System and method for intelligence based security

US 9,141,815 B2
Filed: 12/12/2012
Issued: 09/22/2015
Est. Priority Date: 02/18/2005
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computer system having a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the computer system to perform data security operations, the method comprising:

applying one or more security measures to data identified by an application-specific file type, maintain the one or more security measures applicable to data while the data is not in use, and automatically remove the one or more security measures from the data in response to detecting a triggering file operation requesting access to the data; and

applying the one or more security measures to the data in response to detecting a triggering file operation, the one or more security measures being applied based on one or more intelligence based encryption rules, each intelligence based encryption rule including one or more of;

a path at which data to be protected is stored, a scope of data to be protected stored at the path, or one or more attributes of processes required to be running for data to be protected; and

receiving one or more parameters defining a security policy, and generate the one or more intelligence based encryption rules based on the security policy;

identifying a hash of one or more user credentials stored in an operating system'"'"'s registry, the one or more user credentials including a password;

moving the hash from the registry to an encrypted folder by applying the one or more intelligence based encryption rules to the hash;

in response to a request by the operating system to perform a password check operation, placing an unencrypted version of the hash back in the registry; and

moving the hash from the registry back to the encrypted folder upon completion of the password check operation by the operating system.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Included in the present disclosure are a system, method and program of instructions operable to protect vital information by combining information about a user and what they are allowed to see with information about essential files that need to be protected on an information handling system. Using intelligent security rules, essential information may be encrypted without encrypting the entire operating system or application files. According to aspects of the present disclosure, shared data, user data, temporary files, paging files, the password hash that is stored in the registry, and data stored on removable media may be protected.

21 Citations

View as Search Results

18 Claims

1. A method implemented in a computer system having a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the computer system to perform data security operations, the method comprising:
- applying one or more security measures to data identified by an application-specific file type, maintain the one or more security measures applicable to data while the data is not in use, and automatically remove the one or more security measures from the data in response to detecting a triggering file operation requesting access to the data; and
  
  applying the one or more security measures to the data in response to detecting a triggering file operation, the one or more security measures being applied based on one or more intelligence based encryption rules, each intelligence based encryption rule including one or more of;
  
  a path at which data to be protected is stored, a scope of data to be protected stored at the path, or one or more attributes of processes required to be running for data to be protected; and
  
  receiving one or more parameters defining a security policy, and generate the one or more intelligence based encryption rules based on the security policy;
  
  identifying a hash of one or more user credentials stored in an operating system'"'"'s registry, the one or more user credentials including a password;
  
  moving the hash from the registry to an encrypted folder by applying the one or more intelligence based encryption rules to the hash;
  
  in response to a request by the operating system to perform a password check operation, placing an unencrypted version of the hash back in the registry; and
  
  moving the hash from the registry back to the encrypted folder upon completion of the password check operation by the operating system.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising blocking pending file open operations until after appropriate security measures have been applied to the data.
  - 3. The method of claim 1, wherein the intelligence based encryption rules include a type of data to be protected.

4. A system for securing data, comprising:
- at least one processor; and
  
  a memory operably coupled to at least one processor, the memory having program instructions stored thereon that, upon execution by the at least one processor, cause the system to;
  
  apply one or more security measures to data identified by an application-specific file type, maintain the one or more security measures applicable to data while the data is not in use, and automatically remove the one or more security measures from the data in response to detecting a triggering file operation requesting access to the data; and
  
  apply the one or more security measures to the data in response to detecting a triggering file operation, the one or more security measures being applied based on one or more intelligence based encryption rules, each intelligence based encryption rule including one or more of;
  
  a path at which data to be protected is stored, a scope of data to be protected stored at the path, or one or more attributes of processes required to be running for data to be protected; and
  
  receive one or more parameters defining a security policy, and generate the one or more intelligence based encryption rules based on the security policy;
  
  identify a hash of one or more user credentials stored in an operating system'"'"'s registry, the one or more user credentials including a password;
  
  move the hash from the registry to an encrypted folder by applying the one or more intelligence based encryption rules to the hash;
  
  in response to a request by the operating system to perform a password check operation, place an unencrypted version of the hash back in the registry; and
  
  move the hash from the registry back to the encrypted folder upon completion of the password check operation by the operating system.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The system of claim 4, further comprising the program of instructions including at least one instruction operable to block pending file open operations until after appropriate security measures have been applied to the file.
  - 6. The system of claim 4, wherein the intelligence based encryption rules include a type of data to be protected.
  - 7. The system of claim 4, wherein the program of instructions is operable to apply one or more security measures to a paging file associated with the one or more applications.
  - 8. The system of claim 4, wherein the program of instructions includes at least one instruction operable to apply one or more security measures to data maintained on accessible removable media.

9. A memory device having program instructions stored thereon that, upon execution by a processor of a computer system, cause the computer system to:
- receive parameters defining a security policy;
  
  generate one or more intelligent security rules that are based on the security policy and that are directed to data that is identified by an application-specific file type;
  
  detect, by an intelligent security filter, a triggering file operation generated by an application that provides the application-specific file type;
  
  determine, by the intelligent security filter, that the one or more intelligent security rules requires a security measure to be applied to the data in response to the triggering file operation; and
  
  responsive to determining that the triggering file operation requires the security measure, apply the security measure to the data, wherein the detecting, determining, generating, and applying are performed without user interaction, wherein the security measure is applied without direction and control from the application, wherein the data includes a hash of a password stored in an operating system'"'"'s registry, and wherein applying the security measure includes;
  
  (a) moving the hash from the registry to an encrypted folder, (b) placing an unencrypted version of the hash back in the registry in response to performance of a password check operation, and (c) moving the hash from the registry back to the encrypted folder upon completion of the password check operation.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The memory device of claim 9, wherein the security measure further includes one or more techniques selected from the group consisting of:
    - encrypting data and writing the encrypted data to the storage section, decrypting data and providing the decrypted data to the application, and restricting access to data.
  - 11. The memory device of claim 9, wherein the one of more intelligent security rules include at least one qualifier and at least one attribute.
  - 12. The memory device of claim 11, wherein the attribute of each rule indicates whether data identified by the rule is to be encrypted or to remain unencrypted and, if encrypted, what type of encryption and what type of key are to be used for encryption.
  - 13. The memory device of claim 11, wherein the qualifier of each rule includes one or more of:
    - a pathname, a path scope, a data type, a file system owner, one or more file system attributes, one or more running process attributes, or an owner.
  - 14. The memory device of claim 9, wherein at least one of the one or more intelligent security rules requires a security measure to be applied to data stored in removable media.
  - 15. The memory device of claim 9, wherein the computer system further includes a network connection, and wherein at least one of the one or more intelligent security rules requires a security measure to be applied to data stored in a remote storage location that is accessed via the network connection.
  - 16. The memory device of claim 9, further comprising logging security relevant file operations based on the one or more intelligent security rules.
  - 17. The memory device of claim 9, wherein the security measure further includes encrypting data placed in an application-swap file with the intelligent security filter.
  - 18. The memory device of claim 9, wherein the security measure includes decrypting data placed in an application-swap file with the intelligent security filter when the application-swap file is accessed by the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Credant Technologies Incorported (Dell Technologies Inc.)
Inventors
Burchett, Christopher D., Jaynes, Jason, Chin, Bryan, Consolver, David
Primary Examiner(s)
Traore, Fatoumata

Application Number

US13/712,771
Publication Number

US 20130104192A1
Time in Patent Office

1,014 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04L 9/088   Usage controlling of secret...

H04L 9/321   involving a third party or ...

System and method for intelligence based security

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System and method for intelligence based security

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others