PERVASIVE DATA SECURITY
First Claim
Patent Images
1. A computing device comprising:
- a processor;
at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
a memory for content and programming;
an operating system stored in the memory;
a calling application stored in the memory;
a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;
intercepting an operating system call performed by the calling application for an unencrypted asset;
requesting a first key for the unencrypted asset from a server;
upon receiving the first key for the unencrypted asset from the server;
creating a secure resource by encrypting the unencrypted asset;
completing the operating system call; and
sending an update message to the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system of securing data. A security client program stored in a memory of a user device intercepts an operating system call performed by a calling application of the user device for an unencrypted asset. A first key for the unencrypted asset from a server is requested. Upon receiving the first key for the unencrypted asset from a server, a secure resource is created by encrypting the unencrypted asset. Then, the operating system call is completed and an update message is sent to the server.
-
Citations
17 Claims
-
1. A computing device comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; an operating system stored in the memory; a calling application stored in the memory; a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising; intercepting an operating system call performed by the calling application for an unencrypted asset; requesting a first key for the unencrypted asset from a server; upon receiving the first key for the unencrypted asset from the server; creating a secure resource by encrypting the unencrypted asset; completing the operating system call; and sending an update message to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An appliance server, comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; a program stored in the memory, wherein execution of the program by the processor configures the server to perform acts, comprising; receiving a request for an access to a secure resource during an intercepted operating system call on a first user device; upon determining that the first user device is authorized to have access to the secure resource, sending a first encrypted message having a resource key to the first user device, such that the first encrypted message can be decrypted by a private key of the first user device; upon determining that the first user device has decrypted the first encrypted message, sending a second encrypted message having a resource item, such that the second encrypted message can be decrypted by the resource key of the first decrypted message; and upon determining that the first user device has decrypted the second message, sending a third encrypted message having a resource data, such that the third encrypted message can be decrypted by the resource item of the of the second decrypted message, wherein the resource data is configured to decrypt the secure resource.
-
-
11. The appliance server of claim 0, wherein the resource key is unique to a combination of the first user and the resource item.
-
12. The appliance server of claim 0, wherein the resource item is a single representation of several versions of the secure resource.
-
13. The appliance server of claim 0, wherein the resource data is configured to provide a stored at rest location information of the secure resource.
-
14. The appliance server of claim 0, wherein the resource data includes a key configured to provide access to a predetermined version of the secure resource for the user device.
-
15. The appliance server of claim 0, further comprising a separate resource data stored in the memory of the appliance server for every version of the secure resource.
-
16. The appliance server of claim 0, wherein the secure resource is stored at a remote server.
-
17. The appliance server of claim 0, wherein the resource key, the resource item, and the resource data are stored in the memory of the appliance server.
Specification