Network caching of outbound content from endpoint device to prevent unauthorized extraction

US 10,700,894 B2
Filed: 06/01/2016
Issued: 06/30/2020
Est. Priority Date: 06/01/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a processor in a network, a security policy for a user endpoint device, the security policy defining a type of content for storing in a network cache, wherein the processor is distinct from the user endpoint device;

determining, by the processor, that traffic from the user endpoint device to a destination device includes content of the type of content for storing in the network cache;

instantiating, by the processor, the network cache;

storing, by the processor, the content in the network cache;

sending, by the processor, a notification to a designated device that the content is stored in the network cache, the notification including at least one parameter associated with the content, wherein the user endpoint device is associated with a user, and wherein the designated device comprises another device that is associated with the user;

receiving, by the processor, a user input comprising a decision from the designated device after the sending the notification, wherein the decision is to allow the content to be sent to the destination device from the network cache or to stop the content from being sent to the destination device; and

performing, by the processor, a task regarding the content in response to the decision.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computer-readable media and devices are disclosed for storing content from an endpoint device in a network cache. For example, a processor receives a security policy for the endpoint device defining a type of content for storing in the network cache, and determines that traffic from the endpoint device includes content of the content type for storing in the network cache. When it is determined that the traffic includes the content of the content type for storing in the network cache, the processor instantiates the network cache, stores the content in the network cache, and sends a notification to a designated device. The notification includes at least one parameter associated with the content. The processor further receives a decision from the designated device and performs a task regarding the content in response to the decision.

37 Citations

20 Claims

1. A method comprising:
- receiving, by a processor in a network, a security policy for a user endpoint device, the security policy defining a type of content for storing in a network cache, wherein the processor is distinct from the user endpoint device;
  
  determining, by the processor, that traffic from the user endpoint device to a destination device includes content of the type of content for storing in the network cache;
  
  instantiating, by the processor, the network cache;
  
  storing, by the processor, the content in the network cache;
  
  sending, by the processor, a notification to a designated device that the content is stored in the network cache, the notification including at least one parameter associated with the content, wherein the user endpoint device is associated with a user, and wherein the designated device comprises another device that is associated with the user;
  
  receiving, by the processor, a user input comprising a decision from the designated device after the sending the notification, wherein the decision is to allow the content to be sent to the destination device from the network cache or to stop the content from being sent to the destination device; and
  
  performing, by the processor, a task regarding the content in response to the decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the network cache comprises a host device implementing a virtual network function.
  - 3. The method of claim 2, further comprising:
    - releasing the network cache from the host device when no further content of the type of content for storing in the network cache is detected from the user endpoint device within a designated time period.
  - 4. The method of claim 1, wherein the task comprises at least one of:
    - forwarding the content to the destination device from the network cache;
      
      blocking the content;
      
      dropping the content;
      
      orforwarding the content to a security device from the network cache.
  - 5. The method of claim 4, wherein the security device comprises a device in communication with the processor.
  - 6. The method of claim 4, wherein the security device comprises:
    - a quarantine device;
      
      ora sandbox device.
  - 7. The method of claim 1, wherein the type of content comprises at least one of:
    - a photographic content;
      
      an image content;
      
      a video content;
      
      an audio content;
      
      ora multimedia content.
  - 8. The method of claim 1, wherein the type of content comprises protected health information.
  - 9. The method of claim 8, wherein the content comprises encrypted traffic, and wherein the content is determined to be the protected health information by an indicator code in packet headers of the traffic.
  - 10. The method of claim 1, wherein the security policy is received from the user endpoint device, from a device of an enterprise that is associated with the user endpoint device, or from a device of the network.
  - 11. The method of claim 1, further comprising:
    - determining that additional traffic from the user endpoint device includes additional content of the type of content for storing in the network cache;
      
      storing the additional content in the network cache;
      
      sending an additional notification to the designated device that the additional content is stored in the network cache, the additional notification including at least one parameter associated with the additional content; and
      
      performing a default action regarding the additional content when no additional decision is received from the designated device in response to the additional notification within a designated time period.
  - 12. The method of claim 11, wherein the default action comprises at least one of;
    - forwarding the additional content to the destination device from the network cache;
      
      blocking the additional content;
      
      dropping the additional content;
      
      orforwarding the additional content to a security device from the network cache.
  - 13. The method of claim 1, wherein the at least one parameter associated with the content comprises at least one of:
    - a volume of the content;
      
      an identification of the destination device;
      
      a file size of at least one file;
      
      a file name of at least one file;
      
      a file type of at least one file;
      
      oran identification of an application sending the content from the user endpoint device.
  - 14. The method of claim 1, wherein the security policy defines a second type of content for an automatic action.

15. A device deployed in a network, the device comprising:
- a processor; and
  
  a non-transitory computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising;
  
  receiving a security policy for a user endpoint device, the security policy defining a type of content for storing in a network cache, wherein the processor is distinct from the user endpoint device;
  
  determining that traffic from the user endpoint device to a destination device includes content of the type of content for storing in the network cache;
  
  instantiating the network cache;
  
  storing the content in the network cache;
  
  sending a notification to a designated device that the content is stored in the network cache, the notification including at least one parameter associated with the content, wherein the user endpoint device is associated with a user, and wherein the designated device comprises another device that is associated with the user;
  
  receiving a user input comprising a decision from the designated device after the sending the notification, wherein the decision is to allow the content to be sent to the destination device from the network cache or to stop the content from being sent to the destination device; and
  
  performing a task regarding the content in response to the decision.

16. A non-transitory computer-readable medium storing instructions which, when executed by a processor in a network, cause the processor to perform operations, the operations comprising:
- receiving a security policy for a user endpoint device, the security policy defining a type of content for storing in a network cache, wherein the processor is distinct from the user endpoint device;
  
  determining that traffic from the user endpoint device to a destination device includes content of the type of content for storing in the network cache;
  
  instantiating the network cache;
  
  storing the content in the network cache;
  
  sending a notification to a designated device that the content is stored in the network cache, the notification including at least one parameter associated with the content, wherein the user endpoint device is associated with a user, and wherein the designated device comprises another device that is associated with the user;
  
  receiving a user input comprising a decision from the designated device after the sending the notification, wherein the decision is to allow the content to be sent to the destination device from the network cache or to stop the content from being sent to the destination device; and
  
  performing a task regarding the content in response to the decision.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the network cache comprises a host device implementing a virtual network function.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the operations further comprise:
    - releasing the network cache from the host device when no further content of the type of content for storing in the network cache is detected from the user endpoint device within a designated time period.
  - 19. The non-transitory computer-readable medium of claim 16, wherein the task comprises at least one of:
    - forwarding the content to the destination device from the network cache;
      
      blocking the content;
      
      dropping the content;
      
      orforwarding the content to a security device from the network cache.
  - 20. The non-transitory computer-readable medium of claim 19, wherein the security device comprises:
    - a quarantine device;
      
      ora sandbox device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Lau, Erie Lai Har, Dowlatkhah, Sangar, Will, Thomas J.
Primary Examiner(s)
Chen, Shin-Hon (Eric)
Assistant Examiner(s)
Cattungal, Dereena T

Application Number

US15/170,680
Publication Number

US 20170353501A1
Time in Patent Office

1,490 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/20   for managing network securi...

H04L 67/568   Storing data temporarily at...

H04W 84/042   Public Land Mobile systems,...

Network caching of outbound content from endpoint device to prevent unauthorized extraction

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network caching of outbound content from endpoint device to prevent unauthorized extraction

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links