Tamper detection for executable applications
US-2022300606-A1 · Sep 22, 2022 · US
Data protection using encryption and inserted execution code
US12039072B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12039072-B2 |
| Application number | US-202117387046-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 28, 2021 |
| Priority date | Jul 28, 2021 |
| Publication date | Jul 16, 2024 |
| Grant date | Jul 16, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Data protection techniques are provided that use encryption and inserted execution code. One method comprises obtaining, by a user device, a request from a user to access data, wherein the requested data comprises (i) an environment-based signature indicating an environment where the data can be accessed and (ii) execution code that interacts with a data protection agent; in response to the request to access the data: determining whether the user device comprises a data protection agent; and providing, via the data protection agent, the requested data based on an evaluation of an environment-based signature generated by the data protection agent relative to the environment-based signature included in the requested data. The requested data may be created by a given data protection agent that generates the environment-based signature using identifiers of hardware elements, software elements and/or network elements associated with a device that executes the given data protection agent.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: obtaining, by a particular user device, at least one request from a user to access data, wherein the requested data is encrypted and comprises (i) a first environment-based signature indicating an environment where the data can be accessed and (ii) execution code that is used to determine whether at least one data protection agent is executing on the particular user device; performing the following steps, in response to the at least one request to access the data: executing the execution code, obtained from the requested data, on the particular user device to determine whether the particular user device comprises a first data protection agent executing on the particular user device; deriving, by the first data protection agent executing on the particular user device, a decryption key based at least in part on the first environment-based signature included in the requested data to decrypt the encrypted requested data; generating, by the first data protection agent executing on the particular user device, a second environment-based signature; and providing, by the first data protection agent executing on the particular user device, the requested data to the user based at least in part on an evaluation of the second environment-based signature generated by the first data protection agent relative to the first environment-based signature included in the requested data; wherein the method is performed by at least one processing device comprising a processor coupled to a memory. 2. The method of claim 1 , wherein the requested data is created by a second data protection agent that generates the first environment-based signature using one or more identifiers of one or more of hardware elements, software elements and network elements associated with a device that executes the second data protection agent. 3. The method of claim 2 , further comprising, by the second data protection agent, encrypting at least a portion of the requested data using an encryption key based at least in part on one or more of the first environment-based signature and the second environment-based signature. 4. The method of claim 2 , further comprising, by the second data protection agent, digitally signing a file-dependent value associated with the requested data. 5. The method of claim 2 , wherein the second data protection agent comprises one or more of a same data protection agent and a different data protection agent relative to the first data protection agent. 6. The method of claim 1 , wherein the requested data further comprises a digital signature and further comprising, by the first data protection agent, verifying the digital signature. 7. The method of claim 1 , further comprising performing one or more automated remedial actions based at least in part on a result of one or more of (i) the determining the whether the particular user device comprises the first data protection agent and (ii) the evaluation of the second environment-based signature. 8. An apparatus comprising: at least one processing device comprising a processor coupled to a memory; the at least one processing device being configured to implement the following steps: obtaining, by a particular user device, at least one request from a user to access data, wherein the requested data is encrypted and comprises (i) a first environment-based signature indicating an environment where the data can be accessed and (ii) execution code that is used to determine whether at least one data protection agent is executing on the particular user device; performing the following steps, in response to the at least one request to access the data: executing the execution code, obtained from the requested data, on the particular user device to determine whether the particular user device comprises a first data protection agent executing on the particular user device; deriving, by the first data protection agent executing on the particular user device, a decryption key based at least in part on the first environment-based signature included in the requested data to decrypt the encrypted requested data; generating, by the first data protection agent executing on the particular user device, a second environment-based signature; and providing, by the first data protection agent executing on the particular user device, the requested data to the user based at least in part on an evaluation of the second environment-based signature generated by the first data protection agent relative to the first environment-based signature included in the requested data. 9. The apparatus of claim 8 , wherein the requested data is created by a second data protection agent that generates the first environment-based signature using one or more identifiers of one or more of hardware elements, software elements and network elements associated with a device that executes the second data protection agent. 10. The apparatus of claim 9 , further comprising, by the second data protection agent, encrypting at least a portion of the requested data using an encryption key based at least in part on one or more of the first environment-based signature and the second environment-based signature. 11. The apparatus of claim 9 , further comprising, by the second data protection agent, digitally signing a file-dependent value associated with the requested data. 12. The apparatus of claim 9 , wherein the second data protection agent comprises one or more of a same data protection agent and a different data protection agent relative to the first data protection agent. 13. The apparatus of claim 8 , wherein the requested data further comprises a digital signature and further comprising, by the first data protection agent, verifying the digital signature. 14. The apparatus of claim 8 , further comprising performing one or more automated remedial actions based at least in part on a result of one or more of (i) the determining the whether the particular user device comprises the first data protection agent and (ii) the evaluation of the second environment-based signature. 15. A non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes the at least one processing device to perform the following steps: obtaining, by a particular user device, at least one request from a user to access data, wherein the requested data is encrypted and comprises (i) a first environment-based signature indicating an environment where the data can be accessed and (ii) execution code that is used to determine whether at least one data protection agent is executing on the particular user device; performing the following steps, in response to the at least one request to access the data: executing the execution code, obtained from the requested data, on the particular user device to determine whether the particular user device comprises a first data protection agent executing on the particular user device; deriving, by the first data protection agent executing on the particular user device, a decryption key based at least in part on the first environment-based signature included in the requested data to decrypt the encrypted requested data; generating, by the first data protection agent executing on the particular user device, a second environment-based signature; and providing, by the first data protection agent executing on the particular user device, the requested data to the user based at least in part on an evaluation of the second environment-based signature generated by
Assignees
Inventors
Classifications
Providing cryptographic facilities or services · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
User authentication · CPC title
- G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12039072B2 cover?
- Data protection techniques are provided that use encryption and inserted execution code. One method comprises obtaining, by a user device, a request from a user to access data, wherein the requested data comprises (i) an environment-based signature indicating an environment where the data can be accessed and (ii) execution code that interacts with a data protection agent; in response to the req…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc, EMC IP Holding Company
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6227. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).