INFORMATION PROTECTION APPLIED BY AN INTERMEDIARY DEVICE

US 20100180332A1
Filed: 01/09/2009
Published: 07/15/2010
Est. Priority Date: 01/09/2009
Status: Active Grant

First Claim

Patent Images

1. A method of selectively applying information protection, the method comprising:

receiving a data file at a gateway coupled to a network, wherein the data file is to be sent to a destination device that is external to the network; and

selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device, wherein the information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user that caused the data file to be sent to the destination device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media are disclosed for applying information protection. A particular method includes receiving a data file at a gateway coupled to a network. The data file is to be sent to a destination device that is external to the network. The method also includes selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device. The information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.

Citations

20 Claims

1. A method of selectively applying information protection, the method comprising:
- receiving a data file at a gateway coupled to a network, wherein the data file is to be sent to a destination device that is external to the network; and
  
  selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device, wherein the information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user that caused the data file to be sent to the destination device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the information associated with the destination device includes compliance information, the information associated with the data file includes a confidentiality level, and the information associated with the user includes information provided directly by the user.
  - 3. The method of claim 1, wherein the information associated with the user includes status information, and wherein the status information includes at least one of an employee status level and an employee security level.
  - 4. The method of claim 1, wherein the data file includes one of a document, an executable application, a web page, an email, a spreadsheet, and a database record.
  - 5. The method of claim 1, wherein the information associated with the destination device includes at least one of a trusted machine indicator and a compliant machine indicator.
  - 6. The method of claim 5, wherein the compliant machine indicator represents compliance with corporate security policies, and wherein the corporate security policies include at least one of an anti-virus program, an anti-malware program, a system configuration, and a firewall.
  - 7. The method of claim 5, wherein the trusted machine indicator is based on at least one of a machine certificate, a file key, a registry key, a running process, and a domain membership.
  - 8. The method of claim 1, wherein the information protection is selectively applied to the data file based on a confidentiality level of the data file, and wherein the confidentiality level is determined based on at least one of a keyword of the data file, a pattern of data of the data file, a location of the data file, and metadata associated with the data file.
  - 9. The method of claim 8, wherein the confidentiality level includes at least one of read only, do not forward, do not save, do not print.
  - 10. The method of claim 1, wherein the data file is sent to the destination device and includes a persistent set of access controls that travel with the data file.
  - 11. The method of claim 1, wherein the rights management is selectively applied to the data file at the gateway using an information protection component and wherein the gateway has access to an information protection server via the network.
  - 12. The method of claim 1, wherein the information management includes persistent rights management, and wherein the persistent rights management includes encryption and policy-based user rights.
  - 13. The method of claim 1, wherein an information rights management (IRM) policy is selectively applied to the data file, and wherein the data file is encrypted and a policy is added to the data file to generate an encrypted data file.
  - 14. The method of claim 13, wherein the encrypted data file is decrypted using a private cryptographic key associated with the user.
  - 15. The method of claim 1, wherein the gateway monitors a compliance level of the destination device with respect to at least one security policy.

16. A computer-readable medium comprising instructions that, when executed by a computer, cause the computer to:
- selectively apply information protection to a data file received at a gateway coupled to a network, wherein the data file is to be sent to a destination device that is external to the network, wherein the information protection is selectively applied to the data file based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device; and
  
  send the data file to the destination device.
- View Dependent Claims (17, 18)
- - 17. The computer-readable medium of claim 16, wherein the network includes an internal network, and wherein the data file is sent to the destination device via an external network.
  - 18. The computer-readable medium of claim 16, wherein the network includes a private network, and wherein the data file is sent to the destination device via a public network.

19. A gateway, comprising:
- a network interface to receive a data file via a network, wherein the data file is to be sent to a destination device that is external to the network; and
  
  a rights management component to selectively apply rights management to the data file at the gateway prior to sending the data file to the destination device, wherein the rights management is selectively applied to the data file based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.
- View Dependent Claims (20)
- - 20. The gateway of claim 19, wherein the network includes a corporate network, and wherein the destination device includes a publicly accessible computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Malaviarachchi, Rushmi, Uritsky, Max, Ben-Yochanan, Noam, Neystadt, John, Nice, Nir

Granted Patent

US 8,341,720 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/102 Entity profiles

INFORMATION PROTECTION APPLIED BY AN INTERMEDIARY DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROTECTION APPLIED BY AN INTERMEDIARY DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links