Protecting data in a computing environment that is connected to the network has become a challenge in light of cyber attacks and inside jobs. The key forms of security that were relied upon just a few years ago, such as physical security and encryption, are now bypassed successfully by attackers.
The situation gets worse when such attacks remain unknown for a certain period of time or perhaps even indefinitely. It is therefore difficult to state anything about the security of a machine that is connected to the internet. Simple questions regarding security can no longer be answered: “has the machine been compromised?”, “Is the data I'm typing or viewing now safe from interception?”, “Has my data been altered without my knowledge?”
The reality is that if a machine is connected to the network then there is no guarantee regarding the security of the machine, and once a security breach occurs, all assets on that machine can be comprised. It is worth noting that even a machine that is not directly connected to the network or even unconnected machines can be compromised in various ways through a combination of cyber security and insiders.
In the attempt to defend against such attacks, there is an asymmetry between the role of the defender of a network and the attacker. The defender maintains current security infrastructure, going through logs trying to identify a possible threat, patching security fixes, adding layers of security and monitoring the machine and network for possible potential threats.
The attacker searches for a single weakness and uses that weakness to gain access to the user data.
The present invention presents a different approach to protecting data from cyber attacks and inside attacks. In this disclosure we present a “parallel world” of security or a parallel environment to the user unauthenticated, non secure environment which is usable yet secured and isolated. The “worlds”, the parallel and the non secure one, never intersect so that what is secured remains secure and the rest, the non secure, unauthenticated data, stays out of the secure world. The two “worlds” are both controlled through the non secure user environment so that the user has a seemingly single, standard environment experience.
Since the parallel worlds never intersect, if a data breach occurs in the non secure user machine, the sensitive data on the parallel world remains secure and can be used through the use machine even when the user machine is compromised, without risking the secure data.
In order to prevent the user from mistaking between secure data handling and non secure, normal data handling on the user machine, the parallel world authenticates itself to the user so that the user can tell the secure parallel world is currently in use, rather than a non secure one. This can protect the user from an imitation created by an attacker, or protect even from just a standard, non secure unauthenticated application that the user can type secure data into by mistake.
The parallel world can protect various types of sensitive data such as documents, emails, code, images, videos; Data may be shared between parallel world entities; Sensitive data entry such as authenticating with username password to a website; Editing of documents, emails and code; Protecting data usage on cloud computing and so forth.
The usage of the protected data is transparent to the user and protected data can be shared and safely sent to other users, yet for example unintended recipients cannot make use of received secure data. Similarly, data is also protected from entities other than users, such as an automated server.
The parallel world adds identification and authentication to users and servers, data can be shares between users securely and communication to a server can be secured.
The parallel world restores the importance of physical security and encryption so that these two, quite old securing methods can become once again the highlight of securing data.
This disclosure presents a way to handle secure data and non-secure data through a common interface while allowing a user to identify secure handling of secure data.
This disclosure aims at protecting secure data even if an intrusion has already occurred, and protects even from an inside data breach.
In this disclosure a secure and isolated environment is created for handling sensitive, secure data so that the data can be used and shared transparently while keeping the data protected. Data is created, used, shared and communicated separately from the non secure user machine and is kept in a secure environment throughout its entire lifetime.
Each user has a secure environment working in parallel to their machine. Data that is considered sensitive is created and used only in that secure environment. User can communicate sensitive data to other users who can use the data using their secure environment. The parallel world can be configured with permissions for single users as well as for groups of users. Similarly, permissions can be managed in that way through individuals and groups.
Some of the motivation of this disclosure is to protect secure data from being copied or intercepted by any means, even through the likes of key loggers and display snapshots. The data is to remains protected from administrators that back up the data for example, so that mass copying of protected data is prevented. The data is to remain protected if sent to the wrong recipient. The data is to be accessed by its intended users only and is to be protected from others throughout the lifetime of the data. Since the secure data remains in the parallel world, mass copying even of authorized data for the user, to a media outside the parallel world is prevented.
There is thus a widely recognized need for protecting data in the manner described above even when the non secure user machine has already been compromised and it would be highly advantageous to have such a method devoid of the above limitations.