Invented by Andrei Erofeev, Rahul S. Pawar, Commvault Systems Inc

In today’s digital age, data security has become a top priority for individuals and businesses alike. With the rise of cyber threats and data breaches, it is essential to protect sensitive information from unauthorized access. One way to do this is through automatic file encryption. Automatic file encryption is the process of converting data into a code that can only be read by authorized users. This technology has been around for a while, but it has gained popularity in recent years due to the increasing need for data security. With automatic file encryption, users can protect their files without having to manually encrypt each one. The market for automatic file encryption is growing rapidly. According to a report by MarketsandMarkets, the global market for file encryption software is expected to reach $4.3 billion by 2022, growing at a compound annual growth rate of 24.0% from 2017 to 2022. This growth can be attributed to the increasing demand for data security and the rise of cloud computing. Cloud computing has become a popular way for businesses to store and share data. However, it also poses a security risk as data is stored on remote servers that are vulnerable to cyber attacks. Automatic file encryption can help mitigate this risk by encrypting data before it is uploaded to the cloud. Another factor driving the market for automatic file encryption is the increasing use of mobile devices. With more people using smartphones and tablets to access sensitive information, there is a greater need for data security on these devices. Automatic file encryption can provide this security by encrypting data on mobile devices. The market for automatic file encryption is also being driven by government regulations. Many countries have implemented data protection laws that require businesses to encrypt sensitive data. Failure to comply with these regulations can result in hefty fines and damage to a company’s reputation. Automatic file encryption can help businesses comply with these regulations and avoid penalties. In conclusion, the market for automatic file encryption is growing rapidly due to the increasing need for data security, the rise of cloud computing, the increasing use of mobile devices, and government regulations. As cyber threats continue to evolve, automatic file encryption will become an essential tool for protecting sensitive information.

The Commvault Systems Inc invention works as follows

A method of automatically encrypting files has been disclosed. The method can be executed by computer hardware with one or more processors in some cases. The method may include access detection to a first file that could be stored in a primary storage. The method can also be used to determine whether the access is write-access. The method can be used to determine if the access is a write access. It also includes accessing the file metadata associated with the file and accessing a list of encryption rules. The method may also include determining if the file metadata meets the set of encryption requirements. If the file metadata is found to be compatible with the encryption rules, the method may include decrypting the first file in order to obtain an encrypted file. It can also modify the extension of the first encrypted files to add an encryption extension.

Background for Automatic file encryption

Global businesses recognize the commercial value and seek cost-effective, reliable ways to secure their information while minimizing productivity. Information protection is often part and parcel of an organizational process.

A company may back up important computing systems like web servers, file servers, web server, etc. as part of its daily, weekly or monthly maintenance plan. A company might also protect the computing systems of each employee, such as those used in an accounting, marketing, or engineering department.

Companies continue to look for innovative ways to manage data growth and protect data, given the ever-growing volume of data under their control. Companies often use migration techniques to move data to cheaper storage and data reduction techniques to reduce redundant data, prune lower priority data, and so forth.

Data stored by enterprises is becoming a valuable asset. Customers are seeking solutions that can not only manage and protect their data but also allow them to leverage it. Solutions that allow for data analysis, enhanced data presentation, and easy access are increasingly in demand.

Keeping electronic data secure is a growing concern for many users and becoming more costly. Enterprise users have access to financial data (e.g. credit card numbers and social security numbers) so it is crucial to prevent data leakage. As more enterprise users use mobile devices to access and store data in an enterprise environment and also outside it, the challenges of maintaining data security have increased.

Many users and organizations today store data on secondary storage devices, or devices in a network (e.g. cloud storage devices) to protect and increase data accessibility. Many times, data on secondary storage devices is encrypted. While data is more secure when it is stored encrypted on the secondary storage devices, malicious users can still access sensitive data on the primary storage device (e.g. a client computing machine).

For the purposes of summarizing disclosure, certain aspects and novel features of inventions have been described in this document. These advantages can not always be realized in accordance to any one of the embodiments of the inventions described herein. The inventions described herein can be implemented or performed in a way that maximizes one advantage or group thereof, without necessarily achieving any other advantages.

