Systems, Methods and Media for Selective Decryption of Files Containing Sensitive Data
First Claim
1. A method, comprising:
- monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area, wherein content of each of the at least one file is protected with an encryption;
detecting a request by an application program for one of the at least one file;
determining whether the application program needs to access at least a part of the content of the requested file; and
when it is determined that the application program does not need to access at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption.
13 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and media are provided for selective decryption of files. One method includes monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area. Content of each of the at least one file is protected with an encryption. The method also includes detecting a request by an application program for one of the at least one file. The method further includes determining whether the application program needs to access the content of the requested file. The method also includes, when it is determined that the application program does not need to access the content of the requested file, allowing the application program to access the file content without decrypting the encryption.
-
Citations
20 Claims
-
1. A method, comprising:
-
monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area, wherein content of each of the at least one file is protected with an encryption; detecting a request by an application program for one of the at least one file; determining whether the application program needs to access at least a part of the content of the requested file; and when it is determined that the application program does not need to access at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
one or more interfaces configured to provide communication with at least one computing device over a network; a secure file storage area including at least one file; and a processor, in communication with the secure file storage area and the one or more interfaces, configured to run a selective encryption module stored in memory that is configured to; monitor the secure file storage area, wherein content of each of the at least one file is protected with an encryption; detect a request by an application program for one of the at least one file; determine whether the application program needs to access at least a part of the content of the requested file; and when it is determined that the application program does not need to access the at least a part of the content of the requested file, allowing the application program to access the content of the requested file without decrypting the encryption. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable medium having executable instructions operable to cause an apparatus to:
-
monitor a secure file storage area that is coupled to the apparatus and includes at least one file, wherein content of each of the at least one file is protected with an encryption; detect a request by an application program for one of the at least one file; determine whether the application program holds an access privilege for accessing the requested file; when it is determined that the application program holds the access privilege for accessing the requested file, further determine whether the application program needs to access at least a part of the content of the requested file by checking a list of application programs that need to access the content of the requested file; when it is determined that the application program is not in the list, allow the application program to access the content of the requested file by providing a copy of the requested file to the application program without decrypting the encryption; and when it is determined that the application program is included in the list, decrypt the encryption; allow the application program to access the decrypted file content; detect a write-request by the application program for writing the decrypted file content to an unsecure location outside of the secure file storage area; and re-encrypt the decrypted file content before the file content is written to the unsecure location in a way that the application program is unaware of the re-encryption of the decrypted file content.
-
Specification