PROTECTION OF SENSITIVE DATA

US 20160379003A1
Filed: 06/27/2015
Published: 12/29/2016
Est. Priority Date: 06/27/2015
Status: Active Grant

First Claim

Patent Images

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

monitor, by a security module, access to data in a secured area of memory at a hypervisor level;

receive a request from a process to access the data in the secured area; and

deny the request if the process is not a trusted process.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device.

43 Citations

View as Search Results

20 Claims

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
- monitor, by a security module, access to data in a secured area of memory at a hypervisor level;
  
  receive a request from a process to access the data in the secured area; and
  
  deny the request if the process is not a trusted process.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The at least one machine readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to:
    - set a permission to read the data in the secured area of memory to a deny permission.
  - 3. The at least one machine readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the at least a processor to:
    - determine if the process is trusted process.
  - 4. The at least one machine readable medium of claim 1, further comprising one or more instructions that when executed by the at least one processor, further cause the at least one processor to:
    - allow the request if the process is a trusted process or is included in a whitelist.
  - 5. The at least one machine readable medium of claim 1, wherein the electronic device is a point of sale device.

6. An apparatus comprising:
- a security module configured to;
  
  monitor access to data in a secured area of memory at a hypervisor level;
  
  receive a request from a process to access the data in the secured area; and
  
  deny the request if the process is not a trusted process.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the security module is further configured to:
    - set a permission to read the data in the secured area of memory to a deny permission.
  - 8. The apparatus of claim 6, wherein the security module is further configured to:
    - determine if the process is a trusted process.
  - 9. The apparatus of claim 6 wherein the security module is further configured to:
    - allow the request if the process is a trusted process or is included in a whitelist.
  - 10. The apparatus of claim 6, wherein the electronic device is a point of sale device.

11. A method comprising:
- monitoring access to data in a secured area of memory at a hypervisor level;
  
  receiving a request from a process to the data in the secured area; and
  
  denying the request if the process is not a trusted process.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - setting a permission to read the data in the secured area of memory to a deny permission.
  - 13. The method of claim 11, further comprising:
    - determining if the process is a trusted process.
  - 14. The method of claim 11, further comprising:
    - allowing the request if the process is a trusted process or is included in a whitelist.
  - 15. The method of claim 11, wherein the electronic device is a point of sale device.

16. A system for protecting data, the system comprising:
- a security module configured to;
  
  monitor access to data in a secured area of memory at a hypervisor level;
  
  receive a request from a process to the data in the secured area; and
  
  deny the request if the process is not a trusted process.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the system is further configured to:
    - set a permission to read the data in the secured area of memory to a deny permission.
  - 18. The system of claim 16, wherein the system is further configured to:
    - determine if the process is a trusted process.
  - 19. The system of claim 16, wherein the system is further configured to:
    - allow the request if the process is a trusted process or is included in a whitelist.
  - 20. The system of claim 16, wherein the electronic device is a point of sale device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Kapoor, Aditya, Edwards, Jonathan L.

Granted Patent

US 10,691,476 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 9/45558   Hypervisor-specific managem...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/206   comprising security or oper...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4016   involving fraud or risk lev...

PROTECTION OF SENSITIVE DATA

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROTECTION OF SENSITIVE DATA

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links