Method to automatically lock/encrypt files or directories on a mobile computing system based on domain references
Original Publication Date: 2002-Mar-29
Included in the Prior Art Database: 2003-Jun-20
One of the advantages of a portable computing system (laptop computers are the easiest example) is the ability to take your work with you. One of the concerns about this, however, is the security of the system. Since it is typical of users to keep private, personal information as well as company confidential information in various directories on the laptop, there are concerns about security for each type of file when the laptop is at different physical locations. In other words, when the laptop is open and active on your desk at work, people should not be able to access your personal financial spreadsheets. And when your laptop is at home, you are under obligations to prevent non-company members in the household from viewing your company's confidential information. Our proposed disclosure is a method by which files or directories are automatically locked or encrypted based on your domain name. One of the common features of laptops and ethernet-based LANs is that they allow dynamic ethernet network configuration. When you hook your computer up to the network, you will have configured your computer to actively ask for the next free, TEMPORARY ethernet address. Thus, you can connect on any LAN as long as there are free addresses to use and you don't mind connecting each time as a temporary network entity. However, each time you connect, the machine's temporary IP address has a firm domain name associated with that address (although the actual IP name will most likely vary). The key to this idea is that the domain name such as "city.abc.com" will remain constant even as the IP name is different each time you plug in the computer as part of booting your laptop. So, the idea goes that as you create files or databases or directories, you will be asked if the object you created should be accessible only when you are connected onto the same domain. When you answer affirmative, then a tag is placed onto that file's inode table which lists the domain name by which the filesystem will allows user access. Or, another alternative is that the entity becomes encrypted rather than locked out by the filesystem permission function. When you next access the file or the directory, a comparison is made between the "permission domain" and your current domain name to see if they are similar. If they are not similar, the file or directory access request will fail with a message that this file is locked into another domain's permission. Of course, you can always override this lock with the "root" or administrator's password so that emergency access may occur. This allows a set or group of filesystem entities to be automatically locked or unlocked depending on where and how you boot your system. And when you connect to a third party LAN, that is neither your home or your work, it reduces the chances of snoopers breaking into your system to access your personal or confidential files. This automation of locks or encryption, based on domain name recognition or failure to recognize, is the key feature of this idea.