GB2470008A - Secure user access to data - Google Patents

Secure user access to data Download PDF

Info

Publication number
GB2470008A
GB2470008A GB0907665A GB0907665A GB2470008A GB 2470008 A GB2470008 A GB 2470008A GB 0907665 A GB0907665 A GB 0907665A GB 0907665 A GB0907665 A GB 0907665A GB 2470008 A GB2470008 A GB 2470008A
Authority
GB
United Kingdom
Prior art keywords
data
access
system resource
resource access
environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0907665A
Other versions
GB2470008B (en
GB0907665D0 (en
Inventor
Tony Pepper
Neil Larkins
John Goodyear
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Egress Software Technologies Ltd
Original Assignee
Egress Software Technologies Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Egress Software Technologies Ltd filed Critical Egress Software Technologies Ltd
Priority to GB0907665A priority Critical patent/GB2470008B/en
Priority to GB1321692.4A priority patent/GB2505375B/en
Publication of GB0907665D0 publication Critical patent/GB0907665D0/en
Publication of GB2470008A publication Critical patent/GB2470008A/en
Application granted granted Critical
Publication of GB2470008B publication Critical patent/GB2470008B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • G06F21/126Interacting with the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a method of providing users with secure access to data, This is done by determining a system access permission for a user. The access permission information is received, and then implemented. Then when the user requests access to the data, establishing a secure data access environment within the computer system on the basis of the access permission information. In response to the user requesting access the method may authorise the user and verify access to the data through a remote storage medium. The method may in setting up a secure access environment intercept system resource access requests. Also disclosed are a system and method for providing user access to data by receiving at a processing system a data container with the data and an access means. Then executing the access means to establish a data processing environment within the data container and accessing the data.

