System and method for providing data security

US 7,484,245 B1
Filed: 09/29/2000
Issued: 01/27/2009
Est. Priority Date: 10/01/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for maintaining data security comprising:

creating a package associated with a vault, the package comprising data bundled together with one or more permissions for regulating use of the data, the one or more permissions comprising one or more usage rule sets; and

providing a receiver for processing the package and storing the data in the vault, the vault being dedicated hard drive space whose existence and contents are invisible to a user, wherein the existence and contents of the hard drive space are invisible to the user by an assignment of false file names and locations as seen by the user.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method protects security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.

235 Citations

137 Claims

1. A method for maintaining data security comprising:
- creating a package associated with a vault, the package comprising data bundled together with one or more permissions for regulating use of the data, the one or more permissions comprising one or more usage rule sets; and
  
  providing a receiver for processing the package and storing the data in the vault, the vault being dedicated hard drive space whose existence and contents are invisible to a user, wherein the existence and contents of the hard drive space are invisible to the user by an assignment of false file names and locations as seen by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
- - 2. A method according to claim 1, wherein the step of processing the package further comprises opening the package and verifying the receiver for processing of the package.
  - 3. A method according to claim 2 further comprising searching for at least one driver for reading the package.
  - 4. A method according to claim 1 further comprising:
    - a port request detection step of detecting a port request for use of a port sent by a process;
      
      a process identification step of determining the identity of said requesting process;
      
      a process check step of determining if said process should be permitted to access said port; and
      
      a permit/deny step of allowing said port request to be fulfilled if said process should be permitted to access said port and denying said port request if said process should not be permitted to access said port.
  - 5. The method of claim 4 wherein said process check step comprises:
    - a secure process list check step of determining whether said process appears on a list of secure processes.
  - 6. The method of claim 4 further comprising:
    - a tracking step of tracking said port request.
  - 7. A method according to claim 1, wherein the step of creating a package comprises:
    - receiving a file of data for packaging;
      
      receiving a permissions database having one or more permissions associated with the file of data, the one or more permissions governing a client'"'"'s use of the file;
      
      generating a package global unique identifier;
      
      generating a package of data comprising the file, the one or more permissions and the global unique identifier;
      
      encrypting the package; and
      
      generating a computer executable file comprising the encrypted package.
  - 8. The method of claim 7 wherein the one or more permissions are selected from the group consisting an access count permission, an access time permission, an expiration date permission, an authorization date permission, a clipboard permission, a print permission, an unlimited access permission, an application permission, and a system-events permission.
  - 9. The method of claim 8 further comprising the step of setting a password for access to the computer executable file.
  - 10. The method of claim 9 wherein the package of data further comprises a recipient global unique identifier and further comprising the step of receiving the recipient global unique identifier after the step of generating a package global unique identifier.
  - 11. The method of claim 10 wherein the package of data further comprises a client software.
  - 12. A method according to claim 1 further comprising:
    - receiving a file of data for packaging;
      
      receiving a package permissions database having one or more permissions associated with the file of data, the one or more permissions governing a client'"'"'s use of the file;
      
      generating a package global unique identifier;
      
      generating a package of data comprising the file of data, the one or more permissions, the global unique identifier, and a client software;
      
      encrypting the package;
      
      generating a computer executable file comprising the encrypted package;
      
      receiving the computer executable file at a client computer system having an operating system;
      
      executing the computer executable file at the client computer system comprising the steps determining whether the operating system is a compatible operating system, and if so, executing a client software on the client computer system, the execution of the client software creating a client permissions database and a vault on the client computer system; and
      
      determining whether the encrypted package is valid, and if so, recording the package global unique identifier in the client permissions database, extracting the file of data and the one or more permissions from the package of data, storing the file of data in the vault and storing the one or more permissions in the client permissions database, and if not, setting a state in the computer executable file to indicate that the package is installed.
  - 13. The method of claim 12 further comprising the step of determining whether a second package is loaded on the computer system, and if so, terminating the second package, before the step of executing a client software on the client computer system.
  - 14. The method of claim 13 wherein the step of determining whether the package is valid comprises the steps of searching the client permissions database for the package global unique identifier and, concluding that the package is valid if the package global unique identifier is not in the client permissions database, and concluding that the package is invalid if the package global unique identifier is not in the client permissions database.
  - 15. The method of claim 14 wherein the package further comprises the client software having a version designation and, before the step of executing the client software, determining whether a second version of the client software is installed on the client computer system, and if not, extracting the client software from the package and installing the client software on the client computer system.
  - 16. The method of claim 15 wherein if a second version of the client software is installed on the client computer system, determining whether the version designation of the client software installed on the client computer system is earlier than the second version, and if so, extracting the client software from the package and installing the client software on the client computer system.
  - 17. The method of claim 15 wherein the client software comprises one or more device drivers and the client permissions database and the vault are generated by at least one of the one or more device driver.
  - 18. The method of claim 12 wherein the client software comprises one or more device drivers and the client permissions database and the vault are generated by at least one of the one or more device driver.
  - 19. The method of claim 12 wherein the package further comprises a receiver global unique identifier, and wherein the step of determining whether the encrypted package is valid comprises the steps of searching the client permissions database for a second receiver global unique identifier, and if not found, concluding that the package is invalid, and if found, comparing the receiver global unique identifier to the second receiver global unique identifier, determining whether they match, and if so, concluding that the package is valid, and if not, concluding that the package is invalid.
  - 20. The method of claim 12 wherein the one or more permissions are selected from the group consisting an access count permission, an access time permission, an expiration date permission, an authorization date permission, a clipboard permission, a print permission, an unlimited access permission, an application permission, and a system-events permission.
  - 21. The method of claim 12 wherein the computer executable file is password protected.
  - 22. A method according to claim 1 further comprising detecting violation of said one or more permissions.
  - 23. A method according to claim 22 wherein the step of providing a receiver further comprises providing internal security.
  - 24. A method according to claim 23, wherein the internal security comprises creating a tag file corresponding to the data and mapping the tag file against the data in a virtual table, with the virtual table including an actual file name of the data and a corresponding tag name for the tag file, wherein the virtual table and the data are stored in the vault.
  - 25. A method according to claim 23, wherein the step of providing internal security comprises identifying an anchor address corresponding to an original location for at least one of the vault, a driver used for reading of the package and a database storing the permissions, combining the addresses together to provide a key for regulating system operation and identifying when the key will not operate.
  - 26. A method according to claim 23, wherein the step of creating a package further comprises verifying the operation of the receiver when the package is opened.
  - 27. A method according to claim 23, wherein the internal security comprises the monitoring of a registry comprising:
    - requesting a handle for a registry key to a calling process;
      
