×

Labeling objects on an endpoint for encryption management

  • US 9,965,627 B2
  • Filed: 09/14/2014
  • Issued: 05/08/2018
  • Est. Priority Date: 09/14/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • labeling each of a plurality of processes on an endpoint with a labeling scheme in which a process is either in, wherein the process conforms to a compliance policy administered for the endpoint from a remote threat management facility, or the process is out, wherein the process does not conform to the compliance policy, thereby providing a plurality of in processes and a plurality of out processes;

    labeling each of a plurality of files on the endpoint as either in, wherein the file is encrypted using a remotely managed key ring, or the file is out, wherein the file is not encrypted using the remotely managed key ring, thereby providing a plurality of in files and a plurality of out files;

    providing access to the remotely managed key ring by the plurality of in processes, thereby facilitating access to the plurality of in files by the plurality of in processes;

    changing a label for one of the plurality of processes from in to out in response to an observed action that exposes the process to an object external to the endpoint, thereby providing a relabeled process; and

    revoking access by the relabeled process to the plurality of in files, thereby preventing the relabeled process from opening additional ones of the plurality of in files and preventing the relabeled process from creating a new in file.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×