Securing data using integrated host-based data loss agent with encryption detection

US 8,893,285 B2
Filed: 03/14/2008
Issued: 11/18/2014
Est. Priority Date: 03/14/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting an attempted access to write content in a host computer system to a removable device;

determining whether the content comprises data that is not encrypted;

determining an encryption status of the removable device, based, at least in part, on examining whether blocks or sectors written on the removable device are encrypted or whether an encrypted portion of the content will be written to the removable device; and

blocking the attempted access to the removable device, based, at least in part, on the encryption status, and in response to a determination that the content comprises the data that is not encrypted.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securing data in a computer system provides the capability to secure information even when it leaves the boundaries of the organization using a data loss agent integrated with encryption software. A method for securing data in a computer system comprises detecting attempted connection or access to a data destination to which sensitive data may be written, determining an encryption status of the data destination, allowing the connection or access to the data destination when the data destination is encrypted, and taking action to secure the sensitive data when the data destination is not encrypted.

187 Citations

17 Claims

1. A method, comprising:
- detecting an attempted access to write content in a host computer system to a removable device;
  
  determining whether the content comprises data that is not encrypted;
  
  determining an encryption status of the removable device, based, at least in part, on examining whether blocks or sectors written on the removable device are encrypted or whether an encrypted portion of the content will be written to the removable device; and
  
  blocking the attempted access to the removable device, based, at least in part, on the encryption status, and in response to a determination that the content comprises the data that is not encrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the blocking comprises allowing a restricted access to the removable device.
  - 3. The method of claim 2, wherein the blocking comprises indicating that a connection of the removable device failed, and the allowing the restricted access to the removable device comprises allowing a read-only access to the removable device.
  - 4. The method of claim 1, wherein the attempted access comprises attempting to write the data to the removable device, and the determining the encryption status comprises determining if the data is encrypted or if the data will be encrypted during or after being written to the removable device.
  - 5. The method of claim 4, wherein the blocking blocks a writing of the data to the removable device.
  - 6. The method of claim 1, further comprising:
    - comparing the content against a security policy, wherein the blocking blocks an attempted access to plain text data files.
  - 7. The method of claim 1, further comprising:
    - determining if an encryption policy on the host computer system will encrypt the content.

8. A computer system for handling data, comprising:
- a processor operable to execute computer program instructions; and
  
  a memory operable to store the computer program instructions, wherein the computer program instructions, when executed, cause the processor todetect an attempted access to write content to a removable device;
  
  determine whether the content comprises data that is not encrypted;
  
  determine an encryption status of the removable device, based, at least in part, on examining whether blocks or sectors written on the removable device are encrypted or whether an encrypted portion of the content will be written to the removable device; and
  
  block the attempted access to the removable device, based, at least in part, on the encryption status, and in response to a determination that the content comprises the data that is not encrypted.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the computer program instructions cause the processor to block the attempted access by allowing a restricted access to the removable device.
  - 10. The system of claim 9, wherein the computer program instructions cause the processor to block the attempted access by indicating that a connection of the removable device failed, and the computer program instructions cause the processor to allow the restricted access to the removable device by allowing a read-only access to the removable device.
  - 11. The system of claim 8, wherein the attempted access comprises attempting to write the data to the removable device, and the encryption status is determined by determining if the data is encrypted or if the data will be encrypted during or after being written to the removable device.
  - 12. The system of claim 11, wherein computer program instructions cause the processor to block the attempted access by blocking a writing of the data to the removable device.

13. A computer program product embodied in a non-transitory medium and, when executed by a processor, causes the processor to perform operations, comprising:
- detecting an attempted access to write content in a host computer system to a removable device;
  
  determining whether the content comprises data that is not encrypted;
  
  determining an encryption status of the removable device, based, at least in part, on examining whether blocks or sectors written on the removable device are encrypted or whether an encrypted portion of the content will be written to the removable device; and
  
  blocking the attempted access to the removable device, based, at least in part, on the encryption status, and in response to a determination that the content comprises the data that is not encrypted.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein the blocking comprises allowing a restricted access to the removable device.
  - 15. The computer program product of claim 14, wherein the blocking comprises indicating that a connection of the removable device failed, and the allowing the restricted access to the removable device comprises allowing a read-only access to the removable device.
  - 16. The computer program product of claim 13, wherein the attempted access comprises attempting to write the data to the removable device, and the determining the encryption status comprises determining if the data is encrypted or if the data will be encrypted during or after being written to the removable device.
  - 17. The computer program product of claim 16, wherein the blocking blocks a writing of the data to the removable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Zucker, Elad, Werner, Eran, Weidhagen, Mattias
Primary Examiner(s)
Cervetti, David Garcia
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US12/076,163
Publication Number

US 20090232300A1
Time in Patent Office

2,440 Days
Field of Search

380/2, 380/225, 726/2, 726/26, 726/27, 726/34, 726/1, 726/9, 726/22, 726/31, 726 29- 30, 713/165, 713/189, 713/193, 713/161, 713/182
US Class Current

726/26
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/78   to assure secure storage of...

H04L 63/0428   wherein the data content is...

Securing data using integrated host-based data loss agent with encryption detection

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

187 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data using integrated host-based data loss agent with encryption detection

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links