PERVASIVE DATA SECURITY

US 20170019379A1
Filed: 03/24/2016
Published: 01/19/2017
Est. Priority Date: 03/24/2015
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a processor;

at least one network interface coupled to the processor configured to enable communications via one or more communication networks;

a memory for content and programming;

an operating system stored in the memory;

a calling application stored in the memory;

a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;

intercepting an operating system call performed by the calling application for an unencrypted asset;

requesting a first key for the unencrypted asset from a server;

upon receiving the first key for the unencrypted asset from the server;

creating a secure resource by encrypting the unencrypted asset;

completing the operating system call; and

sending an update message to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system of securing data. A security client program stored in a memory of a user device intercepts an operating system call performed by a calling application of the user device for an unencrypted asset. A first key for the unencrypted asset from a server is requested. Upon receiving the first key for the unencrypted asset from a server, a secure resource is created by encrypting the unencrypted asset. Then, the operating system call is completed and an update message is sent to the server.

7 Citations

View as Search Results

17 Claims

1. A computing device comprising:
- a processor;
  
  at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
  
  a memory for content and programming;
  
  an operating system stored in the memory;
  
  a calling application stored in the memory;
  
  a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;
  
  intercepting an operating system call performed by the calling application for an unencrypted asset;
  
  requesting a first key for the unencrypted asset from a server;
  
  upon receiving the first key for the unencrypted asset from the server;
  
  creating a secure resource by encrypting the unencrypted asset;
  
  completing the operating system call; and
  
  sending an update message to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing device of claim 1, wherein an operating system call includes an instruction to at least one of:
    - (i) edit, (ii) send, and (iii) store an unencrypted asset.
  - 3. The computing device of claim 1, wherein the storage is a shared storage between several users.
  - 4. The computing device of claim 1, wherein the interception is performed with an intervening hook.
  - 5. The computing device of claim 4, wherein the intervening hook is a web distributed authoring and versioning (WebDav) protocol.
  - 6. The computing device of claim 1, wherein the update message includes a storage at rest location information of the secure resource.
  - 7. The computing device of claim 6, wherein the update message includes a permission for one or more users to have access to the secure resource.
  - 8. The computing device of claim 1, wherein upon failing to receive the first key in response to the request for the first key, suspending the operating system call until receiving the first key.
  - 9. The computing device of claim 1, wherein upon failing to receive a first key in response to the request for the first key, using a local key to encrypt the unencrypted asset.

10. An appliance server, comprising:
- a processor;
  
  at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
  
  a memory for content and programming;
  
  a program stored in the memory, wherein execution of the program by the processor configures the server to perform acts, comprising;
  
  receiving a request for an access to a secure resource during an intercepted operating system call on a first user device;
  
  upon determining that the first user device is authorized to have access to the secure resource, sending a first encrypted message having a resource key to the first user device, such that the first encrypted message can be decrypted by a private key of the first user device;
  
  upon determining that the first user device has decrypted the first encrypted message, sending a second encrypted message having a resource item, such that the second encrypted message can be decrypted by the resource key of the first decrypted message; and
  
  upon determining that the first user device has decrypted the second message, sending a third encrypted message having a resource data, such that the third encrypted message can be decrypted by the resource item of the of the second decrypted message, wherein the resource data is configured to decrypt the secure resource.

11. The appliance server of claim 0, wherein the resource key is unique to a combination of the first user and the resource item.

12. The appliance server of claim 0, wherein the resource item is a single representation of several versions of the secure resource.

13. The appliance server of claim 0, wherein the resource data is configured to provide a stored at rest location information of the secure resource.

14. The appliance server of claim 0, wherein the resource data includes a key configured to provide access to a predetermined version of the secure resource for the user device.

15. The appliance server of claim 0, further comprising a separate resource data stored in the memory of the appliance server for every version of the secure resource.

16. The appliance server of claim 0, wherein the secure resource is stored at a remote server.

17. The appliance server of claim 0, wherein the resource key, the resource item, and the resource data are stored in the memory of the appliance server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Global Data Sentinel, Inc.
Original Assignee
Global Data Sentinel, Inc.
Inventors
Galinski, John-Phillip, Walker, Nigel

Granted Patent

US 10,484,339 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/62   Protecting access to data v...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/166   at the transport layer

H04L 69/22   Parsing or analysis of headers

PERVASIVE DATA SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

PERVASIVE DATA SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links