Description

Secure Data Exchange Desktot
Field of the Invention
The present invention relates to a method and a system for transferring data, in particular to a system for and a method of transferring data by providing a secure data access environment in which the recipient has restricted access to the data.
Background of the Invention
One of the traditional approaches to the problem of data security has been the use of encryption technology to secure data, which is to be transferred, in a secure data container.
The data can then be decrypted and accessed by the recipient from within a processing system. It is believed that the above approach poses a problem in that once the data has been received and decrypted the recipient has full un-restricted use of the data. Once the recipient copies the data to the local hard disk they are free to use that information as they wish.
Within the UNIX operating system, systems such as Systrace and Chrooted Systrace (SSH) are known, which comprise "user mode function injection" or "system call hooking".
In terms of "system call hooking" a process is allowed to inject executable code between an arbitrary process and the Windows TM system services (API' s). This injection then allows the injecting process to implement additional or alternative logic when operating system calls are made. In this manner, the enforceability of a system resource access request can be controlled by the user in terms of a system resource access policy which dictates whether a launched Application Programming Interface (API) will be permitted to be completed on the computer system. However, in this prior art technology the system resource access permission is implemented on a per-system basis, irrespective of the intended recipient of the data.
In addition, a Virtual Desktop Infrastructure (VDI) system is known in the art, which is currently being provided by vendors such as VMWareTM and CitrixTM. In terms of this system, a personal private WindowsTM desktop is provided to individual users over a remote desktop connection. In other words, a complete virtual desktop environment is delivered over the remote desktop connection to provide a personal desktop, thereby providing a controlled environment in which a system resource access permission can be implemented.
However, the data and the means for establishing the virtual desktop environment are not coupled together, which is to say that when the data is accessed by a user, the virtual desktop environment is not established on the processing system.
Summary of the Invention
In accordance with a first aspect of the present invention, there is provided a method of providing a user with access to data, the data being accessible by the user in a data processing environment, wherein at least one system resource access permission has been determined for the user, the method comprising the steps of: receiving a the system resource access permission specific to the user; implementing the system resource access permission in the data processing environment; and in response to the user requesting access to the data from within the data processing environment, establishing a secure data access environment within a system on the basis of the user-specific system resource access permission. This provides benefits over arrangements such as that described in Systrace and Chrooted Systrace (SSH) prior art mechanisms in that the system resource access permission which is implemented in the data access environment is specific to the intended recipient and may be unique.
In an arrangement of the present invention, the data is stored in conjunction with a data access means, and the method includes the steps of: in response to the user requesting access to the data, executing the data access means; and the executed data access means establishing the secure data access environment on the system. As a result the data and the data access means are coupled together in that when the recipient seeks to access the data, the processing environment is executed on a computer system, thereby providing benefits over the existing Virtual Desktop Infrastructure (VDI) system in terms of which the recipient is required to have a data access environment pre-installed on a processing system before accessing the data.
In one arrangement, in response to a request for access to the data, the method includes: authorising the user; and verifying access to the data and at least one system resource access permission, through a remote storage medium. Hence, in the event that the recipients which are authorised to access the data are modified after the data container has left the physical control of the creator, the modified and most up to date version of authorised recipients will be used to verify the access rights of any intended recipient. In this way, the accessibility of the data can be controlled by the creator of the data container, even after it has left his/her physical control. In addition, it will be ensured that the most up to date version of the system resource access permission is implemented on the recipient system.
Conveniently, in response to the establishment of a secure data access environment, the method can include: intercepting a system resource access request message originating from within the secure data processing environment, the system resource access request message comprising at least one parameter for use in controlling use of corresponding system resources; identifying an additional parameter on the basis of at least one system resource access permission; and controlling within the data access environment, the system resources on the basis of the additional parameter and the at least one parameter. Hence, the system resource access policy determined by the creator of the data container can be used to control the completion of system resource access requests which are initiated from within the data access environment. In this way, the recipient of the data will be prevented from having unrestricted access to the secure data and the amount of access the recipient has to the data will be determined by the system resource access policy, as indicated by the creator of the data and the data container.
In an embodiment of the present invention, the step of controlling the system resources includes modifying the at least one parameter on the basis of the identified additional parameter. Hence, an identifying parameter in a system resource access request message can form the basis of implementing the system resource access permission in the data access environment. In this way, a system resource access request message can, for example, be modified to prevent its completion in the secure environment if the system resource access permission so dictates.
In an alternative arrangement, the step of controlling the system resources can involve selecting the identified additional parameter and the at least one parameter and creating a further system resource request message comprising the selected parameters. In this way when, for example, a first system resource access request message seeks access to a system resource and is refused on the basis of the system resource access permission, a second system resource access request message can be created to ensure that access to the system resource in question, is not granted.
In a yet further arrangement, the step of controlling the system resources can involve selecting the identified additional parameter and creating a further system resource request message comprising the selected additional parameter. In this way, a new system resource access request message can be created which includes the relevant parameters of the system resource access permission thereby ensuring that the system resource access permission is implemented.
In an arrangement of the present invention, the additional parameter is for use in controlling use of system resources different to those controlled by the at least one parameter.
Hence, the new system resource access request message which is created may relate to different system resources than those which the initial system resource access request message relates to. In this way, when a system resource access request message relating, for example, to the writing of data to a new file is initiated from within the secure environment, and is allowable in terms of the system resource access permission, a new system resource access permission may be generated which, for example, relates to the creation of a new file.
In an embodiment of the present invention, a system resource access permission includes a parameter specifying write-access rights to the data, in the event that write access is prevented in terms of the system resource access permission, the method includes the step of: creating a further system resource access request message for use in preventing write-access to the data. In this way, write access will be denied in terms of a system resource access request, if the system resource policy so dictates, without physically altering the parameters of the system resource access request message.
In accordance with another aspect of the invention, there is provided a system for providing access to data, the data being accessible from within a secure data processing environment, the system including: a data container comprising the data and a data access means, whereby the data access means is executed on the processing system whilst being run from within the data container, thereby establishing a data processing environment within the processing system which provides access to the data. In this way, the data can be accessed on the system and subjected to control by the system resource access permission without the need to install any additional components, such as a data access environment, on the system before the data can be accessed. This therefore provides benefits over the existing Virtual Desktop Infrastructure (VDI) system in terms of which the recipient is required to have a data access environment pre-installed on a processing system before the data can be accessed.
