System and methodology providing secure workspace environment
First Claim
1. In a computer system, a method for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprising:
- creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed;
hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications;
during operation of the applications, encrypting the information to prevent unauthorized access;
in response to a request for access to the information, determining whether the request complies with the policy; and
if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.
1 Assignment
0 Petitions
Accused Products
Abstract
System and methodology providing a secure workspace environment is described. In one embodiment, for example, in a computer system, a method is described for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprises steps of: creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.
104 Citations
45 Claims
-
1. In a computer system, a method for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprising:
-
creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system providing a secured workspace for allowing users to run applications in a secured manner, the system comprising:
-
a computer running under control of an existing operating system; a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; a module for intercepting particular functions of the existing operating system in order to allow the secured workspace to run under the existing operating system, said module permitting the secured workspace to obtain control over the information created during operation of the applications; an encryption module for preventing unauthorized access to the information; and a decryption module for providing authorized access to the information, in response to receiving a request that complies with the policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system providing a secured desktop environment that allows users to run application software securely, the system comprising:
-
a computer running under an operating system, said computer including application software for use by users; and a secured desktop environment comprising; a configurable policy specifying permitted operations of the application software and specifying permitted access to information created during operation of the application software; a hooks engine for intercepting particular calls to the operating system, thereby allowing the secured desktop environment to control operations of the application software and control access to information created during operation of the application software; and a module, operating in conjunction with said policy and said hooks engine, for encrypting the information created during operation of the application software, and for preventing any operation of the application software that is not permitted and any access to the information that is not permitted, wherein said module provides access to a decrypted copy of the information in response to receiving a request for access to the information that complies with the policy. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification