Multi-pronged file anomaly detection based on violation counts

US 10,496,842 B1
Filed: 07/16/2018
Issued: 12/03/2019
Est. Priority Date: 07/16/2018
Status: Active Grant

First Claim

Patent Images

1. A system for protecting sensitive data, the system comprising:

one or more processors; and

a memory storing instructions that, when executed by the one or more processors, cause the system to perform;

obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and

determining a violation of an access control policy based on the file classification information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

File classification information for a set of files are obtained. The file classification information defines (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files. A violation of an access control policy is determined based on the file classification information.

Citations

20 Claims

1. A system for protecting sensitive data, the system comprising:
- one or more processors; and
  
  a memory storing instructions that, when executed by the one or more processors, cause the system to perform;
  
  obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and
  
  determining a violation of an access control policy based on the file classification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files; and
      
      determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.
  - 3. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.
  - 4. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold.
  - 5. The system of claim 1, wherein the set of files is stored in an electronic storage of a computing device, and at least a portion of the file classification information for the set of files is determined by a discovery agent running on the computing device.
  - 6. The system of claim 5, wherein the discovery agent determines at least the portion of the file classification information based on (1) a determination of the classification categories associated with the classified files, and (2) the access privilege of the user.
  - 7. The system of claim 1, wherein a prevention analysis of the classified files is performed based on the determination of the violation of the access control policy.
  - 8. The system of claim 7, wherein a post-leak analysis of the classified files is performed based on the determination of the violation of the access control policy.

9. A method for protecting sensitive data, the method comprising:
- obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and
  
  determining a violation of an access control policy based on the file classification information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files; and
      
      determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.
  - 11. The method of claim 9, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.
  - 12. The method of claim 9, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold.
  - 13. The method of claim 9, wherein the set of files is stored in an electronic storage of a computing device, and at least a portion of the file classification information for the set of files is determined by a discovery agent running on the computing device.
  - 14. The method of claim 13, wherein the discovery agent determines at least the portion of the file classification information based on (1) a determination of the classification categories associated with the classified files, and (2) the access privilege of the user.
  - 15. The method of claim 9, wherein a prevention analysis of the classified files is performed based on the determination of the violation of the access control policy.
  - 16. The method of claim 15, wherein a post-leak analysis of the classified files is performed based on the determination of the violation of the access control policy.

17. A non-transitory computer-readable medium for protecting sensitive data, the non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform:
- obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and
  
  determining a violation of an access control policy based on the file classification information.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files; and
      
      determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.
  - 19. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.
  - 20. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:
    - determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Didi Infinity Technology And Development Co.Ltd.
Original Assignee
DiDi Research America, LLC
Inventors
Ren, Liwei
Primary Examiner(s)
Revak, Christopher A

Application Number

US16/035,764
Time in Patent Office

505 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/285   Clustering or classification

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Multi-pronged file anomaly detection based on violation counts

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-pronged file anomaly detection based on violation counts

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links