Enhanced data leakage detection in cloud services

US 10,178,096 B2
Filed: 03/31/2017
Issued: 01/08/2019
Est. Priority Date: 03/31/2017
Status: Active Grant

First Claim

Patent Images

1. A method for creating benchmark data to enhance data leakage protection in cloud based services, the method comprising:

receiving, by one or more processors, user data;

monitoring, by the one or more processors, a user data transaction;

identifying, by the one or more processors, a plurality of attribute elements associated with the user data and the user data transaction;

monitoring, by the one or more processors, the plurality of attribute elements, wherein the plurality of attribute elements comprises dynamic content and variable lengths;

creating, by the one or more processors, benchmark data based on the identified plurality of attribute elements and user data gathered from a user data transaction;

determining, by the one or more processors, there are no discrepancies between the user data transaction and the benchmark data;

creating, by the one or more processors, policy attributes based on flagging one or more attribute elements associated with the user data and the user data transaction wherein the flagged attribute elements influence security policy;

sending, by the one or more processors, the policy attributes to an administrator for policy creation;

storing, by the one or more processors, the benchmark data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.

9 Citations

17 Claims

1. A method for creating benchmark data to enhance data leakage protection in cloud based services, the method comprising:
- receiving, by one or more processors, user data;
  
  monitoring, by the one or more processors, a user data transaction;
  
  identifying, by the one or more processors, a plurality of attribute elements associated with the user data and the user data transaction;
  
  monitoring, by the one or more processors, the plurality of attribute elements, wherein the plurality of attribute elements comprises dynamic content and variable lengths;
  
  creating, by the one or more processors, benchmark data based on the identified plurality of attribute elements and user data gathered from a user data transaction;
  
  determining, by the one or more processors, there are no discrepancies between the user data transaction and the benchmark data;
  
  creating, by the one or more processors, policy attributes based on flagging one or more attribute elements associated with the user data and the user data transaction wherein the flagged attribute elements influence security policy;
  
  sending, by the one or more processors, the policy attributes to an administrator for policy creation;
  
  storing, by the one or more processors, the benchmark data.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - restricting, by the one or more processors, entry into a cloud system based on authentication request credentials.
  - 3. The method of claim 1, wherein benchmark data comprises:
    - attribute elements and user data transactions.
  - 4. The method of claim 3, wherein attribute elements comprise:
    - user data information, user data usage, user location, file name, file size, file time stamp, file location, user name, IP address, and user behavioral patterns.

5. A computer program product for creating benchmark data to enhancing data leakage protection in cloud based services, the computer program product comprising:
- one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising;
  
  program instructions to receive user data;
  
  program instructions to monitor a user data transaction;
  
  program instructions to identify a plurality of attribute elements associated with the user data and the user data transaction;
  
  program instructions to monitor the plurality of attribute elements, wherein the plurality of attribute elements comprises dynamic content and variable lengths;
  
  program instructions to create benchmark data based on the identified plurality of attribute elements and user data gathered from a user data transaction;
  
  program instructions to determine there are no discrepancies between the user data transaction and the benchmark data;
  
  program instructions to create policy attributes based on flagging one or more attribute elements associated with the user data and the user data transaction wherein the flagged attribute elements influence security policy; and
  
  program instructions to send the policy attributes to an administrator for policy creation.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The computer program product of claim 5, further comprising:
    - program instructions to receive a user data request, wherein the user data request is associated with accessing a cloud service;
      
      program instructions to request benchmark data associated with the user data request program instructions to receive the benchmark data from a benchmark database;
      
      program instructions to determine there are no discrepancies between attribute elements associated with the user data request matches and the benchmark data;
      
      program instructions to log the user data request and discrepancies identified between the user data request and the benchmark data, wherein the logged user data request and the discrepancies can be used to make policy, and prohibiting the user from accessing the cloud service; and
      
