Token-based encryption determination process
First Claim
1. A data storage system comprising:
- a computing system comprising one or more hardware processors programmed to;
detect a file interaction event with respect to a file on a storage device;
responsive to detecting the file interaction event with respect to the file, access an encryption rule, the encryption rule including a set of rules for determining whether to encrypt files based on a set of context conditions, the set of context conditions including a geographic context;
determine a set of data tokens for the file, each of the data tokens comprising a portion of content of the file;
apply the encryption rule to the set of data tokens to determine whether the file includes content designated for protection, wherein application of the encryption rule includes;
determining whether one or more data tokens from the set of data tokens satisfy the encryption rule; and
ceasing said determining whether the one or more data tokens from the set of data tokens satisfy the encryption rule upon identification of a threshold number of data tokens satisfying the encryption rule regardless of whether each data token from the set of data tokens has been processed to determine whether it satisfies the encryption rule;
responsive to determining that the file includes content designated for protection;
determine a geographic location of the storage device;
determine whether the geographic location of the storage device satisfies the geographic context for encrypting the file; and
responsive to the geographic location of the storage device satisfying the geographic context, encrypting the file; and
responsive to an indication that the file does not include content designated for protection;
include the file with a set of training files used to generate one or more encryption rules; and
modify the encryption rule based at least in part on the set of training files and the file.
3 Assignments
0 Petitions
Accused Products
Abstract
Data storage systems are disclosed for automatically generating encryption rules based on a set of training files that are known to include sensitive information. The system may use a number of heuristic algorithms to generate one or more encryption rules for determining whether a file includes sensitive information. Further, the system may apply the heuristic algorithms to the content of the files, as determined by using natural language processing algorithms, to generate the encryption rules. Moreover, systems are disclosed that are capable of automatically determining whether to encrypt a file based on the generated encryption rules. The content of the file may be determined using natural language processing algorithms and then the encryption rules may be applied to the content of the file to determine whether to encrypt the file.
283 Citations
18 Claims
-
1. A data storage system comprising:
a computing system comprising one or more hardware processors programmed to; detect a file interaction event with respect to a file on a storage device; responsive to detecting the file interaction event with respect to the file, access an encryption rule, the encryption rule including a set of rules for determining whether to encrypt files based on a set of context conditions, the set of context conditions including a geographic context; determine a set of data tokens for the file, each of the data tokens comprising a portion of content of the file; apply the encryption rule to the set of data tokens to determine whether the file includes content designated for protection, wherein application of the encryption rule includes; determining whether one or more data tokens from the set of data tokens satisfy the encryption rule; and ceasing said determining whether the one or more data tokens from the set of data tokens satisfy the encryption rule upon identification of a threshold number of data tokens satisfying the encryption rule regardless of whether each data token from the set of data tokens has been processed to determine whether it satisfies the encryption rule; responsive to determining that the file includes content designated for protection; determine a geographic location of the storage device; determine whether the geographic location of the storage device satisfies the geographic context for encrypting the file; and responsive to the geographic location of the storage device satisfying the geographic context, encrypting the file; and responsive to an indication that the file does not include content designated for protection; include the file with a set of training files used to generate one or more encryption rules; and modify the encryption rule based at least in part on the set of training files and the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method of performing context-based encryption, the method comprising:
-
detecting, by an encryption system comprising one or more hardware processors, a file interaction event with respect to a file; accessing, by the encryption system, an encryption rule the encryption rule including a set of rules for determining whether to encrypt files based at least in part on a set of context conditions, the set of context conditions including a geographic context; determining, by the encryption system, a set of data tokens for the file, each of the data tokens comprising a portion of content of the file; applying, by the encryption system, the encryption rule to the set of data tokens to determine whether the file includes content designated for protection, wherein applying the encryption rule includes; determining whether one or more data tokens from the set of data tokens satisfy the encryption rule; and ceasing to determine whether the one or more data tokens from the set of data tokens satisfy the encryption rule upon identification of a threshold number of data tokens satisfying the encryption rule regardless of whether each data token from the set of data tokens has been processed to determine whether it satisfies the encryption rule; responsive to determining that the file includes content designated for protection; determining a geographic location of the file; determining whether the geographic location of the file satisfies the geographic context for encrypting the file; and responsive to the geographic location of the file satisfying the geographic context, encrypting, by the encryption system, the file; and responsive to an indication that the file does not include content designated for protection; including the file with a set of training files used to generate one or more encryption rules; and modifying the encryption rule based at least in part on the set of training files and the file. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification