Systems, Methods and Media for Selective Decryption of Files Containing Sensitive Data

US 20150026460A1
Filed: 07/19/2013
Published: 01/22/2015
Est. Priority Date: 07/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area, wherein content of each of the at least one file is protected with an encryption;

detecting a request by an application program for one of the at least one file;

determining whether the application program needs to access at least a part of the content of the requested file; and

when it is determined that the application program does not need to access at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and media are provided for selective decryption of files. One method includes monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area. Content of each of the at least one file is protected with an encryption. The method also includes detecting a request by an application program for one of the at least one file. The method further includes determining whether the application program needs to access the content of the requested file. The method also includes, when it is determined that the application program does not need to access the content of the requested file, allowing the application program to access the file content without decrypting the encryption.

Citations

20 Claims

1. A method, comprising:
- monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area, wherein content of each of the at least one file is protected with an encryption;
  
  detecting a request by an application program for one of the at least one file;
  
  determining whether the application program needs to access at least a part of the content of the requested file; and
  
  when it is determined that the application program does not need to access at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the application program includes a backup daemon, wherein allowing the application program to access the file content includes providing a copy of the requested file to the backup daemon without decrypting the encryption and wherein the copy of the requested file is backed up to a backup tape.
  - 3. The method of claim 1, wherein the application program includes an electronic-mail (e-mail) application, wherein allowing the application program to access the file content includes providing a copy of the requested file to the email application without decrypting the encryption and wherein the copy of the requested file is attached to an e-mail.
  - 4. The method of claim 1, further comprising:
    - when it is determined that the application program does need to access at least a part of the content of the requested file,decrypting the encryption; and
      
      allowing the application program to access the decrypted file content.
  - 5. The method of claim 4, further comprising:
    - detecting a write-request by the application program for writing the decrypted file content to an unsecure location outside of the secure file storage area; and
      
      re-encrypting the decrypted file content using the selective decryption process before the file content is written to the unsecure location.
  - 6. The method of claim 5, wherein the re-encryption of the decrypted file content is performed such that the application program is not aware of the re-encryption of the decrypted file content.
  - 7. The method of claim 4, wherein the application program includes one of (1) a word-processing application, (2) an image-processing application, (3) a spreadsheet application, and (4) a multi-media processing application, and wherein the requested file is open and the decrypted file content is displayed.
  - 8. The method of claim 1, wherein the selective decryption process is configured to encrypt content of a file when the file is initially saved in the secure file storage area and wherein the secure file storage area is communicatively coupled to a computing device running the selective decryption process.
  - 9. The method of claim 1, wherein the secure file storage area includes one of (1) one or more file folders, (2) one or more segments of a disk and (3) one or more blocks of memory.
  - 10. The method of claim 1, wherein the selective decryption process includes a file system driver including one of (1) one or more kernel components, (2) one or more user-level application components and (3) a combination of kernel components and user-level application components.
  - 11. The method of claim 1, wherein the secure file storage area is located at a cloud storage client device running the selective decryption process andfurther comprising receiving, at the cloud storage client device, one or more of the at least one file from a cloud storage server over a communication network.

12. An apparatus, comprising:
- one or more interfaces configured to provide communication with at least one computing device over a network;
  
  a secure file storage area including at least one file; and
  
  a processor, in communication with the secure file storage area and the one or more interfaces, configured to run a selective encryption module stored in memory that is configured to;
  
  monitor the secure file storage area, wherein content of each of the at least one file is protected with an encryption;
  
  detect a request by an application program for one of the at least one file;
  
  determine whether the application program needs to access at least a part of the content of the requested file; and
  
  when it is determined that the application program does not need to access the at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The apparatus of claim 12, wherein the application program includes a backup daemon, wherein allowing the application program to access the file content includes providing a copy of the requested file to the backup daemon without decrypting the encryption and wherein the copy of the requested file is backed up to a backup tape.
  - 14. The apparatus of claim 12, wherein the application program includes an electronic-mail (e-mail) application, wherein allowing the application program to access the file content includes providing a copy of the requested file to the email application without decrypting the encryption and wherein the copy of the requested file is attached to an e-mail.
  - 15. The apparatus of claim 12, wherein the selective decryption module is further configured to:
    - decrypt the encryption when it is determined that the application program does need to access at least a part of the content of the requested file; and
      
      allow the application program to access the decrypted file content.
  - 16. The apparatus of claim 15, wherein the selective decryption module is further configured to:
    - detect a write-request by the application program for writing the decrypted file content to an unsecure location outside of the secure file storage area; and
      
      re-encrypt the decrypted file content before the file content is written to the unsecure location.
  - 17. The apparatus of claim 16, wherein the re-encryption of the decrypted file content is performed such that the application program is not aware of the re-encryption of the decrypted file content.
  - 18. The apparatus of claim 15, wherein the application program includes one of (1) a word-processing application, (2) an image-processing application, (3) a spreadsheet application, and (4) a multi-media processing application, and wherein the requested file is open and the decrypted file content is displayed.
  - 19. The apparatus of claim 12, wherein the secure file storage area includes one of (1) one or more file folders, (2) one or more segments of a disk and (3) one or more blocks of memory.

20. A non-transitory computer readable medium having executable instructions operable to cause an apparatus to:
- monitor a secure file storage area that is coupled to the apparatus and includes at least one file, wherein content of each of the at least one file is protected with an encryption;
  
  detect a request by an application program for one of the at least one file;
  
  determine whether the application program holds an access privilege for accessing the requested file;
  
  when it is determined that the application program holds the access privilege for accessing the requested file, further determine whether the application program needs to access at least a part of the content of the requested file by checking a list of application programs that need to access the content of the requested file;
  
  when it is determined that the application program is not in the list, allow the application program to access the content of the requested file by providing a copy of the requested file to the application program without decrypting the encryption; and
  
  when it is determined that the application program is included in the list, decrypt the encryption;
  
  allow the application program to access the decrypted file content;
  
  detect a write-request by the application program for writing the decrypted file content to an unsecure location outside of the secure file storage area; and
  
  re-encrypt the decrypted file content before the file content is written to the unsecure location in a way that the application program is unaware of the re-encryption of the decrypted file content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Appsense Incorporated
Inventors
WALTON, Travis, DELIVETT, Paul

Granted Patent

US 9,460,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/6218 to a system of files or obj...

Systems, Methods and Media for Selective Decryption of Files Containing Sensitive Data

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, Methods and Media for Selective Decryption of Files Containing Sensitive Data

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links