System And Method For Automation Of Information Or Data Classification For Implementation Of Controls

US 20080134289A1
Filed: 12/01/2006
Published: 06/05/2008
Est. Priority Date: 12/01/2006
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a monitoring tool configured to monitor communication of a first computer over a network; and

a classification tool configured to assign one of a plurality of predetermined security classifications to said first computer based at least in part on said monitored communication.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for monitoring data traffic on one or more networks, determining the classification of the data based on an organization'"'"'s classification rules, and assigning a classification to one or more entities involved in the transmission of the data, the classification being based at least in part on the classification of the data being transmitted. The classification rules may be based on an organization'"'"'s classification categories of confidentiality, integrity and availability (CIA). The system, method and computer program product are also provided for implementing controls based on the classifications of the various entities, such as issuing an alert and/or preventing transmission of data if the data is transmitted between two entities that have different classifications.

22 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a monitoring tool configured to monitor communication of a first computer over a network; and
  
  a classification tool configured to assign one of a plurality of predetermined security classifications to said first computer based at least in part on said monitored communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said monitoring tool is configured to monitor communication that comprises one or more types of data, and wherein further at least some types of data are associated with one or more of said predetermined security classifications.
  - 3. The system of claim 1, wherein said classification tool is further configured to assign one of said plurality of predetermined security classifications to a second computer receiving said communication from said first computer based at least in part on said monitored communication.
  - 4. The system of claim 1, wherein said classification tool is further configured to issue an alert to said first computer if said assigned security classification of said first computer is of a different security classification than a second computer receiving said communication.
  - 5. The system of claim 1, wherein said classification tool is configured to assign security classifications that comprise sub-classification categories of confidentiality, integrity and availability.
  - 6. The system of claim 1, further comprising a database for storing an identity of said first computer and said security classification of said first computer.
  - 7. The system of claim 1, wherein:
    - said monitoring tool is configured to monitor additional communications of said first computer; and
      
      said classification tool is further configured to change a classification of said first computer based at least in part on said additional communications of said first computer.

8. A method, comprising:
- monitoring communication of a first computer over a network, said communication comprising transmission of one or more first types of data;
  
  determining a first security classification for at least some of said types of data, said first security classification being selected from a plurality of predetermined security classifications; and
  
  assigning a second security classification to said first computer based at least in part on said first security classification, said second security classification being selected from said plurality of predetermined security classifications.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - assigning a third security classification to a second computer identified as a recipient of said communication from said first computer, said third security classification being based at least in part on said first security classification.
  - 10. The method of claim 9, further comprising:
    - issuing an alert to said first computer if said second security classification is different from said third security classification.
  - 11. The method of claim 10, further comprising:
    - at least initially preventing said communication from being transmitted to said second computer if said second security classification is more secure than said third security classification.
  - 12. The method of claim 8, further comprising:
    - receiving an identification of said one or more types of data;
      
      receiving an identification of said predetermined security classifications;
      
      associating at least some of said one or more types of data with at least one of said plurality of predetermined security classifications; and
      
      storing said types of data and associated predetermined security classifications;
      
      wherein receiving said identification of said one or more types of data, receiving said identification, associating at least some of said one or more types of data, and storing said types of data occur prior to monitoring said communication of said first computer.
  - 13. The method of claim 8, wherein determining a first security classification for at least some of said types of data comprises determining a first security classification comprising sub-classification categories of confidentiality, integrity and availability.
  - 14. The method of claim 8, further comprising:
    - after assigning said second security classification to said first computer, monitoring an additional communication of said first computer over said network, said additional communication comprising transmission of one or more second types of data;
      
      determining a third security classification of said one or more second types of data; and
      
      assigning a fourth security classification to said first computer based at least in part on said third security classification, said fourth security classification being selected from said plurality of predetermined security classifications, and said fourth security classification being different from said second security classification if said third security classification of said second types of data is different from said first security classification of said first types of data.

15. A computer program product, comprising:
- a memory having computer readable code embodied therein, for execution by a computing device having at least a processor and a memory, said code comprising;
  
  a first computer executable code portion for monitoring communication of a first computer over a network, said communication comprising transmission of one or more first types of data;
  
  a second computer executable code portion for determining a first security classification for at least some of said types of data, said first security classification being selected from a plurality of predetermined security classifications; and
  
  a third computer executable code portion for assigning a second security classification to said first computer based at least in part on said first security classification, said second security classification being selected from said plurality of predetermined security classifications.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising:
    - a fourth computer executable code portion for assigning a third security classification to a second computer identified as a recipient of said communication from said first computer, said third security classification being based at least in part on said first security classification.
  - 17. The computer program product of claim 15, further comprising:
    - a fourth computer executable code portion for issuing an alert to said first computer if said second security classification is different from said third security classification.
  - 18. The computer program product of claim 17, further comprising:
    - a fifth computer executable code portion for preventing said communication from being transmitted at least initially to said second computer if said second security classification is more secure than said third security classification.
  - 19. The computer program product of claim 15, wherein each of said plurality of predetermined security classifications comprise sub-classification categories of confidentiality, integrity and availability.
  - 20. The computer program product of claim 15, further comprising:
    - a fourth computer executable code portion for monitoring a second communication of said first computer over said network;
      
      a fifth computer executable code portion for determining said second communication comprising transmission of one or more second types of data;
      
      a sixth computer executable code portion for assigning a fourth security classification to said first computer based at least in part on said third security classification, said fourth security classification being selected from said plurality of predetermined security classifications, and said fourth security classification being different from said second security classification if said third security classification of said second types of data is different from said first security classification of said first types of data

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Corporate Services Group Incorporated (Verizon Communications Inc.), Verizon Services Organization Incorporated (Verizon Communications Inc.)
Inventors
Dumas, David, McConnell, James T.

Granted Patent

US 8,272,042 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 43/00 Arrangements for monitoring...

H04L 63/20 for managing network securi...

System And Method For Automation Of Information Or Data Classification For Implementation Of Controls

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For Automation Of Information Or Data Classification For Implementation Of Controls

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links