Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption
First Claim
1. A machine system for protecting information from unauthorized access by way of unauthorized programs, said machine system comprising:
- (a) data-providing means for providing data of an identified one of plural digital data files, where each of said files is identifiable by a file name;
(b) an interceptable access mechanism through which data of an identified file of the data-providing means is accessed by identifiable, requesting programs;
(c) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided for testing all the intercepted data access attempts and responsively denying or approving data access to the data of a pre-classified subset of said files based on one or both of the identity of one or more access-attempting programs and the time of the access attempt, wherein at least one pre-classified subset of said files has plural files.
3 Assignments
0 Petitions
Accused Products
Abstract
A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have OTF mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.
148 Citations
91 Claims
-
1. A machine system for protecting information from unauthorized access by way of unauthorized programs, said machine system comprising:
-
(a) data-providing means for providing data of an identified one of plural digital data files, where each of said files is identifiable by a file name;
(b) an interceptable access mechanism through which data of an identified file of the data-providing means is accessed by identifiable, requesting programs;
(c) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided for testing all the intercepted data access attempts and responsively denying or approving data access to the data of a pre-classified subset of said files based on one or both of the identity of one or more access-attempting programs and the time of the access attempt, wherein at least one pre-classified subset of said files has plural files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 39, 40, 41, 44)
-
-
16. For use in a machine system having a data-providing means that provides data of an identified one of plural digital data files, where each of said files is identifiable by a file name, a machine-implemented method for protecting the information of said files from unauthorized access by way of unauthorized ones of identifiable programs, said method comprising the steps of:
-
(a) intercepting data access attempts made by access requesting programs for data in an identified one of said files;
(b) first testing each intercepted data access attempt for satisfaction of a first predefined, classifying condition that classifies one or both of the identity of one or more of the access requesting programs and the time of the access request;
(c) second testing each intercepted data access attempt for satisfaction of a second predefined, classifying condition that classifies the identity of the requested file, wherein at least one said second predefined, classifying condition classifies the identities of plural ones of the digital data files; and
(d) in response to said first and second testing steps, denying or approving access to the data of the requested file. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A machine system for maintaining confidential information generally in encrypted form while allowing for decryption of such confidential information into temporary plaintext form, said machine system comprising:
-
(a) a memory for storing a plurality of digital data files where said plurality of files includes a first file containing first data representing a pre-encrypted form of confidential first information, where said plurality of files can further include a second file containing second data representing a plaintext form of nonconfidential second information, and where each of said files is identifiable by a file name;
(b) a decrypting mechanism for decrypting ciphertext data into plaintext data;
(c) recryption control means for selecting one of the files stored in said memory and for causing the decrypting mechanism to decrypt data contained in the selected file and for automatically later eliminating the decrypted data, (c.1) wherein said recryption control means is responsive to a supplied exclusion list, the exclusion list identifies one or more files in said memory as excluded files that are not to be selected by the recryption control means for decryption, and the recryption control means accordingly does not select the excluded files for decryption by the decrypting mechanism;
(d) an interceptable access mechanism through which data of an identified file is accessed by identifiable, requesting programs;
(e) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs, (e.1) wherein the bubble-control means includes deny/approve means for testing the intercepted data access attempts and responsively denying or approving data access to the data of an identified subset of said files based on the identity of one or more access-attempting programs, and (e.2) wherein a denial by the bubble-control means prevents the decrypting mechanism from decrypting data contained in the corresponding one or more files for which access was attempted. - View Dependent Claims (29)
-
-
30. In an automated machine for executing one or more application programs, where the application programs access file data of a plurality of stored files by causing interceptable file-OPEN requests and file-CLOSE requests to be sent to an operating system of said machine, and where data within a subset of the plurality of stored files is encrypted;
- an automatic bubble-protecting and decryption control mechanism comprising;
(a) OPEN intercept means for intercepting said interceptable file-OPEN requests;
(b) selective OPEN continuance means, responsive to the intercept means, for determining whether an intercepted file-OPEN request is requesting an open of a file for which the request is to be denied based on the identity of the requested file and the identity of a requesting program, (b.1) said selective OPEN continuance means being further for determining, if the access request is not denied on the basis of said identity of the requested file and said identity of a requesting program, whether the request-invoking application program expects to use a plaintext version of the requested file’
s data, and if not, for allowing the intercepted file-OPEN request to continue on its way to the operating system;
(c) plaintext tracking means, responsive to the selective continuance means, for determining whether a plaintext version of the sometimes encrypted data of the requested file already exists, and if so, for allowing the intercepted file-OPEN request to continue on its way to the operating system such that the plaintext version will be accessed; and
(d) a decrypting mechanism, responsive to the plaintext tracking means such that on a determination that a plaintext version of the sometimes encrypted data of the requested file does not already exist, the decrypting mechanism decrypts ciphertext data within the requested file into plaintext data.
