Fast Data Protection Using Dual File Systems
First Claim
1. A method for utilizing a first file system and a second file system executing on a computing device to protect sensitive data stored on the computing device, the first file system managing a first memory area that stores non-sensitive data and the second file system managing a second memory area that stores sensitive data, the first file system being configured to receive data requests generated by programs executing on the computing device, the method comprising:
- in a first operating mode, servicing each data request received by the first file system by performing the following steps by the first file system;
when the data request specifies non-sensitive data, retrieving the non-sensitive data specified by the data request from the first memory area; and
when the data request specifies sensitive data, communicating with the second file system to cause the second file system to retrieve the sensitive data specified by the data request from the second memory area;
in a second operating mode, disabling communication between the first file system and the second file system and servicing by the first file system only those data requests received by the first file system that specify non-sensitive data by retrieving the non-sensitive data specified by the data requests from the first memory area.
2 Assignments
0 Petitions
Accused Products
Abstract
A computing device is described that utilizes two file systems to enable sensitive data stored thereon to be deleted automatically, quickly, and discretely when the computing device is in a risky environment or context or when data protection has otherwise been activated. A first file system on the computing device manages a first memory area that stores non-sensitive data while a second file system on the computing device manages a second memory area that stores sensitive data. Only the first file system operates to receive data requests from other processes executing on the computing device. In a first operating mode, the first file system interacts with the second file system to ensure that both non-sensitive and sensitive data is returned in response to data requests. In a second operating mode, communication between the two file systems is disabled and the second file system deletes the sensitive data.
-
Citations
20 Claims
-
1. A method for utilizing a first file system and a second file system executing on a computing device to protect sensitive data stored on the computing device, the first file system managing a first memory area that stores non-sensitive data and the second file system managing a second memory area that stores sensitive data, the first file system being configured to receive data requests generated by programs executing on the computing device, the method comprising:
-
in a first operating mode, servicing each data request received by the first file system by performing the following steps by the first file system; when the data request specifies non-sensitive data, retrieving the non-sensitive data specified by the data request from the first memory area; and when the data request specifies sensitive data, communicating with the second file system to cause the second file system to retrieve the sensitive data specified by the data request from the second memory area; in a second operating mode, disabling communication between the first file system and the second file system and servicing by the first file system only those data requests received by the first file system that specify non-sensitive data by retrieving the non-sensitive data specified by the data requests from the first memory area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
at least one processor; and one or more memory devices connected to the at least one processor, the one or more memory devices storing software components for execution by the at least one processor, the software components including; a first file system configured to manage a first memory area that stores non-sensitive data and to receive data requests generated by programs during execution thereof; and a second file system configured to manage a second memory area that stores sensitive data; the first file system being further configured to service each data request received thereby by retrieving any non-sensitive data specified by the data request from the first memory area and by sending a request to the second file system to retrieve any sensitive data specified by the data request from the second memory area, and the second file system being further configured to;
(i) in a first operating mode, respond to requests from the first file system to retrieve sensitive data specified by data requests from the second memory area, and (ii) in a second operating mode, ignore requests from the first file system to retrieve sensitive data specified by data requests from the second memory area. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product comprising a computer-readable memory having computer program logic recorded thereon that when executed by at least one processor causes the at least one processor to perform a method for utilizing a first file system and a second file system executing on a computing device to protect sensitive data stored on the computing device, the first file system managing a first memory area that stores non-sensitive data and the second file system managing a second memory area that stores sensitive data, the first file system being configured to receive data requests generated by programs executing on the computing device, the method comprising:
-
in a first operating mode, servicing each data request received by the first file system by performing the following steps by the first file system; when the data request specifies non-sensitive data, retrieving the non-sensitive data specified by the data request from the first memory area; and when the data request specifies sensitive data, communicating with the second file system to cause the second file system to retrieve the sensitive data specified by the data request from the second memory area; in a second operating mode, disabling communication between the first file system and the second file system and servicing by the first file system only those data requests received by the first file system that specify non-sensitive data by retrieving the non-sensitive data specified by the data requests from the first memory area. - View Dependent Claims (20)
-
Specification