Protecting encrypted files transmitted over a network
First Claim
1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising:
- determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system;
examining, by the computer system, a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and
determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process.
7 Assignments
0 Petitions
Accused Products
Abstract
An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.
-
Citations
20 Claims
-
1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising:
-
determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system; examining, by the computer system, a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium having stored thereon, computer program code that, if executed by a device, causes the device to identify a destination address configured to be accessed by a window for a process operating on a computer system by a method, the method comprising:
-
determining a foreground window for the process, wherein the process is associated with the computer system; examining a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; and determining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An address identification system comprising:
-
a processor; and a memory coupled to the processor and configured to store instructions that in response to execution by the processor, cause the processor to invoke an address identifier monitor configured to identify a destination address configured to be accessed by a window for a process operating on a computer system, wherein the process is associated with the computer system, wherein the address identifier monitor comprises; a foreground window monitor configured to determine a foreground window for a process; a resource examiner configured to examine a resource within the foreground window to determine a destination address that is being accessed by the process having a process identifier, wherein the destination address is external with respect to the computer system; and a determining module configured to determine, based at least on the destination address and the process identifier, whether the process is a pre-approved process, in order to ascertain permissions for transmission of unsecured files for the process. - View Dependent Claims (18, 19, 20)
-
Specification