Apparatus and method for assuring compliance with distribution and usage policy
First Claim
1. A method for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
- a) assigning said security policy to said digital item within said first domain;
b) transferring said digital items to said second domain together with data defining said first domain security policy;
c) analyzing said first domain security policy within said second domain;
d) distributing or allowing usage of said digital items within said second domain in accordance with said analyzed first domain security policy.
22 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing multi-domain control over a digital data item via a first domain security policy assigned to the digital data item at a first domain, the data item being transferred from the first domain to a second domain, the second domain being autonomous from the first domain in respect of security policies. The method comprises assigning the security policy to the digital item within the first domain; transferring the digital items to the second domain together with data defining the first domain security policy; analyzing the first domain security policy within the second domain; and distributing and/or allowing usage of the digital items within the second domain in accordance with analyzed first domain security policy, and/or reporting breaches or attempted breaches of the policy.
-
Citations
37 Claims
-
1. A method for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, the method comprising:
-
a) assigning said security policy to said digital item within said first domain;
b) transferring said digital items to said second domain together with data defining said first domain security policy;
c) analyzing said first domain security policy within said second domain;
d) distributing or allowing usage of said digital items within said second domain in accordance with said analyzed first domain security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 25, 26, 27, 28, 29, 30, 31)
-
-
21. A method for providing multi-domain monitoring over a digital data item, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, said security policy comprises requirements for breach reports, the method comprising:
-
a) assigning said security policy to said digital item within said first domain;
b) transferring said digital items to said second domain together with data defining said first domain security policy;
a) analyzing said first domain security policy within said second domain;
b) reporting about breaches or breach attempts within said second domain in accordance with said analyzed first domain security policy and said breach report requirements. - View Dependent Claims (22, 23, 24)
-
-
32. Apparatus for providing multi-domain control over a digital data item via a first domain security policy assigned to said digital data item at a first domain, said data item being transferred from said first domain to a second domain, said second domain being autonomous from said first domain in respect of security policies, apparatus comprising:
-
a) a policy reference monitor, for assigning said security policy to said digital item within said first domain;
b) an assurance reference monitor for;
i. receiving said digital items sent to said second domain together with data defining said first domain security policy;
ii. analyzing said data defining said first domain security policy, iii. distributing or allowing usage of said digital items within said second domain in accordance with said analyzed first domain security policy, and iv. communicating with said policy reference monitor;
- View Dependent Claims (33, 34, 35, 36, 37)
-
Specification
-
- Resources
-
Current AssigneeForcepoint LLC (Francisco Partners Management LLC)
-
Original AssigneeVidius, Inc. (Francisco Partners Management LLC)
-
InventorsTroyansky, Lidror, Peled, Ariel, Lupo, Guy
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/200
-
CPC Class CodesG06F 21/10 Protecting distributed prog...
