Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-11-22
2004-10-12
Hua, Ly V. (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C709S227000, C705S404000, C705S060000, C705S410000, C380S051000
Reexamination Certificate
active
06804784
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to the protection of data stored in a computer; and more particularly to the protection of data stored in a memory vault system.
BACKGROUND OF THE INVENTION
In order to secure data from unauthorized access, the data may be encrypted. Encryption algorithms are commonly designed to use a key pair—one key for encryption and one key for decryption. Encryption is used to encode information and send it as an encrypted file. Encryption may also be used to set up a secure connection between two computers so that eavesdroppers will not be able to intercept data being exchanged.
An encrypted container may be used to protect data within a computer system. An encrypted container is a reserved area on a disk to which protected files are copied and saved. This may be implemented by creating a file which is encrypted, and which is mounted as and acts as a file system. Prior art encrypted containers allow content distributors to distribute content to users without endangering the security of the content. A client side container-opener application is used to access the encrypted container. The client side container-opener may limit the accesses to data in the encrypted container in any number of ways. For example, it may allow the data to be accessed only at certain times or with a proof of payment key.
Prior art encrypted container systems contain limited security once the container is opened and the data released. When a file is opened in a computer running prior art software and operating systems, the data may leak to applications (such as clipboard or other system. applications) and may be copied and left insecure during system operations, such as printing. This compromises the system.
Some client side container-openers may come with integrated data-display mechanisms which allow the user to view the secure data. For example, Folio (NextPage, Inc.) provides a viewer browser to display files and the viewer browser prevents unauthorized use of data by turning off application level controls. However, this means that when documents in Folio are displayed, data can still be saved to the clip board and attacked in other ways from the system level.
Watermarking or digital fingerprinting by the client side container-opener application can be used to trace the origin of content which has been opened and removed from an encrypted container. This will allow tracing of content which has been distributed in an unauthorized way. However, this still allows the data to be viewed by unauthorized users.
SUMMARY OF THE INVENTION
The invention discloses a memory vault system and method particularly applicable to a system in which protected data is transmitted to a recipient with access controls. An illustrative embodiment of the invention comprises a computer system in which secured data in a memory vault is accessed via a system-level security application which enforces strict access controls on data, and outside applications permitted to access data are monitored and certain system-level commands from these outside applications mediated by the security application. Back-channeling of any data derived from secured data is effected so that all data remains secured.
REFERENCES:
patent: 4621321 (1986-11-01), Boebert et al.
patent: 5347578 (1994-09-01), Duxbury
patent: 5956710 (1999-09-01), Yarom
patent: 6356941 (2002-03-01), Cohen
patent: 6366930 (2002-04-01), Parker et al.
patent: 6449652 (2002-09-01), Blumenau et al.
patent: 6466983 (2002-10-01), Strazza
patent: 6553466 (2003-04-01), Friedman et al.
patent: 6615275 (2003-09-01), Yohe et al.
Friedman George
Murdock Carlos A.
Starek Robert Phillip
Hua Ly V.
Infraworks Corporation
Piper Rudnick LLP
LandOfFree
Back-channeling in a memory vault system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Back-channeling in a memory vault system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Back-channeling in a memory vault system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3313015