METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

US 20090241173A1
Filed: 03/19/2008
Published: 09/24/2009
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of controlling dissemination of sensitive information over an electronic network, the method comprising:

analyzing traffic of the network;

detecting sensitive information;

assessing a sensitivity level;

assessing a risk level for the sensitive information leaving the electronic network; and

determining the required action based on the sensitivity level and the risk level.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.

Citations

19 Claims

1. A computer-implemented method of controlling dissemination of sensitive information over an electronic network, the method comprising:
- analyzing traffic of the network;
  
  detecting sensitive information;
  
  assessing a sensitivity level;
  
  assessing a risk level for the sensitive information leaving the electronic network; and
  
  determining the required action based on the sensitivity level and the risk level.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the sensitivity level is assessed by analyzing the content of the sensitive information.
  - 3. The method of claim 1, wherein the sensitive information includes a password and the sensitive information is analyzed by analyzing password strength.
  - 4. The method of claim 2, wherein the sensitive information includes personal information and the personal information is analyzed.
  - 5. The method of claim 1, wherein the risk level is assessed using heuristics.
  - 6. The method of claim 1, wherein the heuristics include at least one of geolocation, analysis of a recipient URL, previous knowledge about the destination and analysis of the content of the site.

7. A system for controlling the dissemination of sensitive information over an electronic network, the system comprising:
- a traffic analyzer in communication with the electronic network and configured to detect sensitive information and assess a sensitivity level of the information, the traffic analyzer configured to assess a risk level for the sensitive information leaving the electronic network and to determine a required action to take on the sensitive information in response to the sensitivity level and the risk level.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the traffic analyzer is configured to assess the sensitivity level by analyzing the content of the sensitive information.
  - 9. The system of claim 7, wherein the sensitive information includes a password and traffic analyzer analyzes the sensitive information by analyzing password strength.
  - 10. The system of claim 8, wherein the sensitive information includes personal information and the traffic analyzer is configured to analyze the personal information in order to determine a required action to take.
  - 11. The system of claim 7, wherein the traffic analyzer is configured to use heuristics to assess the risk level.
  - 12. The system of claim 11, wherein the heuristics include at least one of geolocation, analysis of a recipient URL, previous knowledge about the destination and analysis of the content of the site.
  - 13. The system of claim 7, wherein the traffic analyzer is configured to block the transmission of the sensitive information over the network in response to the sensitivity level and the risk level.

14. A system for controlling the dissemination of sensitive information over an electronic network, the system comprising:
- traffic analyzer means in communication with the electronic network, the traffic analyzer means being configured to detect sensitive information, assess the sensitivity level of the sensitive information and assess a risk level of the sensitive information leaving the electronic network, the traffic analyzer means operative to determine a required action in response to the sensitivity level and the risk level.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the traffic analyzer means is configured to block the sensitive information from leaving the electronic network as the required action.
  - 16. The system of claim 15, wherein the traffic analyzer means is configured to allow the sensitive information to pass through the electronic network as the required action.
  - 17. The system of claim 14, wherein the traffic analyzer means determines the sensitivity level by analyzing the content of the sensitive information.
  - 18. The system of claim 14, wherein the traffic analyzer means assesses the risk level using heuristics.
  - 19. The system of claim 18, wherein the heuristics include at least one of geolocation, analysis of a recipient URL, previous knowledge about the destination and analysis of the content of the site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Original Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Inventors
Troyansky, Lidror

Granted Patent

US 9,130,986 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/6218   to a system of files or obj...

H04L 63/04   for providing a confidentia...

H04L 63/083   using passwords cryptograph...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links