Patent number: 10534933
Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.
Type:
Grant
Filed:
December 27, 2017
Date of Patent:
January 14, 2020
Assignee:
Symantec Corporation
Inventors:
Kevin Alejandro Roundy, Yuqiong Sun, Christopher Gates, Michael Hart, Saurabh Shintre, Brian T. Witten