- an automatic bubble-protecting and decryption control mechanism comprising;
-
31. A machine-implemented method for carrying out in an automated machine that executes one or more application programs, where the application programs attempt to access file data of a plurality of stored files by causing interceptable file-OPEN requests to be sent to an operating system of said machine, and where data within a subset of the plurality of stored files is to be kept encrypted most of the time;
- said method comprising at least the step of;
(a) determining whether an intercepted file-OPEN request is requesting an open of a file for which the request is to be denied based on the identity of the requested file and the identity of a requesting program;
said method further comprising one or more of the following steps if said determining step does not generate an access denial decision;
(b) using file-exclusion lists to block on-the-fly recryption of identified files that do not need to be decrypted and thereafter optionally re-encrypted;
(c) using application-program exclusion lists to block from on-the-fly recryption those files that are accessed by identified application programs that do not need use decrypted plaintext of such files; and
(d) decrypting the ciphertext of unblocked files on an as needed basis in response to intercepted file-OPEN requests, said decrypting not being needed where a real or phantom plaintext version thereof is already available for use.
- said method comprising at least the step of;
-
32. A machine-implemented, program distribution method for use in a network composed of a plurality of automated machines that each executes one or more application programs, where the application programs attempt to access file data of targeted ones of a plurality of stored files by causing interceptable file-OPEN requests to be sent to an operating system of a corresponding one of said machines, and where data of at least a subset of the plurality of stored files is protected by a bubble protection mechanism that includes a temporal-causation restricting mechanism for restricting access to the bubble-protected files based on time of attempted access via said interceptable file-OPEN requests, said program distribution method comprising the steps of:
-
(a) for a given program that is to be distributively installed across at least a subset of said machines of the network, defining a class of bubble-protected files which the given program may attempt to access;
(b) for each bubble-protected file in said defined class, restricting access to the respective file to a temporal period that starts at a predefined distribution completion date; and
(c) trickle distributing the given program over time via the network for installation in each of said at least subset of machines such that distribution and installation completes by said predefined distribution completion date.
-
-
33. An instruction conveying apparatus for operatively instructing a predefined, instructable machine to carry out bubble protection actions, said bubble protection actions comprising:
-
(a) intercepting a data access request caused by one or more causation-sourcing events for access to targeted data having a unique identity;
(b) first testing the identity of the targeted data for satisfaction of a predefined target classifying condition, wherein at least one predefined target classifying condition covers plural ones of said targeted data that have corresponding, unique identities;
(c) second testing at least one of the identity of the one or more causation-sourcing events or the locations of the one or more causation-sourcing events or the timing of the corresponding data access request for satisfaction of a predefined causation classifying condition; and
(d) in response to said first and second testings, approving or denying the intercepted data access request. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
42. A machine system for protecting information from unauthorized access by way of unauthorized programs, said machine system comprising:
-
(a) data-providing means for providing data of an identified one of two or more digital data files, where each of said files is identifiable by a file name;
(b) an interceptable access mechanism through which data of an identified file of the data-providing means is accessed by identifiable, requesting programs;
(c) bubble-control means coupled to intercept data access attempts made through said interceptable access mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-control means includes deny/approve means for testing the intercepted data access attempts and responsively denying or approving data access to the data of a classified subset of said files based on at least one spatial attribute of an access-attempting program, where said at least one spatial attribute is selected from the group consisting of;
(c.1a) geographic execution location of the access-attempting program;
(c.1b) serial number of a machine in which the access-attempting program executes; and
(c.1c) machine name of a machine in which the access-attempting program executes;
wherein at least one said classified subset of said files has plural files. - View Dependent Claims (43)
-
-
45. A data conveying device for conveying data into a machine system that can make access denial or approval decisions in response to data access requests caused by an identifiable one or more programs for data contents of identified data files, said data conveying device providing a decision-controlling data structure comprised of:
(a) one or more bubble lists, where the bubble lists define a deny or approve decision based on the satisfaction of one or more pre-defined first, identity-classifying conditions by the identities of the one or more programs that caused a respective data access attempt to be made and on the satisfaction of one or more pre-defined second, identity-classifying conditions by the identity of the respectively requested data file, wherein at least one of said second, identity-classifying conditions covers the identities of a plurality of said identified data files. - View Dependent Claims (46, 47, 48, 49, 50)
-
51. A manufactured instructing signal for loading into an instructable computing machine and for thereby causing the instructable machine to automatically make access denial or approval decisions in response to received data access requests caused by an identifiable one or more requesting programs where the received data access requests are for data contents of identified, and thus targeted one or more data files, said instructing signal at least causing the post-load computing machine to perform the machine-implemented steps of:
-
(a) intercepting a file access request caused by one or more causation-sourcing events for access to data of a targeted file having a unique identity;
(b) first testing the identity of the targeted file for satisfaction of a predefined target classifying condition, wherein at least one said target classifying condition covers the identities of a plurality of said data files;
(c) second testing at least one of;
(c.1) the identity of one or more of the requesting programs;
(c.2) timing of the corresponding file access request; and
(c.3) execution locations of one or more of the requesting programs for satisfaction of a predefined causation classifying condition; and
(d) in response to said first and second testings, approving or denying the intercepted file access request. - View Dependent Claims (52, 53, 54, 55)
-
-
56. An access control method for use in a machine system having a data-providing means that provides data of an identified one of plural data sets, where each of said data sets is uniquely identifiable, said access control method being for protecting one or more of said data sets from unauthorized access by way of unauthorized ones of data-seeking programs, and said method comprising the machine-implemented steps of:
-
(a) intercepting a given data access attempt invoked by a given access-seeking program for data in an identified one of said data sets;
(b) first testing the intercepted data access attempt for satisfaction of a source-related and predefined, first access-limiting condition where said first access-limiting condition defines at least one of;
(b.1) a class of access seeking programs to which the given access-seeking program must belong or must be excluded from before the access-request can be approved;
(b.2) a predefined time zone within or outside of which the given data access attempt must be made before the access-request can be approved;
(b.3) a predefined class of locations or machines from which the given data access attempt must be made before the access-request can be approved;
(c) second testing the intercepted data access attempt for satisfaction of a target-related and predefined, second access-limiting condition where said second access-limiting condition defines at least one of;
(c.1) a class of data sets to which the identified data set must belong or must be excluded from before the access-request can be approved, wherein at least one said class of data sets has a plurality of said data sets;
(c.2) a digital signature which the identified data set must have before the access-request can be approved;
(c.3) a combination of a presently logged-on user with access rights and a corresponding security label which the identified data set must have before the access-request can be approved; and
(d) in response to said first and second testing steps, denying or approving access to the data of the requested data set. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A machine system for blocking access by unauthorized programs to data stored in bubble-protected data files, said machine system comprising:
-
(a) an interceptable access-opening mechanism which communicates with a data-provider, wherein said access-opening mechanism receives from identifiable, requesting programs, requests to open respective access linkages to data of respectively identified files, wherein said access-opening mechanism can respond to such access-opening requests by opening respective access linkages to the data of the respectively identified files; and
where said data-provider can provide data of identified ones of plural digital data files, where each of the plural files can be uniquely identified;
(b) a data accessing mechanism which communicates with the data-provider by way of the respective access linkages to at least read data from, if not also write data to, respective ones of the identified files to which respective access linkages have been opened;
(c) a bubble-controller which if not bypassed, intercepts all access-opening requests sent to the access-opening mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-controller includes an identity classifier for classifying each intercepted access-opening request to thereby determine whether the identified file for which the opening of an access linkage is being requested belongs to a bubble-protected class and if so, to determine whether one or more requesting programs that caused the intercepted access-opening request to be sent have respective identities that are pre-associated with at least one of an access-approval or an access-denial for a bubble-protected class to which the identified file belongs, and (c.2) where in response to said classifying, the bubble-controller either allows the access-opening mechanism to open a respective access linkage or forces a result in which the access-opening mechanism appears to have refused to open a respective access linkage.