      requesting a registry key value for the handle; and
      
      obtaining security clearance to complete the requests.
  - 28. The method of claim 27 further comprising after requesting a handle for a registry key to a calling process:
    - determining a process ID and registry key;
      
      determining whether the process is secured by checking a secured process list;
      
      if the process is secured, determining whether the registry key is on a rejection list;
      
      if the registry key is on the rejection list, denying the process access to the registry key; and
      
      if the process is not on the secured list or if the registry key name is not on the rejection list, completing the request.
  - 29. The method of claim 27 further comprising after requesting a registry key value for the handle:
    - determining a process ID and registry key value;
      
      determining whether the process is secured by checking the secured process list;
      
      if the process is secured, determining whether the registry key is on the rejection list;
      
      if the registry key is on the rejection list, denying the process access to the registry key value;
      
      if the process is not on the secured list, completing the request;
      
      if the registry key is not on the rejection list and the process is on the secured process list,processing the value request and determining whether the value is on the rejection list;
      
      if the value is not on the rejection list allowing the request to be completed; and
      
      if the value is on the rejection list denying access to the registry key value.
  - 30. The method of claim 27 further comprising after modifying and deleting handles and values:
    - determining a process ID;
      
      determining whether the process is secured by checking whether the process is on the secured process list;
      
      if the process is not on the secured process list, completing the request; and
      
      if the process is on the secured process list, not allowing the request to be completed.
  - 31. A method according to claim 23, wherein the step of providing internal security comprises a method for monitoring shared memory comprising:
    - providing a call to reserve a memory page for a requesting process;
      
      filtering the reserve call according to whether the page can be shared;
      
      providing a call to commit the memory page for the requesting process or for a subsequent requesting process; and
      
      filtering the commit call according to whether the page can be shared and whether the process can be secured.
  - 32. The method of claim 31 wherein filtering the reserve call comprises:
    - determining whether the page can be shared based on request parameters;
      
      if the page cannot be shared, allowing the request to be completed; and
      
      if the page can be shared, tracking the reserve call by creating a record and entering the record into a shared memory list.
  - 33. The method of claim 32 wherein the record includes a process ID, page number and share count.
  - 34. The method of claim 31 wherein filtering the commit call comprises:
    - determining, by accessing a shared memory list, if the page is shared by another process;
      
      if the page is shared, determining whether either of the sharing processes are secured by accessing a secured process list;
      
      if either process is secured, disallowing page sharing;
      
      if both processes are not secured, creating a new shared memory record, updating the share count for processes sharing the page and updating the shared memory list with information contained in the new record; and
      
      if the page is not shared, completing the commit request.
  - 35. The method of claim 34 wherein the record includes a process ID, page number and share count.
  - 36. The method of claim 31 further comprising:
    - providing a call to free the memory page of all address spaces;
      
      determining whether the process is secured by checking a secured process list;
      
      if the process is secured, overwriting the page to delete secured data, and deleting all records in the shared memory list with a page number the same as the overwritten page; and
      
      if the process is not secured deleting all records from a shared memory list with a page number corresponding to the unsecured process page.
  - 37. A method according to claim 23 wherein the step of providing internal security further comprises:
    - a vault provision step of providing a vault system for segregating vault data from other system data; and
      
      a file system security driver provision step of providing a file system security driver which intercepts file system calls, and for each specific one of said intercepted file system calls, determines whether said specific one of said intercepted file system calls is from a process accessing said vault data, and, if said specific one of said intercepted file system calls is from a process accessing said vault data, permitting the file system call to create or modify data only within said vault system.
  - 38. The method of claim 37, wherein said file system security driver provision step further comprises a file request handling step of, for each specific one of said intercepted file system calls which is a file read/write call, comprising the steps of:
    - determining whether said read/write request is a request for data from among said vault data;
      
      if said read/write request is a request for data from among said vault data, allowing access if process making said request is allowed to access said vault data; and
      
