Securing temporary data on untrusted devices

US 9,760,720 B2
Filed: 07/08/2016
Issued: 09/12/2017
Est. Priority Date: 07/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

intercepting a first command to open a data file from a software application;

prior to opening the data file, copying the data file to a first partition;

opening the copied data file on the first partition by the software application and not opening the data file;

after opening the copied data file, intercepting a file command from the software application, the file command comprising a save command or a read command, and indicating a temporary data file, the temporary data file associated with the copied data file;

determining whether the file command is directed to the temporary data file;

responsive to determining the file command is directed to the temporary data file;

if the file command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file, andif the file command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application; and

in response to intercepting a command to close the copied data file from the software application;

closing the copied data file;

replacing the data file with the copied data file; and

deleting the copied data file on the first partition and the temporary data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One example method for securing data on untrusted devices includes the steps of intercepting a file command from a software application, the file command comprising a save command or a read command, and indicating a data file; determining whether the data file is a temporary data file; responsive to determining the data file is a temporary data file: if the command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file, if the command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application.

12 Citations

View as Search Results

15 Claims

1. A method comprising:
- intercepting a first command to open a data file from a software application;
  
  prior to opening the data file, copying the data file to a first partition;
  
  opening the copied data file on the first partition by the software application and not opening the data file;
  
  after opening the copied data file, intercepting a file command from the software application, the file command comprising a save command or a read command, and indicating a temporary data file, the temporary data file associated with the copied data file;
  
  determining whether the file command is directed to the temporary data file;
  
  responsive to determining the file command is directed to the temporary data file;
  
  if the file command is a save command, encrypting data associated with the save command and writing the encrypted data to the temporary data file, andif the file command is a read command, decrypting data associated with the read command and providing the decrypted data to the software application; and
  
  in response to intercepting a command to close the copied data file from the software application;
  
  closing the copied data file;
  
  replacing the data file with the copied data file; and
  
  deleting the copied data file on the first partition and the temporary data file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising linking a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 3. The method of claim 1, wherein linking the DLL to the software application comprises replacing at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function.
  - 4. The method of claim 1, wherein the writing the encrypted data to the temporary data file comprises writing the temporary data file on a secure partition.
  - 5. The method of claim 1, wherein writing the encrypted data to the temporary data file comprises writing the encrypted data to the temporary data file on the first partition.

6. A system comprising:
- a non-transitory computer-readable medium;
  
  a processor in communication with the non-transitory computer readable medium, the processor configured to execute processor-executable instructions stored in the non-transitory computer-readable medium to;
  
  intercept a first command to open a data file from a software application;
  
  prior to opening the data file, copy the data file to a first partition;
  
  open the copied data file on the first partition by the software application and not open the data file;
  
  after opening the copied data file, intercept a file command from the a software application, the file command comprising a save command or a read command, and indicating a temporary data file, the temporary data file associated with the copied data file;
  
  determine whether the file command is directed to the temporary data file is a temporary data file;
  
  responsive to a determination the file command is directed to the data file is a temporary data file;
  
  if the file command is a save command, encrypt data associated with the save command and write the encrypted data to the temporary data file; and
  
  if the file command is a read command, decrypt data associated with the read command and provide the decrypted data to the software application; and
  
  in response to intercepting a command to close the copied data file from the software application;
  
  close the copied data file;
  
  replace the data file with the copied data file; and
  
  delete the copied data file on the first partition and the temporary data file.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the processor is further configured to link a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 8. The system of claim 6, wherein the processor is further configured to replace at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function to link the DLL to the software application.
  - 9. The system of claim 6, wherein the processor is further configured to write the temporary data file on a secure partition to write the encrypted data to the temporary data file comprises.
  - 10. The system of claim 6, wherein the processor is further configured to write the encrypted data to the temporary data file on the first partition.

11. A non-transitory computer-readable medium comprising processor-executable instructions configured to cause a processor to:
- intercept a first command to open a data file from a software application;
  
  prior to opening the data file, copy the data file to a first partition;
  
  open the copied data file on the first partition by the software application and not open the data file;
  
  after opening the copied data file, intercept a file command from the software application, the file command comprising a save command or a read command, and indicating a temporary data file, the temporary data file associated with the copied data file;
  
  determine whether the file command is directed to the temporary data file;
  
  responsive to a determination the file command is directed to the temporary data file;
  
  if the file command is a save command, encrypt data associated with the save command and write the encrypted data to the temporary data file; and
  
  if the file command is a read command, decrypt data associated with the read command and provide the decrypted data to the software application; and
  
  in response to intercepting a command to close the copied data file from the software application;
  
  close the copied data file;
  
  replace the data file with the copied data file; and
  
  delete the copied data file on the first partition and the temporary data file.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the processor-executable instructions are further configured to cause a processor to link a dynamically-linked library (“
    - DLL”
      
      ) to the software application, the DLL comprising at least one of a file save function or a file read function.
  - 13. The non-transitory computer-readable medium of claim 11, wherein the processor-executable instructions are further configured to cause a processor to replace at least one link to an operating system (“
    - OS”
      
      ) file save function with a DLL file save function or an OS file read function with a DLL file read function to link the DLL to the software application.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the processor-executable instructions are further configured to cause a processor to write the temporary data file on a secure partition to write the encrypted data to the temporary data file comprises.
  - 15. The non-transitory computer-readable medium of claim 11, wherein the processor-executable instructions are further configured to cause a processor to write the encrypted data to the temporary data file on the first partition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sv Capital, LLC
Original Assignee
Senteon LLC
Inventors
Chapman, III, Robert Scott
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
MCCOY, RICHARD ANTHONY

Application Number

US15/205,377
Publication Number

US 20170083710A1
Time in Patent Office

431 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 3/0619   in relation to data integri...

G06F 3/065   Replication mechanisms

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

Securing temporary data on untrusted devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Securing temporary data on untrusted devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links