Some embodiments described herein include a way to automatically encrypt files. The method can be carried out by computer hardware that includes one or more processors in some cases. The method may include access detection to a first file that could be stored in a primary storage. The method can also be used to determine whether the access is write-access. The method can be used to determine if the access is a write access. It also includes accessing the file metadata associated with the file and accessing a list of encryption rules. The method may also include determining if the file metadata meets the set of encryption requirements. If the file metadata is found to be compatible with the encryption rules, the method may include decrypting the first file in order to obtain an encrypted file. It can also modify the extension of the first encrypted files to add an encryption extension.

In some embodiments, there is a system that automatically encrypts files. A primary storage system is used to store the first file. The system can also include a primary storage system that stores a first file. A file monitor, which is comprised of computer hardware, can detect the first file being accessed and determine if it is a write access. The system can also include an encryption rule repository that stores encryption rules. The system may also include an encryption engine that is composed of computer hardware. It can access the file metadata associated to the first file when the file monitor determines that the access constitutes a write access. Further, the encryption engine can be configured to access the encryption rules repository to determine if the file metadata meets the encryption requirements. The system may also include an encryption module that is composed of computer hardware. It can be configured to encrypt the first encrypted file when the encryption engine determines that the file metadata meets the encryption rules. The encryption module can also be used to alter the extension of the encrypted file in order to add an encryption extension. Sometimes, multiple computers may be used in a single computer.

In certain embodiments, there is a method of displaying encrypted files. The method can be executed by computer hardware that includes one or more processors in some cases. Accessing an encrypted file can be included in the method. This could be an encrypted version or an encrypted copy of an unencrypted one. An unencrypted file might have a different extension than the encrypted one. The method can also include accessing metadata associated to the encrypted file and determining the file type based at least partially on that metadata. The file may also include displaying a reference to encrypted file, determined at least in part by the file type. It is possible to use the reference to an encrypted file to imitate, at minimum in part, the extension from the unencrypted.

Some embodiments can include a method of displaying encrypted files. This may, in certain cases, be done by computer hardware that includes one or more processors. This can include accessing encrypted files that could be encrypted versions of files. The method may also include accessing metadata associated to the encrypted file and determining the file type based at least in part on that metadata. The method can also include displaying a reference to encrypted file based at least partially on its file type. The reference to encrypted file could be set up to imitate, at minimum in part, the file’s reference.

Some embodiments of this disclosure include a system to display encrypted files. The system may include a display screen that outputs a user interface, and an interface agent made up of computer hardware. An interface agent can be set up to allow access to an encrypted file. An encrypted file can be an encrypted version or unencrypted of an existing file. This file could have a different extension than the encrypted file. The interface agent can access metadata associated to the encrypted file to determine the file type based at least in part on that metadata. The interface agent can be set up to display on the screen a reference of the encrypted file that is based at least partially on the file type. It is possible to set the reference to encrypted file to imitate, at minimum in part, the extension from the unencrypted files.

In some embodiments, there is a method of automatically decrypting files. In some cases, the method may be executed by computer hardware that includes one or more processors. The method may include authenticating users based at least partially on the authentication information provided by them. Further, the method could include receiving a request for access to a file stored in primary storage, and determining, at least partially, based on the file extension, whether the file is encrypted. Sometimes, an encrypted file may contain a modified extension that indicates that it is encrypted. In some cases, the encrypted file may contain a modified file extension that indicates that it is encrypted. The method may include decrypting the file to determine if it is encrypted. However, the authentication information is not required to determine if the user is authorized to access that file. The method can include decrypting the file in order to get a decrypted version and giving the user access to that file.

In certain embodiments, the present disclosure discloses a system that automatically decrypts files. A system that authenticates a user can be comprised of an authentication system consisting of computer hardware. It is configured to use the authentication information supplied by the user to verify their identity. The system can also include a primary storage that stores encrypted and unencrypted data, as well as a secure file access module made of computer hardware. This module is designed to allow users to request access to files stored in the primary storage. A file extension may also be used by the secure file access module to determine whether the file is encrypted. An encrypted file might include a modified extension that indicates that it is encrypted. Sometimes, the encrypted file may include a modified file extension that indicates that it is encrypted. In these cases, the reference to the file will be displayed to the user as an unverified file. The secure file access module can also be used to determine whether the user has permission to access the file. This is done based at least partially on the authentication information. However, the user will not be asked for this information when requesting access to the file. A decryption module, comprising computer hardware, may be included in the system. It is designed to decrypt the file in order to obtain a decrypted version of the file. This module will respond to secure file access module’s determination that the file is encrypted and that the user has permission to access it. The system may also include an interface agent, which is composed of computer hardware. It is designed to allow the user access to the encrypted file that was obtained by decryption module. This is in response to secure file access module determining the file is encrypted and authorizing the user to access it.