      if said read/write request is a request for data not from among said vault data, allowing access if said process making said request is not allowed to access said vault data, and allowing access if said read/write request is a read request.
  - 39. The method of claim 37, wherein said file system security driver provision step further comprises a file information request step, comprising the step of:
    - determining whether said file information request is a request regarding data from among said vault data, and if not, passing said file information request to said operating system, and if so, discerning correct file size and returning said correct file size.
  - 40. The method of claim 37, wherein said file system security driver provision step further comprises a file change request step, comprising the step of:
    - determining whether said file change request is a request regarding data from among said vault data, and if so performing said file change request on said vault data, and if not, checking to see if the requesting process is a secured process, and if not, passing said file change request to said operating system, and if so, blocking the request.
  - 41. The method of claim 37, wherein said file system security driver provision step further comprises:
    - a file open handling step of, for each specific one of said intercepted file system calls which is a file open call, comprising the steps determining whether said file open call is a request for data from among said vault data; and
      
      if said file open call is a request for data from among said vault data, performing a check on process making said request to see if said process is already a secured process which has previously opened said data from among said vault data, and if so, allowing access to said vault data, and performing an access check on process making said request, and then processing the request by allowing access to said process which is not already a secured process if said access check is passed but not allowing access at all if said access check is not passed;
      
      if said file open call is not a request for data from among said vault data, performing a check on said process making said request to see if said process is already a secured process, and passing the request onto an operating system if said process making said request is not a secured process, and, if said process making said request is a secured process, determining if file referred to in said file open call exists, and if it does, opening said file for read only, and if it does not, creating said file in said vault data;
      
      a file read/write request handling step of, for each specific one of said intercepted file system calls which is a file read/write call, comprising the steps of;
      
      determining whether said read/write request is a request for data from among said vault data;
      
      if said request is a request for data from among said vault data, allowing access if process making said request is allowed to access said vault data; and
      
      if said request is a request for data not from among said vault data, allowing access if said process making said request is not allowed to access said vault data, and allowing access if said read/write request is a read request;
      
      a file information request step, comprising the step of;
      
      determining whether said file information request is a request regarding data from among said vault data, and if not, passing said file information request to said operating system, and if so, discerning correct file size and returning said correct file size; and
      
      a file change request step, comprising the steps determining whether said file change request is a request regarding data from among said vault data, and if so performing said file change request on said vault data, and if not, checking to see if the requesting process is a secured process, and if not, passing said file change request to said operating system, and if so, blocking the request.
  - 42. The method of claim 37, where said file system security driver provision step further comprises a file open handling step of, for each specific one of said intercepted file system calls which is a file open call, comprising the steps of:
    - determining whether said file open call is a request for data from among said vault data; and
      
      if said file open call is a request for data from among said vault data, performing a check on process making said request to see if said process is already a secured process which has previously opened said data from among said vault data, and if so, allowing access to said vault data, and performing an access check on process making said request, and then processing the request by allowing access to said process which is not already a secured process if said access check is passed but not allowing access at all if said access check is not passed;
      
      if said file open call is not a request for data from among said vault data, performing a check on said process making said request to see if said process is already a secured process, and passing the request onto an operating system if said process making said request is not a secured process, and, if said process making said request is a secured process, determining if file referred to in said file open call exists, and if it does, opening said file for read only, and if it does not, creating said file in said vault data.
  - 43. The method of claim 42, wherein said processing the request by allowing access to said process which had not previously been granted access to said vault data comprises the step of:
    - querying user to determine if said user would like to open said data from among said vault data, and opening said data from among said vault data only if said user would like to open said data.
  - 44. The method of claim 43, wherein said processing the request by allowing access to said process which had not previously been granted access to said vault data comprises the step of:
    - recording said allowed access and monitoring total accesses allowed.
  - 45. The method of claim 42, wherein said processing the request by allowing access to said process which had not previously been granted access to said vault data comprises the step recording said process which had not previously been granted access to said vault data making said request in a list of processes allowed to access said vault data.
  - 46. The method of claim 42, wherein said step of creating said file in said vault data comprises the step of:
    - sending said secured process a stand-in file handle;
      
      creating a corresponding vault file handle; and
      
      storing said stand-in file handle and said corresponding vault file handle.
  - 47. The method of claim 42, wherein said step of opening said file for read only comprises the steps modifying any file request flags of said file open call which indicating modification of the file is permitted;
    - and passing said modified file open call to said operating system.
  - 48. A method according to claim 23, wherein the step of providing internal security further comprises monitoring a system clock of a computer to prevent unauthorized access to data comprising the steps of:
    - initializing a clock monitor comprising the steps of;
      
      reading a first time value from the system clock;
      
      determining whether a permissions database having one or more clock-related permission field each field comprising one or more clock-related permissions, and a stored time value field comprising a stored time value, is initialized on the computer system;
      
      if the permissions database is initialized, comparing the first time value to the stored time value and, if the first time value is later than the stored time value, storing the first time value in the stored time value field, if the first time value is earlier than the stored time value, disabling the one or more clock-related permissions, whereby disabling the clock-related permissions prevents access to the data; and
      
      if the permissions database is not initialized, storing the first time value in the stored time value field.
  - 49. The method of claim 48 wherein the clock-related permissions comprise date-related permissions.
  - 50. The method of claim 48 wherein the step of determining whether the permissions database is initialized comprises the step of:
    - reading the stored time value from the stored time value field in the permissions database, and if the stored value is zero, concluding that the permissions database is not initialized, and if the stored time value field is other than zero, concluding that the permissions database is initialized.
  - 51. The method of claim 48 further comprising the steps of:
    - tracking a true system time, which is the stored time value plus an internal elapsed time measured from initialization of the clock monitor;
      
      after a predetermined tracking interval, reading a second time value from the system clock;
      
      comparing the second time value with the true system time and generating a time deviation based on the comparison;
      
      if the time deviation is not within an acceptable deviation, disabling the one or more clock-related permissions;
      
      if the time deviation is within the acceptable deviation, enforcing the clock-related permissions; and
      
      storing the true system time.
  - 52. The method of claim 51, after the step of if the time deviation is not within an acceptable deviation, disabling one or more clock-related permissions, further comprising the steps of:
    - reading a third time value from the system clock;
      
      comparing the third time value with the internal elapsed time;
      
      generating a second time deviation based on the comparison; and
      
      if the second time deviation is within the acceptable deviation, reenabling the clock-related permissions, storing the true system time in the stored time value field, and storing the third time value a last known good system time value field in the permissions database.
  - 53. The method of claim 51 wherein the predetermined tracking interval is substantially in the range of zero seconds to sixty seconds.
  - 54. The method of claim 51 wherein the accepted deviation is substantially in the range of zero seconds to three hours.
  - 55. The method of claim 48 further comprising the steps of:
    - tracking a true system time, which is the stored time value plus a true system time measured from initialization of the clock monitor;
      
      reading a second time value from the system clock;
      
      comparing the second time value with the true system time and generating a time deviation based on the comparison; and
      
      if the time deviation is within an acceptable deviation, storing the second time value in the stored time value field.
  - 56. The method of claim 55 further comprising the step of powering down the computer.
  - 57. The method of claim 55 wherein the accepted deviation is substantially in the range of zero seconds to three hours.
  - 58. The method according to claim 23, wherein providing internal security comprises providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers for accessing data in a data storage device, the method for providing data security comprising the steps of:
    - detecting an I/O request to said first device driver;
      
      determining whether said first device driver is functionally uppermost in the layered plurality of device drivers;
      
      if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
      
      if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
  - 59. The method of claim 58 wherein said first device driver is a file system monitor.
  - 60. The method of claim 58 wherein the data is stored in a secure virtual file system, and wherein the step of performing the I/O request further comprises the step of implementing data security measures.
  - 61. The method of claim 58 wherein the data is stored in encrypted form, and wherein the step of performing the I/O request further comprises the step of decrypting the data.
  - 62. The method of claim 58 wherein the step of performing the I/O request further comprises the step of checking the data for viruses.
  - 63. The method of claim 58 wherein the step of determining whether said first device driver is functionally uppermost in the layered plurality of device drivers further comprises the steps of:
    - determining whether said first device driver has been previously called;
      
      if said first device driver has not been previously called, detecting an initial calling module address, storing said initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers;
      
      if said first device driver has been previously called, detecting a second calling module address, comparing said second calling module address to the initial calling module address, and concluding that said first device driver is functionally uppermost in the layered plurality of device drivers only if the initial calling module address matches the second calling module address.
  - 64. The method of claim 58 wherein the step of denying the I/O request in the secure first device driver comprises the steps of:
    - setting a first device driver shutdown flag; and
      
      initiating a re-hook process.
  - 65. The method of claim 58 further comprising, after the step of detecting an I/O request to said first device driver, the steps of:
    - checking whether a first device driver shutdown flag is set; and
      
      if said first device driver shutdown flag is set, omitting further steps in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
  - 66. The method of claim 65 wherein the step of initiating a re-hook process further comprises the steps of:
    - counting the number of times the re-hook process has been initiated;
      
      checking whether the number of times has reached a predetermined maximum threshold;
      
      if the number of times has reached a predetermined maximum threshold, initiating a programmable security response;
      
      if the number of times has not reached a predetermined maximum threshold, initiating re-attachment of said first device driver functionally uppermost in the layered plurality of device drivers;
      
      if said first device driver has been reattached functionally uppermost in the layered plurality of device drivers, unsetting said first device driver shutdown flag; and
      
      concluding the re-hook process.
  - 67. The method of claim 66 wherein the programmable security response comprises the step of destroying the data.
  - 68. The method of claim 66 wherein the data is stored in a secure virtual file system, and wherein the step of destroying the data further comprises the step of destroying the secure virtual file system.
  - 69. The method of claim 66 wherein the programmable security response comprises the step of terminating open applications.
  - 70. The method of claim 66 wherein the programmable security response comprises the step of destroying said first device driver on the data storage device.
  - 71. The method of claim 66 wherein the programmable security response comprises the step of halting the operation of the computer.
  - 72. The method of claim 66 wherein the programmable security response comprises the step of causing the computer to enter a state requiring reboot.
  - 73. A method according to claim 23, wherein the step of providing internal security further comprises:
    - a port request detection step of detecting a port request for use of a port sent by a process;
      
      an open port process identification step of, if said port request is an open port request, determining the identity of said requesting process;
      
      an open port process check step of, if said port request is an open port request, determining if said process should be permitted to open said port;
      
      an open port permit/deny step of, if said port request is an open port request, allowing said open port request to be fulfilled and tracking said open port request if said process should be permitted to open said port and denying said port request if said process should not be permitted to open said port;
      
      a close port process completion step of, if said port request is a close port request, completing said port request; and
      
