Data security in a disconnected environment
First Claim
Patent Images
1. A computer-implemented method for data protection comprising:
- receiving a request at a client device from a user for access to a set of one or more data records encrypted with an encryption key and stored in a database comprising at least a plurality of data records;
accessing by the client device a maintained count associated with the encryption key, the maintained count comprising a sum of database data records encrypted with the encryption key accessed by the user while the client device is not communicatively coupled to a security system, wherein the security system is external to the client device;
responsive to a determination that a sum of the maintained count and a number of records in the requested set of records does not exceed a threshold stored at the client device, the threshold representing a number of records encrypted with the encryption key that the user is authorized to access while the client device is not communicatively coupled to the security system;
decrypting the set of data records;
providing the set of decrypted data records to the user; and
incrementing the maintained count responsive to providing the set of decrypted data records to the user by a number equal to a number of records included in the provided set of decrypted data records; and
responsive to a determination that the sum of the maintained count and the number of records in the requested set of records exceeds the threshold, denying the received request for access to the set of data records.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.
43 Citations
19 Claims
-
1. A computer-implemented method for data protection comprising:
-
receiving a request at a client device from a user for access to a set of one or more data records encrypted with an encryption key and stored in a database comprising at least a plurality of data records; accessing by the client device a maintained count associated with the encryption key, the maintained count comprising a sum of database data records encrypted with the encryption key accessed by the user while the client device is not communicatively coupled to a security system, wherein the security system is external to the client device; responsive to a determination that a sum of the maintained count and a number of records in the requested set of records does not exceed a threshold stored at the client device, the threshold representing a number of records encrypted with the encryption key that the user is authorized to access while the client device is not communicatively coupled to the security system; decrypting the set of data records; providing the set of decrypted data records to the user; and incrementing the maintained count responsive to providing the set of decrypted data records to the user by a number equal to a number of records included in the provided set of decrypted data records; and responsive to a determination that the sum of the maintained count and the number of records in the requested set of records exceeds the threshold, denying the received request for access to the set of data records. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing computer-executable instructions for data protection, the instructions comprising instructions for:
-
receiving a request at a client device from a user for access to a set of one or more data records encrypted with an encryption key and stored in a database comprising at least a plurality of data records; accessing by the client device a maintained count associated with the encryption key, the maintained count comprising a sum of database data records encrypted with the encryption key accessed by the user while the client device is not communicatively coupled to a security system, wherein the security system is external to the client device; responsive to a determination that a sum of the maintained count and a number of records in the requested set of records does not exceed a threshold stored at the client device, the threshold representing a number of records encrypted with the encryption key that the user is authorized to access while the client device is not communicatively coupled to the security system; decrypting the set of data records; providing the set of decrypted data records to the user; and incrementing the maintained count responsive to providing the set of decrypted data records to the user by a number equal to a number of records included in the provided set of decrypted data records; and responsive to a determination that the sum of the maintained count and the number of records in the requested set of records exceeds the threshold, denying the received request for access to the set of data records. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for data protection comprising:
-
a non-transitory computer-readable storage medium storing executable computer instructions for; receiving a request at a client device from a user for access to a set of one or more data records encrypted with an encryption key and stored in a database comprising at least a plurality of data records; accessing by the client device a maintained count associated with the encryption key, the maintained count comprising a sum of database data records encrypted with the encryption key accessed by the user while the client device is not communicatively coupled to a security system, wherein the security system is external to the client device; responsive to a determination that a sum of the maintained count and a number of records in the requested set of records does not exceed a threshold stored at the client device, the threshold representing a number of records encrypted with the encryption key that the user is authorized to access while the client device is not communicatively coupled to the security system; decrypting the set of data records; providing the set of decrypted data records to the user; and incrementing the maintained count responsive to providing the set of decrypted data records to the user by a number equal to a number of records included in the provided set of decrypted data records; and responsive to a determination that the sum of the maintained count and the number of records in the requested set of records exceeds the threshold, denying the received request for access to the set of data records; and a processor configured to execute the instructions. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-implemented method for data protection comprising:
-
receiving a request at a client device from a user for access to a set of one or more protected data records stored in a database comprising at least a plurality of data records, the set of protected data records comprising encoded data records; accessing by the client device a maintained count associated with the user, the maintained count comprising a sum of protected database data records accessed by the user while the client device is not communicatively coupled to a security system, wherein the security system is external to the client device; responsive to a determination that a sum of the maintained count and a number of records in the requested set of records does not exceed a threshold stored at the client device, the threshold representing a number of protected records that the user is authorized to access while the client device is not communicatively coupled to the security system; decoding the set of data records; providing the set of decoded data records to the user; and incrementing the maintained count responsive to providing the set of decoded data records to the user by a number equal to a number of records included in the provided set of decoded data records; and responsive to a determination that the sum of the maintained count and the number of records in the requested set of records exceeds the threshold, denying the received request for access to the set of data records.
-
Specification