| 发明名称 | Protecting documents using policies and encryption | ||
| 摘要 | A system protects documents at rest and in motion using declarative policies and encryption. A document at rest includes documents on a device such as the hard drive of a computer. A document in motion is a document that is passing through a policy enforcement point. The policy enforcement point can be a server (e.g., mail server, instant messenger server, file server, or network connection server). | ||
| 申请公布号 | US9413771(B2) | 申请公布日期 | 2016.08.09 |
| 申请号 | US201514748115 | 申请日期 | 2015.06.23 |
| 申请人 | NextLabs, Inc. | 发明人 | Lim Keng;Fung Poon;Han Andrew |
| 分类号 | G06F21/62;G06F21/10;H04L29/06;H04L9/08;G06F21/60 | 主分类号 | G06F21/62 |
| 代理机构 | Aka Chan LLP | 代理人 | Aka Chan LLP |
| 主权项 | 1. A method comprising: providing a system comprising unencrypted and encrypted document content, wherein an unencrypted document is encrypted to become an encrypted document, and the encrypted document is larger in size than the unencrypted document from which it is derived; providing a policy server accessible to devices of the system, wherein the policy server comprises a plurality of policies and each policy manages access to documents of the system; providing an encryption service driver executing on a computing device of the devices of the system, wherein the policy server is separate from the computing device; permitting access to an encrypted document by an application program on the computing device; when an access to the encrypted document occurs, using the encryption service to intercept the access of the encrypted document, wherein the intercepting the access of the encrypted document occurs at a system level of the application program comprising: allowing the access to the encrypted document by the application program to execute until a first system level operation executes; identifying the first system level operation as executing due to the application program requesting access to the encrypted document; preventing the first system level operation from executing; at the encryption service, identifying the application program attempting to access the encrypted document; from the encryption service, sending identification information on the application program to a policy enforcer component, executing on the computing device; controlling access to the unencrypted content based on the first policy comprising: identifying a first application process identifier assigned by an operating system executing on the computing device for the application program, wherein the application program is attempting access to the encrypted document; receiving a decryption key based on the first application process identifier at the encryption service; using the encryption service to decrypt the encrypted document to produce the unencrypted content; providing the unencrypted content to the application program; and allowing the first system level operation to execute. | ||
| 地址 | San Mateo CA US | ||