to retrieve and enforce the policies by applying the controls on the mobile devices.
-
Citations
76 Claims
-
1. A virtual file management system (VFMS) providing secure movement of managed content across a plurality of storage domains and one or more mobile devices, the VFMS comprising:
-
a data infrastructure coupled to and collecting metadata of the plurality of storage domains and the one or more mobile devices, the plurality of storage domains distributively storing the managed content, the data infrastructure organizing the managed content into a virtual file system; a client application running on the one or more mobile devices configured to retrieve and use the virtual file system to process a data request of a user, the data request comprising the transfer of a portion of the managed content from a source location to a target location, the target location comprising one or more of local storage of the one or more mobile devices and the plurality of storage domains; the data infrastructure comprising a policy definition and decision component that generates and maintains policies defining controls for encryption operations applied to the portion in connection with the transfer; the client application processing the data request using the virtual file system, the processing the data request including retrieving the policies and enforcing the policies by applying the controls on the one or more mobile devices, the controlled encryption operations including applying one or more of a file level encryption and a master key encryption, the master key encryption comprising the client application encrypting the portion on the one or more devices and interfacing with the data infrastructure using a client side library to place the encrypted portion in a container and to retrieve the encrypted portion from the container using one or more master keys maintained by the data infrastructure, the client application exposing the client side library to one or more mobile applications running on the one or more mobile devices, the one or more mobile applications using the client side library to apply the controlled encryption operations in accessing the container. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76)
-
Specification