METHODS AND SYSTEMS FOR PROTECT AGENTS USING DISTRIBUTED LIGHTWEIGHT FINGERPRINTS

US 20100064347A1
Filed: 09/11/2008
Published: 03/11/2010
Est. Priority Date: 09/11/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:

implementing a first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization; and

comparing a first set of client fingerprints associated with the input information received by the first protect agent against a database of registered fingerprints, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides methods and systems to protect an organization'"'"'s secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user'"'"'s computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization'"'"'s secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization'"'"'s secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided. In one embodiment, a combined approach, utilizing both the local lightweight fingerprint database and a remote fingerprint server comprising registered fingerprints is used to achieve overall protection of the organization'"'"'s secure information.

Citations

58 Claims

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- implementing a first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization; and
  
  comparing a first set of client fingerprints associated with the input information received by the first protect agent against a database of registered fingerprints, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the database of registered fingerprints is located locally at the site of the first protect agent.
  - 3. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the database of registered fingerprints is a lightweight fingerprint database.
  - 4. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 3, wherein the lightweight fingerprint database is located locally at the site of the first protect agent.
  - 5. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 4, wherein the lightweight fingerprint database includes lightweight fingerprints, the lightweight fingerprints generated from registered fingerprints using a fingerprint compression.
  - 6. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 5, wherein the fingerprint compression includes generating raw fingerprints by removing metadata associated with the registered fingerprints.
  - 7. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 6, wherein the fingerprint compression includes storing the registered fingerprints in a probabilistic data structure.
  - 8. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 7, wherein the probabilistic data structure is a Bloom filter or a derivative thereof.
  - 9. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 4, the computer implemented method further comprising:
    - updating the lightweight fingerprint database using updates from a registered fingerprint server, wherein the registered fingerprint server comprises registered fingerprints.
  - 10. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 9, wherein the lightweight fingerprint database receives updates from the registered fingerprint server utilizing a network.
  - 11. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 10, wherein the network includes a local network.
  - 12. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 10, wherein the network includes public internet.
  - 13. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 10, wherein the network includes a combination of the local network and the public internet.
  - 14. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 10, the computer implemented method further comprising:
    - using a diff approach to update the lightweight fingerprint database, whereby the first protect agent communicates a current version of an associated lightweight fingerprint database to the registered fingerprint server, and the registered fingerprint server responds with a relational information to update the lightweight fingerprint database.
  - 15. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 5, the computer implemented method further comprising:
    - maintaining the registered fingerprints in a registered fingerprint server.
  - 16. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 15, wherein the first protect agent communicates with the registered fingerprint server utilizing a network.
  - 17. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 16, wherein the network includes at least one of a local network or public internet, such that:
    - the first protect agent communicates with the registered fingerprint server utilizing the local network when the first protect agent is connected to the local network; and
      
      the first protect agent communicates with the registered fingerprint server that operates as a hosted service provider, when the first protect agent is disconnected from the local network.
  - 18. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 17, wherein the first protect agent compares the first set of client fingerprints against either the lightweight fingerprint database or the registered fingerprint server, such that:
    - the first protect agent compares the first set of client fingerprints against the registered fingerprints in the registered fingerprint server, when the first protect agent is connected to the network; and
      
      the first protect agent compares the first set of client fingerprints against the lightweight fingerprint database when the first protect agent is disconnected from the network.
  - 19. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 17, wherein the first protect agent compares the first set of client fingerprints against a combination of the lightweight fingerprint database and the registered fingerprint server, such that:
    - the first protect agent preliminarily compares the first set of client fingerprints against the lightweight fingerprint database and records any fingerprint comparison positives, wherein the fingerprint comparison positives are client fingerprints from the first set of client fingerprints that matched with lightweight fingerprints in the lightweight fingerprint database; and
      
      the first protect agent subsequently communicates with the registered fingerprint server utilizing the network to receive overhead information associated with the fingerprint comparison positives.
  - 20. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 19, wherein the overhead information includes metadata associated with the fingerprint comparison positives.
  - 21. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 19, wherein the overhead information includes eliminating any false positives contained in the fingerprint comparison positives.

22. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- implementing a first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization;
  
  generating a first set of client fingerprints from the input information;
  
  maintaining a database of registered fingerprints locally at the site of the first protect agent, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information; and
  
  comparing the first set of client fingerprints against the database of registered fingerprints.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 22, wherein the database of registered fingerprints is a lightweight fingerprint database generated by compressing a database of registered fingerprints.
  - 24. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 22, wherein the egress point includes at least one of:
    - a printer;
      
      a removable data storage medium;
      
      a clipboard associated with a local operating system;
      
      an email server connected to the network;
      
      a print server connected to the network;
      
      ora network appliance connected to the network.
  - 25. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 22, the computer implemented method further comprising:
    - taking a security action if a client fingerprint from the first set of client fingerprints matches a registered fingerprint from the database of registered fingerprints.
  - 26. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 25, wherein the security action includes at least one of:
    - preventing the first data from being disclosed;
      
      logging the event as a security violation;
      
      requiring a password from the user to allow the first data to be disclosed;
      
      blocking the user'"'"'s access to the first data;
      
      sending out a security alert;
      
      orintegration of first data with rights management information.

27. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- means for implementing a first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization; and
  
  means for comparing a first set of client fingerprints associated with the input information received by the first protect agent against a database of registered fingerprints, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 28. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 27, wherein the database of registered fingerprints is located locally at the site of the first protect agent.
  - 29. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 27, wherein the database of registered fingerprints is a lightweight fingerprint database.
  - 30. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 29, wherein the lightweight fingerprint database is located locally at the site of the first protect agent.
  - 31. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 30, wherein the lightweight fingerprint database includes lightweight fingerprints, the lightweight fingerprints generated from registered fingerprints using a fingerprint compression.
  - 32. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 31, wherein the fingerprint compression includes generating raw fingerprints by removing metadata associated with the registered fingerprints.
  - 33. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 32, wherein the fingerprint compression includes storing the registered fingerprints in a probabilistic data structure.
  - 34. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 33, wherein the probabilistic data structure is a Bloom filter or a derivative thereof.
  - 35. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 30, the computer implemented system further comprising:
    - means for updating the lightweight fingerprint database using updates from a registered fingerprint server.
  - 36. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 35, wherein the lightweight fingerprint database receives updates from the registered fingerprint server utilizing a network.
  - 37. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 36, wherein the network includes a local network.
  - 38. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 36, wherein the network includes public internet.
  - 39. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 36, wherein the network includes a combination of the local network and the public internet.
  - 40. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 36, the computer implemented system further comprising:
    - means for updating the lightweight fingerprint database using a diff approach, whereby the first protect agent communicates a current version of an associated lightweight fingerprint database to the registered fingerprint server, and the registered fingerprint server responds with a relational information to update the lightweight fingerprint database.
  - 41. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 31, the computer implemented method further comprising:
    - means for maintaining the registered fingerprints in a registered fingerprint server.
  - 42. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 41, wherein the first protect agent communicates with the registered fingerprint server utilizing a network.
  - 43. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 42, wherein the network includes at least one of a local network or public internet, such that:
    - the first protect agent communicates with the registered fingerprint server utilizing the local network when the first protect agent is connected to the local network; and
      
      the first protect agent communicates with the registered fingerprint server that operates as a hosted service provider, when the first protect agent is disconnected from the local network.
  - 44. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 43, wherein the first protect agent compares the first set of client fingerprints against either the lightweight fingerprint database or the registered fingerprint server, such that:
    - the first protect agent compares the first set of client fingerprints against the registered fingerprints in the registered fingerprint server, when the first protect agent is connected to the network; and
      
      the first protect agent compares the first set of client fingerprints against the lightweight fingerprint database when the first protect agent is disconnected from the network.
  - 45. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 43, wherein the first protect agent compares the first set of client fingerprints against a combination of the lightweight fingerprint database and the registered fingerprint server, such that:
    - the first protect agent preliminarily compares the first set of client fingerprints against the lightweight fingerprint database and records any fingerprint comparison positives, wherein the fingerprint comparison positives are client fingerprints from the first set of client fingerprints that matched with lightweight fingerprints in the lightweight fingerprint database; and
      
      the first protect agent subsequently communicates with the registered fingerprint server utilizing the network to receive overhead information associated with the fingerprint comparison positives.
  - 46. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 45, wherein the overhead information includes metadata associated with the fingerprint comparison positives.
  - 47. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 45, wherein the overhead information includes eliminating any false positives contained in the fingerprint comparison positives.

48. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- means for implementing a first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization;
  
  means for generating a first set of client fingerprints from the input information;
  
  means for maintaining a database of registered fingerprints locally at the site of the first protect agent, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information; and
  
  means for comparing the first set of client fingerprints against the database of registered fingerprints.
- View Dependent Claims (49, 50, 51, 52)
- - 49. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 48, wherein the database of registered fingerprints is a lightweight fingerprint database generated by compressing a database of registered fingerprints.
  - 50. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 48, wherein the egress point includes at least one of:
    - a printer;
      
      a removable data storage medium;
      
      a clipboard associated with a local operating system;
      
      an email server connected to the network;
      
      a print server connected to the network;
      
      ora network appliance connected to the network.
  - 51. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 48, the computer implemented system further comprising:
    - means for taking a security action if a client fingerprint from the first set of client fingerprints matches a registered fingerprint from the database of registered fingerprints.
  - 52. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 51, wherein the security action includes at least one of:
    - preventing the first data from being disclosed;
      
      logging the event as a security violation;
      
      requiring a password from the user to allow the first data to be disclosed;
      
      blocking the user'"'"'s access to the first data;
      
      sending out a security alert;
      
      orintegration of first data with rights management information.

53. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- a computer implemented first protect agent at a first egress point, wherein the first protect agent receives input information that a user desires to transmit outside of a given organization, and wherein the first egress point represents means by which the input information is transmitted outside of the given organization;
  
  a database of registered fingerprints stored in a computer readable medium, wherein the database of registered fingerprints includes registered fingerprints generated from the organization'"'"'s secure information; and
  
  a computer implemented comparator for comparing a first set of client fingerprints associated with the input information received by the first protect agent against the database of registered fingerprints.
- View Dependent Claims (54, 55, 56, 57, 58)
- - 54. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 53, wherein the database of registered fingerprints is located locally at the site of the first protect agent.
  - 55. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 53, wherein the database of registered fingerprints is a lightweight fingerprint database.
  - 56. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 55, wherein the lightweight fingerprint database is located locally at the site of the first protect agent.
  - 57. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 56, wherein the lightweight fingerprint database includes lightweight fingerprints, the lightweight fingerprints generated from registered fingerprints using a fingerprint compression.
  - 58. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 53, wherein the lightweight fingerprint database precludes the secure information corresponding to the lightweight fingerprints from being deciphered.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Freedom Solutions Group, LLC
Original Assignee
Workshare Technology Incorporated
Inventors
More, Scott, Sweeting, Daniel Christopher John, Beyer, Ilya

Granted Patent

US 8,555,080 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218 to a system of files or obj...

METHODS AND SYSTEMS FOR PROTECT AGENTS USING DISTRIBUTED LIGHTWEIGHT FINGERPRINTS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR PROTECT AGENTS USING DISTRIBUTED LIGHTWEIGHT FINGERPRINTS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links