Systems and methods for a cryptographic file system layer
First Claim
Patent Images
1. A method comprising:
- receiving using a programmed hardware processor an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files;
in response to receiving the identification, beginning a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files;
monitoring a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and
in response to detecting that the data access request is associated with the designated directory location, (1) pausing the process to modify the one or more data files in the designated directory location, (2) intercepting the data access request, wherein the intercepting is transparent to a user of the computer system, (3) retrieving a data file associated with the data access request, (4) modifying the data file by performing a cryptographic operation on the data file to obtain a modified data file, (5) generating a modified data access request including an identifier associated with the modified data file (6) sending the modified data access request to the file system layer or the application layer, and (7) in response to sending the modified data access request, resuming the process to modify the one or more data files in the designated directory location.
4 Assignments
0 Petitions
Accused Products
Abstract
The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.
-
Citations
30 Claims
-
1. A method comprising:
-
receiving using a programmed hardware processor an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files; in response to receiving the identification, beginning a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files; monitoring a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and in response to detecting that the data access request is associated with the designated directory location, (1) pausing the process to modify the one or more data files in the designated directory location, (2) intercepting the data access request, wherein the intercepting is transparent to a user of the computer system, (3) retrieving a data file associated with the data access request, (4) modifying the data file by performing a cryptographic operation on the data file to obtain a modified data file, (5) generating a modified data access request including an identifier associated with the modified data file (6) sending the modified data access request to the file system layer or the application layer, and (7) in response to sending the modified data access request, resuming the process to modify the one or more data files in the designated directory location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
a programmed hardware processor in communication with non-transient computer-readable memory, the programmed hardware processor configured to; receive an identification of a designated directory location, wherein the designated directory location is selected from a plurality of directory locations on a computer system, and wherein the identification indicates that the designated directory location is usable to secure one or more data files; in response to receiving the identification, begin a process to modify one or more data files in the designated directory location by performing an operation to secure the one or more data files; monitor a communication interface between an application layer and a file system layer of the computer system to detect a data access request associated with the designated directory location; and in response to detecting that the data access request is associated with the designated directory location, (1) pause the process to modify the one or more data files in the designated directory location (2) intercept the data access request, wherein the intercepting is transparent to a user of the computer system, (3) retrieve a data file associated with the data access request, (4) modify the data file by performing a cryptographic operation on the data file to obtain a modified data file, (5) generate a modified data access request including an identifier associated with the modified data file, (6) send the modified data access request to the file system layer or the application layer, and (7) in response to sending the modified data access request, resume the process to modify the one or more data files in the designated directory location. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
Specification