Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption

US 7,594,276 B2
Filed: 08/11/2003
Issued: 09/22/2009
Est. Priority Date: 03/24/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A machine system for protecting information from unauthorized access by way of unauthorized programs, said machine system comprising:

(a) data-providing means for providing data of an identified one of two or more digital data files, where each of said files is identifiable by a file name;

(b) an interceptable access mechanism through which data of an identified file of the data-providing means is accessed by identifiable, requesting programs;

(c) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs,(c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided for testing all the intercepted data access attempts and responsively denying or approving data access to the data of a pre-classified subset of said files based on one or both of the identity of one or more access-attempting programs and the time of the access attempt, wherein at least one pre-classified subset of said files has plural files, wherein the deny/approve means further includes;

list searching means for searching one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first conditions by the identities of one or more programs that caused the data access attempt and the satisfaction of one or more pre-defined second conditions by the identity of the requested data file,wherein the bubble lists include one or more linked trunk_lists, wherein each linked trunk_list has one or more target-query blocks and an end-of-trunk_list marker, wherein each target-query block includes a file-name definition and each target-query block is associated with a corresponding one or more causation-query blocks that each defines a respective query for a cause of the attempted access to the data of a requested data file, wherein each target-query block points to a corresponding causation-query branch list, wherein each causation-query branch list has one or more causation-query blocks and an end-of-branch list marker, wherein each causation-query block has a program-name definition and wherein the list searching means comprises;

causation-query branch list following means for searching along one or more of the linked causation-query branch lists for a causation-query block having a program-name definition satisfied by the identities of the one or more programs that caused the data access attempt, and wherein the list searching means comprises;

linked-trunk_list following means for searching along one or more of the linked trunk_lists for a target-query block having a file-name definition satisfied by the identity of the requested data file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have On-The-Fly (OTF) mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.

Citations

42 Claims

1. A machine system for protecting information from unauthorized access by way of unauthorized programs, said machine system comprising:
- (a) data-providing means for providing data of an identified one of two or more digital data files, where each of said files is identifiable by a file name;
  
  (b) an interceptable access mechanism through which data of an identified file of the data-providing means is accessed by identifiable, requesting programs;
  
  (c) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs,(c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided for testing all the intercepted data access attempts and responsively denying or approving data access to the data of a pre-classified subset of said files based on one or both of the identity of one or more access-attempting programs and the time of the access attempt, wherein at least one pre-classified subset of said files has plural files, wherein the deny/approve means further includes;
  
  list searching means for searching one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first conditions by the identities of one or more programs that caused the data access attempt and the satisfaction of one or more pre-defined second conditions by the identity of the requested data file,wherein the bubble lists include one or more linked trunk_lists, wherein each linked trunk_list has one or more target-query blocks and an end-of-trunk_list marker, wherein each target-query block includes a file-name definition and each target-query block is associated with a corresponding one or more causation-query blocks that each defines a respective query for a cause of the attempted access to the data of a requested data file, wherein each target-query block points to a corresponding causation-query branch list, wherein each causation-query branch list has one or more causation-query blocks and an end-of-branch list marker, wherein each causation-query block has a program-name definition and wherein the list searching means comprises;
  
  causation-query branch list following means for searching along one or more of the linked causation-query branch lists for a causation-query block having a program-name definition satisfied by the identities of the one or more programs that caused the data access attempt, and wherein the list searching means comprises;
  
  linked-trunk_list following means for searching along one or more of the linked trunk_lists for a target-query block having a file-name definition satisfied by the identity of the requested data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 30, 31, 32, 33)
- - 2. A machine system according to claim 1 wherein said data-providing means includes:
    - (a.1) nonvolatile storage means for storing the two or more digital data files.
  - 3. A machine system according to claim 2 wherein:
    - (a.2) said data-providing means further includes volatile storage means for temporarily storing plaintext data derived from a selected one of the two or more digital data files;
      
      (a.1a) the two or more digital data files stored in said nonvolatile storage means include confidential data portions that are encrypted under a volume-encryption key; and
      
      (d) said machine system further includes volume-encryption means for generating volatile-only plaintext data by decrypting the confidential data portions of a selected one of the digital data files stored in said nonvolatile storage means after approval of access to the selected file by said deny/approve means, and by transmitting the decrypted confidential data exclusively to the volatile storage means.
  - 4. A machine system according to claim 1 wherein:
    - (b.1) said interceptable access mechanism operates within a dynamically-link loaded environment having portable-executable modules.
  - 5. A machine system according to claim 1 wherein:
    - (c.2) the bubble-control means intercepts file-OPEN requests made by said identifiable, requesting programs.
  - 6. A machine system according to claim 1 wherein:
    - (c.2) the bubble-control means posts a security alert message to a network upon denial of a file access request.
  - 7. A machine system according to claim 1 wherein the deny/approve means includes:
    - (c.1a) extension test means for comparing an extension portion of the name of a requested file with an extensions registry associating such extensions with corresponding programs that use files with such extensions; and
      
