METHODS AND SYSTEMS FOR EXACT DATA MATCH FILTERING
First Claim
1. A method for preventing unauthorized disclosure of secure information, the method comprising:
- receiving, by a protect agent installed at a first egress point, digital information including a first text, the first text including a plurality of words;
identifying, by the protect agent, a first candidate entity, the first candidate entity corresponding to a particular word of the plurality of words;
comparing, by the protect agent, the first candidate entity against a plurality of registered entities stored in an entity database; and
performing, by the protect agent, a security action when the first candidate entity matches against a particular registered entity of the plurality of registered entities.
5 Assignments
0 Petitions
Accused Products
Abstract
A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions.
151 Citations
53 Claims
-
1. A method for preventing unauthorized disclosure of secure information, the method comprising:
-
receiving, by a protect agent installed at a first egress point, digital information including a first text, the first text including a plurality of words; identifying, by the protect agent, a first candidate entity, the first candidate entity corresponding to a particular word of the plurality of words; comparing, by the protect agent, the first candidate entity against a plurality of registered entities stored in an entity database; and performing, by the protect agent, a security action when the first candidate entity matches against a particular registered entity of the plurality of registered entities. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
4. The method of claim 4, wherein the heuristic rule includes one or more of:
-
skipping over a first word from the plurality of words when the first word matches a first stop word of a plurality of stop words; skipping over a second word from the plurality of words when the second word has a word-length that is shorter than a first word-length of a shortest registered entity of the plurality of registered entities;
orskipping over a third word from the plurality of words when the third word has a word-length that is longer than a second word-length of the longest registered entity of the plurality of registered entities.
-
-
20. A method for preventing unauthorized disclosure of secure information, the method comprising:
-
receiving, by a protect agent installed at a first egress point, digital information including a first text, the first text including a plurality of words; identifying, by the protect agent, a plurality of candidate entities, each of the plurality of candidate entities corresponding to a particular word of the plurality of words; identifying, by the protect agent, one or more matching candidate entities from the plurality of candidate entities that match against one of a plurality of lightweight entities stored in a lightweight entity database (LWED); transmitting, by the protect agent, the one or more matching candidate entities to a global entity database (GED), the GED including a plurality of registered entities identified to be secured against unauthorized disclosure; receiving, from the GED, acknowledgement whether each of the one or more matching candidate entities matches against one of the plurality of registered entities included in the GED; and performing, by the protect agent, a security action, when at least one of the one or more matching entities matches against one or the plurality of registered entities included in the GED. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for preventing unauthorized disclosure of secure information, the system comprising:
-
a receiving module configured to receive digital information including a first text, the first text including a plurality of words; a candidate ID module configured to identify a first candidate entity, the first candidate entity corresponding to a particular word of the plurality of words; a comparison module configured to compare the first candidate entity against a plurality of registered entities stored in an entity database; and a security action module configured to perform a security action when the first candidate entity matches against a particular registered entity of the plurality of registered entities. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A system for preventing unauthorized disclosure of secure information, the system comprising:
-
a processor; a network interface through which to communicate with one or more remote servers over a network; a memory storing code which, when executed by the processor, causes the network storage server system to perform a plurality of operations, including; receiving, by a protect agent installed at a first egress point, digital information including a first text, the first text including a plurality of words; identifying, by the protect agent, a plurality of candidate entities, each of the plurality of candidate entities corresponding to a particular word of the plurality of words; identifying, by the protect agent, one or more matching candidate entities from the plurality of candidate entities that match against one of a plurality of lightweight entities stored in a lightweight entity database (LWED); transmitting, by the protect agent, the one or more matching candidate entities to a global entity database (GED), the GED including a plurality of registered entities identified to be secured against unauthorized disclosure; receiving, from the GED, acknowledgement whether each of the one or more matching candidate entities matches against one of the plurality of registered entities included in the GED; and performing, by the protect agent, a security action, when at least one of the one or more matching entities matches against one or the plurality of registered entities included in the GED. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53)
-
Specification