Method and system for protecting encrypted files transmitted over a network

US 7,512,810 B1
Filed: 09/11/2002
Issued: 03/31/2009
Est. Priority Date: 09/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) receiving a request for access to a secured file, wherein the request is initiated by a requestor, and wherein the request is associated with a process associated with a computer system;

(b) determining whether the process is a trusted process, wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process;

(c) determining whether the requestor is permitted to access an unsecured version of the secured file; and

(d) upon successful determination in steps (b) and (c), unsecuring the secured file to produce the unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, in opening a file for use by a network browser, the network browser receives a secured (e.g., encrypted) version of the secured file when the destination location (e.g., destination address) for the network browser is not trusted, but receives an unsecured (e.g., unencrypted) version of the secured file when the destination location for the network browser is trusted. According to another aspect, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.

510 Citations

33 Claims

1. A method comprising:
- (a) receiving a request for access to a secured file, wherein the request is initiated by a requestor, and wherein the request is associated with a process associated with a computer system;
  
  (b) determining whether the process is a trusted process, wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process;
  
  (c) determining whether the requestor is permitted to access an unsecured version of the secured file; and
  
  (d) upon successful determination in steps (b) and (c), unsecuring the secured file to produce the unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the method further comprises:
    - (e) permitting access to the secured file when the determining (b) determines that the process is not trusted.
  - 3. The method as recited in claim 2, wherein the method further comprises:
    - (f) denying access to the secured file when the determining (b) determines that the process is trusted and the determining (c) determines that the requestor is not permitted to access an unsecured version of the secured file.
  - 4. The method as recited in claim 3, wherein the process pertains to a network browser operating on the computer system.
  - 5. The method as recited in claim 1, wherein the method further comprises:
    - (e) denying access to the secured file when the determining (b) determines that the process is trusted and the determining (c) determines that the requester is not permitted to access an unsecured version of the secured file.
  - 6. The method as recited in claim 1, wherein:
    - the process has a current destination address associated therewith; and
      
      the determining (b) of whether the process is trusted by the file security system is determined based on at least the current destination address.
  - 7. The method as recited in claim 6, wherein the current destination address is determined by monitoring a current destination address for each of a plurality of processes operating on the computer system.
  - 8. The method as recited in claim 7, wherein when a process being monitored for a current destination address has multiple windows, the current destination address for the process pertains to one of the windows in a foreground position.
  - 9. The method as recited in claim 1, wherein the determining (b) of whether the process is trusted by the file security system comprises:
    - (b1) identifying a process name and a current destination address for the process; and
      
      (b2) comparing the process name and the current destination address with a predetermined list of trusted processes and destination addresses.
  - 10. The method as recited in claim 9, wherein step (b) further comprises:
    - (b3) concluding that the process is trusted when the comparing (b2) determines that the process name and the current destination address are present within the list of trusted processes and destination addresses.
  - 11. The method as recited in claim 1, wherein the process pertains to a network browser operating on the computer system.

12. A method comprising:
- (a) receiving a file open request to open a secured file, the request being initiated by a requester and being associated with a process;
  
  (b) determining whether the process is a trusted process wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination location associated with the process and a current Universal Resource Locator (URL) associated with the process;
  
  (c) determining whether the requester is permitted to open an unsecured version of the secured file;
  
  (d) permitting the secured file to be opened for limited use by the requestor when the process is determined not to be trusted; and
  
  (e) upon successful determination in steps (b) and (c), permitting the unsecured version of the secured file to be opened for use by the requestor.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method as recited in claim 12, wherein the method further comprises:
    - preventing the secured file or the unsecured version of the secured file from being opened for use by the requestor when the requestor lacks permission.
  - 14. The method as recited in claim 12, wherein the secured file is secured through encryption.
  - 15. The method as recited in claim 12, wherein:
    - the process has a current Universal Resource Locator (URL) associated therewith, andthe determining of whether the process is trusted by the file security system is determined based on at least the current URL.
  - 16. The method as recited in claim 15, wherein the process pertains to a network browser operating on the computer system.
  - 17. The method as recited in claim 15, wherein the current URL is determined by monitoring a current URL for each of a plurality of processes operating on the computer system.
  - 18. The method as recited in claim 17, wherein when a process being monitored for a current URL has multiple windows, the current URL for the process pertains to one of the windows in a foreground position.
  - 19. The method as recited in claim 15, wherein the determining of whether the process is trusted by the file security system comprises:
    - identifying a process name and a current Universal Resource Locator (URL) for the process; and
      