      (c.1b) quick-approval means for returning an access approval when the requesting program is associated through the extensions registry with the extension portion of the name of the requested file.
  - 8. A machine system according to claim 1 wherein:
    - each causation-query block has a master/slave condition field for indicating whether an identified program that caused the data access attempt and satisfies the program-name definition of the causation-query block needs to be a proximate cause of the data access attempt or if it can be a non-proximate cause of the data access attempt; and
      
      the deny/approve means is responsive to said master/slave condition field.
  - 9. A machine system according to claim 1 wherein:
    - each causation-query block has an alert data field for defining an alert action to be taken or not in the case of a denial; and
      
      the deny/approve means is responsive to said alert data field.
  - 10. A machine system according to claim 1 wherein:
    - each causation-query block has a deny/approve field for defining whether an access approval or denial decision should be reached in the case of a condition satisfaction between the program-name definition and the identified program that caused the data access attempt; and
      
      the deny/approve means is responsive to said deny/approve field.
  - 11. A machine system according to claim 1 wherein:
    - each target-query block has a default alert data field for defining a default alert action to be taken or not in the case of a denial; and
      
      the deny/approve means is responsive to said default alert data field.
  - 30. The machine system of claim 1 wherein:
    - (c.1a) said deny/approve means responsively denies or approves data access to the data of the pre-classified subset of files based on both the identity of one or more of the access-attempting programs and on the time of the access attempt.
  - 31. The machine system of claim 1 wherein:
    - (c.1a) said deny/approve means responsively denies or approves data access to the data of the pre-classified subset of files based further on a spatial causation attribute selected from the group consisting of;
      
      (c.1a1) geographic execution location of the request-causing program;
      
      (c.1a2) serial number of a machine in which the request-causing program executes; and
      
      (c.1a3) machine name of a machine in which the request-causing program executes.
  - 32. The machine system of claim 31 wherein said deny/approve means includes:
    - (c.1a2′
      
      ) serial number range testing means for testing whether the serial number of the machine in which the request-causing program executes lies within a predefined range of serial numbers.
  - 33. The machine system of claim 6 wherein:
    - (c.2a) said security alert message is distributed across the network in accordance with a seriousness attribute that indicates a seriousness level for the corresponding denial to the file access request.

12. For use in a machine system having a data-providing means that provides data of an identified one of plural digital data files, where each of said files is identifiable by a file name, a machine-implemented method for protecting the information of said files from unauthorized access by way of unauthorized ones of identifiable programs, said method comprising the steps of:
- (a) intercepting data access attempts made by access requesting programs for data in an identified one of said files;
  
  (b) first testing each intercepted data access attempt for satisfaction of a first predefined, classifying condition that classifies one or both of the identity of one or more of the access requesting programs and the time of the access request;
  
  (c) second testing each intercepted data access attempt for satisfaction of a second predefined, classifying condition that classifies the identity of the requested file, wherein at least one said second predefined, classifying condition classifies the identities of plural ones of the digital data files, wherein the second testing further comprises searching one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first conditions by the identities of one or more programs that caused the data access attempt and the satisfaction of one or more pre-defined second conditions by the identity of the requested file,wherein the bubble lists include one or more linked trunk_lists, wherein each linked trunk_list has one or more target-query blocks and an end-of-trunk_list marker, wherein each target-query block includes a file-name definition and each target-query block is associated with a corresponding one or more causation-query blocks that each defines a respective query for a cause of the attempted access to the data of a requested file, wherein each target-query block points to a corresponding causation-query branch list, wherein each causation-query branch list has one or more causation-query blocks and an end-of-branch list marker, wherein each causation-query block has a program-name definition and wherein the second testing further comprises;
  
  searching along one or more of the linked causation-query branch lists for a causation-query block having a program-name definition satisfied by the identities of the one or more programs that caused the data access attempt, and wherein the second testing further comprises searching along one or more of the linked trunk_lists for a target-query block having a file-name definition satisfied by the identity of the requested file; and
  
