Protecting encrypted files transmitted over a network

US 8,307,067 B2
Filed: 02/19/2009
Issued: 11/06/2012
Est. Priority Date: 09/11/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising:

determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system;

examining, by the computer system, a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and

determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.

Citations

20 Claims

1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising:
- determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system;
  
  examining, by the computer system, a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and
  
  determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein the process is associated with a network browser operating on the computer system.
  - 3. The method as recited in claim 1, wherein the examining comprises:
    - determining whether the process is associated with a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address.
  - 4. The method as recited in claim 1, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.
  - 5. The method as recited in claim 1, wherein the resource comprises at least one of content or characteristics within the foreground window.
  - 6. The method as recited in claim 1, further comprising informing a file security system with respect to the destination address being accessed by the process such that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process in response to the informing.
  - 7. The method as recited in claim 6, wherein the process is associated with a network browser operating on the computer system.
  - 8. The method as recited in claim 7, wherein the examining comprises:
    - determining whether the process is associated with a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address.
  - 9. The method as recited in claim 8, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.

10. A computer-readable medium having stored thereon, computer program code that, if executed by a device, causes the device to identify a destination address configured to be accessed by a window for a process operating on a computer system by a method, the method comprising:
- determining a foreground window for the process, wherein the process is associated with the computer system;
  
  examining a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and
  
  determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-readable medium as recited in claim 10, wherein the examining comprises:
    - determining whether the process is associated with a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address.
  - 12. The computer-readable medium as recited in claim 10, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.
  - 13. The computer-readable medium as recited in claim 10, further comprising informing a file security system with respect to the destination address being accessed by the process such that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process in response to the informing.
  - 14. The computer-readable medium as recited in claim 13, wherein the process is associated with a network browser operating on the computer system.
  - 15. The computer-readable medium as recited in claim 14, wherein the examining comprises:
    - determining whether the process is associated with a network browser operating on the computer system; and
      
      examining the resource being displayed in the foreground window of the network browser to determine the destination address.
  - 16. The computer-readable medium as recited in claim 15, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system.

17. An address identification system comprising:
- a processor; and
  
  a memory coupled to the processor and configured to store instructions that in response to execution by the processor, cause the processor to invoke an address identifier monitor configured to identify a destination address configured to be accessed by a window for a process operating on a computer system, wherein the process is associated with the computer system, wherein the address identifier monitor comprises;
  
  a foreground window monitor configured to determine a foreground window for a process;
  
  a resource examiner configured to examine a resource within the foreground window to determine a destination address that is being accessed by the process having a process identifier, wherein the destination address is external with respect to the computer system; and
  
  a determining module configured to determine, based at least on the destination address and the process identifier, whether the process is a pre-approved process, in order to ascertain permissions for transmission of unsecured files for the process.
- View Dependent Claims (18, 19, 20)
- - 18. The system as recited in claim 17, wherein the resource examiner is further configured to:
    - determine that the process pertains to a network browser operating on the computer system; and
      
      examine the resource being displayed in the foreground window of the network browser to determine the destination address that is being accessed by the network browser.
  - 19. The system as recited in claim 17, wherein the address identifier monitor is further configured to separately identify destination addresses for each of a plurality of separate processes operating on the computer system.
  - 20. The system as recited in claim 17, wherein the address identifier monitor is further configured to inform a file security system about the destination address being or to be accessed by the process so that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Guardian Data Storage LLC (Intellectual Ventures LLC)
Inventors
Ryan, Nicholas M.
Primary Examiner(s)
BIAGINI, CHRISTOPHER D

Application Number

US12/389,076
Publication Number

US 20090150546A1
Time in Patent Office

1,356 Days
Field of Search

709/224
US Class Current

709/224
CPC Class Codes

H04L 63/20 for managing network securi...

Protecting encrypted files transmitted over a network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting encrypted files transmitted over a network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links