Apparatus For And Method Of Preventing Unsecured Data Access

US 20160034702A1
Filed: 10/16/2015
Published: 02/04/2016
Est. Priority Date: 07/15/2014
Status: Active Grant

First Claim

Patent Images

1. Computer comprising a processor configured to:

execute a domain, a trusted domain and a process in the trusted domain that is executed in response to a request; and

secure content written from the trusted domain;

wherein the request is without an authentication protocol.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Shown and depicted is preventing sensitive information from being exfiltrated from an organization using hypervisors. A Data Loss Prevention system is composed using virtual machines or domains to segment memory between domains which are assumed to be untrusted and domains which are known to be trusted. Sensitive information is cypher text when observed by software in Untrusted Domains, and clear text when observed by software in Trusted Domains. Sensitive information is unencrypted when it is in the address space of a protected process running inside a trusted domain.

17 Citations

View as Search Results

20 Claims

1. Computer comprising a processor configured to:
- execute a domain, a trusted domain and a process in the trusted domain that is executed in response to a request; and
  
  secure content written from the trusted domain;
  
  wherein the request is without an authentication protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. Computer of claim 1, wherein said processor is configured to route without an untrusted domain:
    - input, output, device assignment and combinations thereof.
  - 3. Computer of claim 1, wherein said processor is configured to permit content from a domain to be input into a trusted domain.
  - 4. Computer of claim 1, wherein said processor is configured to prevent output of unsecured content from a trusted domain other than as necessary for user sensory stimulation.
  - 5. Computer of claim 1, wherein said processor is configured to execute a designated domain to which sensory output from domains is forwarded.
  - 6. Computer of claim 1, wherein said processor is configured to transmit and/or receive data.
  - 7. Computer of claim 1, wherein the said processor is configured to route input and/or output according to a domain contemporaneously having focus.
  - 8. Computer of claim 1, wherein the request comprises selecting data from a medium.
  - 9. Computer of claim 8, wherein said processor is configured to execute a process appropriate for a content type associated with the data in a trusted domain.
  - 10. Computer of claim 8, wherein said processor is configured to unsecure content.

11. Method of securing content comprising:
- executing a domain;
  
  executing a trusted domain;
  
  executing a process in the trusted domain; and
  
  writing content; and
  
  , if said writing is from the trusted domain, prior to said writing, securing the content;
  
  wherein said executing a process is responsive to a request without an authentication protocol.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. Method of claim 11, further comprising routing without an untrusted domain:
    - input, output, device assignment and combinations thereof.
  - 13. Method of claim 11, further comprising permitting content from a domain to be input into a trusted domain.
  - 14. Method of claim 11, further comprising preventing output of unsecured content from a trusted domain other than as necessary for user sensory stimulation.
  - 15. Method of claim 11, further comprising:
    - executing a designated domain; and
      
      forwarding sensory output from domains to the designated domain.
  - 16. Method of claim 11, further comprising transmitting and/or receiving data.
  - 17. Method of claim 11, further comprising routing input and/or output according to a domain contemporaneously having focus.
  - 18. Method of claim 11, wherein the request comprises selecting data from a medium.
  - 19. Method of claim 18, further comprising executing a process appropriate for a content type associated with the data in a trusted domain.

20. Method of unsecuring content comprising:
- executing a domain;
  
  executing a trusted domain;
  
  executing a process in the trusted domain; and
  
  reading data; and
  
  , if said reading is to the trusted domain, after said reading,unsecuring content of the data;
  
  wherein said executing a process is responsive to a request without an authentication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neil Sikka
Original Assignee
Neil Sikka
Inventors
Sikka, Neil

Granted Patent

US 9,934,407 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45591   Monitoring or debugging sup...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 9/45558   Hypervisor-specific managem...

Apparatus For And Method Of Preventing Unsecured Data Access

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus For And Method Of Preventing Unsecured Data Access

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links