Method and apparatus for automatically detecting sensitive information, applying policies based on a structured taxonomy and dynamically enforcing and reporting on the protection of sensitive data through a software permission wrapper

US 20060048224A1
Filed: 08/30/2004
Published: 03/02/2006
Est. Priority Date: 08/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computerized system for protect sensitive data comprising of:

(a) information lifecycle analysis, so that the stage of the information lifecycle is understood to impact the information security protection requirements for digital information;

(b) software for automatically scanning, finding and categorizing sensitive information and determining the stage of the information lifecycle based on criteria such as date of information, frequency of access, users and roles, data location, and document/data types;

(c) software that uses that the stage of the information lifecycle to automatically create and enforce digital rights management controls for sensitive information, that relate to either more or less stringent data protection requirements based on the stage of the information lifecycle; and

(d) a digital permission wrapper that is used to encapsulate digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to the automatic detection of sensitive digital information, and the identification methods, application and enforcement of information security policies for digital information controlled through a software permission wrapper throughout the useful life of the information. This invention includes a unique taxonomy that defines the policies and rules regarding how the information is controlled automatically throughout its useful lifecycle based on the type of information, the stage of the information lifecycle, the user/group role accessing the information, the locality of the information, and the expected threats to the information. The taxonomy is maintained in a database that associates information security control policies and actions to sensitive data. These policies are enforced through a software permission wrapper that is used to encapsulate sensitive digital information. The software permission wrapper is used to control access and enforce digital rights to the information based on the taxonomy based policies for that information. The permission wrapper can automatically change the protection of the information based on pre-defined protection states that can automatically enforce discretionary access control rights to the sensitive information controlled in the permission wrapper. The changes to the level of protection occur dynamically based on changes in user locality, stage of information lifecycle, and user/group role and the detection of threats. In addition, there is provided an internal audit capability describing what actions the user has performed, where the data is located, with whom and how the data has been shared.

Citations

20 Claims

1. A computerized system for protect sensitive data comprising of:
- (a) information lifecycle analysis, so that the stage of the information lifecycle is understood to impact the information security protection requirements for digital information;
  
  (b) software for automatically scanning, finding and categorizing sensitive information and determining the stage of the information lifecycle based on criteria such as date of information, frequency of access, users and roles, data location, and document/data types;
  
  (c) software that uses that the stage of the information lifecycle to automatically create and enforce digital rights management controls for sensitive information, that relate to either more or less stringent data protection requirements based on the stage of the information lifecycle; and
  
  (d) a digital permission wrapper that is used to encapsulate digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the permission wrapper recognizes the stage of the information lifecycle and can automatically invoke default permission settings that can be dynamically adapted based on embedded logic that understands that the data is moving from one stage of the lifecycle to the next.
  - 3. The system of claim 1 wherein the permission wrapper understands user locality based on an embedded communication protocol that periodically determines the network status of the user, and as user locality changes, the automatic protection states for the sensitive digital information can be automatically varied to correspond to perceived risks/threats with different physical user environments.
  - 4. The system of claim 1 wherein the permission wrapper associates users with different groups and roles based on their corresponding role in the information lifecycle and associated default permission settings based on the user role.
  - 5. The system of claim 1 further including audit trail information collected in the permission wrapper and periodically transmitted to a central server to provided aggregated information on all protected content, user group/role, sharing operations, file operations, stage of information lifecycle, and unique identifiers that identify parent/child wrappers resulting from sharing operations.
  - 6. The system of claim 1 further including a unique combination of access control roles that define user permissions in the aggregate for wrapped content, in the discriminate for individual files and folders that are protected in the wrapper, and in the administrative for sharing and extending permission to other users.
  - 7. The system of claim 6 wherein the access control rules determine user access for offline access to sensitive digital information based on an embedded communication protocol that has predefined rules that describe how often users must communicate and transmit audit trail information to the central server.
  - 8. The system of claim 1 wherein dynamic digital rights permission changes can be pushed to permission wrapped data through a secure communication protocol in recognition of change in user or information status.
  - 9. The system of claim 1 wherein the software for determining the lifecycle stage of the information includes the ability to transparently and automatically change the security settings based on recognition of information lifecycle changes and actions taken with respect to the sensitive information that correspond to security settings.
  - 10. The system of claim 1 wherein the software determining the stage of the information lifecycle has the ability to understand multiple versions and copies of information exist, and the ability to coordinate versions and synchronize permission wrapped information across many distributed users, using a unique identifier tag, and file index information maintained in the permission wrapper.

11. A system for protecting sensitive information comprising:
- (a) software for automatically scanning, finding and categorizing sensitive information and analyzing, decomposing and extracting digital information shared in the email flow; and
  
  (b) a digital permission wrapper that is used to encapsulate the sensitive digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11 further including a lexical analysis process and abstract document signature categorization and token based analysis for locating the sensitive information.
  - 13. The system of claim 11 wherein the permission wrapper is automatically applied to the sensitive information being transmitted to other users using the automated software processes that scan all information in the email gateway.
  - 14. The system of claim 13 wherein the system has the ability to take other system actions such as block, quarantine, or hold for administrative review prior to applying a permission wrapper.
  - 15. The system of claim 11 further including an analyzer process to unwrap a proactively wrapped email message, and determine if the wrapped content policy settings match the corporate default settings.
  - 16. The system of claim 11 wherein the permission wrapper controls the access to the sensitive information through a portable user interface that is used to access content contained in the wrapper.
  - 17. The system of claim 16 wherein the usage of the portable user interface features is further constrained by a software license key that allows or disallows user interface features and permission wrapper operations based on the software license for that user or organization.

18. A method for establishing the access to sensitive digital information comprising the step of determining the lifecycle phase of the digital information and setting the access to the sensitive digital information based on said lifecycle phase.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 further including the step of detecting the locality of a user attempting to access the sensitive information.
  - 20. The method of claim 19 wherein the access to the sensitive information varies depending user locality.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Encryptx Corporation (Glassbridge Enterprises, Inc.)
Original Assignee
Encryptx Corporation (Glassbridge Enterprises, Inc.)
Inventors
Myers, Daivd Alan, Duncan, Daivid Paul

Application Number

US10/930,173
Publication Number

US 20060048224A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 21/6218 to a system of files or obj...

Method and apparatus for automatically detecting sensitive information, applying policies based on a structured taxonomy and dynamically enforcing and reporting on the protection of sensitive data through a software permission wrapper

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for automatically detecting sensitive information, applying policies based on a structured taxonomy and dynamically enforcing and reporting on the protection of sensitive data through a software permission wrapper

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links