Apparatus and Method for Protecting Storage Data of a Computing Apparatus in an Enterprise Network System

US 20120096257A1
Filed: 09/30/2011
Published: 04/19/2012
Est. Priority Date: 09/30/2010
Status: Abandoned Application

First Claim

Patent Images

1. A storage data protector of a computing apparatus within an enterprise network system, comprising:

data transfer intercepting means, for intercepting data transferred between an application in the computing apparatus and a storage;

confidential data determining means, for determining whether the data intercepted by the data transfer intercepting means is confidential data;

key obtaining means, for obtaining a key automatically generated for the confidential data; and

encrypting/decrypting means, for encrypting/decrypting the confidential data with the key obtained by the key obtaining means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to data security, in particular relates to data protection for storage data, and more particularly relates to encrypting and decrypting process to data on a removable non-volatile storage in an enterprise network. There is provided an apparatus and a method for protecting storage data of a computing apparatus within an enterprise network system, the method comprising: intercepting data transferred between an application of the computing apparatus and a storage; determining whether the data intercepted at the data transfer interception step is confidential data; obtaining a key automatically generated for the confidential data; and encrypting and decrypting the confidential data with the obtained key.

16 Citations

View as Search Results

20 Claims

1. A storage data protector of a computing apparatus within an enterprise network system, comprising:
- data transfer intercepting means, for intercepting data transferred between an application in the computing apparatus and a storage;
  
  confidential data determining means, for determining whether the data intercepted by the data transfer intercepting means is confidential data;
  
  key obtaining means, for obtaining a key automatically generated for the confidential data; and
  
  encrypting/decrypting means, for encrypting/decrypting the confidential data with the key obtained by the key obtaining means.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The storage data protector according to claim 1, wherein the key obtaining means further comprises identifier calculating means for, responsive to the determination by the confidential data determining means that the data intercepted by the data transfer intercepting means is confidential data, calculating a unique identifier based on the intercepted data, to obtain a key automatically generated for the intercepted data.
  - 3. The storage data protector according to claim 2, wherein the key obtaining means is further for:
    - sending the unique identifier along with a key request to a storage data security server of the enterprise network system; and
      
      receiving a key returned from the storage data security server.
  - 4. The storage data protector according to claim 3, further comprising read/write determining means, for determining whether the intercepted data is read data or write data.
  - 5. The storage data protector according to claim 4, wherein the encrypting/decrypting means, responsive to a determination by the read/write determining means that the intercepted data is write data, encrypts the intercepted data with the key obtained by the key obtaining means.
  - 6. The storage data protector according to claim 4, wherein the encrypting/decrypting means, responsive to a determination by the read/write determining means that the intercepted data is read data, decrypts the intercepted data with the key obtained by the key obtaining means.
  - 7. The storage data protector according to claim 5, further comprising a settable confidential rule library, wherein the confidential data determining means, based on a preset enterprise confidential rule in the confidential rule library, determines whether the data intercepted by the data transfer intercepting means is confidential data.

8. A method for protecting storage data of a computing apparatus within an enterprise network system, comprising:
- intercepting data transferred between an application in the computing apparatus and a storage;
  
  determining whether the intercepted data is confidential data;
  
  obtaining a key automatically generated for the confidential data; and
  
  carrying out at least one of encrypting and decrypting of the confidential data with the obtained key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein the step of obtaining the key automatically generated for the confidential data further comprises:
    - calculating a unique identifier based on the intercepted data, responsive to a determination that the intercepted data is confidential data, for obtaining the key automatically generated for the intercepted data.
  - 10. The method according to claim 9, wherein the step of obtaining the key automatically generated for the confidential data further comprises:
    - sending the unique identifier along with a key request to a storage data security server of the enterprise network system; and
      
      receiving a key returned from the storage data security server.
  - 11. The method according to claim 9, further comprising:
    - determining whether the intercepted data is read data or write data.
  - 12. The method according to claim 11, wherein the step of carrying out at least one of encrypting and decrypting of the confidential data with the obtained key comprises:
    - encrypting the intercepted data with the key obtained at the key obtaining step, responsive to a determination that the intercepted data is write data.
  - 13. The method according to claim 11, wherein the step of carrying out at least one of encrypting and decrypting of the confidential data with the obtained key comprises:
    - decrypting the intercepted data with the key obtained at the key obtaining step, responsive to a determination that the intercepted data is read data.
  - 14. The method according to claim 11, wherein the step of determining whether the intercepted data is confidential data comprises determining whether the data intercepted at the data transfer step is confidential data based on an enterprise confidential rule preset in a confidential rule library.

15. A system for protecting storage data in a computing apparatus within an enterprise network system, comprising:
- a computer apparatus comprising a storage data protector; and
  
  a storage data security server, coupled to said computer apparatus, for generating and saving a key for confidential data, responsive to a request from the computing apparatus;
  
  wherein said storage data protector in turn comprises;
  
  data transfer intercepting means, for intercepting data transferred between an application in the computing apparatus and a storage;
  
  confidential data determining means, for determining whether the data intercepted by the data transfer intercepting means is confidential data;
  
  key obtaining means, for obtaining a key automatically generated for the confidential data; and
  
  encrypting/decrypting means, for encrypting/decrypting the confidential data with the key obtained by the key obtaining means.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15, wherein the key obtaining means further comprises identifier calculating means for, responsive to the determination by the confidential data determining means that the data intercepted by the data transfer intercepting means is confidential data, calculating a unique identifier based on the intercepted data, to obtain a key automatically generated for the intercepted data.
  - 17. The system according to claim 16, wherein the key obtaining means is further for:
    - sending the unique identifier along with a key request to a storage data security server of the enterprise network system; and
      
      receiving a key returned from the storage data security server.
  - 18. The system according to claim 17, further comprising read/write determining means, for determining whether the intercepted data is read data or write data.
  - 19. The system according to claim 18, wherein the encrypting/decrypting means, responsive to a determination by the read/write determining means that the intercepted data is write data, encrypts the intercepted data with the key obtained by the key obtaining means.
  - 20. The system according to claim 18, wherein the encrypting/decrypting means, responsive to a determination by the read/write determining means that the intercepted data is read data, decrypts the intercepted data with the key obtained by the key obtaining means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Li, Yan, Liu, Tao, Yang, Yu Dong, Lin, Hai Bo, Xu, Ji Tao

Application Number

US13/249,448
Publication Number

US 20120096257A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/78 to assure secure storage of...

Apparatus and Method for Protecting Storage Data of a Computing Apparatus in an Enterprise Network System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and Method for Protecting Storage Data of a Computing Apparatus in an Enterprise Network System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links