      a close port logging step of logging the closing of said port.
  - 74. The method according to claim 73 where said open port process check step comprises:
    - a secure process list check step of determining whether said process appears on a list of secure processes.
  - 75. The method according to claim 73 where said tracking of said open port request comprises keeping a log of process ID and returned port handle for said open port request, and said close port logging step of tracking the closing of said port comprises removing from said log said record of process ID and returned port handle for that port close request.
  - 76. The method according to claim 75 further comprising:
    - a security check step comprising the steps of checking whether a process has open ports, and denying security clearance for a process with open ports, and allowing security clearance for a process with no open ports.
  - 77. The method according to claim 76 wherein said open port process check step of comprises determining if said process identity appears on a secured process list, and where said step of allowing security clearance for a process with no open ports comprises the step of placing said process on said secured process list.
  - 78. A method according to claim 23, wherein the step of providing internal security further comprises:
    - a network request detection step of detecting a network request for use of a network sent by a process;
      
      a process identification step of determining the identity of said requesting process;
      
      a process check step of determining if said process should be permitted to access said network; and
      
      a step of allowing said network request to be fulfilled if said process should be permitted to access said network and denying said network request if said process should not be permitted to access said network.
  - 79. The method according to claim 78 wherein said process check step comprises:
    - a secure process list check step of determining whether said process appears on a list of secure processes.
  - 80. The method according to claim 79, wherein said network requests interface is the Transport Data Interface.
  - 81. A method according to claim 23, wherein the step of providing internal security comprises:
    - detecting a file system request;
      
      completing said file system request;
      
      receiving return information from said file system request;
      
      determining whether said file system request is for a tag file associated with a secured file; and
      
      if so, modifying said return information to reflect a file attribute of the secured file.
  - 82. The method of claim 81 wherein said file attribute is file size.
  - 83. The method of claim 81 wherein the step of determining further comprises the steps of:
    - determining whether said return information identifies a plurality of tag files associated with a plurality of secured files; and
      
      if so, modifying said return information to reflect a file attribute of the plurality of secured files.
  - 84. The method of claim 81 wherein the secured file is stored in encrypted form.
  - 85. The method of claim 81 wherein the secured file is stored in a secure virtual file system.
  - 86. The method of claim 81 wherein the secured file is stored on a remote networked device.
  - 87. The method of claim 81 wherein the file system request is to open a file.
  - 88. The method of claim 81 wherein the file system request is to delete a file.
  - 89. The method of claim 81 wherein the file system request is to rename a file.
  - 90. The method of claim 81 wherein the file system request is to query file information.
  - 91. The method of claim 83 wherein the file system request is to set file information.
  - 92. The method of claim 83 wherein the file system request is to find a first matching file.
  - 93. The method of claim 83 wherein the file system request is to find a next matching file.
  - 94. The method of claim 83 wherein the file system request is directory control.

95. A system for maintaining data security comprising:
- a receiver for processing a package associated with a vault, with the package comprising data;
  
  the vault located within the receiver for storing the data, the vault being dedicated hard drive space whose existence and contents are invisible to a user, wherein the existence and contents of the hard drive space are invisible to the user by an assignment of false file names and locations as seen by the user; and
  
  internal security for protecting the data stored in the vault, wherein the internal security comprises one or more selected from the group consisting of;
  
  a) a tag file corresponding to the data, and a virtual table mapping the tag file against the data by using an actual file name for the data and a tag name for the tag file, wherein the virtual table and data are stored in the vault;
  
  b) an anchor address corresponding to an original location for at least one of the vault, a driver used for reading of the package and a database storing one or more permissions associated with the package, combining the addresses together to provide a key for regulating system operation and identifying when the key will not operate;
  
  c) a registry monitoring system comprising;
  
  a handle for a registry key to a calling process;
  
  a registry key value for the handle;
  
  a process ID and registry key;
  
  security clearance to complete the requests;
  
  wherein the process is secured by checking a secured process list;
  
  if the process is secured, determining whether the registry key is on a rejection list;
  
  if the registry key is on the rejection list, denying the process access to the registry key; and
  
  if the process is not on the secured list or if the registry key name is not on the rejection list, completing the request;
  
  d) a shared memory system comprising;
  
  a call to reserve a memory page for a requesting process;
  
  the reserve call filtered according to whether the page can be shared;
  
  a call to commit the memory page for the requesting process or for a subsequent process;
  
  the commit call filtered according to whether the page can be shared and whether the process can be secured;
  
  e) a vault system for segregating vault data from other system data; and
  
  a file system security driver which intercepts file system calls, and for each specific one of said intercepted file system calls, determining whether said specific one of said intercepted file system calls is from a process accessing said vault data, and, if said specific one of said intercepted file system calls is from a process accessing said vault data, permitting the file system call to create or modify data only within said vault system;
  
  f) a system for monitoring a system clock of a computer to prevent unauthorized access to data comprising;
  
  reading a first time value from the system clock;
  
  determining whether a permissions database having one or more clock-related permission field each field comprising one or more clock-related permissions, and a stored time value field comprising;
  
  a stored time value, is initialized on the computer system;
  
  if the permissions database is initialized, comparing the first time value to the stored time value and, if the first time value is later than the stored time value, storing the first time value in the stored time value field, if the first time value is earlier than the stored time value, disabling the one or more clock-related permissions, whereby disabling the clock-related permissions prevents access to the data; and
  
  if the permissions database is not initialized, storing the first time value in the stored time value field;
  
