Method and apparatus for the protection of information in a device upon separation from a network
First Claim
Patent Images
1. A method for protecting sensitive information stored on a computer device, the method comprising:
- using a hardware service component resident on the device, detecting a first change in network access of the device, the first change comprising a switch of access, by the device, from a trusted network to an untrusted network;
using the hardware service component, communicating the first change in network access to a software file-system driver that is resident on the device, wherein the software file-system driver is a kernel-level component;
using the software file-system driver, hiding and encrypting a sensitive file that resides locally on the device in response to detection by the hardware service component of the first change in network access from the trusted network to the untrusted network;
using the hardware service component, detecting a second change in network access of the device, the second change comprising a switch of access, by the device, from the untrusted network to the trusted network; and
using the software file-system driver, decrypting and displaying the sensitive file in response to detection by the hardware service component of the second change in network access from the untrusted network to the trusted network;
wherein;
in response to the first change from the trusted network to the untrusted network, the software file-system driver searches for the sensitive file in ROM, RAM and on a hard disk of the device;
when the sensitive file is hidden and encrypted, a user of the device cannot see, open and delete the sensitive file when using the device;
when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive file when using the device; and
when the device is connected to the untrusted network, the software file-system driver performs a polling loop that continually checks for creation of a new sensitive file stored locally on the device and, in response to detecting the creation of the new sensitive file, encrypts and hides the new sensitive file.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and consumer-readable media for providing an system implementing an information lock box. Sensitive files may be identified by the system prior to engagement of the protection system. One method according to the invention may preferably include hiding and/or encrypting sensitive files upon detecting changes of the network status. The information lock box may utilize a file-system driver to control access to files. The system may communicate with administrative serve and communicating messages to a user.
-
Citations
11 Claims
-
1. A method for protecting sensitive information stored on a computer device, the method comprising:
-
using a hardware service component resident on the device, detecting a first change in network access of the device, the first change comprising a switch of access, by the device, from a trusted network to an untrusted network; using the hardware service component, communicating the first change in network access to a software file-system driver that is resident on the device, wherein the software file-system driver is a kernel-level component; using the software file-system driver, hiding and encrypting a sensitive file that resides locally on the device in response to detection by the hardware service component of the first change in network access from the trusted network to the untrusted network; using the hardware service component, detecting a second change in network access of the device, the second change comprising a switch of access, by the device, from the untrusted network to the trusted network; and using the software file-system driver, decrypting and displaying the sensitive file in response to detection by the hardware service component of the second change in network access from the untrusted network to the trusted network; wherein; in response to the first change from the trusted network to the untrusted network, the software file-system driver searches for the sensitive file in ROM, RAM and on a hard disk of the device; when the sensitive file is hidden and encrypted, a user of the device cannot see, open and delete the sensitive file when using the device; when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive file when using the device; and when the device is connected to the untrusted network, the software file-system driver performs a polling loop that continually checks for creation of a new sensitive file stored locally on the device and, in response to detecting the creation of the new sensitive file, encrypts and hides the new sensitive file. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A mobile device for protecting sensitive information comprising:
-
a memory configured to store execution instructions and a sensitive document; and a processor coupled with the memory, the processor configured to execute the instructions, the instructions configured to cause the processor to; using a hardware service component resident on the mobile device, detect a first change in network access of the device, the first change comprising a first switch of access, by the device, from a trusted network to an untrusted network; using the hardware service component, communicating the first change in network access to a file-system driver that is resident on the mobile device, wherein the file-system driver is a kernel-level component; using the file-system driver, hide and encrypt a sensitive document that resides locally on the mobile device in response to detection by the hardware service component of the first switch; using the hardware service component, detect a second change in network access of the device, the second change comprising a second switch of access, by the mobile device, from the untrusted network to the trusted network; and using the file-system driver, decrypt and display the sensitive document that resides locally on the mobile device in response to detection by the hardware service component of the second switch; wherein; in response to the first change from the trusted network to the untrusted network, the file-system drive searches for the sensitive document in ROM, RAM and on a hard disk of the device; when the sensitive file is encrypted and hidden, a user of the device cannot see, open and delete the sensitive document when using the device; when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive document when using the device; and when the mobile device is connected to the untrusted network, the file-system performs a polling loop that continually checks for creation of a new sensitive document stored locally on the mobile device and, in response to detecting the creation of the new sensitive document, encrypts and hides the new sensitive document. - View Dependent Claims (7, 8, 9, 10, 11)
-
Specification