Method and apparatus for the protection of information in a device upon separation from a network

摘要

Systems, methods and consumer-readable media for providing an system implementing an information lock box. Sensitive files may be identified by the system prior to engagement of the protection system. One method according to the invention may preferably include hiding and/or encrypting sensitive files upon detecting changes of the network status. The information lock box may utilize a file-system driver to control access to files. The system may communicate with administrative serve and communicating messages to a user.

主权项

1. A method for protecting sensitive information stored on a computer device, the method comprising:
using a hardware service component resident on the device, detecting a first change in network access of the device, the first change comprising a switch of access, by the device, from a trusted network to an untrusted network; using the hardware service component, communicating the first change in network access to a software file-system driver that is resident on the device, wherein the software file-system driver is a kernel-level component; using the software file-system driver, hiding and encrypting a sensitive file that resides locally on the device in response to detection by the hardware service component of the first change in network access from the trusted network to the untrusted network; using the hardware service component, detecting a second change in network access of the device, the second change comprising a switch of access, by the device, from the untrusted network to the trusted network; and using the software file-system driver, decrypting and displaying the sensitive file in response to detection by the hardware service component of the second change in network access from the untrusted network to the trusted network; wherein:
in response to the first change from the trusted network to the untrusted network, the software file-system driver searches for the sensitive file in ROM, RAM and on a hard disk of the device;when the sensitive file is hidden and encrypted, a user of the device cannot see, open and delete the sensitive file when using the device;when the sensitive file is decrypted and displayed, the user of the device may see, open and delete the sensitive file when using the device; andwhen the device is connected to the untrusted network, the software file-system driver performs a polling loop that continually checks for creation of a new sensitive file stored locally on the device and, in response to detecting the creation of the new sensitive file, encrypts and hides the new sensitive file.