-
-
67. A machine system for blocking access by unauthorized programs to data stored in bubble-protected data files, said machine system comprising:
-
(a) an interceptable access-opening mechanism which communicates with a data-provider, wherein said access-opening mechanism receives from identifiable, requesting programs, requests to open respective access linkages to data of respectively identified files, wherein said access-opening mechanism can respond to such access-opening requests by opening respective access linkages to the data of the respectively identified files; and
where said data-provider can provide data of identified ones of plural digital data files, where each of the plural files can be uniquely identified;
(b) a data accessing mechanism which communicates with the data-provider by way of the respective access linkages to at least read data from, if not also write data to, respective ones of the identified files to which respective access linkages have been opened;
(c) a bubble-controller which if not bypassed, intercepts all access-opening requests sent to the access-opening mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-controller includes a timeliness tester for testing each intercepted access-opening request to determine whether the identified file for which the opening of an access linkage is being requested belongs to a bubble-protected class and if so, to determine whether a time, at which the intercepted access-opening request is received, is pre-associated with at least one of an access-approval or an access-denial for a bubble-protected class to which the identified file belongs, and (c.2) where in response to said testing, the bubble-controller either allows the access-opening mechanism to open a respective access linkage or forces a result in which the access-opening mechanism appears to have refused to open a respective access linkage.
-
-
68. A machine system for blocking access by unauthorized programs to data stored in bubble-protected data files, said machine system comprising:
-
(a) an interceptable access-opening mechanism which communicates with a data-provider, wherein said access-opening mechanism receives from identifiable, requesting programs, requests to open respective access linkages to data of respectively identified files, wherein said access-opening mechanism can respond to such access-opening requests by opening respective access linkages to the data of the respectively identified files; and
where said data-provider can provide data of identified ones of plural digital data files, where each of the plural files can be uniquely identified;
(b) a data accessing mechanism which communicates with the data-provider by way of the respective access linkages to at least read data from, if not also write data to, respective ones of the identified files to which respective access linkages have been opened;
(c) a bubble-controller which if not bypassed, intercepts all access-opening requests sent to the access-opening mechanism by said identifiable, requesting programs, (c.1) wherein the bubble-controller includes a geography tester for testing each intercepted access-opening request to determine whether the identified file for which the opening of an access linkage is being requested belongs to a bubble-protected class and if so, to determine whether a geographic location or machine from which the intercepted access-opening request is received, is pre-associated with at least one of an access-approval or an access-denial for a bubble-protected class to which the identified file belongs, and (c.2) where in response to said testing, the bubble-controller either allows the access-opening mechanism to open a respective access linkage or forces a result in which the access-opening mechanism appears to have refused to open a respective access linkage.
-
-
69. A machine implemented method for blocking access by unauthorized programs to data stored in bubble-protected data files, said method comprising:
-
(a) intercepting respective requests to open respective access linkages to data of respectively identified files, wherein said intercepted access-opening requests are being sent to an access-opening mechanism which communicates with a data-provider, wherein said access-opening mechanism can respond to received ones of such access-opening requests by opening respective access linkages to the data of the respectively identified files; and
where said data-provider can provide data of identified ones of plural digital data files, where each of the plural files can be uniquely identified;
(b) testing each intercepted access-opening request to determine whether the identified file for which the opening of an access linkage is being requested belongs to a bubble-protected class and if so, to determine whether one or more requesting programs that caused the intercepted access-opening request to be sent have respective identities that are pre-associated with at least one of an access-approval or an access-denial for a bubble-protected class to which the identified file belongs; and
(c) in response to said testing, either allowing the access-opening mechanism to open a respective access linkage or forcing a result in which the access-opening mechanism appears to have refused to open a respective access linkage.
-
-
70. A manufactured instructing signal for loading into an instructable computing machine and for thereby causing the instructable machine to automatically carry out a method for blocking access by unauthorized programs to data stored in bubble-protected data files, where said instructed and machine-implemented method comprises:
-
(a) intercepting respective requests to open respective access linkages to data of respectively identified files, wherein said intercepted access-opening requests are being sent to an access-opening mechanism which communicates with a data-provider, wherein said access-opening mechanism can respond to received ones of such access-opening requests by opening respective access linkages to the data of the respectively identified files; and
where said data-provider can provide data of identified ones of plural digital data files, where each of the plural files can be uniquely identified;
(b) testing each intercepted access-opening request to determine whether the identified file for which the opening of an access linkage is being requested belongs to a bubble-protected class and if so, to determine whether one or more requesting programs that caused the intercepted access-opening request to be sent have respective identities that are pre-associated with at least one of an access-approval or an access-denial for a bubble-protected class to which the identified file belongs; and
(c) in response to said testing, either allowing the access-opening mechanism to open a respective access linkage or forcing a result in which the access-opening mechanism appears to have refused to open a respective access linkage.
