Method and system for policy-based protection of application data

US 8,095,517 B2
Filed: 02/08/2007
Issued: 01/10/2012
Est. Priority Date: 02/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method for protecting operational data, comprising:

responsive to an attempt to execute an application at a local computing device, determining, by the local computing device, whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and

executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy,whereinthe operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting an application'"'"'s operational data are described. According to one aspect of the invention, an administrator interacts with a policy distribution server to generate an operational data protection policy. Next, the policy distribution server generates a data protection application embodying the policy. Various computing devices download and execute the data protection application. The data protection application controls how various applications access data storage objects and data interfaces, based on the operational data protection policy.

Citations

14 Claims

1. A method for protecting operational data, comprising:
- responsive to an attempt to execute an application at a local computing device, determining, by the local computing device, whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and
  
  executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy,whereinthe operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the data protection application further secures the operational data by enabling particular data access methods used by the executing application to access one or more data storage objects or data interfaces while disabling other data access methods, wherein the particular data access methods that are enabled are selected based on the data protection policy.
  - 3. The method of claim 1, wherein the data protection application further secures the operational data by encrypting data when the executing application writes the data to a data storage object, and decrypting the data when the executing application reads the data from the data storage object, thereby preventing other applications from accessing the data in an unencrypted form.
  - 4. The method of claim 1, wherein the data protection application further secures the operational data by blocking the executing application from a particular data storage object.
  - 5. The method of claim 1, wherein the data protection application further secures the operational data by blocking one or more applications from a particular data storage object while granting one or more applications access to the particular data storage object.
  - 6. The method of claim 1, wherein the data protection application further secures operational data by enabling the executing application to access a data storage object, monitoring the executing application'"'"'s use of the data storage object, and cleansing the data storage object when the executing application is through using the data storage object.
  - 7. The method of claim 1, wherein the operational data protection policy includes one or more rules defined on a per application basis, so as to differ amongst various applications executing on the local computing device.
  - 8. The method of claim 1, wherein the operational data protection policy includes one or more rules defined on a per data access method basis, so as to enable access to one or more data storage objects via a particular data access method while disabling access to the one or more data storage objects via other data access methods.

9. A computer-readable storage medium storing instructions, which, when executed by a computer, cause the computer to perform a method, said method comprising:
- responsive to an attempt to execute an application at a local computing device, determining whether or not a current version of a data protection application residing on the local computing device is a most recent version of said data protection application and, if not, downloading, from a distribution server, an updated version of the data protection application to the local computing device, wherein the data protection application is generated at the distribution server and embodies an operational data protection policy established by an administrator; and
  
  executing the data protection application to secure operational data of an application executing on the local computing device from unauthorized access by another application based on rules defined by the data protection policy,wherein the operational data is generated by the executing application during an active user session and temporarily stored on the local computing device, the data protection application secures the operational data at least by enabling the executing application to generate an isolated data storage object on the local computing device to store the operational data therein, and the isolated data storage object is isolated and accessible only by the executing application so as to prevent the unauthorized access by another application.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer-readable storage medium of claim 9, wherein the data protection application further secures the operational data by enabling particular data access methods used by the executing application to access one or more data storage objects or data interfaces while disabling other data access methods, wherein the particular data access methods that are enabled are selected based on the data protection policy.
  - 11. The computer-readable storage medium of claim 9, wherein the data protection application further secures the operational data by encrypting data when the executing application writes the data to a data storage object, anddecrypting the data when the executing application reads the data from the data storage object, thereby preventing other applications from accessing the data in an unencrypted form.
  - 12. The computer-readable storage medium of claim 9, wherein the data protection application further secures the operational data by blocking the executing application from a particular data storage object.
  - 13. The computer-readable storage medium of claim 9, wherein the data protection application further secures the operational data by blocking one or more applications from a particular data storage object while granting one or more applications access to the particular data storage object.
  - 14. The computer-readable storage medium of claim 9, wherein the data protection application further secures the operational data by enabling the executing application to access a data storage object, monitoring the executing application'"'"'s use of the data storage object, and cleansing the data storage object when the executing application is through using the data storage object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Sandoval, Andrew Leonard, Kaplan, Yariv, Shamir, Roy Israel, Lu, Wei
Primary Examiner(s)
Ehichioya, Fred I
Assistant Examiner(s)
OBISESAN, AUGUSTINE KUNLE

Application Number

US11/672,894
Publication Number

US 20080196082A1
Time in Patent Office

1,797 Days
Field of Search

None
US Class Current

707/695
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/102   Entity profiles

H04L 67/12   specially adapted for propr...

H04L 67/306   User profiles

H04L 9/32   including means for verifyi...

Method and system for policy-based protection of application data

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for policy-based protection of application data

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links