VIRTUALIZED TRUSTED STORAGE

US 20160378685A1
Filed: 06/27/2015
Published: 12/29/2016
Est. Priority Date: 06/27/2015
Status: Active Grant

First Claim

Patent Images

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

receive a request from a process to access data in a system;

determine if the data is in a virtualized protected area of memory in the system; and

allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.

39 Citations

View as Search Results

20 Claims

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
- receive a request from a process to access data in a system;
  
  determine if the data is in a virtualized protected area of memory in the system; and
  
  allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The at least one machine readable medium of claim 1, further comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
    - determine if new data should be protected;
      
      store the new data in the virtualized protected area of memory in the system if the new data should be protected; and
      
      store the new data in an unprotected area of memory in the system if the new data should not be protected.
  - 3. The at least one machine readable medium of claim 1, wherein the virtualized protected area of memory is a secured vault or a locally encrypted virtual file system.
  - 4. The at least one machine readable medium of claim 1, wherein the virtualized protected area of memory is a cloud vault.
  - 5. The at least one machine readable medium of claim 1, wherein a filter driver controls input and output access to the virtualized protected area of memory.

6. An apparatus comprising:
- security storage module configured to;
  
  receive a request from a process to access data is a system;
  
  determine if the data is in a virtualized protected area of memory in the system; and
  
  allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the security storage module is further configured to:
    - determine if new data should be protected;
      
      store the new data in the virtualized protected area of memory in the system if the new data should be protected; and
      
      store the new data in an unprotected area of memory in the system if the new data should not be protected.
  - 8. The apparatus of claim 6, wherein the virtualized protected area of memory is a secured vault or a locally encrypted virtual file system.
  - 9. The apparatus of claim 6, wherein the virtualized protected area of memory is a cloud vault.
  - 10. The apparatus of claim 6, wherein a filter driver controls input and output access to the virtualized protected area of memory.

11. A method comprising:
- receiving a request from a process to access data is a system;
  
  determining if the data is in a virtualized protected area of memory in the system; and
  
  allowing access to the data if the data is in the virtualized protected area of memory and the process is a trusted process.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - determining if new data should be protected;
      
      storing the new data in the virtualized protected area of memory in the system if the new data should be protected; and
      
      storing the new data in an unprotected area of memory in the system if the new data should not be protected.
  - 13. The method of claim 11, wherein the virtualized protected area of memory is a secured vault or a locally encrypted virtual file system.
  - 14. The method of claim 11, wherein the virtualized protected area of memory is a cloud vault.
  - 15. The method of claim 11, further comprising:
    - denying access to the data if the data is in the virtualized protected area of memory and the process is an untrusted process.

16. A system for virtualized trusted secure storage, the system comprising:
- security storage module configured to;
  
  receive a request from a process to access data is a system;
  
  determine if the data is in a virtualized protected area of memory in the system; and
  
  allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the system is further configured to:
    - determine if new data should be protected;
      
      store the new data in the virtualized protected area of memory in the system if the new data should be protected; and
      
      store the new data in an unprotected area of memory in the system if the new data should not be protected.
  - 18. The system of claim 16, wherein the virtualized protected area of memory is a secured vault or a locally encrypted virtual file system.
  - 19. The system of claim 16, wherein the virtualized protected area of memory is a cloud vault.
  - 20. The system of claim 16, wherein a filter driver controls input and output access to the virtualized protected area of memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Spurlock, Joel R., Zhang, Zheng, Kapoor, Aditya, Edwards, Jonathan L., Pham, Khai N.

Granted Patent

US 10,162,767 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 16/00   Information retrieval; Data...

G06F 16/25   Integrating or interfacing ...

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

VIRTUALIZED TRUSTED STORAGE

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

VIRTUALIZED TRUSTED STORAGE

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others