Some embodiments relate to file security. Some embodiments relate verifying that machines requesting access to sensitive files are in an authenticated environment.
Corporations and government entities may seek to reduce or eliminate instances of unauthorized access to various types of sensitive information. Some systems may encrypt sensitive files. However, as the speed and power of computers increases, adversaries can use brute-force methods to decrypt encrypted files. Other systems may destroy encrypted files or file passwords after a period of time. However, these systems do not prevent a brute-force attack on encrypted data.
Thus, there are general needs for systems and methods for tethering data to a trusted environment by destroying data upon that data leaving its trusted environment, and for preventing brute-force attacks on encrypted data.
The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. Portions and features of some embodiments may be included in, or substituted for, those of other embodiments. Embodiments set forth in the claims encompass all available equivalents of those claims.
Current corporate and governmental file security systems may seek to ensure the confidentiality of data by encrypting data using encryption keys. However, as the speed and power of computers increases, adversaries become increasingly quicker at brute-forcing the encryption keys and gaining access to sensitive data.
Some systems may render data unreadable after a user-specified amount of time. However, these systems do not prevent a brute-force attack on the data itself. For example, unless the user-specified time for self-destruction is very short, on the order of hours or days, an adversary with a powerful computer or network of computers could still gain brute-force access to the data.
Example embodiments may tether data by allowing the data to be accessible to users only from machines in an authenticated environment. For example, users may only be permitted access to some files when the user is within a particular network, or operating on a certain machine. If a user or entity attempts to access the tethered data from outside the authenticated environment, in at least some embodiments, the data may be destroyed. Example embodiments may further provide user authentication mechanisms before a user can attempt to access the data.
In operation 210, the device 115 may establish a connection between a communication portion of the secured file and an authentication agent.
In operation 220, the device 115 may use the communication portion of the secured file to request a decryption key from the authentication agent for accessing encrypted data of the secured file on the device 115. The decryption key may be based on environment information, for example device information, retrieved from devices in an authenticated environment of devices. The environment may be, for example, the cloud. The authenticated environment may be an environment in which the secured file was encrypted. For example, the authenticated environment may include the devices 115, 125, 130 and 135.
The device 115 may further obtain a value of an indicator within a non-encrypted portion of the secured file. The value may indicate whether the secured file was saved locally on the device 115. The device 115 may query the authentication agent for a local decryption key or a remote decryption key based on the value. The device 115 may be, for example, a computer, router, switch, or other network element. A local decryption key may be based on identification information of the device 115. A remote decryption key may be based on information of a second computing device, such as for example a computer, router, switch or other network element in the authenticated environment. The second computing device may be, for example, device 125, 130, or 135.
In operation 230, the device 115 may use the communication portion to destroy the secured file upon receiving a message that the request for the decryption key has failed.
In some embodiments, the message may indicate that communication with the authentication agent has failed. Communication with the authentication agent may fail, for example, when there is no authentication agent on the device 115.
In some embodiments, the message may indicate that the authentication agent could not create the requested decryption key. For example, if the authentication agent determines that the device 115 is not in an authenticated environment, for example because the device 115 has left the authenticated environment, the authentication agent may report that the authentication agent is unable to create the decryption key.
The authentication agent may determine whether the device 115 is in the authenticated environment by reading hashed values stored in the secured file. The hashed values may have been stored in the secured file when the secured file was encrypted. The hashed values may represent the environment in which the data was stored. For example, the hashed values could be stored on servers, storage devices, virtual appliances, network devices, etc. Further, as an example, the hashed values may represent network locations that were present when the secured file was encrypted. These network locations may therefore represent the authenticated environment. The authentication agent may convert the hashed values into network locations or network location information through a lookup table on another machine, for example the coordination server 145 (
If the device 115 requests the local key, rather than the remote key, the key location may be a hash of system data of the device 115. In at least these embodiments, the authentication agent may check whether the system data is system data of the device 115. In at least these embodiments, the authentication agent may report that the authentication agent is unable to create the requested decryption key if the device 115 is a different machine from that at which the secured file was locally encrypted and saved. The authentication agent may determine whether the secured file was encrypted and saved locally to a machine by examining an indicator in the metadata of the secured file, for example.
Destroying the secured file may include encrypting the secured file a plurality of times using an encryption key. The encryption key may be based on data stored on the device 115. The data for creating the encryption key may not be identification information of the device 115.
The procedure 200 may further include receiving the decryption key and destroying the secured file upon determining that the decryption key is a spoofed key. The device 115 may determine that the decryption key is a spoofed key by decrypting the secured file using the decryption key and examining metadata information. If the metadata information does not match expected metadata information, the device 115 may determine that the decryption key is a spoofed key and destroy the secured file. For example, the secured file may include file-type specific metadata. If decrypting the secured file results in garbled metadata or metadata for a different file type, the device 115 may determine that the decryption key is a spoofed key.
The procedure 200 may further include querying the authentication agent for an encryption key for encrypting the secured file. The procedure 200 may include encrypting the secured file using the encryption key and saving the secured file to a remote server, saving the secured file locally to memory of the device 115, or saving the secured file to both the remote server and the device 115 based on a value of an indicator within metadata of the secured file.
The example file may further include hashed values 330 for use by the coordination server 140 (
The computer 400 may include a communication interface 410. The computer 400 may include one or more processors 415. The processor 415 may include components as shown in
The one or more file editors 545 may be used to create a secured file as described above with respect to
The authentication agent 530 may receive a request for a decryption key for decrypting the secured file. The authentication agent 530 may determine whether the request is received from within an authenticated environment. The authenticated environment may be a device on which the file was encrypted or a network of devices including the device on which the file was encrypted. The authentication agent 530 may return an error message subsequent to determining that the request is received from outside the authenticated environment.
The authentication agent may generate the decryption key based on identification information of the computer 400 or upon identification information of network locations retrieved from hashed network location values 330 in the secured file. For example, the identification information may be identification information of devices 115, 125, 130 or 135 (
The authentication agent 530 may further be arranged to save the secured file to the remote file storage, for example the server 105 (
Referring again to
For example, the computer instructions 440 may, when executed on the computer 400, cause the computer 400 to receive a request for access to a file. The computer instructions 440 may, when executed on the computer 400, cause the computer 400 to establish a connection, through a communication portion of the file for which access is requested, to an authentication agent on the computer 400. The connection may be a transmission control protocol (TCP) socket or a universal datagram protocol (UDP) socket. The communication portion of the file may be similar to the communication portion 310 (
The computer instructions, when executed on the computer 400, may cause the computer 400 to request a decryption key from the authentication agent for decrypting the file. The computer 400 may request the decryption key using the communication portion 310 of the file (
The instructions 440 may further cause the computer 400 to receive a notification message from the authentication agent that that the decryption key could not be created because the computer 400 has left the authenticated environment. The instructions 440 may further cause the computer 400 to destroy the file upon determining that the authentication agent is not executing on the computer 400.
The instructions 440 may cause the computer 400 to obtain a value of an indicator within a non-encrypted portion of the file. The value may indicate whether the file was saved locally on the computer 440. The instructions 440 may cause the computer 400 to query the authentication agent for a local key or a remote key based on the value. The local key may be based on identification information of the computer 400. The remote key may be based on information of a second machine in the authenticated environment. The second machine may be a different machine from the first machine.
The instructions 440 may cause the computer 400 to perform an editing operation on the file subsequent to opening the file using the local key or the remote key. The editing operation may be performed using one or more file editors 545 (
The instructions 440 may be stored on a computer-readable storage device, which may be read and executed by at least one processor 415 to perform the operations described herein. In some embodiments, the instructions 440 are stored on the processor 415 or the memory 420 such that the processor 415 or the memory 420 act as computer-readable media. A computer-readable storage device may include any non-transitory mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a computer-readable storage device may include ROM, RAM, magnetic disk storage media, optical storage media, flash-memory devices, and other storage devices and media.
The Abstract is provided to comply with 37 C.F.R. Section 1.72(b) requiring an abstract that will allow the reader to ascertain the nature and gist of the technical disclosure. It is submitted with the understanding that it will not be used to limit or interpret the scope or meaning of the claims. The following claims are hereby incorporated into the detailed description, with each claim standing on its own as a separate embodiment.
Number | Name | Date | Kind |
---|---|---|---|
5265159 | Kung | Nov 1993 | A |
6772340 | Peinado et al. | Aug 2004 | B1 |
6985588 | Glick et al. | Jan 2006 | B1 |
7146340 | Musson | Dec 2006 | B1 |
7177426 | Dube | Feb 2007 | B1 |
7324974 | Cho et al. | Jan 2008 | B1 |
7535586 | Kumashio | May 2009 | B2 |
8196029 | Rucker et al. | Jun 2012 | B1 |
8621214 | Johnson et al. | Dec 2013 | B2 |
8689015 | Jeffries et al. | Apr 2014 | B2 |
8788816 | Spaulding et al. | Jul 2014 | B1 |
20020095589 | Keech | Jul 2002 | A1 |
20020194470 | Grupe | Dec 2002 | A1 |
20030120684 | Zuili | Jun 2003 | A1 |
20040003091 | Coulthard et al. | Jan 2004 | A1 |
20040128376 | Matsune et al. | Jul 2004 | A1 |
20040177273 | Ghaffar | Sep 2004 | A1 |
20050063542 | Ryu | Mar 2005 | A1 |
20050076214 | Thomas et al. | Apr 2005 | A1 |
20050114672 | Duncan et al. | May 2005 | A1 |
20050118987 | Isozaki | Jun 2005 | A1 |
20050120246 | Jang | Jun 2005 | A1 |
20050204130 | Harris | Sep 2005 | A1 |
20070005974 | Kudou | Jan 2007 | A1 |
20070058550 | Nogawa | Mar 2007 | A1 |
20070294645 | Medvinsky et al. | Dec 2007 | A1 |
20080005024 | Kirkwood | Jan 2008 | A1 |
20080133494 | Won-kyoung et al. | Jun 2008 | A1 |
20080228827 | Perlman | Sep 2008 | A1 |
20080250251 | Lin et al. | Oct 2008 | A1 |
20080253562 | Nyberg | Oct 2008 | A1 |
20080267407 | Vanderveen | Oct 2008 | A1 |
20080279384 | Ushiyama | Nov 2008 | A1 |
20090067624 | Cobelo et al. | Mar 2009 | A1 |
20090097641 | Matsuzaki | Apr 2009 | A1 |
20090193258 | Newman | Jul 2009 | A1 |
20090249492 | Boesgaard Sorensen | Oct 2009 | A1 |
20090292930 | Marano | Nov 2009 | A1 |
20090307249 | Koifman et al. | Dec 2009 | A1 |
20090307496 | Hahn et al. | Dec 2009 | A1 |
20090313702 | Mandava | Dec 2009 | A1 |
20090319529 | Bartlett et al. | Dec 2009 | A1 |
20100005296 | Headley | Jan 2010 | A1 |
20100031349 | Bingham | Feb 2010 | A1 |
20100146269 | Baskaran | Jun 2010 | A1 |
20100205648 | Saadat et al. | Aug 2010 | A1 |
20100217977 | Goodwill et al. | Aug 2010 | A1 |
20100229069 | Yamaguchi et al. | Sep 2010 | A1 |
20100266132 | Bablani et al. | Oct 2010 | A1 |
20100318633 | Abzarian et al. | Dec 2010 | A1 |
20100325423 | Etchegoyen | Dec 2010 | A1 |
20110055593 | Lurey | Mar 2011 | A1 |
20110235799 | Sovio et al. | Sep 2011 | A1 |
20110296172 | Fu | Dec 2011 | A1 |
20120036569 | Cottrell et al. | Feb 2012 | A1 |
20120084544 | Farina et al. | Apr 2012 | A1 |
20120144195 | Nair et al. | Jun 2012 | A1 |
20120167164 | Burgess et al. | Jun 2012 | A1 |
20120210126 | Johnson et al. | Aug 2012 | A1 |
20120221865 | Hahn et al. | Aug 2012 | A1 |
20120290556 | Acosta-cazaubon | Nov 2012 | A1 |
20130145171 | Hsien | Jun 2013 | A1 |
20130145178 | Jeffries | Jun 2013 | A1 |
20130227692 | Pavlyushchik | Aug 2013 | A1 |
20130291056 | Gaudet et al. | Oct 2013 | A1 |
20130332723 | Tan et al. | Dec 2013 | A1 |
20140032924 | Durham et al. | Jan 2014 | A1 |
20140040422 | Jaggi | Feb 2014 | A1 |
20140068256 | Sima | Mar 2014 | A1 |
20140082717 | Kang et al. | Mar 2014 | A1 |
20140122544 | Tran | May 2014 | A1 |
20140122866 | Haeger | May 2014 | A1 |
20140136835 | Sharpe | May 2014 | A1 |
20140164772 | Forte et al. | Jun 2014 | A1 |
20140274037 | Ganu et al. | Sep 2014 | A1 |
20140289517 | Neumann et al. | Sep 2014 | A1 |
Number | Date | Country |
---|---|---|
WO-2014153312 | Sep 2014 | WO |
WO-2014153315 | Sep 2014 | WO |
Entry |
---|
“International Application Serial No. PCT/US2014/030958, International Search Report mailed Aug. 27, 2014”, 4 pgs. |
“International Application Serial No. PCT/US2014/030958, Written Opinion mailed Aug. 27, 2014”, 6 pgs. |
“International Application Serial No. PCT/US2014/030961, International Search Report mailed Oct. 10, 2014”, 3 pgs. |
“International Application Serial No. PCT/US2014/030961, Written Opinion mailed Oct. 10, 2014”, 5 pgs. |
Menezes, A., et al., “Chapter 13: Key Management Techniques”, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, [online] [retrieved on Aug. 20, 2014]. Retrieved from the Internet: <URL: http ://www.cacr.math.uwaterloo.ca/hac/>, (1997), 543-590. |
Zonenberg, Andrew, “Distributed Hash Cracker: A Cross-Platform GPU-Accelerated Password Recovery System”, [online]. [retrieved on Jul. 1, 2013]. Retrieved from the Internet: <URL: http://web.archive.org/web/20130701000000*/http://www.cs.rpi.edu/˜zonena/papers/cracker.pdf>, (Apr. 28, 2009), 1-6. |
“International Application Serial No. PCT/US2014/030961, International Preliminary Report on Patentability mailed Oct. 1, 2015”, 7 pgs. |
“U.S. Appl. No. 13/846,974, Examiner Interview Summary mailed Nov. 17, 2016”, 4 pgs. |
“U.S. Appl. No. 13/846,974, Final Office Action mailed Dec. 22, 2016”, 25 pgs. |
“U.S. Appl. No. 13/846,974, Advisory Action mailed May 8, 2015”, 3 pgs. |
“U.S. Appl. No. 13/846,974, Examiner Interview Summary mailed Apr. 7, 2015”, 3 pgs. |
“U.S. Appl. No. 13/846,974, Examiner Interview Summary mailed Apr. 14, 2016”, 4 pgs. |
“U.S. Appl. No. 13/846,974, Final Office Action mailed Mar. 4, 2015”, 24 pgs |
“U.S. Appl. No. 13/846,974, Final Office Action mailed Dec. 16, 2015”, 24 pgs. |
“U.S. Appl. No. 13/846,974, Non Final Office Action mailed Jun. 27, 2016”, 28 pgs. |
“U.S. Appl. No. 13/846,974, Non Final Office Action mailed Jul. 7, 2015”, 20 pgs. |
“U.S. Appl. No. 13/846,974, Non Final Office Action mailed Aug. 29, 2014”, 21 pgs. |
“U.S. Appl. No. 13/846,974, Response filed Jan. 29, 2015 to Non Final Office Action mailed Aug. 29, 2014”, 11 pgs. |
“U.S. Appl. No. 13/846,974, Response filed Apr. 30, 2015 to Final Office Action mailed Mar. 4, 2014”, 11 pgs. |
“U.S. Appl. No. 13/846,974, Response filed Nov. 10, 2016 to Non-Final Office Action mailed Jun. 27, 2016”, 10 pgs. |
“U.S. Appl. No. 13/846,974, Response filed May 24, 2016 to Final Office Action mailed Dec. 16, 2015”, 11 pgs. |
“U.S. Appl. No. 13/846,974, Response filed Nov. 5, 2015 to Non-Final Office Action mailed Jul. 7, 2015”, 10 pgs. |
“International Application Serial No. PCT/US2014/030958, International Preliminary Report on Patentability mailed Oct. 1, 2015”, 7 pgs. |
“U.S. Appl. No. 13/846,974, Examiner Interview Summary mailed Feb. 3, 2017”, 4 pgs. |
“U.S. Appl. No. 13/846,974, Notice of Allowance mailed Mar. 6, 2017”, 16 pgs. |
“U.S. Appl. No. 13/846,974, Response filed Feb. 20, 2017 to Final Office Action mailed Dec. 22, 2016”, 12 pgs. |
Chang, Yue, et al., “Metadata Miner Assisted Integrated Information Retrieval for Argo Ocean Data”, International Conference on Systems, Man and Cybernetics, IEEE, (Oct. 11-14, 2009), 2930-2935. |
Ghobadi, Alireza, et al “An Adaptive Wrapper Algorithm for File Transfer Applications to Support Optimal Large File Transfers”, 11th International Conference on Advanced Communication Technology, IEEE, (Feb. 15-18, 2009), 315-320. |
Wilkinson, J H, et al., “Wrapper Files—The Key to Network Technology”, International Broadcasting Convention, (Sep. 12-16, 1997), 374-379. |
Number | Date | Country | |
---|---|---|---|
20140289524 A1 | Sep 2014 | US |