Identifying and preventing leaks of sensitive information

US 10,152,611 B2
Filed: 02/08/2013
Issued: 12/11/2018
Est. Priority Date: 02/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method for identifying and preventing leaks of sensitive information, the method comprising:

in a knowledge profiler implemented on a computer system, the computer system comprising one or more computer processors, generating a plurality of personal knowledge profiles, wherein each personal knowledge profile in the plurality of personal knowledge profiles is associated with a particular user in a plurality of users using a network of electronics devices;

generating, by a computer-implemented content analyzer in communication with the knowledge profiler of the computer system, the content analyzer implemented using at least one of the one or more computer processors, a plurality of associated inferred meanings for a plurality of terms from a plurality of documents, the documents associated with the plurality of personal knowledge profiles, wherein the plurality of associated inferred meanings for the plurality of terms is generated for each term based at least on a syntactic analysis of the use of the term within a sentence in relation to a usage of the term in a context of the plurality of documents, the context comprising one or more of;

another sentence, a title, a footnote, and a parenthetical definition;

in the content analyzer, using the plurality of associated inferred meanings to generate, for each personal knowledge profile in the plurality of personal knowledge profiles, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms generated for each personal knowledge profile categorizes the plurality of terms based on the associated inferred meanings;

in the knowledge profiler, using the plurality of associated inferred meanings to generate a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of personal knowledge profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms, and storing the plurality of associated inferred meanings and the plurality of associated categorical term frequencies in corresponding ones of the plurality of personal knowledge profiles;

determining, by a computer-implemented sensitivity analyzer in communication with the knowledge profiler of the computer system, the sensitivity analyzer implemented using at least one of the one or more computer processors, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies;

determining, by at least one of the one or more computer processors of the computer system, a plurality of link strength values, wherein;

each of the link strength values is associated respectively with a pair of personal knowledge profiles in a plurality of personal knowledge profiles,each of the plurality of personal knowledge profiles is associated with a user in the plurality of users,the determining of each of the link strength values is based on an occurrence of common terms in its associated pair of personal knowledge profiles, such that each of the plurality of link strength values describes a relationship between an associated pair of users in the plurality of users, andsensitivity level values in the plurality of sensitivity level values are further based on the plurality of link strength values;

storing, by the knowledge profiler of the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted;

detecting, by the computer system, a first information transaction between a first pair of users in the plurality of pairs of users that includes a first term associated with a first categorical term in the plurality of categorical terms;

determining a first sensitivity level value for the first categorical term;

generating an alert in response to the first sensitivity level value; and

automatically blocking the information transaction in response to the alert.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Determining sensitive information and preventing the unauthorized or unintended dissemination of such information are disclosed. Terms are determined from documents associated with users in a network. Distributions among users and relative frequencies with which the terms are used are determined. Link strengths between users are calculated. Based on the distribution of the terms, the relative frequencies of use among the user profiles and link strengths between users conducting information transactions that include the terms, a sensitivity level for each term can be determined. To determine whether a particular information transaction with particular terms may be conducted between two users in the network, a combination of link strength between the users and sensitivity level of the terms with respect to the users or users'"'"' profiles are considered. If the information transaction includes terms that are unknown to one of the users, then a warning or alarm can be raised.

Citations

10 Claims

1. A method for identifying and preventing leaks of sensitive information, the method comprising:
- in a knowledge profiler implemented on a computer system, the computer system comprising one or more computer processors, generating a plurality of personal knowledge profiles, wherein each personal knowledge profile in the plurality of personal knowledge profiles is associated with a particular user in a plurality of users using a network of electronics devices;
  
  generating, by a computer-implemented content analyzer in communication with the knowledge profiler of the computer system, the content analyzer implemented using at least one of the one or more computer processors, a plurality of associated inferred meanings for a plurality of terms from a plurality of documents, the documents associated with the plurality of personal knowledge profiles, wherein the plurality of associated inferred meanings for the plurality of terms is generated for each term based at least on a syntactic analysis of the use of the term within a sentence in relation to a usage of the term in a context of the plurality of documents, the context comprising one or more of;
  
  another sentence, a title, a footnote, and a parenthetical definition;
  
  in the content analyzer, using the plurality of associated inferred meanings to generate, for each personal knowledge profile in the plurality of personal knowledge profiles, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms generated for each personal knowledge profile categorizes the plurality of terms based on the associated inferred meanings;
  