Preferably the data access means is provided on an external storage medium, the data access means being run from within the external storage medium. Hence, the data access environment can be established on the recipient system whilst the data access means is run from the external storage medium. In this regard, the data access means can be a portable component which allows the data to be accessed on the recipient system without the need to have the software components pre-installed on the system.
Conveniently, the data access means can be provided on a remote networked device, the data access means being run from within the remote networked device. In this way, the data access environment can be run through a network on the recipient computer system, thereby eliminating the need to have the data access environment or any other components pre-installed on the computer system before the data can be accessed.
In embodiments of the invention the data are preferably accessible from within the secure data access environment. In such arrangements, the data on the data container can be encrypted and the access environment which is established on the system can be similarly secure and data decrypted from within the secure environment.
In accordance with another aspect of the invention there is provided a method of providing access to data, the data being data accessible from within a secure data processing environment, the method comprising the steps of: receiving, at a processing system, a data container comprising the data and a data access means; executing the data access means on the processing system, whereby to establish a data processing environment within the processing system, and thereby enable access to the data; and responsive to a request for access to the data, using the established data processing environment to intercept a system resource access request and to control system resource events on the basis of predetermined criteria. In this way, a system resource access permission, as determined by the creator of the data and the data container, can be implemented on a recipient system and system resource access requests which are executed from within a certain environment on the recipient system will be allowed or refused on the basis of this system resource access permission.
In an arrangement of the present invention, the system resource access request comprises at least one parameter for use in controlling use of corresponding system resources, and the method further comprises the steps of: in response to the interception of a system resource access request executed from within the data processing environment, identifying an additional parameter on the basis of the at least one system resource access permission; and controlling, within said data access environment, said system resources on the basis of the additional parameter and said at least one parameter. In this way, the enforceability of a system resource access request will be based on the parameters in the system resource access permission and the relevant parameters in the system resource access request message. In this way, the system resource which the system resource access request relates to and other identifying parameters in the system resource access request message will be used to determine whether the corresponding parameters in the system resource access request message dictates that the system resource can be accessed or not.
Brief Description of the Drawings
Figure 1 is a schematic diagram showing a distributed system in which embodiments of the invention operate; Figure 2 is a diagrammatic representation of a machine in the example form of a computer system within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed; Figure 3 is a flow diagram showing a method of creating a secure data container, according to embodiments of the present invention; Figure 4 is a flow diagram showing a method of establishing a secure environment for accessing the data in the data container on a system as shown in Figure 1, according to embodiments of the present invention; Figure 5 is a flow diagram of a method of establishing a secure browser environment on a system as shown in Figure 1, according to embodiments of the present invention; and Figure 6 is a flow diagram of a method of establishing a secure desktop environment on a system as shown in Figure 1, according to embodiments of the present invention.
Detailed Description of the Invention
Referring to Figure 1 of the drawings, a system for facilitating access to data in a secure data access environment in which the recipient has restricted access to the data, in accordance with the invention, is generally indicated by reference numeral 100.
The system 100 includes a data container 112 which in turn includes a data access medium 116, a system resource access permission 118 and data 114. In accordance with the invention, the data container 112 is a resource which is operable to store the data 114 and the data access medium 116 in such a manner as to provide the data 114 and data access medium 116 in an integrated manner. For example, the data container 112 could be a conventional archive file such as a Windows TM archive file, which comprises an integrated file structure and metadata. It is to be appreciated that the data container 112 may be secure and the data 114 encrypted to the standard of FIPS 140. In this regard, the archived file 112 may include metadata relating to the correction and detection of errors in the encrypted data 114.
In addition, it is to be appreciated that the data access medium 116 may, for example, be in the form of an executable file, such as a Windows TM executable file comprising executable code operable to cause a computer to perform indicated tasks.
It is to be appreciated that the system resource access permission 118 may include a unique list of parameters for the intended recipient, dictating the enforceability of a system resource access request launched from within the computer system 102. A system resource access permission 118 parameter may, for example, include a Boolean expression and a corresponding action clause in the form of a deny or a permit action.
The data container 112 is operatively accessible on a computer system, such as the illustrated computer system 102. In this particular depiction of an embodiment of the invention, a computer system 102 is shown in more detail to include a plurality of functional components. It is to be appreciated that the functional components may be consolidated into one device or distributed among a plurality of devices in a conventional fashion. In this example, as mentioned above, the system 100 includes a computer system 102 operatively connectable to the data container 112.
The computer system 102 includes a conventional processor 120 which, in turn, includes a secure environment module 122 which is a conceptual module, the physical parameters of which may be operatively definable on the computer system 102 during use, and which corresponds to a functional task performed by the processor 120. To this end, the computer system 102 includes a conventional machine-readable medium 126, e.g. main memory, a hard disk drive, or the like, which carries thereon a set of instructions to direct the operation of the computer system 102 or the processor 120, for example being in the form of a computer program. The computer system 102 further includes a conventional communication interface 128 for communication of data with a communication network 110.
In this particular embodiment of the invention, the computer system 102 operates in the capacity of a client machine and is connected to a remote server 104 in a client-server communication network 110. In alternative embodiments, the computer system 102 operates as a stand-alone device.
The server 104 also includes a conventional communication interface 108, connected to the computer system 102 in the client-server communication network 110 as well as a user and system resource access permission verification module 106 comprising the latest version of the data 114 and the system resource access permission 118 and stored on a conventional storage device, e.g. a database or another storage medium on the server 104. It is to be appreciated that the computer system 102 is operable to connect to the server 104 and to verify the data 114 and the system resource access permission 118 provided on the data container 112 using the verification module 106 provided on the remote server 104.
Also, although not illustrated, the computer system 102 includes a user interface including at least a display (e.g. a computer screen) and an input device (e.g. a mouse or keyboard). The user interface is operable to display prompts in terms of the data access medium 116 and to receive user input in terms of the accessing of the data 114. More particularly, the user interface includes a data access medium front-end which is operable to display a virtual view of the computer system 102.
In use, due to the integrated nature of the data 114 and the data access medium 116, accessing of the data 114 from within the computer system 102 causes a first instance of the data access medium 116 to be executed on the computer system 102. As a result, a secure data access environment 122 is established on the computer system 102 which is operable to implement the system resource access permission 118. It will be appreciated that, in accordance with this particular embodiment of the invention, the data container 112 is located on an external storage medium. The data access environment 122 on the computer system 102 may therefore be run from within the data container 112 located on the external storage medium.
