Data security in a disconnected environment

US 8,826,449 B2
Filed: 09/27/2007
Issued: 09/02/2014
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for data protection comprising:

receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records;

accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user;

determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system;

responsive to a determination that the maintained count does not exceed the threshold;

providing a result of the requested data record to the user;

incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and

further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and

responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.

Citations

11 Claims

1. A computer-implemented method for data protection comprising:
- receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records;
  
  accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user;
  
  determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system;
  
  responsive to a determination that the maintained count does not exceed the threshold;
  
  providing a result of the requested data record to the user;
  
  incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and
  
  further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and
  
  responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein incrementing the maintained count comprises advancing the maintained count by one.
  - 3. The method according to claim 1, wherein incrementing the maintained count comprises incrementing the maintained count for each record in the result of the requested data record.
  - 4. The method according to claim 1, wherein incrementing the maintained count comprises incrementing the maintained count for each record in a result of the request.
  - 5. The method according to claim 1 further comprising:
    - receiving instructions from the external access control system to modify the maintained count.
  - 6. The method according to claim 1 further comprising:
    - receiving instructions from the external access control system to modify the threshold.
  - 7. The method according to claim 1 further comprising:
    - notifying the external access control system of the maintained count.
  - 8. The method according to claim 1 further comprising:
    - notifying the external access control system that the maintained count exceeds the threshold.
  - 9. The method according to claim 1 further comprising:
    - sending information on the request for the encrypted data record to the external access control system.
  - 10. The method according to claim 1, wherein the maintained count is specific to the encryption key.

11. A non-transitory computer-readable medium whose contents cause a computer to perform a method for data protection comprising:
- receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records;
  
  accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user;
  
  determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system;
  
  responsive to a determination that the maintained count does not exceed the threshold;
  
  providing a result of the requested data record to the user;
  
  incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and
  
  further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and
  
  responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Branske, Hilary

Application Number

US11/906,077
Publication Number

US 20090089591A1
Time in Patent Office

2,532 Days
Field of Search

713/155, 713/164, 713/165, 713/167, 713/182, 713/189, 713/193, 726/2, 726/4, 726/17, 726/22, 726/23, 726/26, 726/27, 726/30
US Class Current

726/27
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6227   where protection concerns t...

G06F 21/6236   between heterogeneous systems

G06F 21/88   Detecting or preventing the...

G06F 2221/2107   File encryption

G06F 2221/2135   Metering

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0816   Key establishment, i.e. cry...

Data security in a disconnected environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Data security in a disconnected environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links