Data protection file system
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
encrypt at the system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file;
send the cryptographic key to a remote server;
delete the original not encrypted file;
intercept at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system;
identify a user-defined callback that corresponds to the file system operation to the encrypted file; and
execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network; and
a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Protecting content is disclosed. A request for a file system operation is intercepted. A user-defined callback that corresponds to the file system operation is identified. The user-defined callback that secures the file system operation is executed. The user-defined callback may be used for pre or post-processing of data, authentication, and/or other use cases.
-
Citations
19 Claims
-
1. A system, comprising:
-
a processor configured to; encrypt at the system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file; send the cryptographic key to a remote server; delete the original not encrypted file; intercept at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system; identify a user-defined callback that corresponds to the file system operation to the encrypted file; and execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
encrypting at a system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file; sending the cryptographic key to a remote server; deleting the original not encrypted file; intercepting at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system; identifying a user-defined callback that corresponds to the file system operation to the encrypted file; and using a processor to execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
encrypting at a system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file; sending the cryptographic key to a remote server; deleting the original not encrypted file; intercepting at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system; identifying a user-defined callback that corresponds to the file system operation to the encrypted file; and executing the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network. - View Dependent Claims (18, 19)
-
Specification