  in the knowledge profiler, using the plurality of associated inferred meanings to generate a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of personal knowledge profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms, and storing the plurality of associated inferred meanings and the plurality of associated categorical term frequencies in corresponding ones of the plurality of personal knowledge profiles;
  
  determining, by a computer-implemented sensitivity analyzer in communication with the knowledge profiler of the computer system, the sensitivity analyzer implemented using at least one of the one or more computer processors, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies;
  
  determining, by at least one of the one or more computer processors of the computer system, a plurality of link strength values, wherein;
  
  each of the link strength values is associated respectively with a pair of personal knowledge profiles in a plurality of personal knowledge profiles,each of the plurality of personal knowledge profiles is associated with a user in the plurality of users,the determining of each of the link strength values is based on an occurrence of common terms in its associated pair of personal knowledge profiles, such that each of the plurality of link strength values describes a relationship between an associated pair of users in the plurality of users, andsensitivity level values in the plurality of sensitivity level values are further based on the plurality of link strength values;
  
  storing, by the knowledge profiler of the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted;
  
  detecting, by the computer system, a first information transaction between a first pair of users in the plurality of pairs of users that includes a first term associated with a first categorical term in the plurality of categorical terms;
  
  determining a first sensitivity level value for the first categorical term;
  
  generating an alert in response to the first sensitivity level value; and
  
  automatically blocking the information transaction in response to the alert.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising determining, by the computer system, a distribution of the plurality of terms among the plurality of personal knowledge profiles, and wherein the plurality of sensitivity level values are further based on the distribution of the plurality of terms among the plurality of personal knowledge profiles.
  - 3. The method of claim 1, wherein determining the plurality of sensitivity level values further comprises calculating a plurality of weighted conditional probabilities based on the plurality of link strength values and the plurality of personal knowledge profiles.
  - 4. The method of claim 3, wherein each of the plurality of personal knowledge profiles comprises information regarding a level of knowledge that a user associated with a personal knowledge profile possesses regarding the categorical terms in the personal knowledge profile associated with the user.
  - 5. The method of claim 1, wherein determining a plurality of link strength values further comprises monitoring a plurality of frequencies associated with the plurality of pairs of user, wherein each of the plurality of frequencies corresponds to an associated frequency with which each of the plurality of pairs of users conduct information transactions.
  - 6. The method of claim 1, wherein generating the alert comprises comparing the first sensitivity level to a threshold sensitivity level value associated with a first user or a second user in the first pair of users.
  - 7. The method of claim 1, wherein the alert comprises a message displayed to a first user in the first pair of users regarding a sensitivity of the first information transaction.
  - 8. The method of claim 1, wherein the plurality of documents comprises one or more of:
    - email messages, social media posts, social media feeds, shared-access documents, and audio-visual files.

9. A non-transitory computer-readable medium comprising stored instructions which, when executed using at least one computer processor, cause the at least one computer processor to perform steps of a method for identifying and preventing leaks of sensitive information, the method comprising:
- in a knowledge profiler implemented on a computer system, the computer system comprising one or more computer processors, generating a plurality of personal knowledge profiles, wherein each personal knowledge profile in the plurality of personal knowledge profiles is associated with a particular user in a plurality of users using a network of electronics devices;
  
  generating, by a computer-implemented content analyzer in communication with the knowledge profiler of the computer system, the content analyzer implemented using at least one of the one or more computer processors, a plurality of associated inferred meanings for a plurality of terms from a plurality of documents, the documents associated with the plurality of personal knowledge profiles, wherein the plurality of associated inferred meanings for the plurality of terms is generated for each term based at least on a syntactic analysis of the use of the term within a sentence in relation to a usage of the term in a context of the plurality of documents, the context comprising one or more of;
  
  another sentence, a title, a footnote, and a parenthetical definition;
  
  in the content analyzer, using the plurality of associated inferred meanings to generate, for each personal knowledge profile in the plurality of personal knowledge profiles, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms generated for each personal knowledge profile categorizes the plurality of terms based on the associated inferred meanings;
  
  in the knowledge profiler, using the plurality of associated inferred meanings to generate a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of personal knowledge profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms, and storing the plurality of associated inferred meanings and the plurality of associated categorical term frequencies in corresponding ones of the plurality of personal knowledge profiles;
  