      comparing the process name and the current URL with a predetermined list of trusted processes and URLs.
  - 20. The method as recited in claim 12, wherein the determining of whether the process is trusted by the file security system comprises:
    - identifying a process name and a current Universal Resource Locator (URL) for the process, andcomparing the process name and the current URL with a predetermined list of trusted processes and URLs.
  - 21. The method as recited in claim 20, wherein the method further comprises:
    - concluding that the process is trusted when the comparing determines that the process name and the current URL are present within the list of trusted processes and URLs.
  - 22. The method as recited in claim 12, wherein the process pertains to a network browser operating on the computer system.

23. A computer readable storage medium having computer program code recorded thereon, that when executed by a processor, causes a processor to limit access to a file secured by a file security system, the computer readable storage medium comprising:
- computer program code enabling a processor to receive a request for access to a secured file, wherein the request is initiated by a requester, and wherein the request is associated with a process;
  
  computer program code enabling the processor to determine whether the process is trusted wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process;
  
  computer program code enabling the processor to determine whether the requestor is permitted to access an unsecured version of the secured file; and
  
  computer program code enabling the processor to unsecure the secured file to produce an unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The computer readable storage medium as recited in claim 23, wherein the process pertains to a network browser operating on the computer system.
  - 25. The computer readable storage medium as recited in claim 23, wherein the computer program code enabling the processor to determine whether the process is trusted by the file security system comprises:
    - computer program code enabling the processor to identify a process name and a current destination address for the process;
      
      computer program code enabling the processor to compare the process name and the current destination address with a predetermined list of trusted processes and destination addresses; and
      
      computer program code enabling the processor to conclude that the process is trusted when the computer program code enabling the processor to compare determines that the process name and the current destination address are present within the list of trusted processes and destination addresses.
  - 26. The computer readable storage medium as recited in claim 23, wherein the process has a current destination address associated therewith, and wherein the computer program code enabling the processor to determine determines whether the process is trusted by the file security system based on at least the current destination address.
  - 27. The computer readable storage medium as recited in claim 26, wherein the current destination address is determined by monitoring a current destination address for each of a plurality of processes operating on the computer system.
  - 28. The computer readable storage medium as recited in claim 27, wherein when a process being monitored for a current destination address has multiple windows, the current destination address for the process pertains to one of the windows in a foreground position.
  - 29. The computer readable storage medium as recited in claim 26, wherein the computer readable storage medium further comprises:
    - computer program code enabling the processor to permit access to the secured file when the computer program code enables the processor to determine determines that the process is not trusted; and
      
      computer program code enabling the processor to deny access to the secured file when the computer program code enables the processor to determine that the process is trusted and the computer program code enabling the processor to determine that the requester is not permitted to access an unsecured version of the secured file.
  - 30. The computer readable storage medium as recited in claim 26, wherein the current destination address is one of a Universal Resource Identifier (URI) or a Universal Resource Locator (URL).

31. A computer system providing file security, comprising:
- an access control system configured to limit access to stored files based on at least access rules and trusted criteria, wherein the trusted criteria includes trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process;
  
  a process configured to operate on the computer system; and
  
  a destination monitor configured to monitor an external destination of the process, wherein the access control module permits access to the stored, secured files only when the access rules are satisfied and the process, as well as the external destination, satisfy the trusted criteria.
- View Dependent Claims (32, 33)
- - 32. The computer system as recited in claim 31, wherein the process pertains to a network browser operating on the computer system.
  - 33. The computer system as recited in claim 32, wherein the destination monitor examines a resource being displayed in a foreground window of the network browser to determine the external destination that is being or is to be accessed by the network browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kioba Processing, LLC (IP Investments Group LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Ryan, Nicholas M.
Primary Examiner(s)
Truong; Thanhnga B

Application Number

US10/242,185
Time in Patent Office

2,393 Days
Field of Search

726/3, 726/2, 726/4, 726/13, 726/16, 726/26, 726/27, 713/165, 713/189, 713/182, 713/168, 709/201, 709/229, 709/223, 709/225, 707 9- 10, 705/51, 710/22, 710/28
US Class Current

713/189
CPC Class Codes

H04L 63/20 for managing network securi...

Method and system for protecting encrypted files transmitted over a network

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

510 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting encrypted files transmitted over a network

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

510 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links