Securing Temporary Data On Untrusted Devices

US 20170083710A1
Filed: 07/08/2016
Published: 03/23/2017
Est. Priority Date: 07/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

intercepting a file command from a software application, the file command comprising a save command or a read command, and indicating a data file;

determining whether the data file is a temporary data file;

responsive to determining the data file is a temporary data file;

if the command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file; and

if the command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One example method for securing data on untrusted devices includes the steps of intercepting a file command from a software application, the file command comprising a save command or a read command, and indicating a data file; determining whether the data file is a temporary data file; responsive to determining the data file is a temporary data file: if the command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file, if the command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application.

17 Citations

View as Search Results

21 Claims

1. A method comprising:
- intercepting a file command from a software application, the file command comprising a save command or a read command, and indicating a data file;
  
  determining whether the data file is a temporary data file;
  
  responsive to determining the data file is a temporary data file;
  
  if the command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file; and
  
  if the command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising linking a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 3. The method of claim 1, wherein linking the DLL to the software application comprises replacing at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function.
  - 4. The method of claim 1, wherein the writing the encrypted data to the temporary data file comprises writing the temporary data file on a secure partition.
  - 5. The method of claim 1, further comprising, in response to receiving a command to open the data file:
    - prior to opening the data file, copying the data file to a first partition;
      
      opening the copied data file on the first partition by the software application; and
      
      not opening the data file.
  - 6. The method of claim 5, further comprising, in response to receiving a command to close the copied data file:
    - closing the copied data file;
      
      replacing the data file with the copied data file; and
      
      deleting the copied data file and the temporary data file.
  - 7. The method of claim 5, wherein writing the encrypted data to the temporary data file comprising writing the encrypted data to the temporary data file on the first partition.

8. A system comprising:
- a non-transitory computer-readable medium;
  
  a processor in communication with the non-transitory computer readable medium, the processor configured to execute processor-executable instructions stored in the non-transitory computer-readable medium to;
  
  intercept a file command from a software application, the file command comprising a save command or a read command, and indicating a data file;
  
  determine whether the data file is a temporary data file;
  
  responsive to a determination the data file is a temporary data file;
  
  if the command is a save command, encrypt data associated with the save command and write the encrypted data to the temporary data file; and
  
  if the command is a read command, decrypt data associated with the read command and provide the decrypted data to the software application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the processor is further configured to link a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 10. The system of claim 8, wherein the processor is further configured to replace at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function to link the DLL to the software application.
  - 11. The system of claim 8, wherein the processor is further configured to write the temporary data file on a secure partition to write the encrypted data to the temporary data file comprises.
  - 12. The system of claim 8, wherein the processor is further configured to, in response to receipt of a command to open the data file:
    - prior to opening the data file, copy the data file to a first partition;
      
      open the copied data file on the first partition by the software application; and
      
      not open the data file.
  - 13. The system of claim 12, wherein the processor is further configured to, in response to receipt of a command to close the copied data file:
    - close the copied data file;
      
      replace the data file with the copied data file; and
      
      delete the copied data file and the temporary data file.
  - 14. The system of claim 12, wherein the processor is further configured to write the encrypted data to the temporary data file on the first partition to write the encrypted data to the temporary data file.

15. A non-transitory computer-readable medium comprising processor-executable instructions configured to cause a processor to:
- intercept a file command from a software application, the file command comprising a save command or a read command, and indicating a data file;
  
  determine whether the data file is a temporary data file;
  
  responsive to a determination the data file is a temporary data file;
  
  if the command is a save command, encrypt data associated with the save command and write the encrypted data to the temporary data file; and
  
  if the command is a read command, decrypt data associated with the read command and provide the decrypted data to the software application.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the processor-executable instructions are further configured to cause a processor to link a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the processor-executable instructions are further configured to cause a processor to replace at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function to link the DLL to the software application.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the processor-executable instructions are further configured to cause a processor to write the temporary data file on a secure partition to write the encrypted data to the temporary data file comprises.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the processor-executable instructions are further configured to cause a processor to, in response to receipt of a command to open the data file:
    - prior to opening the data file, copy the data file to a first partition;
      
      open the copied data file on the first partition by the software application; and
      
      not open the data file.
  - 20. The non-transitory computer-readable medium of claim 19, wherein the processor-executable instructions are further configured to cause a processor to, in response to receipt of a command to close the copied data file:
    - close the copied data file;
      
      replace the data file with the copied data file; and
      
      delete the copied data file and the temporary data file.
  - 21. The non-transitory computer-readable medium of claim 19, wherein the processor-executable instructions are further configured to cause a processor to write the encrypted data to the temporary data file on the first partition to write the encrypted data to the temporary data file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sv Capital, LLC
Original Assignee
Senteon LLC
Inventors
Chapman, III, Robert Scott

Granted Patent

US 9,760,720 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 3/0619   in relation to data integri...

G06F 3/065   Replication mechanisms

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

Securing Temporary Data On Untrusted Devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Securing Temporary Data On Untrusted Devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others