  determining, by a computer-implemented sensitivity analyzer in communication with the knowledge profiler of the computer system, the sensitivity analyzer implemented using at least one of the one or more computer processors, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies;
  
  determining, by at least one of the one or more computer processors of the computer system, a plurality of link strength values, wherein;
  
  each of the link strength values is associated respectively with a pair of personal knowledge profiles in a plurality of personal knowledge profiles, each of the plurality of personal knowledge profiles is associated with a user in the plurality of users, the determining of each of the link strength values is based on an occurrence of common terms in its associated pair of personal knowledge profiles, such that each of the plurality of link strength values describes a relationship between an associated pair of users in the plurality of users, and sensitivity level values in the plurality of sensitivity level values are further based on the plurality of link strength values;
  
  storing, by the knowledge profiler of the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted;
  
  detecting, by the computer system, a first information transaction between a first pair of users in the plurality of pairs of users that includes a first term associated with a first categorical term in the plurality of categorical terms;
  
  determining a first sensitivity level value for the first categorical term;
  
  generating an alert in response to the first sensitivity level value; and
  
  automatically blocking the information transaction in response to the alert.

10. A computer system for identifying and preventing leaks of sensitive information, the computer system comprising:
- one or more computer processors communicatively coupled to a memory, the one or more computer processors configured for;
  
  in a knowledge profiler implemented on the computer system, generating a plurality of personal knowledge profiles, wherein each personal knowledge profile in the plurality of personal knowledge profiles is associated with a particular user in a plurality of users using a network of electronics devices;
  
  generating, by a computer-implemented content analyzer in communication with the knowledge profiler of the computer system, the content analyzer implemented using at least one of the one or more computer processors, a plurality of associated inferred meanings for a plurality of terms from a plurality of documents, the documents associated with the plurality of personal knowledge profiles, wherein the plurality of associated inferred meanings for the plurality of terms is generated for each term based at least on a syntactic analysis of the use of the term within a sentence in relation to a usage of the term in a context of the plurality of documents, the context comprising one or more of;
  
  another sentence, a title, a footnote, and a parenthetical definition;
  
  in the content analyzer, using the plurality of associated inferred meanings to generate, for each personal knowledge profile in the plurality of personal knowledge profiles, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms generated for each personal knowledge profile categorizes the plurality of terms based on the associated inferred meanings;
  
  in the knowledge profiler, using the plurality of associated inferred meanings to generate a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of personal knowledge profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms, and storing the plurality of associated inferred meanings and the plurality of associated categorical term frequencies in corresponding ones of the plurality of personal knowledge profiles;
  
  determining, by a computer-implemented sensitivity analyzer in communication with the knowledge profiler of the computer system, the sensitivity analyzer implemented using at least one of the one or more computer processors, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies;
  
  determining, by at least one of the one or more computer processors of the computer system, a plurality of link strength values, wherein;
  
  each of the link strength values is associated respectively with a pair of personal knowledge profiles in a plurality of personal knowledge profiles, each of the plurality of personal knowledge profiles is associated with a user in the plurality of users, the determining of each of the link strength values is based on an occurrence of common terms in its associated pair of personal knowledge profiles, such that each of the plurality of link strength values describes a relationship between an associated pair of users in the plurality of users, and sensitivity level values in the plurality of sensitivity level values are further based on the plurality of link strength values;
  
  storing, by the knowledge profiler of the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted;
  
  detecting, by the computer system, a first information transaction between a first pair of users in the plurality of pairs of users that includes a first term associated with a first categorical term in the plurality of categorical terms;
  
  determining a first sensitivity level value for the first categorical term;
  
  generating an alert in response to the first sensitivity level value; and
  
  automatically blocking the information transaction in response to the alert.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Inventors
Hurwitz, Joshua B., Fu, Zhi, Kuhlman, Douglas A.
Primary Examiner(s)
Lemma, Samson B

Application Number

US13/762,942
Publication Number

US 20140230066A1
Time in Patent Office

2,132 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/6263   during internet communicati...

G06F 2221/2117   User registration

H04L 63/0245   Filtering by information in...

H04L 63/102   Entity profiles

Identifying and preventing leaks of sensitive information

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying and preventing leaks of sensitive information

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links