Method and apparatus for automatically detecting sensitive information, applying policies based on a structured taxonomy and dynamically enforcing and reporting on the protection of sensitive data through a software permission wrapper
First Claim
1. A computerized system for protect sensitive data comprising of:
- (a) information lifecycle analysis, so that the stage of the information lifecycle is understood to impact the information security protection requirements for digital information;
(b) software for automatically scanning, finding and categorizing sensitive information and determining the stage of the information lifecycle based on criteria such as date of information, frequency of access, users and roles, data location, and document/data types;
(c) software that uses that the stage of the information lifecycle to automatically create and enforce digital rights management controls for sensitive information, that relate to either more or less stringent data protection requirements based on the stage of the information lifecycle; and
(d) a digital permission wrapper that is used to encapsulate digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to the automatic detection of sensitive digital information, and the identification methods, application and enforcement of information security policies for digital information controlled through a software permission wrapper throughout the useful life of the information. This invention includes a unique taxonomy that defines the policies and rules regarding how the information is controlled automatically throughout its useful lifecycle based on the type of information, the stage of the information lifecycle, the user/group role accessing the information, the locality of the information, and the expected threats to the information. The taxonomy is maintained in a database that associates information security control policies and actions to sensitive data. These policies are enforced through a software permission wrapper that is used to encapsulate sensitive digital information. The software permission wrapper is used to control access and enforce digital rights to the information based on the taxonomy based policies for that information. The permission wrapper can automatically change the protection of the information based on pre-defined protection states that can automatically enforce discretionary access control rights to the sensitive information controlled in the permission wrapper. The changes to the level of protection occur dynamically based on changes in user locality, stage of information lifecycle, and user/group role and the detection of threats. In addition, there is provided an internal audit capability describing what actions the user has performed, where the data is located, with whom and how the data has been shared.
-
Citations
20 Claims
-
1. A computerized system for protect sensitive data comprising of:
-
(a) information lifecycle analysis, so that the stage of the information lifecycle is understood to impact the information security protection requirements for digital information;
(b) software for automatically scanning, finding and categorizing sensitive information and determining the stage of the information lifecycle based on criteria such as date of information, frequency of access, users and roles, data location, and document/data types;
(c) software that uses that the stage of the information lifecycle to automatically create and enforce digital rights management controls for sensitive information, that relate to either more or less stringent data protection requirements based on the stage of the information lifecycle; and
(d) a digital permission wrapper that is used to encapsulate digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for protecting sensitive information comprising:
-
(a) software for automatically scanning, finding and categorizing sensitive information and analyzing, decomposing and extracting digital information shared in the email flow; and
(b) a digital permission wrapper that is used to encapsulate the sensitive digital information enforcing continuous protections over the data wherever the data is stored, however used, and whenever transmitted. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
- 18. A method for establishing the access to sensitive digital information comprising the step of determining the lifecycle phase of the digital information and setting the access to the sensitive digital information based on said lifecycle phase.
Specification