Method for protecting sensitive data during execution

摘要

A method for protecting sensitive data during execution time. The sensitive data are normally stored on permanent storage devices (e.g. a hard disk). The method, according to the present invention is based on the creation at system boot of a runtime process and a corresponding runtime memory space. The sensitive data are then moved to the runtime memory space and the copy on the storage device is deleted or made unusable by users. At shutdown time the sensitive data are copied back to the storage device according to the uptodate version on the runtime memory. In particular the present invention is applied to a license management system which allows nodelocked licenses on client system even if the client is disconnected from the network. License information are considered sensitive data which should be protected during execution. A device driver is created at system boot time and a kernel cache memory is allocated to the driver. Sensitive data are then transferred to the kernel cache memory and deleted (or made non-accessible) on the permanent storage. Queries to the license information are made by means of driver I/O control codes. Sensitive data are then saved back to the permanent storage at shutdown time.