  (d) in response to said first and second testing steps, denying or approving access to the data of the requested file.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. A machine-implemented method according to claim 12 wherein:
    - (a.1) said intercepting step occurs within a dynamically-link loaded environment having portable-executable modules.
  - 14. A machine-implemented method according to claim 12 wherein said first testing step includes:
    - (b.1) matching of the identity of at least one of the access requesting programs with a pre-defined first causation-classifying query.
  - 15. A machine-implemented method according to claim 14 wherein said first testing step includes:
    - (b.2) matching of the identity of the at least one access requesting program with a predefined level of responsibility for causing the corresponding data access attempt to be made.
  - 16. A machine-implemented method according to claim 15 wherein said predefined level of responsibility is either MASTER or SLAVE.
  - 17. A machine-implemented method according to claim 12 wherein said first predefined, classifying condition of the first testing step calls for:
    - (b.1) classifying a combination of plural programs as being responsible for the access request wherein a first such program is classified as a MASTER and the other is classified as a SLAVE of the first program.
  - 18. A machine-implemented method according to claim 12 wherein said second testing step includes:
    - (c.1) a target-query test that classifies the identity of the requested file according to whether that identity satisfies a predefined second search query.
  - 19. A machine-implemented method according to claim 12 wherein(d.1) an affirmative satisfaction of said first and second testing steps logically links to a specific one of an access DENY and an access APPROVE action;
    - and(d.2) nonsatisfaction of said first and second testing steps logically links to a default access denial action.
  - 20. A machine-implemented method according to claim 19 wherein(d.3) if an affirmative satisfaction of said first and second testing steps logically links to a specific access DENY action, a corresponding logical link is further established to a specific alert action that is associated with the specific access DENY action.
  - 21. A machine-implemented method according to claim 20 wherein(d.4) if nonsatisfaction of said first and second testing steps occurs, a corresponding logical link is further established to a default alert action that is associated with the corresponding default access denial action.
  - 22. A machine-implemented method according to claim 21 further comprising the step of:
    - (e) in response to a denial of the requested access, posting a correspondingly-leveled security alert message for alerting correspondingly responsible entities of the access attempt and denial so that such responsible entities can take appropriate responsive action.
  - 23. A machine-implemented method according to claim 22 wherein(e.1) in accordance with a prespecified level for the to-be posted security alert message, said posting is to a corresponding one or more of:
    - (e.1a) a local terminal of a machine that originated the denied request for access;
      
      (e.1b) a local network of the machine that originated the denied request for access; and
      
      (e.1c) an enterprise wide network of the machine that originated the denied request for access, said enterprise wide network being larger than and including said local network.

24. An instruction conveying apparatus for operatively instructing a predefined, instructable machine to carry out bubble protection actions, said bubble protection actions comprising:
- (a) intercepting a data access request caused by one or more causation-sourcing events for access to targeted data having a unique identity;
  
  (b) first testing the identity of the targeted data for satisfaction of a predefined target classifying condition, wherein at least one predefined target classifying condition covers plural ones of said targeted data that have corresponding, unique identities, wherein the first testing further comprises searching one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first conditions by the identities of one or more programs that caused the data access attempt and the satisfaction of one or more pre-defined second conditions by the identity of the requested file,wherein the bubble lists include one or more linked trunk_lists, wherein each linked trunk_list has one or more target-query blocks and an end-of-trunk_list marker, wherein each target-query block includes a file-name definition and each target-query block is associated with a corresponding one or more causation-query blocks that each defines a respective query for a cause of the attempted access to the data of a requested file, wherein each target-query block points to a corresponding causation-query branch list, wherein each causation-query branch list has one or more causation-query blocks and an end-of-branch list marker, wherein each causation-query block has a program-name definition, and wherein the first testing further comprises searching along one or more of the linked trunk_lists for a target-query block having a file-name definition satisfied by the identity of the requested file;
  
  (c) second testing at least one of the identity of the one or more causation sourcing events or the locations of the one or more causation-sourcing events or the timing of the corresponding data access request for satisfaction of a predefined causation classifying condition, wherein the second testing further comprises;
  
  searching along one or more of the linked causation-query branch lists for a causation-query block having a program-name definition satisfied by the identities of the one or more programs that caused the data access attempt; and
  
  (d) in response to said first and second testings, approving or denying the intercepted data access request.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The instruction conveying apparatus of claim 24 wherein said bubble protection actions further comprise:
    - (e) in response to a denial based on said first and second testings, posting an alert message for alerting correspondingly responsible entities of the access attempt and denial so that such responsible entities can take appropriate responsive action.
  - 26. The instruction conveying apparatus of claim 24 wherein(b.1) said predefined target classifying condition includes wild card designations for classifying the identity of the plural ones of said targeted data.
  - 27. The instruction conveying apparatus of claim 24 wherein(c.1) said predefined causation classifying condition includes wild card designations for classifying the identity of a tested causation event.
  - 28. The instruction conveying apparatus of claim 24 wherein(c.1) said predefined causation classifying condition includes one or more timing classifications selected from the group consisting of:
    - day of a week, time of day, day of a month, month of a year, and year.
  - 29. The instruction conveying apparatus of claim 24 wherein(c.1) said predefined causation classifying condition includes combinatorial logic operators at least for defining AND and OR combinations of conditions to be satisfied.

