Decrypting files for data leakage protection in an enterprise network
First Claim
Patent Images
1. A method for providing data leak protection (DLP), comprising:
- determining, by a processor, that a predetermined application executing at a terminal is in the process of transmitting an encrypted file from the terminal; and
in response to determining that the encrypted file is being transmitted from the terminal, identifying, by the processor, a password that decrypts the encrypted file;
decrypting, by the processor, the encrypted file to generate a decrypted file;
determining, by the processor, that the decrypted file is a file subject to DLP;
in response to determining that the decrypted file is a file subject to DLP, preventing, by the processor, the transmitting of the file from the terminal;
identifying meta data of the encrypted file, wherein the decrypting further comprises selecting the password by determining that meta data of the encrypted file matches at least a portion of meta data of the password; and
identifying meta data of the encrypted file, wherein the decrypting further comprises determining a degree of match between meta data of the encrypted file and meta data of the multiple passwords obtained by comparing meta data associated with the encrypted file with meta data associated with the password several times, so as to determine priority given to a decryption performed with each of the multiple passwords.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for decrypting an encrypted file within an enterprise network. The techniques include identifying by a password collecting module a password entered during a file encryption procedure performed at a terminal and storing the password; receiving an encrypted file by a data leakage protection (DLP) module; and attempting to decrypt the encrypted file with the password by the DLP module.
-
Citations
15 Claims
-
1. A method for providing data leak protection (DLP), comprising:
-
determining, by a processor, that a predetermined application executing at a terminal is in the process of transmitting an encrypted file from the terminal; and in response to determining that the encrypted file is being transmitted from the terminal, identifying, by the processor, a password that decrypts the encrypted file; decrypting, by the processor, the encrypted file to generate a decrypted file; determining, by the processor, that the decrypted file is a file subject to DLP; in response to determining that the decrypted file is a file subject to DLP, preventing, by the processor, the transmitting of the file from the terminal; identifying meta data of the encrypted file, wherein the decrypting further comprises selecting the password by determining that meta data of the encrypted file matches at least a portion of meta data of the password; and identifying meta data of the encrypted file, wherein the decrypting further comprises determining a degree of match between meta data of the encrypted file and meta data of the multiple passwords obtained by comparing meta data associated with the encrypted file with meta data associated with the password several times, so as to determine priority given to a decryption performed with each of the multiple passwords. - View Dependent Claims (2, 3, 4, 13)
-
-
5. An apparatus for providing data leak protection (DLP), comprising:
-
a processor; a non-transitory, computer-readable medium coupled to the processor; and logic, stored on the computer-readable medium and executed on the processor, for; determining that a predetermined application executing at a terminal is in the process of transmitting an encrypted file from the terminal; and in response to determining that the encrypted file is being transmitted from the terminal, identifying a password that decrypts the encrypted file; decrypting the encrypted file to generate a decrypted file; determining that the decrypted file is a file subject to DLP; in response to determining that the decrypted file is a file subject to DLP, preventing the transmitting of the file from the terminal; identifying meta data of the encrypted file, wherein the decrypting further comprises selecting the password by determining that meta data of the encrypted file matches at least a portion of meta data of the password; and identifying meta data of the encrypted file, wherein the decrypting further comprises determining a degree of match between meta data of the encrypted file and meta data of the multiple passwords obtained by comparing meta data associated with the encrypted file with meta data associated with the password several times, so as to determine priority given to a decryption performed with each of the multiple passwords. - View Dependent Claims (6, 7, 8, 14)
-
-
9. A computer programming product for providing data leak protection (DLP), comprising:
-
a non-transitory, computer-readable medium; and logic, stored on the computer-readable medium for execution on a processor, for; determining, by the processor, that a predetermined application executing at a terminal is in the process of transmitting an encrypted file from the terminal; and
,in response to determining that the encrypted file is being transmitted from the terminal, identifying, by the processor, a password that decrypts the encrypted file; decrypting, by the processor, the encrypted file to generate a decrypted file; determining, by the processor, that the decrypted file is a file subject to DLP; in response to determining that the decrypted file is a file subject to DLP, preventing, by the processor, the transmitting of the file from the terminal; identifying meta data of the encrypted file, wherein the decrypting further comprises selecting the password by determining that meta data of the encrypted file matches at least a portion of meta data of the password; and identifying meta data of the encrypted file, wherein the decrypting further comprises determining a degree of match between meta data of the encrypted file and meta data of the multiple passwords obtained by comparing meta data associated with the encrypted file with meta data associated with the password several times, so as to determine priority given to decryption performed with each of the multiple passwords. - View Dependent Claims (10, 11, 12, 15)
-
Specification