Method and apparatus for securing confidential data for a user in a computer

摘要

Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.

主权项

1. An article of manufacture for securing confidential data, the article of manufacture comprising:
at least one non-transitory processor readable storage medium; and instructions stored on the at least one medium; wherein the instructions are configured to be readable from the at least one medium by at least one processor and thereby cause the at least one processor to operate so as to:
access a first digital identity defining confidential information associated with a first individual and maintained by an identity manager;generate a first plurality of search rules based on the confidential information defined by the first digital identity;search a plurality of files in a storage system using the first plurality of search rules to detect a file having at least a portion of the confidential information;encrypt the file using a first encryption key associated with the first digital identity;receive a request to access the file comprising a credential during a session;authenticate the request based on the credential and the first encryption key; andassociate the first encryption key with the session.