METHODS AND APPARATUSES FOR REDUCING OR ELIMINATING UNAUTHORIZED ACCESS TO TETHERED DATA

US 20140289524A1
Filed: 03/19/2013
Published: 09/25/2014
Est. Priority Date: 03/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for reducing or eliminating unauthorized access to a secured file, the method comprising:

establishing a connection between a communication portion of the secured file and an authentication agent;

requesting a decryption key from the authentication agent for accessing the secured file on a first computing device, the decryption key being based on environment information retrieved from devices in an authenticated environment of devices, the authenticated environment being an environment in which the secured file was encrypted; and

destroying the secured file subsequent to receiving a message indicating that the requesting has failed.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a method and apparatus for reducing or eliminating unauthorized access to secured files are generally described herein. In some embodiments, the method includes establishing a connection between a communication portion of the secured file and an authentication agent. The method may include requesting a decryption key from the authentication agent for accessing the secured file on a first computing device. The decryption key may be based on device information retrieved from devices in an authenticated environment of devices. The authenticated environment may be an environment in which the secured the was encrypted. The method may include destroying the secured file subsequent to receiving a message indicating that the requesting has failed.

35 Citations

View as Search Results

21 Claims

1. A method for reducing or eliminating unauthorized access to a secured file, the method comprising:
- establishing a connection between a communication portion of the secured file and an authentication agent;
  
  requesting a decryption key from the authentication agent for accessing the secured file on a first computing device, the decryption key being based on environment information retrieved from devices in an authenticated environment of devices, the authenticated environment being an environment in which the secured file was encrypted; and
  
  destroying the secured file subsequent to receiving a message indicating that the requesting has failed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the message indicates that the decryption key could not be created.
  - 3. The method of claim 2, wherein the message indicates that the decryption key could not be created because the first computing device has left the authenticated environment.
  - 4. The method of claim 1, wherein the message indicates that communication with the authentication agent has failed.
  - 5. The method of claim 1, wherein the requesting comprises:
    - obtaining a value of an indicator within a non-encrypted portion of the secured file, the value indicating whether the secured file was saved locally on the first computing device; and
      
      querying the authentication agent for a local key or a remote key based on the value, the local key being based on identification information of the first computing device, and the remote key being based on information of a second computing device in the authenticated environment, the second computing device being a different computing device from the first computing device.
  - 6. The method of claim 1, wherein the destroying comprises:
    - encrypting the secured file a plurality of times with an encryption key, the encryption key being based on data stored on the first computing device.
  - 7. The method of claim 6, wherein the data for creating the encryption key is not identification information of the first computing device.
  - 8. The method of claim 1, further comprising:
    - receiving the decryption key; and
      
      destroying the secured file upon determining that the decryption key is a spoofed key, the determining including decrypting the secured file using the decryption key, and determining whether metadata of the decrypted secured file matches expected metadata of the decrypted secured file.
  - 9. The method of claim 1, further comprising:
    - querying the authentication agent for an encryption key for encrypting the secured file; and
      
      saving the secured file to a remote server, saving the secured file to the first computing device, or saving the secured file to both the remote server and the first computing device based on a value of an indicator within metadata of the secured file.

10. A non-transitory computer-readable medium comprising instructions that, when executed on a first machine, cause the first machine to:
- receive a request for access to a file, the file being stored on the first machine, on a remote machine, or on both the first machine and the remote machine;
  
  establish a connection, through a communication portion of the file for Which access is requested, to an authentication agent on the first machine;
  
  request a decryption key from the authentication agent for decrypting the file, the decryption key being based on information retrieved from devices in an authenticated environment of devices, the authenticated environment of devices being an environment in which the file was encrypted; and
  
  destroy the file subsequent to determining that the request has failed.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory computer-readable medium of claim 10, wherein the connection is a transmission control protocol (TCP) socket or a universal datagram protocol (UDP) socket.
  - 12. The non-transitory computer readable medium of claim 10, further comprising instructions that, when executed on the first machine, cause the first machine to:
    - encrypt the file a plurality of times with an encryption key, the encryption key being based on data stored on the first machine, the data not being identification information of the first machine.
  - 13. The non-transitory computer-readable medium of claim 12, further comprising instructions that, when executed on the first machine, cause the first machine to:
    - receive a notification message from the authentication agent that that the decryption key could not be created because the first machine has left the authenticated environment.
  - 14. The non-transitory computer-readable medium of claim 13, further comprising instructions that, when executed on the first machine, cause the first machine to:
    - destroy the file upon determining that the authentication agent is not executing on the first machine.
  - 15. The non-transitory computer-readable medium of claim 10, further comprising instructions that, when executed on the first machine, cause the first machine to:
    - obtain a value of an indicator within a non-encrypted portion of the file, the value indicating whether the file was saved locally on the first machine;
      
      query the authentication agent for a local key or a remote key based on the value, the local key being based on identification information of the first machine, and the remote key being based on information of a second machine in the authenticated environment, the second machine being a different machine from the first machine;
      
      perform an editing operation on the file subsequent to opening the file using the local key or the remote key; and
      
      save the file locally or remotely, using a second local key or a second remote key retrieved using the authentication agent, based on the value of the indicator.

16. A non-transitory computer-readable medium comprising instructions that, when executed on a machine, cause the machine to:
- receive a request for a decryption key for decrypting a file;
  
  determine whether the request is received from within an authenticated environment, the authenticated environment being a device on which the file was encrypted or a network of devices including the device on which the file was encrypted; and
  
  return an error message subsequent to determining that the request is received from outside the authenticated environment.
- View Dependent Claims (17)
- - 17. The non-transitory computer-readable medium of claim 16, further comprising instructions that, when executed on the machine, cause the machine to:
    - generate the decryption key based on identification information of a device within the authenticated environment if the determining determines that the request is received from within the authenticated environment.

18. An apparatus comprising:
- a communication interface to communicate with a remote file storage;
  
  an authentication agent tocommunicate with the remote file storage over the communication interface,communicate with a secured file through a communication portion of the secured file, andreceive a request, from the communication portion, for a decryption key for accessing the secured file, the decryption key being based on device information retrieved from devices in an authenticated environment, the authenticated environment being an environment in which the secured file was encrypted, andgenerate either the decryption key or an error message, based on whether the request is received from within the authenticated environment.
- View Dependent Claims (19, 20, 21)
- - 19. The apparatus of claim 18, further comprising a memory for local file storage of the secured file.
  - 20. The apparatus of claim 19, wherein the communication portion is further arranged to:
    - encrypt the secured file a plurality of times with an encryption key, the encryption key being based on data stored in the memory, the data not being identification data of the apparatus, upon receiving a failure message in response to the request for the decryption key.
  - 21. The apparatus of claim 18, further comprising:
    - a credentials agent to authenticate the apparatus to the remote file storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Forcepoint LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Smith, Michael W., Neumann, Matthew D.

Granted Patent

US 9,712,324 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 63/0428   wherein the data content is...

H04L 63/107   wherein the security polici...

H04L 9/0866   involving user or device id...

H04L 9/32   including means for verifyi...

H04L 9/3236   using cryptographic hash fu...

METHODS AND APPARATUSES FOR REDUCING OR ELIMINATING UNAUTHORIZED ACCESS TO TETHERED DATA

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUSES FOR REDUCING OR ELIMINATING UNAUTHORIZED ACCESS TO TETHERED DATA

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links