      responsive to determining the user data request does match the benchmark data, program instructions to store the benchmark data in the benchmark database.
  - 7. The computer program product of claim 6, wherein determining, further comprises:
    - program instructions to determining access to the cloud service based on the results of benchmark data analysis, wherein the user'"'"'s data request is permitted access to enter the cloud service if there are no discrepancies found in the benchmark analysis, and, wherein the user'"'"'s data request is denied access to enter the cloud service if there are discrepancies found in the benchmark data analysis.
  - 8. The computer program product of claim 7, wherein the benchmark data analysis is conducted by a CASB gateway, wherein the CASB gateway identifies discrepancies between the user data request and the benchmark data.
  - 9. The computer program product of claim 6, further comprising:
    - program instructions to send a request to a benchmark database to retrieve benchmark data, wherein the program instructions to send the request comprises;
      
      program instructions to send a request to an API scanner to retrieve benchmark data, wherein the API scanner identifies benchmark data discrepancies between the user data request and the benchmark data stored in the benchmark database.
  - 10. The computer program product of claim 9, wherein the API scanner detects user data request in the cloud service when a user data request circumvents a CASB gateway.
  - 11. The computer program product of claim 6, wherein benchmark data comprises:
    - attribute elements and user data transaction, and, wherein attribute elements comprise;
      
      user data information, user data usage, user location, file name, file size, file time stamp, file location, user name, IP address, and user behavioral patterns.

12. A computer system comprising:
- one or more computer processors;
  
  one or more computer readable storage devices;
  
  program instructions stored on the one or more computer readable storage devices for execution by at least one of the one or more computer processors, the stored program instructions comprising;
  
  program instructions to, receive user data;
  
  program instructions to, monitor a user data transaction;
  
  program instructions to, identify a plurality of attribute elements;
  
  program instructions to monitor the plurality of attribute elements, wherein the plurality of attribute elements comprises dynamic content and variable lengthsprogram instructions to, create benchmark data based on one or more identified attributes and user data gathered from a user data transaction;
  
  program instructions to determine there are no discrepancies between the user data transaction and the benchmark data;
  
  program instructions to create policy attributes based on flagging one or more attribute elements associated with the user data and the user data transaction wherein the flagged attribute elements influence security policy; and
  
  program instructions to send the policy attributes to an administrator for policy creation.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer system of claim 12, further comprising:
    - program instructions to, store the benchmark data;
      
      program instructions to, receive a user data request, wherein the user data request is associated with accessing a cloud service;
      
      program instructions to, request benchmark data associated with the user data request program instructions to, receive the benchmark data from a benchmark database;
      
      program instructions to, determine there are no discrepancies between attribute elements associated with the user data request and the benchmark data;
      
      program instructions to, log the user data request and discrepancies identified between the user data request and the benchmark data, wherein the logged user data request and discrepancies can be used to make policy, and prohibit the user from accessing the could serviceprogram instructions to, create policy attributes based on flagging one or more attribute elements associated with the user data and the user data transaction; and
      
      program instructions to, send the policy attributes to an administrator for policy creation.
  - 14. The computer system of claim 12, further comprising:
    - responsive to determining the user data request does match the benchmark data, program instructions to, store the benchmark data in the benchmark database.
  - 15. The computer system of claim 12, wherein determining, further comprises:
    - program instructions to determine access to the cloud service based on the results of benchmark data analysis, wherein the user'"'"'s data request is permitted access to enter the cloud service if there are no discrepancies found in the benchmark analysis, and, wherein the user'"'"'s data request is denied access to enter the cloud service if there are discrepancies found in the benchmark data analysis.
  - 16. The computer system of claim 15, wherein the benchmark data analysis is conducted by a CASB gateway, wherein the CASB gateway identifies discrepancies between the user data request and the benchmark data.
  - 17. The computer system of claim 12, further comprising:
    - program instructions to send a request to a benchmark database to retrieve benchmark data, wherein the program instructions to send the request comprises;
      
      program instructions to, send a request to an API scanner to retrieve benchmark data, wherein the API scanner detects user data request in the cloud service when a user data request circumvents a CASB gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hockings, Christopher J., Mulyono, Budi, Narasipur, Sumana S., Pranam, Codur S.
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/475,173
Publication Number

US 20180288051A1
Time in Patent Office

648 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

Enhanced data leakage detection in cloud services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced data leakage detection in cloud services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links