Apparatus, systems, and methods for managing data security
First Claim
Patent Images
1. An apparatus comprising:
- non-transitory memory configured to store computer readable instructions of a module and a security status table, wherein the security status table comprises at least one identifier of protected data items that are subject to a security policy;
a processor in communication with the memory, configured to run the module stored in the memory, wherein the module is configured to;
detect a transfer of a first data item to a destination device, wherein the transfer of the first data item is initiated by an application running on the apparatus;
determine a first identifier of the first data item;
determine that the security status table comprises the first identifier of the first data item, indicating that the first data item is a protected data item;
cause the security policy to be applied to the first data item to prevent non-authorized access to the first data item;
detect a transfer of a second data item to the destination device;
determine that a size of the second data item is smaller than a predetermined size of data needed to determine an identifier of a data item;
detect a transfer of a third data item to the destination device;
merge the second data item and the third data item to form a fourth data item;
determine a second identifier of the fourth data item;
determine that the security status table comprises the second identifier, indicating that the second data item and the third data item are protected data items; and
cause the security policy to be applied to the second data item and the third data item to prevent non-authorized access to the second data item and the third data item.
13 Assignments
0 Petitions
Accused Products
Abstract
Disclosed embodiments of a data protection mechanism can provide secure data management. In particular, the disclosed embodiments provide secure data management mechanisms that can control transfer of data items so that contents of protected data items are not accessible to non-authorized parties. For example, the disclosed system can prevent an application from storing a protected file using a new file name. As another example, the disclosed system can prevent an application from sending a protected file to another computing device over a communication network.
-
Citations
18 Claims
-
1. An apparatus comprising:
-
non-transitory memory configured to store computer readable instructions of a module and a security status table, wherein the security status table comprises at least one identifier of protected data items that are subject to a security policy; a processor in communication with the memory, configured to run the module stored in the memory, wherein the module is configured to; detect a transfer of a first data item to a destination device, wherein the transfer of the first data item is initiated by an application running on the apparatus; determine a first identifier of the first data item; determine that the security status table comprises the first identifier of the first data item, indicating that the first data item is a protected data item; cause the security policy to be applied to the first data item to prevent non-authorized access to the first data item; detect a transfer of a second data item to the destination device; determine that a size of the second data item is smaller than a predetermined size of data needed to determine an identifier of a data item; detect a transfer of a third data item to the destination device; merge the second data item and the third data item to form a fourth data item; determine a second identifier of the fourth data item; determine that the security status table comprises the second identifier, indicating that the second data item and the third data item are protected data items; and cause the security policy to be applied to the second data item and the third data item to prevent non-authorized access to the second data item and the third data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
maintaining, at a computing device, a security status table, wherein the security status table comprises at least one identifier of protected data items that are subject to a security policy; detecting, at the computing device, a transfer of a first data item to a destination device, wherein the transfer of the first data item is initiated by an application running on the computing device; determining, at the computing device, a first identifier of the first data item; determining, at the computing device, that the security status table comprises the first identifier of the first data item, indicating that the first data item is a protected data item; causing, by the computing device, the security policy to be applied to the first data item to prevent non-authorized access to the first data item; detecting, at the computing device, a transfer of a second data item to the destination device; determining, at the computing device, that a size of the second data item is smaller than a predetermined size of data needed to determine an identifier of a data item; detecting, at the computing device, a transfer of a third data item to the destination device; merging, at the computing device, the second data item and the third data item to form a fourth data item; determining, at the computing device, a second identifier of the fourth data item; determining, at the computing device, that the security status table comprises the second identifier, indicating that the second data item and the third data item are protected data items; and causing, by the computing device, the security policy to be applied to the second data item and the third data item to prevent non-authorized access to the second data item and the third data item. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium having executable instructions operable to cause a computing device to:
-
maintain a security status table that comprises at least one identifier of protected data items that are subject to a security policy; detect a transfer of a first data item to a destination device, wherein the transfer of the first data item is initiated by an application running on the computing device; determine a first identifier of the first data item; determine that the security status table comprises the first identifier of the first data item, indicating that the first data item is a protected data item; cause the security policy to be applied to the first data item to prevent non-authorized access to the first data item; detect a transfer of a second data item to the destination device; determine that a size of the second data item is smaller than a predetermined size of data needed to determine an identifier of a data item; detect a transfer of a third data item to the destination device; merge the second data item and the third data item to form a fourth data item; determine a second identifier of the fourth data item; determine that the security status table comprises the second identifier, indicating that the second data item and the third data item are protected data items; and cause the security policy to be applied to the second data item and the third data item to prevent non-authorized access to the second data item and the third data item. - View Dependent Claims (16, 17, 18)
-
Specification