Further, a system resource access request launched from within the secure environment 122 is intercepted by the kernel of the operating system in terms of the executed data access medium 116 which is run on the computer system 102 in the form of an installed application 126. The parameters of the intercepted system resource access request message are subjected to the Boolean expressions of the system resource access permission 118. If a parameter in the intercepted system resource access request message causes a Boolean expression to equate to true, the system resource access request is permitted to complete on the computer system 102. Conversely, when a parameter causes the Boolean expression to equate to a false, the system resource access request is denied and prevented from being completed on the computer system 102.
In this regard, it is to be appreciated, that alternative or additional logic may be implemented in the intercepted system resource access request, on the basis of a parameter in the system resource access permission 118. More particularly, a parameter of an intercepted system resource access request message may be modified to correspond to the corresponding action clause of a system resource access permission 118. For example, if the system resource access permission 118 specifies that the accessing of a file should be prevented, and a system resource access request directed to the accessing of a file is launched from within the secure environment 102, the system resource access request message will be prevented from completing. This may be implemented by configuring the system resource access permission 118 with a Boolean expression which, for the intercepted system resource access request message, will equate to a false and a corresponding action clause of deny will apply.
A parameter in the system resource access request message may then be modified to correspond to the corresponding deny action clause of the system resource access permission 118. In this way, the system resource access permission may modifiy a system resource access request message on the basis of a system resource permission, thereby preventing the message from being completed on a computer system.
As a further alternative, a new system resource access request may be created from an existing parameter in a system resource access request and a parameter in the system resource access permission 118. For example, when an existing system resource access request includes a parameter relating to write-access rights to the data 114, and write access is prevented in terms of the system resource access permission 118, a further system resource access request message may be created, which includes a parameter of the system resource access permission 118, for use in preventing write-access to the data 114. In addition, the kernel of the operating system may monitor the existing processes and any new processes which are launched to ensure that a child process launched from within the secure environment 122 inherits the system resource access permission 118 of their parent. Specific examples of the system resource access permission 118 and their use according to embodiments of the invention are described below with reference to step 302 of Figure 3.
Furthermore, the creator of the data container 112 may apply additional controls over the life-cycle of the data container 112, which include, but are not limited to: defining a list of authorized intended recipients, authorization chain of command, valid to and from periods, and a notification of data 114 access. In addition, control may be exercised by the creator of the data container 112 after the data container 112 has left the physical control of the creator.
One possible mechanism of the above is described in the Applicant's pending UK application no. 0806429.7. As described in this application, a list of authorized recipients which are authorized to access a media storage device can be updated on the basis of data received after the media storage device has been dispatched to an intended recipient. In terms of the present invention, the creator of the media storage device may, through the use of the above mechanism, add or remove recipients which are authorized to access the data container 112 after the data container 112 has left the physical control of the creator. For example, when the intended recipient seeks to access the data 114 on the computer system 102, the computer system 102 connects to the remote sever 104 and verifies the authority of the recipient, in terms of the user and system resource access permission verification module 106 which is provided on the remote server 104. If the user and system resource access permission verification module 106 has been updated since the container 112 has left the physical control of the creator, and now reflects that the recipient is not authorized to gain access to the data 114, the recipient is prevented from accessing the data 114.
In Figure 2, a diagrammatic representation of a machine is shown in the example form of a computer system 102 within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed. As mentioned above, in alternative embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines.
In more detail, the example computer system 102 includes a conventional processor 200 (e.g. a central processing unit (CPU), a graphics processing unit (GPU) or both), a main memory 202 and a static memory 204, which communicate with each other via bus 208. The computer system 102 may further include a conventional video display unit 210 e.g., liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 102 also includes a conventional alphanumeric input device 212 (e.g., a keyboard), a user interface (UI) navigation device 214 (e.g., a mouse), a disk drive unit 216, a signal generation device 218 (e.g., a speaker) and a network interface device 220.
The disk drive unit 216 includes a conventional machine-readable medium 126 on which is stored one or more sets of instructions and data structures (e.g., software component 224) and, when configured in accordance with an embodiment of the invention, the secure environment module 122 comprises a variety of instructions and data sets which correspond to functional tasks performed by the processor 202. The functional tasks in question relate to the establishment of a secure data access environment (also indicated by reference numeral 122) on the computer system 102. The software component 224 may also reside, completely or at least partially, within the main memory 204 and/or within the processor 202 during execution thereof by the computer system 102, the main memory 204 and the processor 202 also constituting machine-readable media. The software 224 may further be transmitted or received over a network 226 via the network interface device 220 utilizing any one of a number of well-known transfer protocols (e.g., FTP).
In use, the secure environment module 122, including one or more sets of instructions or data structures in the form of the software component 224, is executed on the machine.
The data container 112 is presented to the recipient as a virtual disk or a virtual folder, the contents of which are accessible and usable by installed applications. The execution of the software component 224 establishes a secure environment 122 on the computer system 102, and access to the data 114 within the data container 112 is performed by the secure environment 122 on the basis of the resource access permission 118 as described with reference to Figure 1 above. For example, if the system resource access permission 118 specifies that a recipient is prevented from writing any content to a local storage device, any attempts by the recipient to print the data 114 via the installed application or modify the registry entry relating to the installed application 126 to circumvent a restriction imposed on data 114 access, for example, would be prevented. The above examples will be described in more detail with reference to Figure 3, which depicts a method of creating a data container 112, in accordance with an example embodiment of the invention.
In Figure 3, the creator of the data container 112 creates or specifies, at step 302, the data 114 to be transferred, in a conventional fashion. In addition, the creator of the data container 112 specifies, at step 304, a set of parameters which constitute the system resource access permission 118. Each parameter comprises a Boolean expression and a corresponding action clause, as described with reference to Figure 1 above. In this example, the system resource access permission 118 dictates the access the intended recipient has to the data 114, for example, respective unique system resource access permissions 118 being determined individually for each intended recipient.
Illustrative examples of primary system resource access requests (primary APIs), access to which may be dictated by the system resource access permission 118, include, but are not limited to, file processing requests such as file access, file creation, reading the contents of a file, the writing of content to a file, the deletion of a file, and the enumeration of a file list from a disk. The alternative or additional logic that is effected by the secure environment 122 according to embodiments of the invention will enforce the policy controls defined in terms of the system resource access permission 118 when these system resource access requests are launched from within the secure environment 122.
More particularly, in accordance with an embodiment of the invention, a system resource access request relating to the accessing, reading, writing, modifying or creating of a file, which is initiated from within the secure environment 122 will be intercepted by the software component 224. The intercepted system resource access request will be subjected to the relevant parameters of the system resource access permission 118. If the Boolean expression in the system resource access permission 118 equates to true, the system resource access request will be granted and returned to the calling process as an access granted operation.
For example, a system resource access request which is initiated from within the secure environment 122 and relates to the creation of a Microsoft Word TM temporary file, in terms of an auto-save operation, may be allowed. Conventionally, however, a system resource access request which relates to the writing of data 114 may be refused, where the system resource access request is initiated from within the secure environment 122.
It will be appreciated that the above exception may, for example, occur when the system resource access request insists on completing. In such a situation, the requesting process, in this case the temporary Microsoft Word TM file, will be encrypted by the software component 224 with a one-time session key to ensure that the data 114 remains secure and is not leaked to the local storage system beyond the newly created temporary file. When the user terminates the session or the temporary file is closed, the one-time session key will be lost and the encrypted data 114 will be inaccessible from beyond the secure environment 122.
In this way, in the event that a system resource access request relating to the writing of a file is initiated from within the secure environment 122, the system resource access permission 118 will not be circumvented.
In addition, various secondary Application Programming Interfaces (APIs) (which are considered lower risk in terms of data leakage) may be subjected to control in terms of the system resource access permission 118; examples include (but are not limited to) printing to local or network printers, copying and pasting to a clipboard, inter-process communication and registry access. It will be appreciated that system resource access control in the data processing environment is not limited to the abovementioned illustrative examples.
For example, data leakage in terms of a lower risk API such as the writing of content to a system registry may be prevented. It will be appreciated that, in the event that a system call is made to the system registry from within the secure environment 122, the system resource access permission 118 may provide for the refusal of all such system resource access requests which seek to write content to the system registry. Conventionally, the system registry is used to store minimal amounts of configuration data which is required to persist across user sessions. However, it is to be understood that, in the event that an event is requested that presents a threat to the security of the secure data 114, the system registry interface can be used to export the secure data 114 beyond the secure environment 122. To prevent data 114 from leaking beyond the secure environment in such a manner, the system resource access permission 118 can allow the lowest level system registry processes to be filtered and system resource access requests related to the accessing of these registry processes can be monitored for the exporting of secure data 114. Further, in the example where the system resource access request seeks to write content to a conventional system registry the system resource access request may be modified to write the content to an encrypted virtual registry instead. This will ensure that the existing values in the system registry are not compromised and that data 114 is not allowed to egress beyond the secure environment 122.
Similarly, in order to prevent the unsolicited leakage of 112 data from the secure environment 122, the system resource access permission 118 may ensure that all system resource access requests relating to the printing of data 114 which are initiated from within the secure environment 122 are refused.
In a further example, the software component 224 can be used to prevent data 114 being leaked from the secure environment 122 by means of the clipboard function, such as is provided with the majority of operating systems, including Microsoft Windows TM and which conventionally allows the user to copy data from a first location and paste the copied data onto a second location. As is known in the art, conventional use of the clipboard involves making the data which is copied from the first location available at an intermediate location, namely the clipboard. The data now held on the clipboard can subsequently be moved from the intermediate location to the second location, which may be the same as or different to the first location. This process may lend itself to the unsolicited leakage of data 114 from the secure environment 122 when, for example, the data 114 is copied from the secure environment 122 and pasted into a process running outside the secure environment 122, from where the data 114 can then be saved to local storage. A second situation in which the data 114 can be leaked from the secure environment 122 arises when the data 114 is copied from a first location in the secure environment 122 and pasted into the same location. The data which is available on the clipboard may then be accessible to processes outside the secure environment 122, and used in an unsolicited manner.
To exercise an amount of control over these operations and to prevent such data 114 leakage, the system resource access permission 118 may include parameters which control the level of access the recipient of the data container 112 has over data 114 which is available on the clipboard. For illustrative purposes a number of ways in which the system resource access permission 118 can exert control over the copied data will now be described. Firstly, the system resource access permission 118 can allow the clipboard functionality to be disabled in the secure environment 122 (i.e. system resource access requests which seek to access the clipboard from within the secure environment 122 will be refused). Secondly, a system resource access request seeking to copy data 114 from the first location to a second, different location may be refused. In terms of a third example, system resource access requests relating to the copying of data 114 from the clipboard to a process running outside the secure environment 122 may be refused.
In accordance with a yet further example embodiment of the invention, the software component 224 can be used to prevent leakage of data 114 that might otherwise occur through network based transportation. As is understood in the art, conventional methods of data transportation over a network include (but are not limited to): transporting data over a TCP/IP socket connection, instant messaging (IM), communication through a web browser (HTTP), conventional file transfer (FTP) methodologies and conventional e-mail (SMTP, Exchange) mechanisms. In order to prevent the leakage of data 114 from the secure environment 122 through one of these mechanisms, high level control can be exercised over these protocols in a staggered approach. Namely, in one arrangement a short-term solution is provided which comprises the software component 224, on the basis of relevant resource access permissions 118, exercising refusal of all system resource access requests directed to networked data transfers initiated from within the secure environment 122. A complementary mid-term solution may comprise configuring the resources access permission 118 such that the software component 224 allows system resource access requests seeking access to specific addresses from within the secure environment 122. In addition or as an alternative, certain types of network calls may be enabled and filtered and on the basis of appropriate configuration of the software component 224; such types of network calls can change over time, and indeed are likely to be business-specific. In general, however, the software component 224 will be configured to filter out network calls that could result in data 114 being leaked from the secure environment 122.
Returning to Figure 3, after the system resource access permission has been defined, as described above, a data container 112 comprising the data 114, a data access medium 116 and the system resource access permission 118 is created (at step 306). The data 114 and the data access medium 116 in the data container 112 are coupled together, in that the data 114 can only be accessed in the data access medium 116. The data container 112 may be encrypted, in conventional fashion, to secure the content thereof The secure data container 112 may then, for example, be stored on an external storage medium. An external storage medium is shown for ease of illustration in Figure 1, the data container 112 may be transferred to the intended recipient via various conventional data exchange mechanisms (DEM) which could include, but are not limited to compact disk (CD), electronic mail (Email), file transfer protocol (FTP) and universal serial bus (USB) storage and transfer mechanisms.
Accordingly, the external storage medium containing the data container 112 can subsequently be transferred, at step 308, to the intended recipient in conventional fashion.
Correspondingly, the recipient receives, at step 310, the secure data container 112. The accessing of the data 114 on the computer system 102, at step 312, is described in more detail with reference to the flow diagram of Figure 4. In Figure 4, the recipient attempts, at step 402, to access the data 114 on the data container 112. The system resource access permission 118 is retrieved, at step 404, by the recipient computer system 102. The recipient computer system 102 communicates, at step 406, with a remote server 104 through a communication interface 108 to authorize, at step 410, the intended recipient and to verify, at step 408, the system resource access permission 118. Any one of a number of well-known transfer protocols (e.g. SSL) may be used, in conventional fashion, to communicate with the remote server 104. Thus, the most up to date system resource access permission 118 and recipient authorization information may be retrieved from the remote server 104.
The recipient is prompted, at step 412, to select one of two modes within which he/she would like to access the data 114 on the data container 112, a first is referred to as the desktop mode and a second is referred to as the browser mode. In the event that the computer system 102 receives an input from the recipient indicating that the data should be accessed in the browser mode, the data access medium 116 is executed, at step 414, on the computer system 102. Under the direction of the data access medium 116, a secure desktop environment 122a is established, at step 416, on the computer system 102 and all of the system resource access requests which are executed from within the secure environment 122a are subjected to the system resource access permission 118. Similarly, in the event that the recipient selects to access the data 114 in the browser mode, the data access medium is executed, at step 418, on the computer system 102. Under direction of the executed data access medium a secure desktop environment 122b is established, at step 420, on the computer system 102. In the desktop mode, a system resource access request which has been launched from within the secure desktop environment 122b is also subjected to the system resource access policy 118. The establishment of the secure browser and secure desktop environments 1 22a, 1 22b on the computer system 102 is described in more detail with reference to the flow diagrams of Figure 5 and 6.
With reference to Figure 5, a method of establishing a secure browser environment on a computer system 102, in accordance with an example embodiment of the invention, is generally indicated by reference numeral 500. In this arrangement, when the recipient selects to access the data 114 in the browser mode, the data access medium 116 is executed on the computer system 102, and a secure browser environment 122a is established, at step 502.
From within the secure browser environment the data 114 is accessible to the recipient, subject to the system resource access permission 118. In addition, when the data access medium 116 is executed from a data container 112 located on a remote storage device, a secure browser environment will be established on the computer system 102 which is run from the remote storage device. Thereby, the recipient may gain access to the data 114, without the need to install any components on the computer system 102 and without the need for administrative privileges.
System resource access requests which are launched from within the secure browser environment 122a are subjected to the system resource access permission 118. A system resource access request launched from within the secure browser environment 1 22a may be intercepted by the kernel of the operating system of the recipient computer 102 which then compares the parameters of the system resource access request message to the Boolean expression of the system resource access permission 118 and verifies the enforceability of the system resource access request. Additional or alternative logic may be implemented, at step 506, in the system resource access request message to modifiy the parameters of the message to correspond to the system resource access permission 118, as described in more detail with reference to Figure 1, thereby controlling the enforceability of the system resource access request on the basis of the system resource access permission 118.
For example, if the data access permission 118 prevents the writing of data to a file in the secure browser environment 1 22a, the recipient will be prevented from writing the data 114 to a file in the secure browser environment 122a. In this regard, a system resource access request message directed to writing data 114 to a file will be intercepted and subjected to Boolean expression of a system resource access request message. The parameters of the message will be modified to correspond to the action clause of the system resource access permission 118, thereby the system resource access permission 118 will be enforced within the secure browser environment 1 22a. In this way, the data 114 in the data container 112 may be accessed by the recipient, at step 508, on the basis of the system resource access permission 118. In addition, when the data 114 in the data container 112 has been encrypted, the data 114 will be decrypted before being accessed from within the secure browser environment 122a.
With reference to Figure 6, a method of establishing a secure desktop environment on a computer system 102, in accordance with an example embodiment of the invention, is generally indicated by reference numeral 600. In this arrangement, when the recipient selects to access the data in the desktop mode, the data access medium 116 is executed on the computer system 102, and a secure desktop environment 122b is established, at step 602.
From within the secure desktop environment 122b, the data 114 is accessible to the recipient, subject to the system resource access permission 118. In addition, the recipient is capable of creating a data container 112 and specifiying a system resource access permission 118 from within the secure desktop environment 122b.
A system resource access request which has been launched from within the secure environment is intercepted by the kernel of the operating system of the recipient computer 102, at step 604. The parameters of the intercepted system resource access request message are compared to the Boolean expressions of the system resource access permission 118 being implemented in the secure desktop environment 1 22b. In this way, the system resource access permission 118 is implemented, at step 606, in the secure desktop environment 122b.
Additional or alternative logic may be implemented in the system resource access request message, at step 608, for the message to correspond to the system resource access permission 118, as described in more detail with reference to Figure 1.
For example, the creator of the data container 112 can prevent the data 114 from being written to any locally accessible storage medium, such as: a local hard drive, a networked device and a removable storage medium. In this regard, the system resource access permission 118 for the intended recipient may include the following parameters: * read-only access to an internal disk * read-only access to a networked device * read-only access to a removable storage medium * read-only access to a registry * access to a local or networked printer denied * read and write access to the data container 112 permitted In this example the data container 112 will be presented to the recipient as a virtual folder or a virtual disk, the data 114 being accessible by the recipient, at step 610, from within the secure desktop environment 122b.
For example, if the creation of a file is prevented in terms of a system resource access permission 118 and a system resource access request is launched from within a secure environment 122, the system resource access request will be prevented from being implemented in the secure environment 122. In the embodiment of the invention, the data 114 which is accessed, at step 610, will be subjected to the system resource access permission 118.
The Applicant deems the present invention, as described with reference to the example embodiments above, particularly beneficial in ensuring that data is securely transferred to a recipient and that the data will remain secure and subject to control by the creator of the data even after the data has been copied onto the hard drive of the recipient.
Additional Details and Modifications The above embodiments are to be understood as illustrative examples of the invention. Further embodiments of the invention are envisaged. It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.
In this regard, it will be appreciated that "system resource access permission" in the context of this specification may be understood to include additional or alternative logic which may be implemented in terms of operating system service requests such as Windows system services (API) requests, for example.
In addition, for ease of illustration, the data container is depicted as being provided on an external storage medium, but is to be appreciated that the data container may be provided on a remote, networked device.
Further, while the machine-readable medium is shown in an example embodiment to be a single medium, the term machine-readable term should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term "machine-readable medium" shall also be taken to include a medium that is capable of storing, encoding or carrying a set of instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies of the example embodiments, or that is capable of storing, encoding or carrying data structures utilized by or associated with such a set of instructions. The term "machine-readable medium" shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals.
It is to be understood that the processor shown in an example embodiment above may be one or more microprocessors, controllers, or any other suitable computing device, resource, hardware, software, or embedded logic. Furthermore, the software may be in the form of code embodying a web browser.
In addition, it will be appreciated that the communication interface, as described with reference to an example embodiment, may be in the form of a network card, a modem, or the like.
In an example embodiment as described above, the computer system is shown as a personal computer (PC), the term should however be taken to include a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set of (or multiple set) of instructions to perform any one or more of the methodologies discussed herein.
In an illustrative embodiment, as depicted above, in a networked deployment, the computer system may operate in the capacity of a server or a client machine in a server-client network environment, in addition, the computer system may operate as a peer machine in a peer-to-peer (or distributed) network environment.

Claims (15)

  1. Claims: 1. A method of providing a user with access to data, said data being accessible by said user in a data processing environment, wherein at least one system resource access permission has been determined for said user, the method comprising the steps of: receiving a said system resource access permission specific to said user; implementing the system resource access permission in said data processing environment; and in response to the user requesting access to said data from within the data processing environment, establishing a secure data access environment within a system on the basis of the user-specific system resource access permission.
  2. 2. A method according to claim 1, whereby said data is stored in conjunction with a data access means, and wherein the method includes the steps of: in response to the user requesting access to said data, executing said data access means; and the executed data access means establishing the secure data access environment on the system.
  3. 3. A method according to claim 1, wherein in response to a request for access to said data, the method includes the steps of: authorizing said user; and verifying access to said data and at least one system resource access permission, through a remote storage medium.
  4. 4. A method according to any preceding claim, wherein, in response to the establishment of a secure data access environment, the method includes the steps of: intercepting a system resource access request message originating from within said secure data processing environment, said system resource access request message comprising at least one parameter for use in controlling use of corresponding system resources; identifying an additional parameter on the basis of at least one system resource access permission; and controlling within said data access environment, said system resources on the basis of the additional parameter and said at least one parameter.
  5. 5. A method according to claim 4, wherein controlling said system resources includes modifying said at least one parameter to correspond to said identified additional parameter.
  6. 6. A method according to claim 4, comprising selecting the identified additional parameter and the at least one parameter and creating a further system resource request message comprising said selected parameters.
  7. 7. A method according to claim 4, comprising selecting the identified additional parameter and creating a further system resource request message comprising said selected additional parameter.
  8. 8. A method according to claim 7, wherein said additional parameter is for use in controlling use of system resources different to those controlled by the at least one parameter.
  9. 9. A method according to claim 8, whereby a system resource access permission includes a parameter specifying write-access rights to the data, in the event that write access is prevented in terms of said system resource access permission, the method includes the step of: creating a further system resource access request message for use in preventing write-access to said data.
  10. 10. A system for providing access to data, said data being accessible from within a secure data processing environment, the system including: a data container comprising said data and a data access means, whereby said data access means is executed on the processing system whilst being run from within said data container, thereby establishing a data processing environment within the processing system which provides access to the data.
  11. 11. A system according to claim 10, wherein the data access means is provided on an external storage medium, the data access means being run from within said external storage medium.
  12. 12. A system according to claim 10, wherein the data access means is provided on a remote networked device, the data access means being run from within said remote networked device.
  13. 13. A system according any of claims 10 to 12, whereby said data is secure, said data being exclusively accessible from within said secure data access environment.
  14. 14. A method of providing access to data, said data being data accessible from within a secure data processing environment, the method comprising the steps of: receiving, at a processing system, a data container comprising said data and a data access means; executing said data access means on the processing system, whereby to establish a data processing environment within said processing system, and thereby enable access to said data; and responsive to a request for access to said data, using the established data processing environment to intercept a system resource access request and to control system resource events on the basis of predetermined criteria.
  15. 15. A method according to claim 14, said system resource access request comprising at least one parameter for use in controlling use of corresponding system resources, the method comprising the steps of: in response to the interception of a system resource access request executed from within said data processing environment, identifying an additional parameter on the basis of the at least one system resource access permission; and controlling, within said data access environment, said system resources on the basis of the additional parameter and said at least one parameter.
GB0907665A 2009-05-05 2009-05-05 Secure user access to data Active GB2470008B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB0907665A GB2470008B (en) 2009-05-05 2009-05-05 Secure user access to data
GB1321692.4A GB2505375B (en) 2009-05-05 2009-05-05 Secure data exchange desktop

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0907665A GB2470008B (en) 2009-05-05 2009-05-05 Secure user access to data

Publications (3)

Publication Number Publication Date
GB0907665D0 GB0907665D0 (en) 2009-06-10
GB2470008A true GB2470008A (en) 2010-11-10
GB2470008B GB2470008B (en) 2014-01-29

Family

ID=40792226

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0907665A Active GB2470008B (en) 2009-05-05 2009-05-05 Secure user access to data
GB1321692.4A Active GB2505375B (en) 2009-05-05 2009-05-05 Secure data exchange desktop

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB1321692.4A Active GB2505375B (en) 2009-05-05 2009-05-05 Secure data exchange desktop

Country Status (1)

Country Link
GB (2) GB2470008B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9501658B1 (en) 2016-01-08 2016-11-22 International Business Machines Corporation Avoiding file content reading using machine information

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001067682A1 (en) * 2000-03-06 2001-09-13 I2 Technologies, Inc. Computer security system
WO2002001335A2 (en) * 2000-06-27 2002-01-03 Microsoft Corporation System and method for activating a rendering device in a multi-level rights-management architecture
US20020112171A1 (en) * 1995-02-13 2002-08-15 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6473800B1 (en) * 1998-07-15 2002-10-29 Microsoft Corporation Declarative permission requests in a computer system
US20020188869A1 (en) * 2001-06-11 2002-12-12 Paul Patrick System and method for server security and entitlement processing
EP1320010A2 (en) * 2001-12-12 2003-06-18 Pervasive Security Systems Inc. Secured data format for access control
US20030233544A1 (en) * 2002-05-13 2003-12-18 Ulfar Erlingsson Methods and systems for providing a secure application environment using derived user accounts
US20040019596A1 (en) * 2002-07-25 2004-01-29 Sun Microsystems, Inc. Method, system, and program for making objects available for access to a client over a network
US20040255147A1 (en) * 2003-05-06 2004-12-16 Vidius Inc. Apparatus and method for assuring compliance with distribution and usage policy
WO2006095879A1 (en) * 2005-03-08 2006-09-14 Canon Kabushiki Kaisha Security management method and apparatus, and security management program
WO2006119641A2 (en) * 2005-05-13 2006-11-16 Cryptomill Content cryptographic firewall system
US20070220276A1 (en) * 2006-03-16 2007-09-20 Arm Limited Managing access to content in a data processing apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070203988A1 (en) * 2006-02-24 2007-08-30 Taiwan Semiconductor Manufacturing Co. Ltd. File protection methods and systems

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020112171A1 (en) * 1995-02-13 2002-08-15 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6473800B1 (en) * 1998-07-15 2002-10-29 Microsoft Corporation Declarative permission requests in a computer system
WO2001067682A1 (en) * 2000-03-06 2001-09-13 I2 Technologies, Inc. Computer security system
WO2002001335A2 (en) * 2000-06-27 2002-01-03 Microsoft Corporation System and method for activating a rendering device in a multi-level rights-management architecture
US20020188869A1 (en) * 2001-06-11 2002-12-12 Paul Patrick System and method for server security and entitlement processing
EP1320010A2 (en) * 2001-12-12 2003-06-18 Pervasive Security Systems Inc. Secured data format for access control
US20030233544A1 (en) * 2002-05-13 2003-12-18 Ulfar Erlingsson Methods and systems for providing a secure application environment using derived user accounts
US20040019596A1 (en) * 2002-07-25 2004-01-29 Sun Microsystems, Inc. Method, system, and program for making objects available for access to a client over a network
US20040255147A1 (en) * 2003-05-06 2004-12-16 Vidius Inc. Apparatus and method for assuring compliance with distribution and usage policy
WO2006095879A1 (en) * 2005-03-08 2006-09-14 Canon Kabushiki Kaisha Security management method and apparatus, and security management program
WO2006119641A2 (en) * 2005-05-13 2006-11-16 Cryptomill Content cryptographic firewall system
US20070220276A1 (en) * 2006-03-16 2007-09-20 Arm Limited Managing access to content in a data processing apparatus

Also Published As

Publication number Publication date
GB2505375A (en) 2014-02-26
GB201321692D0 (en) 2014-01-22
GB2470008B (en) 2014-01-29
GB0907665D0 (en) 2009-06-10
GB2505375B (en) 2014-04-09

Similar Documents

Publication Publication Date Title
US10735472B2 (en) Container authorization policies for network trust
US10268827B2 (en) Method and system for securing data
US8613108B1 (en) Method and apparatus for location-based digital rights management
US9921860B1 (en) Isolation of applications within a virtual machine
US8769268B2 (en) System and methods providing secure workspace sessions
US8095517B2 (en) Method and system for policy-based protection of application data
CN112313652A (en) System and method for providing data loss protection via an embedded browser
EP4036773A1 (en) Methods and systems for performing an early retrieval process during the user-mode startup of an operating system
US8510796B2 (en) Method for application-to-application authentication via delegation
US20140040622A1 (en) Secure unlocking and recovery of a locked wrapped app on a mobile device
GB2538518A (en) Computer device and method for controlling access to a resource via a security system
WO2009110275A1 (en) Classified information leakage prevention system and classified information leakage prevention method
US10579810B2 (en) Policy protected file access
JP2010176690A (en) Method and system for secure running of untrusted content
US11074323B2 (en) Method and system for persisting files
US20120173884A1 (en) Method for remotely controlling and monitoring the data produced on desktop on desktop software
US10986137B2 (en) Clipboard hardening
JP2006107505A (en) Api for access authorization
US20070234403A1 (en) Program Code Version Enforcement
AU2021347175A1 (en) Encrypted file control
US8321915B1 (en) Control of access to mass storage system
Bickel et al. Guide to Securing Microsoft Windows XP
GB2470008A (en) Secure user access to data
US11777938B2 (en) Gatekeeper resource to protect cloud resources against rogue insider attacks
Briffaut et al. A dynamic end-to-end security for coordinating multiple protections within a linux desktop

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20190718 AND 20190724

732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20210715 AND 20210721

732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20230216 AND 20230222