  g) detecting an I/O request to said first device driver;
  
  determining whether said first device driver is functionally uppermost in the layered plurality of device drivers;
  
  if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
  
  if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers;
  
  h) a port request detection step of detecting a port request for use of a port sent by a process;
  
  a process identification step of determining the identity of said requesting process;
  
  a process check step of determining if said process should be permitted to access said port; and
  
  a step of allowing said port request to be fulfilled if said process should be permitted to access said port and denying said port request if said process should not be permitted to access said port;
  
  i) a port request detection step of detecting a port request for use of a port sent by a process;
  
  an open port process identification step of, if said port request is an open port request, determining the identity of said requesting process;
  
  an open port process check step of, if said port request is an open port request, determining if said process should be permitted to open said port;
  
  an open port step of, if said port request is an open port request, allowing said open port request to be fulfilled and tracking said open port request if said process should be permitted to open said port and denying said port request if said process should not be permitted to open said port;
  
  a close port process completion step of, if said port request is a close port request, completing said port request; and
  
  aclose port logging step of logging the closing of said port; and
  
  j) a network request detection step of detecting a network request for use of a network sent by a process;
  
  a process identification step of determining the identity of said requesting process;
  
  a process check step of determining if said process should be permitted to access said network; and
  
  astep of allowing said network request to be fulfilled if said process should be permitted to access said network and denying said network request if said process should not be permitted to access said network.
- View Dependent Claims (96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116)
- - 96. A system according to claim 95, further comprising a port blocking system, wherein said port blocking system operates to detect a port request for use of a port sent by a process;
    - determine the identity of said requesting process;
      
      determine if said process should be permitted to access said port; and
      
      allow said port request to be fulfilled if said process should be permitted to access said port and deny said port request if said process should not be permitted to access said port.
  - 97. A system according to claim 95, further comprising a network blocking system, wherein said network blocking system operates to determine the identity of said requesting process;
    - determine if said process should be permitted to access said network; and
      
      allow said network request to be fulfilled if said process should be permitted to access said network and deny said network request if said process should not be permitted to access said network.
  - 98. A system according to claim 95, wherein the system comprises a device driver for accessing data, the device driver operably installed in an operating system on an electronic computer, wherein said device driver:
    - detects a file system request;
      
      completes said file system request;
      
      receives return information from said file system request;
      
      determines whether said file system request is for a tag file associated with a secured file; and
      
      if so, modifies said return information to reflect a file attribute of the secured file.
  - 99. The system of claim 98 wherein said file attribute is file size.
  - 100. The system of claim 99 wherein said device driver further determines whether said return information identifies a plurality of tag files associated with a plurality of secured files;
    - and if so, modifies said return information to reflect a file attribute of the plurality of secured files.
  - 101. The system of claim 100 wherein said first device driver is a file system monitor.
  - 102. The system of claim 100 wherein the secured file is stored in encrypted form.
  - 103. The system of claim 100 wherein the secured file is stored in a secure virtual file system.
  - 104. The system of claim 100 wherein the secured file is stored on a remote networked device.
  - 105. The system of claim 100 wherein the file system request is to open a file.
  - 106. The system of claim 100 wherein the file system request is to delete a file.
  - 107. The system of claim 100 wherein the file system request is to rename a file.
  - 108. The system of claim 100 wherein the file system request is to query file information.
  - 109. The system of claim 100 wherein the file system request is to set file information.
  - 110. The system of claim 109 wherein the file system request is to find a first matching file.
  - 111. The system of claim 109 wherein the file system request is to find a next matching file.
  - 112. The system of claim 109 wherein the file system request is directory control.
  - 113. A system according to claim 95 comprising:
    - a machine readable medium having information packaging software that generates a computer executable file comprising a package of information, the package of information comprising;
      
      a file of data;
      
      a permissions database having one or more permissions associated with the file of data;
      
      an encryption software;
      
      a network in communication with the machine readable medium;
      
      a client computer system in communication with the network, the computer system adapted to receive the package of information and execute the computer executable file, the computer system having a client permissions database and a vault adapted to receive the package of information.
  - 114. The system of claim 113 wherein the package of information further comprises a package global unique identifier, and the client computer system further comprises a module of computer code adapted to read the package global unique identifier, search the client permissions database for the package global unique identifier, and reject the package if the package global unique identifier is found in the client permissions database.
  - 115. The system of claim 114 wherein the package of information further comprises a recipient global unique identifier, and the client computer system further comprises a module of computer code adapted to read the recipient global unique identifier, search the client permissions database for the recipient global unique identifier, and reject the package if the recipient global unique identifier is not found in the client permissions database.
  - 116. The system of claim 115 wherein the one or more permissions are selected from the group consisting an access count permission, an access time permission, an expiration date permission, an authorization date permission, a clipboard permission, a print permission, an unlimited access permission, an application permission, and a system-events permission.