-
-
71. A machine system for protecting in-file information from unauthorized access through unauthorized entities making access-opening attempts at potentially unauthorized times and/or from potentially unauthorized locations, said machine system comprising:
-
(a) data-providing means for providing data of an identified one of plural digital data files, where each of said files is identifiable by a unique file pathname;
(b) system memory into which immediately executable code can be stored;
(c) an interceptable, data-access providing mechanism through which data of identified files of the data-providing means can be opened for access by data-requesting programs;
(c) bubble-control means coupled to intercept file-opening attempts made through said interceptable access mechanism by said data-requesting programs, (c.1) wherein the bubble-control means includes deny/approve means, which if active, is provided at least partially within said system memory and is used for testing all the intercepted file-opening attempts and responsively denying or approving opening of access to the data of a predefined one or more classes of said files based on membership of the identified files in one predefined classes of files and further based on one or more of;
(c.1a) the identity of one or more programs that are directly or indirectly responsible for the making of the access-attempt;
(c.1b) the origination time of the access attempt;
(c.1c) the respective geographic execution locations of one or more programs which are directly or indirectly causing the making of the access-attempt;
(c.1d) the respective serial numbers of one or more machines executing one or more of the programs which are directly or indirectly causing the making of the access-attempt; and
(c.1e) the respective names of one or more machines executing one or more of the programs which are directly or indirectly causing the making of the access-attempt;
wherein at least one said predefined classes of files has plural members. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79)
-
-
80. A machine implemented method for selectively approving and denying requests to open bubble-protected files, said method comprising:
-
(a) providing a detached decision-controlling object which defines plural classes of data files with at least one of said classes being a class of plural data files, where the decision-controlling object encircles each defined class of data files in an access-protecting bubble whose permeability depends on one or more of;
(a.1) the identification of one or more programs trying to open a file in the bubble-encircled class of data files;
(a.2) the time of the access attempt; and
(a.3) the spatial or machine name or machine serial number domain from which the access attempt was made;
(b) intercepting file-open requests;
(c) for each intercepted file-open request, querying the decision-controlling object to determine if the to-be-opened file is a member of one of said defined classes of data files, and if so whether the file-open request should be approved or denied based on bubble permeability attributes assigned by the decision-controlling object to the defined class of which the to-be-opened file is a member; and
(d) in response to said querying of the decision-controlling object, selectively refusing the intercepted file-open request or allowing further processing of the intercepted file-open request. - View Dependent Claims (81)
-
-
82. A machine implemented method for selectively denying requests to open files, said method comprising:
-
(a) providing machine readable definitions of protectable classes of data files;
(b) providing machine readable definitions of blockable classes of programs;
(c) logically associating each protectable class of data files to one or more of said blockable classes of programs;
(d) providing machine readable, access control rules that are logically linked to respective ones of said definitions of the blockable classes of programs;
(e) automatically determining, before file-reading or file-writing capability is provided to a given, executing program that is requesting an opening of a given data file, if the given data file belongs to a defined one of said protectable classes of data files, and if the given, executing program belongs to a defined one of said blockable classes of programs, where the defined one blockable class of programs is logically associated to the defined one protectable class of data files; and
(f) in response to said determining, selectively denying the given request of the given, executing program to open the given data file if one or more of the logically linked, access control rules indicate the given request should be denied because of the defined one of said blockable classes of programs, and/or because of further denial reasons. - View Dependent Claims (83, 84)
-
-
85. A machine implemented method for selectively denying requests to open data records, said method comprising:
-
(a) intercepting an access-opening request sent by an identifiable requestor where the request is for opened access to a targeted data record;
(b) identifying the requestor as belonging to a predefined class of requestors;
(c) identifying the targeted data record as belonging to a predefined class of records;
(d) querying bubble-control access code that is logically associated with the predefined class of records to determine whether the access request, as made by a member of the predefined requestors class, should be forced to terminate prematurely or should be allowed to continue towards normal completion; and
(e) in response to said querying, selectively forcing processing of the access request to terminate prematurely with a denial of the access-open request, or selectively allowing the processing to continue toward possible granting of the access-open request. - View Dependent Claims (86, 87, 88, 89, 90, 91)
-
Specification