Cascading security architecture

US 20060253445A1
Filed: 04/27/2006
Published: 11/09/2006
Est. Priority Date: 05/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing a target document, the method comprising:

identifying an operation to be performed on the target document;

identifying a behavior applied to the target document based on the identified operation, previous operations performed upon the target document, and activity-to-behavior patterns;

determining whether the target document contains sensitive information by;

determining whether a record of the target document exists in a list of records, responsive to there being no record of the target document in the list, conducting a matching to the target document, and responsive to the result of the matching, determining whether the target document contains the sensitive information; and

responsive to the target document containing the sensitive information, processing the target document based on security policies corresponding to the identified behavior.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method are disclosed for sensitive document management. The system includes one or more agents, a behavior analysis engine, a local policy engine, and a local matching service. The method identifies whether a document is sensitive, identifies behaviors applied to the document, determines whether the document contains sensitive information and determines whether to allow the identified behavior to continue based on security policies.

Citations

20 Claims

1. A method for managing a target document, the method comprising:
- identifying an operation to be performed on the target document;
  
  identifying a behavior applied to the target document based on the identified operation, previous operations performed upon the target document, and activity-to-behavior patterns;
  
  determining whether the target document contains sensitive information by;
  
  determining whether a record of the target document exists in a list of records, responsive to there being no record of the target document in the list, conducting a matching to the target document, and responsive to the result of the matching, determining whether the target document contains the sensitive information; and
  
  responsive to the target document containing the sensitive information, processing the target document based on security policies corresponding to the identified behavior.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the operation performed upon the target document comprises one of modifying the target document, creating the target document, and exporting the target document.
  - 3. The method of claim 1, wherein the security policies comprises one of allowing the identified operation to continue, blocking the identified operation, and restricting the identified operation.
  - 4. The method of claim 3, wherein the security policies include encrypting the target document before allowing the identified operation to continue.
  - 5. The method of claim 1, wherein the matching comprises one of keyword matching, relevance detection matching, and named entity recognition matching.

6. A method for managing documents with sensitive information in a network, the method comprising:
- identifying a document being processed by an endpoint of the network;
  
  identifying an operation to be performed on the document;
  
  identifying a behavior applied to the document based on the identified operation, previous operations performed upon the document, and activity-to-behavior patterns;
  
  determining whether the document contains sensitive information by;
  
  determining whether a record of the document exists in a list of records, responsive to there being no record of the document in the list, conducting a matching to the document, and responsive to the result of the matching, determining whether the document contains the sensitive information; and
  
  responsive to the document containing the sensitive information, processing the document based on security policies applicable to the identified behavior.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the operation performed upon the document comprises one of modifying the document, creating the document, and exporting the document.
  - 8. The method of claim 6, wherein the security policies comprises one of allowing the identified operation to continue, blocking the identified operation, and restricting the identified operation.
  - 9. The method of claim 8, wherein the security policies include encrypting the document before allowing the identified operation to continue.
  - 10. The method of claim 6, wherein the matching comprises one of keyword matching, relevance detection matching, and named entity recognition matching.

11. A computer readable medium structured to store instructions executable by a processor, the instructions when executed causing a processor to:
- identify an operation to be performed on the target document;
  
  identify a behavior applied to the target document based on the identified operation, previous operations performed upon the target document, and activity-to-behavior patterns;
  
  determine whether the target document contains sensitive information by;
  
  determine whether a record of the target document exists in a list of records, responsive to there being no record of the target document in the list, conduct a matching to the target document, and responsive to the result of the matching, determine whether the target document contains the sensitive information; and
  
  responsive to the target document containing the sensitive information, process the target document based on security policies corresponding to the identified behavior.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the operation performed upon the target document comprises one of modifying the target document, creating the target document, and exporting the target document.
  - 13. The method of claim 11, wherein the security policies comprises one of allowing the identified operation to continue, blocking the identified operation, and restricting the identified operation.
  - 14. The method of claim 13, wherein the security policies include encrypting the target document before allowing the identified operation to continue.
  - 15. The method of claim 11, wherein the matching comprises one of keyword matching, relevance detection matching, and named entity recognition matching.

16. A computer readable medium structured to store instructions executable by a processor, the instructions when executed causing a processor to:
- identify a document being processed by an endpoint of the network;
  
  identify an operation to be performed on the document;
  
  identify a behavior applied to the document based on the identified operation, previous operations performed upon the document, and activity-to-behavior patterns;
  
  determine whether the document contains sensitive information by;
  
  determine whether a record of the document exists in a list of records, responsive to there being no record of the document in the list, conduct a matching to the document, and responsive to the result of the matching, determine whether the document contains the sensitive information; and
  
  responsive to the document containing the sensitive information, process the document based on security policies applicable to the identified behavior.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the operation performed upon the document comprises one of modifying the document, creating the document, and exporting the document.
  - 18. The method of claim 16, wherein the security policies comprises one of allowing the identified operation to continue, blocking the identified operation, and restricting the identified operation.
  - 19. The method of claim 18, wherein the security policies include encrypting the document before allowing the identified operation to continue.
  - 20. The method of claim 16, wherein the matching comprises one of keyword matching, relevance detection matching, and named entity recognition matching.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Huang, Shu, Ren, Liwei, Huang, Fei

Granted Patent

US 8,051,487 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/93 Document management systems

G06F 21/554 involving event detection a...

Cascading security architecture

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cascading security architecture

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links