SYSTEMS AND METHODS FOR A CRYPTOGRAPHIC FILE SYSTEM LAYER
First Claim
Patent Images
1. A method comprising:
- receiving by processing circuitry an identification of a designated directory location, wherein the designated directory location is usable to store one or more data files;
storing on non-transient computer-readable memory in communication with the processing circuitry security data indicative of a respective secured status of each of the one or more data files;
monitoring a communication interface between an application layer and a file system layer to detect communications associated with the designated directory location;
detecting that a communication between the file system layer and the application layer is associated with the designated directory location; and
in response to the detecting, (1) modifying a data file associated with the communication to obtain a modified data file, (2) associating the communication with the modified data file to obtained a modified communication, (3) updating the secured status of the data file; and
(4) sending the modified communication to the file system layer or the application layer.
4 Assignments
0 Petitions
Accused Products
Abstract
The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.
57 Citations
28 Claims
-
1. A method comprising:
-
receiving by processing circuitry an identification of a designated directory location, wherein the designated directory location is usable to store one or more data files; storing on non-transient computer-readable memory in communication with the processing circuitry security data indicative of a respective secured status of each of the one or more data files; monitoring a communication interface between an application layer and a file system layer to detect communications associated with the designated directory location; detecting that a communication between the file system layer and the application layer is associated with the designated directory location; and in response to the detecting, (1) modifying a data file associated with the communication to obtain a modified data file, (2) associating the communication with the modified data file to obtained a modified communication, (3) updating the secured status of the data file; and
(4) sending the modified communication to the file system layer or the application layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
processing circuitry in communication with non-transient computer-readable memory, the processing circuitry configured to; receive an identification of a designated directory location, wherein the designated directory location is usable to store one or more data files; store on the non-transient computer-readable memory security data indicative of a respective secured status of each of the one or more data files; monitor a communication interface between an application layer and a file system layer to detect communications associated with the designated directory location; detect that a communication between the file system layer and the application layer is associated with the designated directory location; and in response to the detecting, (1) modify a data file associated with the communication to obtain a modified data file, (2) associate the communication with the modified data file to obtained a modified communication, (3) update the secured status of the data file; and
(4) send the modified communication to the file system layer or the application layer. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification