Nicholas Thomas Ryan

US Patent:

7260555, Aug 21, 2007

Filed:

Feb 12, 2002

Appl. No.:

10/076254

Inventors:

Alain Rossmann - Palo Alto CA, US
Patrick Zuili - Palo Alto CA, US
Michael Michio Ouya - Portola Valley CA, US
Serge Humpich - Tournan-en-Brie, FR
Chang-Ping Lee - Palo Alto CA, US
Klimenty Vainstein - Morgan Hill CA, US
Hal Hilderbrand - Moss Beach CA, US
Denis Jacques Paul Garcia - Palo Alto CA, US
Senthilvasan Supramaniam - San Calros CA, US
Weiqing Huang - Sunnyvale CA, US
Nicholas Michael Ryan - Sunnyvale CA, US

Assignee:

Guardian Data Storage, LLC - Wilmington DE

International Classification:

G06F 99/00

US Classification:

705 51, 705 50, 705 59, 713150, 713155, 713182, 713201

Abstract:

Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e. g. , a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.

US Patent:

7512810, Mar 31, 2009

Filed:

Sep 11, 2002

Appl. No.:

10/242185

Inventors:

Nicholas M. Ryan - Sunnyvale CA, US

Assignee:

Guardian Data Storage LLC - Wilmington DE

International Classification:

H04L 9/32

US Classification:

713189, 726 13, 726 16, 726 26, 726 27, 707 9, 707 10, 710 22, 710 28

Abstract:

An improved system and approaches for protecting secured files when being used by an application (e. g. , network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e. g. , the Internet) to unauthorized destinations. In one embodiment, in opening a file for use by a network browser, the network browser receives a secured (e. g. , encrypted) version of the secured file when the destination location (e. g. , destination address) for the network browser is not trusted, but receives an unsecured (e. g. , unencrypted) version of the secured file when the destination location for the network browser is trusted. According to another aspect, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.

US Patent:

7631184, Dec 8, 2009

Filed:

May 14, 2002

Appl. No.:

10/146207

Inventors:

Nicholas Ryan - Sunnyvale CA, US

International Classification:

H04L 9/32
H04L 29/06
G06F 21/24

US Classification:

713160, 726 32, 713176

Abstract:

Improved approaches for securing files that are derived from secured files are disclosed. In general, a secured file can only be accessed by authenticated users with appropriate access rights or privileges. Each secured file is provided with a header portion and a data portion, where the header portion contains, or points to, security information. The security information is used to determine whether access to associated data portions of secured files is permitted. These improved approaches can thus impose security on files that are derived from secured files. In one embodiment, files that are deemed derived from a secured file include files that are copies of the secured file. In another embodiment, files that are deemed derived from a secured file include files having content substantially similar to the content of the secured file.

US Patent:

7729995, Jun 1, 2010

Filed:

Jul 22, 2002

Appl. No.:

10/201756

Inventors:

Rossmann Alain - Palo Alto CA, US
Patrick Zuili - Palo Alto CA, US
Michael Michio Ouye - Portola Valley CA, US
Serge Humpich - Tournan-en-Brie, FR
Chang-Ping Lee - Palo Alto CA, US
Klimenty Vainstein - Morgan Hill CA, US
Hal Hilderbrand - Moss Beach CA, US
Denis Jacques Paul Garcia - Palo Alto CA, US
Senthilvasan Supramaniam - San Calros CA, US
Weiqing Huang - Sunnyvale CA, US
Nicholas Michael Ryan - Sunnyvale CA, US

International Classification:

G06F 17/60

US Classification:

705 71, 705 64, 705 67

Abstract:

Techniques for managing files in a designated location are disclosed. An example of the designated location is a folder, a directory, a repository, a device, or a storage place. A set of access rules is applied to a designated location such that all files in the designated location shall have substantially similar security. As a result, secured files can be easily created and managed with respect to the designated location and users with access privilege to the designated location can access most of the files, in not all, in the designated location.

