| CPC G06F 21/602 (2013.01) | 11 Claims |
|
1. A computer-implemented method comprising:
detecting, from a first application, a copy request for copying controlled content, where the copy request is associated with a clipboard function;
determining that the first application is included in a group of applications identified based on data loss prevention (DLP) restriction data, the DLP restriction data including a group resource identifier associated with the group of applications and a restriction to the clipboard function;
in response to determining that the first application is included in the group of applications:
triggering a data scan to detect restricted content in the controlled content,
in response to the data scan detecting restricted content in the controlled content,
encrypting the controlled content with an encryption key as encrypted content, and
transferring clipboard data to a buffer associated with the clipboard function, the clipboard data including the encrypted content;
detecting, from a second application, a paste request for pasting the controlled content, wherein the paste request is associated with the clipboard function;
determining that the second application is included in the group of applications; and
in response to determining that the second application is included in the group of applications:
retrieving the clipboard data from the buffer associated with the clipboard function,
retrieving the controlled content by decrypting the encrypted content with the encryption key, and
transferring the controlled content to the second application.
|
|
7. An apparatus comprising:
at least one processor; and
a non-transitory computer readable medium storing executable instructions that when executed by the at least one processor cause the at least one processor to:
detect, from a first application, a copy request for copying controlled content, wherein the copy request is associated with a clipboard function;
determine that the first application is included in a group of applications identified based on data loss prevention (DLP) restriction data, the DLP restriction data including a group resource identifier associated with the group of applications and a restriction to the clipboard function associated with the copy request;
encrypt the controlled content with an encryption key as encrypted content,
store the encryption key to a memory device,
transfer clipboard data to a buffer associated with the clipboard function, the clipboard data including the encrypted content and an encryption key identifier associated with the encryption key and the memory device;
detect, from a second application, a paste request for pasting the controlled content, wherein the paste request is associated with the clipboard function;
determine that the second application is included in the group of applications;
retrieve the clipboard data from the buffer associated with the clipboard function;
locate the encryption key in the memory device based on the encryption key identifier,
retrieve the controlled content by decrypting the encrypted content with the encryption key; and
transfer the controlled content to the second application.
|