117. A computer program product for monitoring data security embodied in a computer-readable memory medium that when read out directs a system to perform at least one of:
- creating a package associated with a vault, the package comprising data bundled together with one or more permissions for regulating use of the data, the one or more permissions comprising one or more usage rule sets; and
  
  opening the package and storing the data in the vault for restricted access of the data, the vault being dedicated hard drive space whose existence and contents are invisible to a user, wherein the existence and contents of the hard drive space are invisible to the user by an assignment of false file names and locations as seen by the user.
- View Dependent Claims (118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135)
- - 118. A computer program product according to claim 117 further directing the system to:
    - detect a port request for use of a port sent by a process;
      
      determine the identity of said requesting process;
      
      determine if said requesting process should be permitted to access said port; and
      
      allow the port request if said process should be permitted to access said port and deny the port request if said process should not be permitted to access said port.
  - 119. A computer program product according to claim 117 further directing the system to detect violations of said one or more permissions.
  - 120. A computer program product according to claim 119 further directing the system to:
    - protect secure data by implementing a network blocking system which operates to determine an identity of said requesting process;
      
      determine if said process should be permitted to access said network; and
      
      allow said network request to be fulfilled if said process should be permitted to access said network and deny said network request if said process should not be permitted to access said network.
  - 121. A computer program product according to claim 119 further directing the system to create a tag file corresponding to the data in the vault and to map the tag file against the data in a virtual table, with the virtual table stored in the vault and including an actual file name of the data and a corresponding tag name for the tag file.
  - 122. A computer program product according to claim 119, further directing the system to provide internal security including identifying an anchor address corresponding to an original location for at least one of the vault, a driver used for reading of the package and a database storing the permissions, combining the addresses together to provide a key for regulating system operation and identifying when the key will not operate.
  - 123. A computer program product according to claim 119 further directing the system to monitor a registry via:
    - requesting a handle for a registry key to a calling process;
      
      requesting a registry key value for the handle; and
      
      obtaining security clearance to complete the requests.
  - 124. A computer program product according to claim 119 further directing the system to monitor shared memory via:
    - providing a call to reserve a memory page for a requesting process;
      
      filtering the reserve call according to whether the page can be shared;
      
      providing a call to commit the memory page for the requesting process or for a subsequent requesting process; and
      
      filtering the commit call according to whether the page can be shared and whether the process can be secured.
  - 125. A computer program product according to claim 119 further directing the system to:
    - provide a vault system for segregating vault data from other system data; and
      
      provide a file system security driver which intercepts file system calls, and for each specific one of said intercepted file system calls, determines whether said specific one of said intercepted file system calls is from a process accessing said vault data, and, if said specific one of said intercepted file system calls is from a process accessing said vault data, permitting the file system call to create or modify data only within said vault system.
  - 126. A computer program product according to claim 119, further directing the system to monitor a system clock of a computer to prevent unauthorized access to data by:
    - initializing a clock monitor via;
      
      reading a first time value from the system clock;
      
      determining whether a permissions database having one or more clock-related permission fields, each field comprising one or more clock-related permissions, and having a stored time value field comprising a stored time value, is initialized on the system;
      
      if the permissions database is initialized, comparing the first time value to the stored time value and, if the first time value is later than the stored time value, storing the first time value in the stored time value field, if the first time value is earlier than the stored time value, disabling the one or more clock-related permissions, whereby disabling the clock-related permissions prevents access to the data; and
      
      if the permissions database is not initialized, storing the first time value in the stored time value field.
  - 127. A computer program product according to claim 119 further directing the system to:
    - detect an I/O request to a first device driver;
      
      determine whether said first device driver is functionally uppermost in a layered plurality of device drivers;
      
      if said first device driver is functionally uppermost in the layered plurality of device drivers, perform the I/O request in said first device driver; and
      
      if said first device driver is not functionally uppermost in the layered plurality of device drivers, deny the I/O request in said first device driver, and allow the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers.
  - 128. A computer program product according to claim 119 further directing the system to:
    - detect a port request for use of a port sent by a process;
      
      if said port request is an open port request, determine the identity of said requesting process;
      
      if said port request is an open port request, determine if said process should be permitted to open said port;
      
      if said port request is an open port request, allow the open port request and track said open port request if said process should be permitted to open said port and deny said port request if said process should not be permitted to open said port;
      
      if said port request is a close port request, complete said port request; and
      
      log the closing of said port.
  - 129. A computer program product according to claim 119 further directing the system to:
    - detect a network request for use of a network sent by a process;
      
      determine an identity of said requesting process;
      
      determine if said process should be permitted to access said network; and
      
      allow the network request if said process should be permitted to access said network and deny the network request if said process should not be permitted to access said network.
  - 130. A computer program product according to claim 119 comprising a package of information comprising:
    - a file of data;
      
      a permissions database having one or more permissions associated with the file of data, the one or more permissions governing a client'"'"'s use of the file;
      
      a package global unique identifier; and
      
      a receiver global unique identifier.
  - 131. The computer program product of claim 130 wherein the one or more permissions are selected from the group consisting of an access count permission, an access time permission, an expiration date permission, an authorization date permission, a clipboard permission, a print permission, an unlimited access permission, an application permission, and a system-events permission.
  - 132. The computer program product of claim 131 further comprising a client software.
  - 133. A computer program product according to claim 119 further comprising a device driver program for directing the system to access data, said device driver program comprising instructions for directing the system to:
    - detect a file system request;
      
      complete said file system request;
      
      receive return information from said file system request;
      
      determine whether said file system request is for a tag file associated with a secured file; and
      
      modify said return information to reflect a file attribute of the secured file, if said file system request is for a tag file associated with a secured file.
  - 134. The computer program product of claim 133 wherein the device driver program further comprises instructions for directing the system to:
    - determine whether said return information identifies a plurality of tag files associated with a plurality of secured files; and
      
      modify said return information to reflect a file attribute of the plurality of secured files, if said return information identifies a plurality of tag files associated with a plurality of secured files.
  - 135. A computer program product according to claim 119 further directing the system to:
    - protect secure data by implementing a port blocking system which operates to detect a port request for use of a port sent by a process;
      
      determine an identity of said requesting process;
      
      determine if said process should be permitted to access said port; and
      
      allow said port request to be fulfilled if said process should be permitted to access said port and deny said port request if said process should not be permitted to access said port.

