Methods, systems, and computer program products for transmission control of sensitive application-layer data
First Claim
1. A method for identifying sensitive application-layer data and controlling transmission of the data in a network, the method comprising:
- identifying, in a system resource, sensitive data at an application layer;
detecting a packetization of the identified sensitive data;
in response to identifying the sensitive data and detecting the packetization, inserting a flag indicative of the presence of sensitive data in a packet having at least a portion of the identified sensitive data, wherein the flag is inserted in a portion of the packet corresponding to a layer other than the application layer; and
controlling transmission of the packet in a network based on the flag.
6 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are methods, systems, and computer program products for identifying sensitive application-layer data and controlling transmission of the data in a network. According to one method, sensitive data in a system resource is identified at an application layer. A packetization of the identified sensitive data is detected. A flag indicative of the presence of sensitive data is inserted in a packet having at least a portion of the identified sensitive data in response to identifying the sensitive data and detecting the packetization. The flag is inserted in a portion of the packet corresponding to a layer other than the application layer. Transmission of the packet is controlled in a network based on the flag.
-
Citations
29 Claims
-
1. A method for identifying sensitive application-layer data and controlling transmission of the data in a network, the method comprising:
-
identifying, in a system resource, sensitive data at an application layer;
detecting a packetization of the identified sensitive data;
in response to identifying the sensitive data and detecting the packetization, inserting a flag indicative of the presence of sensitive data in a packet having at least a portion of the identified sensitive data, wherein the flag is inserted in a portion of the packet corresponding to a layer other than the application layer; and
controlling transmission of the packet in a network based on the flag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for identifying sensitive application-layer data and controlling transmission of the data in a network, the system comprising:
-
an application monitor adapted to identify sensitive data at an application layer in a system resource;
a sensitive data agent operatively associated with the application monitor adapted to detect a packetization of the sensitive data identified by the application monitor and to insert a flag indicative of the presence of sensitive data in a packet having at least a portion of the identified sensitive data, wherein inserting the flag in the packet includes inserting the flag in a portion of the packet corresponding to a layer other than the application layer; and
a sensitive data network agent operatively associated with the sensitive data agent adapted to control transmission of the packet in a network by interpreting the flag during transmission of the packet. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for identifying sensitive application-layer data and controlling transmission of the data in a network, the system comprising:
-
means for identifying sensitive data in a system resource;
means for detecting a packetization of the identified sensitive data;
means for inserting a flag in a packet having at least a portion of the identified sensitive data, wherein inserting the flag in the packet includes inserting the flag in a portion of the packet corresponding to the means for detecting the packetization of the identified sensitive data; and
means for controlling transmission of the sensitive data in a network by interpreting the flag during transmission of the packet.
-
-
29. A computer program product comprising computer-executable instructions embodied in a computer readable medium for performing steps comprising:
-
identifying, in a system resource, sensitive data at an application layer;
detecting a packetization of the identified sensitive data;
in response to identifying the sensitive data and detecting the packetization, inserting a flag indicative of the presence of sensitive data in a packet having at least a portion of the identified sensitive data, wherein the flag is inserted in a portion of the packet corresponding to a layer other than the application layer; and
controlling transmission of the packet in a network based on the flag.
-
Specification