Method and apparatus for the protection of information in a device upon separation from a network

US 9,378,379 B1
Filed: 06/16/2011
Issued: 06/28/2016
Est. Priority Date: 01/19/2011
Status: Active Grant

First Claim

Patent Images

1. A method for protecting sensitive information stored on a computer device, the method comprising:

using a hardware service component resident on the device, detecting a first change in network access of the device, the first change comprising a switch of access, by the device, from a trusted network to an untrusted network;

using the hardware service component, communicating the first change in network access to a software file-system driver that is resident on the device, wherein the software file-system driver is a kernel-level component;

using the software file-system driver, hiding and encrypting a sensitive file that resides locally on the device in response to detection by the hardware service component of the first change in network access from the trusted network to the untrusted network;

using the hardware service component, detecting a second change in network access of the device, the second change comprising a switch of access, by the device, from the untrusted network to the trusted network; and

using the software file-system driver, decrypting and displaying the sensitive file in response to detection by the hardware service component of the second change in network access from the untrusted network to the trusted network;

wherein;

in response to the first change from the trusted network to the untrusted network, the software file-system driver searches for the sensitive file in ROM, RAM and on a hard disk of the device;

when the sensitive file is hidden and encrypted, a user of the device cannot see, open and delete the sensitive file when using the device;

when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive file when using the device; and

when the device is connected to the untrusted network, the software file-system driver performs a polling loop that continually checks for creation of a new sensitive file stored locally on the device and, in response to detecting the creation of the new sensitive file, encrypts and hides the new sensitive file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and consumer-readable media for providing an system implementing an information lock box. Sensitive files may be identified by the system prior to engagement of the protection system. One method according to the invention may preferably include hiding and/or encrypting sensitive files upon detecting changes of the network status. The information lock box may utilize a file-system driver to control access to files. The system may communicate with administrative serve and communicating messages to a user.

Citations

11 Claims

1. A method for protecting sensitive information stored on a computer device, the method comprising:
- using a hardware service component resident on the device, detecting a first change in network access of the device, the first change comprising a switch of access, by the device, from a trusted network to an untrusted network;
  
  using the hardware service component, communicating the first change in network access to a software file-system driver that is resident on the device, wherein the software file-system driver is a kernel-level component;
  
  using the software file-system driver, hiding and encrypting a sensitive file that resides locally on the device in response to detection by the hardware service component of the first change in network access from the trusted network to the untrusted network;
  
  using the hardware service component, detecting a second change in network access of the device, the second change comprising a switch of access, by the device, from the untrusted network to the trusted network; and
  
  using the software file-system driver, decrypting and displaying the sensitive file in response to detection by the hardware service component of the second change in network access from the untrusted network to the trusted network;
  
  wherein;
  
  in response to the first change from the trusted network to the untrusted network, the software file-system driver searches for the sensitive file in ROM, RAM and on a hard disk of the device;
  
  when the sensitive file is hidden and encrypted, a user of the device cannot see, open and delete the sensitive file when using the device;
  
  when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive file when using the device; and
  
  when the device is connected to the untrusted network, the software file-system driver performs a polling loop that continually checks for creation of a new sensitive file stored locally on the device and, in response to detecting the creation of the new sensitive file, encrypts and hides the new sensitive file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising, marking the sensitive file.
  - 3. The method of claim 1 wherein the sensitive file is a portion of a file.
  - 4. The method of claim 1 further comprising, informing the user of the loss of access to the sensitive file.
  - 5. The method of claim 1 further comprising, providing access to the sensitive file when the computer is re-connected to a known-safe network.

6. A mobile device for protecting sensitive information comprising:
- a memory configured to store execution instructions and a sensitive document; and
  
  a processor coupled with the memory, the processor configured to execute the instructions, the instructions configured to cause the processor to;
  
  using a hardware service component resident on the mobile device, detect a first change in network access of the device, the first change comprising a first switch of access, by the device, from a trusted network to an untrusted network;
  
  using the hardware service component, communicating the first change in network access to a file-system driver that is resident on the mobile device, wherein the file-system driver is a kernel-level component;
  
  using the file-system driver, hide and encrypt a sensitive document that resides locally on the mobile device in response to detection by the hardware service component of the first switch;
  
  using the hardware service component, detect a second change in network access of the device, the second change comprising a second switch of access, by the mobile device, from the untrusted network to the trusted network; and
  
  using the file-system driver, decrypt and display the sensitive document that resides locally on the mobile device in response to detection by the hardware service component of the second switch;
  
  wherein;
  
  in response to the first change from the trusted network to the untrusted network, the file-system drive searches for the sensitive document in ROM, RAM and on a hard disk of the device;
  
  when the sensitive file is encrypted and hidden, a user of the device cannot see, open and delete the sensitive document when using the device;
  
  when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive document when using the device; and
  
  when the mobile device is connected to the untrusted network, the file-system performs a polling loop that continually checks for creation of a new sensitive document stored locally on the mobile device and, in response to detecting the creation of the new sensitive document, encrypts and hides the new sensitive document.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The device of claim 6 wherein the execution instructions are configured to cause the processor to mark the sensitive document.
  - 8. The device of claim 6 wherein the sensitive document is a portion of a file.
  - 9. The device of claim 6 wherein the execution instructions are configured to cause the processor to inform the user of the loss of access to the sensitive document.
  - 10. The device of claim 6 wherein the execution instructions are configured to cause the processor to provide access to the sensitive document when the device is re-connected to the trusted network.
  - 11. The device of claim 8 wherein the file-system driver encrypts and hides only the portion of the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Treadwell, William S.
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
Najee-Ullah, Tariq

Application Number

US13/161,765
Time in Patent Office

1,839 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/6281 at program execution time, ...

Method and apparatus for the protection of information in a device upon separation from a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for the protection of information in a device upon separation from a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links