Method and system for policy-based protection of application data
First Claim
Patent Images
1. A method for protecting operational data, comprising:
- responsive to an attempt to execute an application at a local computing device, determining, by the local computing device, whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and
executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy,whereinthe operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system for protecting an application'"'"'s operational data are described. According to one aspect of the invention, an administrator interacts with a policy distribution server to generate an operational data protection policy. Next, the policy distribution server generates a data protection application embodying the policy. Various computing devices download and execute the data protection application. The data protection application controls how various applications access data storage objects and data interfaces, based on the operational data protection policy.
-
Citations
14 Claims
-
1. A method for protecting operational data, comprising:
-
responsive to an attempt to execute an application at a local computing device, determining, by the local computing device, whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy, wherein the operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium storing instructions, which, when executed by a computer, cause the computer to perform a method, said method comprising:
-
responsive to an attempt to execute an application at a local computing device, determining whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy, wherein the operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application. - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification