公开(公告)号：US09298951B2

公开(公告)日：2016-03-29

申请号：US14547940

申请日：2014-11-19

Applicant: International Business Machines Corporation

Inventor： Jonathan M. Barney ,  David Lebutsch ,  Cataldo Mega ,  Stefan Schleipen ,  Tim Waizenegger

IPC: G06F21/78 ,  G06F21/62

CPC classification number: H04L9/3242 ,  G06F12/1408 ,  G06F21/6218 ,  G06F21/78 ,  G06F2212/1052 ,  G06F2221/2143 ,  H04L9/14 ,  H04L2209/24

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract translation: 数据处理和存储装置具有硬件安全模块和存储加密数据对象的数据存储介质和形成有根树的加密分区表和散列节点的分层数据维护结构，其中给定的分区表包括对 给定的加密数据对象和用于解密的第一加密密钥，其中给定的散列节点包括对分区表或散列节点的第二参考，以及适合于其解密的第二密码密钥，并且其中根节点可以使用 存储在硬件安全模块中的主密码密钥，给定的数据对象经由给定分区表的第一和第二参考以及给定的散列节点分配给根节点，该散列节点形成有根树中的一组连续节点。

公开(公告)号：US20140282814A1

公开(公告)日：2014-09-18

申请号：US13799257

申请日：2013-03-13

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Jonathan M. Barney ,  Carlos A. Hoyos ,  Ryan G. Dejana ,  Daniel C. Krook

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/554 ,  G06F21/604 ,  G06F2221/2105 ,  G06F2221/2143 ,  H04L63/20

Abstract: A client computer extracts contextual information associated with a file that is created. The client computer generates scores for the file by utilizing the contextual information that is extracted. The client computer assigns a value to the file, based on an aggregation of the scores that are generated. The client computer monitors activities on the client computer, wherein the activities trigger an event on the client computer. The client computer determines whether the event is in violation of one or more computer security policies on a server computer, wherein the one or more computer security policies require work-related files to be deleted or encrypted. The client computer classifies the file as personal data or work-related business data. The client computer secures the file, if the file is classified as work-related business data.

Abstract translation: 客户端计算机提取与创建的文件相关联的上下文信息。 客户端计算机通过利用提取的上下文信息来生成文件的分数。 客户端计算机根据生成的分数的聚合为文件分配一个值。 客户端计算机监视客户端计算机上的活动，其中活动触发客户端计算机上的事件。 客户端计算机确定事件是否违反服务器计算机上的一个或多个计算机安全策略，其中一个或多个计算机安全策略要求删除或加密工作相关文件。 客户端计算机将文件分类为个人数据或与工作相关的业务数据。 如果文件被归类为工作相关业务数据，则客户端计算机将文件保护。