34. A machine system for protecting in-file information from unauthorized access through unauthorized entities making access-opening attempts at potentially unauthorized times and/or from potentially unauthorized locations, said machine system comprising:
- (a) data-providing means for providing data of an identified one of plural digital data files, where each of said files is identifiable by a unique file pathname;
  
  (b) system memory into which executable code can be stored;
  
  (c) an interceptable, data-access providing mechanism through which data of identified files of the data-providing means can be opened for access by data-requesting programs;
  
  (c) bubble-control means coupled to intercept file-opening attempts made through said interceptable access mechanism by said data-requesting programs,(c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided at least partially within said system memory and is used for testing all the intercepted file-opening attempts and responsively denying or approving opening of access to the data of a predefined one or more classes of said files based on membership of the identified files in one predefined classes of files and further based on one or more of;
  
  (c.1a) the identity of one or more programs that are directly or indirectly responsible for the making of the access-attempt;
  
  (c.1b) the origination time of the access attempt;
  
  (c.1c) the respective geographic execution locations of one or more programs which are directly or indirectly causing the making of the access-attempt;
  
  (c.1d) the respective serial numbers of one or more machines executing one or more of the programs which are directly or indirectly causing the making of the access-attempt; and
  
  (c.1e) the respective names of one or more machines executing one or more of the programs which are directly or indirectly causing the making of the access-attempt;
  
  wherein at least one said predefined classes of files has plural members, wherein the deny/approve means further includes;
  
  list searching means for searching one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first conditions by the identities of one or more programs that caused the data access attempt and the satisfaction of one or more pre-defined second conditions by the identity of the requested data file,wherein the bubble lists include one or more linked trunk_lists, wherein each linked trunk_list has one or more target-query blocks and an end-of-trunk_list marker, wherein each target-query block includes a file-name definition and each target-query block is associated with a corresponding one or more causation-query blocks that each defines a respective query for a cause of the attempted access to the data of a requested data file, wherein each target-query block points to a corresponding causation-query branch list, wherein each causation-query branch list has one or more causation-query blocks and an end-of-branch list marker, wherein each causation-query block has a program-name definition and wherein the list searching means comprises;
  
  causation-query branch list following means for searching along one or more of the linked causation-query branch lists for a causation-query block having a program-name definition satisfied by the identities of the one or more programs that caused the data access attempt, and wherein the list searching means comprises;
  
  linked-trunk_list following means for searching along one or more of the linked trunk_lists for a target-query block having a file-name definition satisfied by the identity of the requested data file.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42)
- - 35. The machine system of claim 34 wherein:
    - (c.1a1) said identity of the one or more programs is defined by a class-defining query specification provided within said machine system.
  - 36. The machine system of claim 34 wherein:
    - (c.1a1) said identity of the one or more programs includes an access-type indication which indicates that the identified one or more programs can be indirectly responsible for the making of the access-attempt by virtue of having invoked a slave program to cause the making of the access-attempt.
  - 37. The machine system of claim 34 wherein:
    - (c.1a1) said identity of the one or more programs includes an access-type indication which indicates that the identified one or more programs must be directly responsible for the making of the access-attempt rather than having caused the making of the access-attempt by virtue of having invoked one or more slave programs to cause the making of the access-attempt.
  - 38. The machine system of claim 34 wherein:
    - (c.1b1) said origination time of the access attempt is defined by a temporal class-defining query specification provided within said machine system.
  - 39. The machine system of claim 38 wherein:
    - (c.1b2) said temporal class-defining query specification identifies a temporal range according to days of the week.
  - 40. The machine system of claim 38 wherein:
    - (c.1b2) said temporal class-defining query specification identifies a temporal range according to hours and/or minutes of the day.
  - 41. The machine system of claim 38 wherein:
    - (c.1b2) said temporal class-defining query specification identifies a temporal range according to a calendar date.
  - 42. The machine system of claim 34 wherein:
    - (c.1d1) said respective serial numbers are defined by an indicator indicating a range of serial numbers, where said serial numbers range indicator is provided within said machine system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Jones, Kevin, Grawrock, David
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Armouche; Hadi

Application Number

US10/638,940
Publication Number

US 20040093506A1
Time in Patent Office

2,234 Days
Field of Search

709/203, 709/229, 713/165, 713/166, 713/189, 707/9, 726/27, 726/30
US Class Current

726/27
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 2209/542   Intercept

Y10S 707/99939   Privileged access

Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links