Method and system for protecting encrypted files transmitted over a network
First Claim
1. A method comprising:
- (a) receiving a request for access to a secured file, wherein the request is initiated by a requestor, and wherein the request is associated with a process associated with a computer system;
(b) determining whether the process is a trusted process, wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process;
(c) determining whether the requestor is permitted to access an unsecured version of the secured file; and
(d) upon successful determination in steps (b) and (c), unsecuring the secured file to produce the unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file.
9 Assignments
0 Petitions
Accused Products
Abstract
An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, in opening a file for use by a network browser, the network browser receives a secured (e.g., encrypted) version of the secured file when the destination location (e.g., destination address) for the network browser is not trusted, but receives an unsecured (e.g., unencrypted) version of the secured file when the destination location for the network browser is trusted. According to another aspect, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.
510 Citations
33 Claims
-
1. A method comprising:
-
(a) receiving a request for access to a secured file, wherein the request is initiated by a requestor, and wherein the request is associated with a process associated with a computer system; (b) determining whether the process is a trusted process, wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process; (c) determining whether the requestor is permitted to access an unsecured version of the secured file; and (d) upon successful determination in steps (b) and (c), unsecuring the secured file to produce the unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
(a) receiving a file open request to open a secured file, the request being initiated by a requester and being associated with a process; (b) determining whether the process is a trusted process wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination location associated with the process and a current Universal Resource Locator (URL) associated with the process; (c) determining whether the requester is permitted to open an unsecured version of the secured file; (d) permitting the secured file to be opened for limited use by the requestor when the process is determined not to be trusted; and (e) upon successful determination in steps (b) and (c), permitting the unsecured version of the secured file to be opened for use by the requestor. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer readable storage medium having computer program code recorded thereon, that when executed by a processor, causes a processor to limit access to a file secured by a file security system, the computer readable storage medium comprising:
-
computer program code enabling a processor to receive a request for access to a secured file, wherein the request is initiated by a requester, and wherein the request is associated with a process; computer program code enabling the processor to determine whether the process is trusted wherein the determination is based on trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process; computer program code enabling the processor to determine whether the requestor is permitted to access an unsecured version of the secured file; and computer program code enabling the processor to unsecure the secured file to produce an unsecured version of the secured file, thereby permitting access to the unsecured version of the secured file. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer system providing file security, comprising:
-
an access control system configured to limit access to stored files based on at least access rules and trusted criteria, wherein the trusted criteria includes trust of the process and trust of an external destination of the process, wherein the external destination of the process is based on one or more of a destination address associated with the process and a current Universal Resource Locator (URL) associated with the process; a process configured to operate on the computer system; and a destination monitor configured to monitor an external destination of the process, wherein the access control module permits access to the stored, secured files only when the access rules are satisfied and the process, as well as the external destination, satisfy the trusted criteria. - View Dependent Claims (32, 33)
-
Specification