Data protection file system

US 9,819,663 B1
Filed: 03/20/2015
Issued: 11/14/2017
Est. Priority Date: 04/02/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

encrypt at the system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file;

send the cryptographic key to a remote server;

delete the original not encrypted file;

intercept at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system;

identify a user-defined callback that corresponds to the file system operation to the encrypted file; and

execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network; and

a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protecting content is disclosed. A request for a file system operation is intercepted. A user-defined callback that corresponds to the file system operation is identified. The user-defined callback that secures the file system operation is executed. The user-defined callback may be used for pre or post-processing of data, authentication, and/or other use cases.

Citations

19 Claims

1. A system, comprising:
- a processor configured to;
  
  encrypt at the system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file;
  
  send the cryptographic key to a remote server;
  
  delete the original not encrypted file;
  
  intercept at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system;
  
  identify a user-defined callback that corresponds to the file system operation to the encrypted file; and
  
  execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network; and
  
  a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein executing the callback includes redacting a target content included in the encrypted file of the file system operation, wherein redacting the target content includes replacing the target content with replacement characters to indicate that the target content has been redacted.
  - 3. The system of claim 1, wherein the decryption key is the cryptographic key.
  - 4. The system of claim 1, wherein the encryption of the not encrypted file was initiated in response to a user indicated request to encrypt the not encrypted file.
  - 5. The system of claim 1, wherein the cryptographic key was generated by the same system that encrypts the not encrypted file and intercepted the request for the file system operation.
  - 6. The system of claim 1, wherein the encrypted file is stored in a separate logical volume from an original volume where the not encrypted file was stored.
  - 7. The system of claim 1, wherein encrypting the not encrypted file includes using a plurality of different encryption keys that are each associated with a different level of protection of the same not encrypted file.
  - 8. The system of claim 1, wherein the decryption key is one of a plurality of decryption keys associated with different levels of protection of the same file.

9. A method, comprising:
- encrypting at a system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file;
  
  sending the cryptographic key to a remote server;
  
  deleting the original not encrypted file;
  
  intercepting at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system;
  
  identifying a user-defined callback that corresponds to the file system operation to the encrypted file; and
  
  using a processor to execute the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein executing the callback includes redacting a target content included in the encrypted file of the file system operation, wherein redacting the target content includes replacing the target content with replacement characters to indicate that the target content has been redacted.
  - 11. The method of claim 9, wherein the decryption key is the cryptographic key.
  - 12. The method of claim 9, wherein the encryption of the not encrypted file was initiated in response to a user indicated request to encrypt the not encrypted file.
  - 13. The method of claim 9, wherein the cryptographic key was generated by the same system that encrypts the not encrypted file and intercepted the request for the file system operation.
  - 14. The method of claim 9, wherein the encrypted file is stored in a separate logical volume from an original volume where the not encrypted file was stored.
  - 15. The method of claim 9, wherein encrypting the not encrypted file includes using a plurality of different encryption keys that are each associated with a different level of protection of the same not encrypted file.
  - 16. The method of claim 9, wherein the decryption key is one of a plurality of decryption keys associated with different levels of protection of the same file.

17. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- encrypting at a system a not encrypted file using a cryptography associated with a cryptographic key to generate an encrypted file;
  
  sending the cryptographic key to a remote server;
  
  deleting the original not encrypted file;
  
  intercepting at the same system that generated the encrypted file, a request for a file system operation to the encrypted file that has been encrypted, wherein a decryption key to the encrypted file associated with the sent cryptographic key is stored remotely from the system and the request for the file system operation was intercepted by a virtual file system layer that encapsulates one or more operations of a base file system;
  
  identifying a user-defined callback that corresponds to the file system operation to the encrypted file; and
  
  executing the user-defined callback that secures the file system operation, wherein executing the user-defined callback includes requesting the decryption key associated with the sent cryptographic key via a network.
- View Dependent Claims (18, 19)
- - 18. The computer program product of claim 17, wherein executing the callback includes redacting a target content included in the encrypted file of the file system operation, wherein redacting the target content includes replacing the target content with replacement characters to indicate that the target content has been redacted.
  - 19. The computer program product of claim 17, wherein the decryption key is the cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ThinAir Labs Inc.
Original Assignee
ThinAir Labs Inc.
Inventors
Gauda, Anthony
Primary Examiner(s)
Zaidi, Syed

Application Number

US14/664,596
Time in Patent Office

970 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 16/11   File system administration,...

G06F 16/1734   Details of monitoring file ...

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

Data protection file system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data protection file system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links