US Patent:

7913311, Mar 22, 2011

Filed:

Aug 10, 2007

Appl. No.:

11/889310

Inventors:

Rossmann Alain - Palo Alto CA, US
Patrick Zuili - Palo Alto CA, US
Michael Michio Ouye - Portola Valley CA, US
Serge Humpich - Tournan-en-Brie, FR
Chang-Ping Lee - Palo Alto CA, US
Klimenty Vainstein - Morgan Hill CA, US
Hal Hilderbrand - Moss Beach CA, US
Denis Jacques Paul Garcia - Palo Alto CA, US
Senthilvasan Supramaniam - San Carlos CA, US
Weiqing Huang - Sunnyvale CA, US
Nicholas Michael Ryan - Sunnyvale CA, US

International Classification:

G06F 12/14
G06F 21/00

US Classification:

726 28, 705 51, 705 52, 726 26, 726 27, 726 29, 713182

Abstract:

Techniques for providing pervasive security to digital assets are disclosed. According to one aspect of the techniques, a server is configured to provide access control (AC) management for a user (e. g. , a single user, a group of users, software agents or devices) with a need to access secured data. Within the server module, various access rules for the secured data and/or access privileges for the user can be created, updated, and managed so that the user with the proper access privileges can access the secured documents if granted by the corresponding access rules in the secured data.

US Patent:

8307067, Nov 6, 2012

Filed:

Feb 19, 2009

Appl. No.:

12/389076

Inventors:

Nicholas M. Ryan - Sunnyvale CA, US

Assignee:

Guardian Data Storage, LLC - Wilmington DE

International Classification:

G06F 15/173

US Classification:

709224, 709219

Abstract:

An improved system and approaches for protecting secured files when being used by an application (e. g. , network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e. g. , the Internet) to unauthorized destinations. In one embodiment, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.

US Patent:

8528107, Sep 3, 2013

Filed:

Sep 14, 2006

Appl. No.:

11/522172

Inventors:

Matthew Ginzton - San Francisco CA, US
Matthew Eccleston - San Francisco CA, US
Srinivas Krishnamurti - San Carlos CA, US
Gerald C. Chen - Palo Alto CA, US
Nicholas Ryan - Sunnyvale CA, US

Assignee:

VMware, Inc. - Palo Alto CA

International Classification:

G06F 11/30
G06F 12/14
G06F 9/455

US Classification:

726 29, 726 17, 726 22, 713193, 718 1

Abstract:

An administrator may set restrictions related to the operation of a virtual machine (VM), and virtualization software enforces such restrictions. There may be restrictions related to the general use of the VM, such as who may use the VM, when the VM may be used, and on what physical computers the VM may be used. There may be similar restrictions related to a general ability to modify a VM, such as who may modify the VM. There may also be restrictions related to what modifications may be made to a VM, such as whether the VM may be modified to enable access to various devices or other resources. There may also be restrictions related to how the VM may be used and what may be done with the VM. Information related to the VM and any restrictions placed on the operation of the VM may be encrypted to inhibit a user from circumventing the restrictions.

US Patent:

8543827, Sep 24, 2013

Filed:

Mar 27, 2008

Appl. No.:

12/057015

Inventors:

Denis Jacques Paul Garcia - Palo Alto CA, US
Michael Michio Ouye - Mountain View CA, US
Alain Rossmann - Palo Alto CA, US
Steven Toye Crocker - Burlingame CA, US
Eric Gilbertson - Menlo Park CA, US
Weiqing Huang - Flower Mound TX, US
Serge Humpich - Tournan-en-Brie, FR
Klimenty Vainstein - San Francisco CA, US
Nicholas Michael Ryan - Sunnyvale CA, US

Assignee:

Intellectual Ventures I LLC - Wilmington DE

International Classification:

G06F 7/04

US Classification:

713184, 713166, 713167, 713168, 713169, 713170, 726 26, 726 27, 726 28, 726 29, 726 30

Abstract:

In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.