136. A system for maintaining security during transmission of data between at least two computers comprising:
- a first computer having a system for creating a package associated with a vault, the package comprising data bundled together with one or more permissions selected from a list of available permissions for regulating use of the data, the one or more permissions comprising one or more usage rule sets; and
  
  a second computer having a system for receiving the package from the first computer, opening the package upon verification and storing the data in the vault, the vault being dedicated hard drive space whose existence and contents are invisible to a user, wherein the existence and contents of the hard drive space are invisible to the user by an assignment of false file names and locations as seen by the user.
- View Dependent Claims (137)
- - 137. A system according to claim 136 further comprising internal security, wherein the internal security comprises a plurality of:
    - detecting violation of said one or more permissions;
      
      creating a tag file corresponding to the data and mapping the tag file against the data in a virtual table, with the virtual table including an actual file name of the data and a corresponding tag name for the tag file, wherein the virtual table and the data are stored in the vault;
      
      identifying an anchor address corresponding to an original location for at least one of the vault, a driver used for reading of the package and a database storing the permissions, combining the addresses together to provide a key for regulating system operation and identifying when the key will not operate;
      
      monitoring a registry comprising;
      
      requesting a handle for a registry key to a calling process;
      
      requesting a registry key value for the handle; and
      
      obtaining security clearance to complete the requests;
      
      monitoring shared memory comprising;
      
      providing a call to reserve a memory page for a requesting process;
      
      filtering the reserve call according to whether the page can be shared;
      
      providing a call to commit the memory page for the requesting process or for a subsequent requesting process; and
      
      filtering the commit call according to whether the page can be shared and whether the process can be secured;
      
      providing a vault system for segregating vault data from other system data;
      
      providing a file system security driver which intercepts file system calls, and for each specific one of said intercepted file system calls, determines whether said specific one of said intercepted file system calls is from a process accessing said vault data, and, if said specific one of said intercepted file system calls is from a process accessing said vault data, permitting the file system call to create or modify data only within said vault system;
      
      monitoring a system clock of a computer to prevent unauthorized access to data comprising;
      
      initializing a clock monitor comprising the steps reading a first time value from the system clock;
      
      determining whether a permissions database having one or more clock-related permission field each field comprising one or more clock-related permissions, and a stored time value field comprising a stored time value, is initialized on the computer system;
      
      if the permissions database is initialized, comparing the first time value to the stored time value and, if the first time value is later than the stored time value, storing the first time value in the stored time value field;
      
      if the first time value is earlier than the stored time value, disabling the one or more clock-related permissions, whereby disabling the clock-related permissions prevents access to the data;
      
      if the permissions database is not initialized, storing the first time value in the stored time value field;
      
      detecting an I/O request to said first device driver;
      
      determining whether said first device driver is functionally uppermost in the layered plurality of device drivers;
      
      if said first device driver is functionally uppermost in the layered plurality of device drivers, performing the I/O request in said first device driver; and
      
      if said first device driver is not functionally uppermost in the layered plurality of device drivers, denying the I/O request in said first device driver, and allowing the I/O request to be performed by a next lower-level device driver in the layered plurality of device drivers;
      
      detecting a port request for use of a port sent by a process;
      
      determining the identity of said requesting process;
      
      determining if said process should be permitted to access said port;
      
      allowing said port request to be fulfilled if said process should be permitted to access said port and denying said port request if said process should not be permitted to access said port;
      
      detecting a port request for use of a port sent by a process;
      
      if said port request is an open port request, determining the identity of said requesting process;
      
      if said port request is an open port request, determining if said process should be permitted to open said port;
      
      if said port request is an open port request, allowing said open port request to be fulfilled and tracking said open port request if said process should be permitted to open said port and denying said port request if said process should not be permitted to open said port;
      
      if said port request is a close port request, completing said port request;
      
      logging the closing of said port;
      
      detecting a network request for use of a network sent by a process;
      
      determining the identity of said requesting process;
      
      determining if said process should be permitted to access said network; and
      
      allowing said network request to be fulfilled if said process should be permitted to access said network and denying said network request if said process should not be permitted to access said network;
      
      detecting a file system request;
      
      completing said file system request;
      
      receiving return information from said file system request;
      
      determining whether said file system request is for a tag file associated with a secured file; and
      
      if so, modifying said return information to reflect a file attribute of the secured file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GigaMedia Access Corp. (Pinion Software Inc.)
Original Assignee
GigaTrust
Inventors
Friedman, George, Starek, Robert Phillip, Murdock, Carlos A.
Primary Examiner(s)
Smithers; Matthew
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US09/701,157
Time in Patent Office

3,042 Days
Field of Search

380/283, 705/51, 705 56- 58, 713/165, 713/171, 713/167, 726/27, 726/28
US Class Current

726/27
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 2221/2141   Access rights, e.g. capabil...

System and method for providing data security

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

235 Citations

137 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing data security

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

235 Citations

137 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links