Apparatus For And Method Of Preventing Unsecured Data Access
First Claim
Patent Images
1. Computer comprising a processor configured to:
- execute a domain, a trusted domain and a process in the trusted domain that is executed in response to a request; and
secure content written from the trusted domain;
wherein the request is without an authentication protocol.
0 Assignments
0 Petitions
Accused Products
Abstract
Shown and depicted is preventing sensitive information from being exfiltrated from an organization using hypervisors. A Data Loss Prevention system is composed using virtual machines or domains to segment memory between domains which are assumed to be untrusted and domains which are known to be trusted. Sensitive information is cypher text when observed by software in Untrusted Domains, and clear text when observed by software in Trusted Domains. Sensitive information is unencrypted when it is in the address space of a protected process running inside a trusted domain.
17 Citations
20 Claims
-
1. Computer comprising a processor configured to:
- execute a domain, a trusted domain and a process in the trusted domain that is executed in response to a request; and
secure content written from the trusted domain;
wherein the request is without an authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- execute a domain, a trusted domain and a process in the trusted domain that is executed in response to a request; and
-
11. Method of securing content comprising:
-
executing a domain; executing a trusted domain; executing a process in the trusted domain; and writing content; and
, if said writing is from the trusted domain, prior to said writing, securing the content;wherein said executing a process is responsive to a request without an authentication protocol. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. Method of unsecuring content comprising:
-
executing a domain; executing a trusted domain; executing a process in the trusted domain; and reading data; and
, if said reading is to the trusted domain, after said reading,unsecuring content of the data; wherein said executing a process is responsive to a request without an authentication protocol.
-
Specification