Some embodiments include a method of backing up a file. This may be done by a computing device comprising one or several processors. This can be accomplished by a media agent receiving a command from the storage manager to back up a file at another storage device. The method may also include receiving the file from an agent and determining if it is encrypted. After determining the file is encrypted, the method may include identifying the encryption algorithm used to decrypt it and storing metadata about the file. The metadata could include the identity of the encryption algorithm. The method could also include the storage of the file at secondary storage devices without encryption. If the file cannot be encrypted, the method may include decrypting it to create an encrypted file and then storing the encrypted file at secondary storage device.

Some embodiments of this disclosure include a system to back up a file. A primary storage device can be used to store files, while a secondary storage device is used to store backups of the files. The storage manager, which is composed of computer hardware, can initiate the backup. The first backup command can be sent to a data agent in order to initiate the backup. The system may also include a data agent that is comprised of computer hardware. It can be configured to give the file to the media agents based at least partially on receiving the first backup command. The system may also include a media agent, which is composed of computer hardware. It can receive the file from its data agent and determine if it is encrypted. The media agent can store the encrypted file at the secondary storage device if it is determined that the file has been encrypted. If the file is not encrypted, the media agent can encrypt it to create an encrypted file and store it at the secondary storage.

In some embodiments, there is a method of restoring a file from secondary memory. In some cases, this method may be carried out by a computing system that includes one or more processors. The method may include receiving a command from the storage manager to restore a file to a recipient system from a media agent. The method could also include accessing the secondary storage device in order to retrieve the file, and accessing metadata. The method could also include accessing the secondary storage device to retrieve the file and accessing metadata associated with the file. If the media agent has determined that the file was encrypted, the method may include decrypting the file in order to get an unencrypted copy and giving the recipient system access to the unencrypted files.

In some embodiments, a system is provided for recovering a file from secondary storage. This system may include a secondary storage device that stores a backup of the file. Sometimes, the backup file can be encrypted. The system may also include a storage manager, which is composed of computer hardware that can be used to initiate the restoration. The media agent can send a restore command to initiate the restoration of the file. The system may also include a media agent that is comprised of computer hardware. It can be configured to retrieve the file form the secondary storage device upon receiving the restore command. A media agent can also access metadata associated to the file and determine, at minimum in part, whether the file has been encrypted by the media agency. If the media agent has determined that the file was encrypted, the agent can decrypt it and give access to the recipient system.

Some embodiments include a method to restore a file from secondary storage. In some cases, this method may be performed by a computing device with one or more processors. The method may include receiving a command from the storage manager to restore a file to a recipient system from a media agent. The method could also include accessing the secondary storage device in order to retrieve the file, and the accessing metadata associated. The method could also include accessing the secondary storage device to retrieve the file and accessing metadata associated with the file. The method may include altering the file to imitate, at minimum in part, an encrypted version of the file, without decrypting it, and giving access to the recipient system to the modified file.

Some embodiments of this disclosure include a system to restore a file from secondary storage. A secondary storage device can be used to backup a file. Sometimes, the backup file can be encrypted. The system may also include a storage manager, which is composed of computer hardware that can be used to initiate the restoration. The media agent can send a restore command to initiate the restoration of the file. The system may also include a media agent that is comprised of computer hardware. It can be configured to retrieve the file using the secondary storage device after receiving the restore command. The media agent can also be set up to retrieve metadata associated with the file, and determine, at minimum in part, whether the file is encrypted. The media agent can be set up to modify the file in response to determining whether the file is encrypted. The media agent can also be configured to grant access to the modified file to a recipient system.

In certain embodiments, the present disclosure discloses a method to automatically encrypt files. A computing system may perform the method, which can include one or more processors. The method may include encrypting the file in order to obtain encrypted files and changing the extension to add encryption. To encrypt the file, you must obtain a data encryption keys and then encrypt the file using the data encryption key. Encrypting the file also includes identifying the users authorized to access it. Encrypting the file also includes the encryption of a copy the data encryption keys for each user in the group. The encrypted copy can be used to get an encrypted copy the data encryption secret and embedded with the encrypted file.

Click here to view the patent on Google Patents.