TECHNIQUES FOR DETECTING AND PREVENTING UNINTENTIONAL DISCLOSURES OF SENSITIVE DATA

US 20110296531A1
Filed: 08/08/2011
Published: 12/01/2011
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1-22. -22. (canceled)

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protection is provided to prevent a computer user from unintentionally giving away sensitive data (e.g., security credentials, credit card number, PINs, personal data, or bank account number) to an illegitimate or unintended entity by means of a client application capable of communicating the sensitive data across a network to other computer users. To provide the protection, user input is monitored to detect a user entry of the sensitive data into the client application for communication to other users. When such an entry occurs, action is taken to reduce the likelihood of an unintentional giveaway of the sensitive data or to reduce the effects of an unintentional giveaway.

15 Citations

View as Search Results

42 Claims

1-22. -22. (canceled)

23. A computer-implemented method of protecting against an unintentional release of sensitive data to an illegitimate or unintended entity, the method comprising:
- monitoring data entered by a user into a client application, wherein the monitoring comprises at least one of;
  
  determining whether an intended recipient of the data provided to the client application is globally trusted; and
  
  determining whether the intended recipient of the data provided to the client application is personally trusted;
  
  accessing a set of pattern generating functions;
  
  generating a set of string matching patterns by applying the set of pattern generating functions to sensitive data;
  
  determining, with a processor, that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns; and
  
  in response to determining that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns, performing at least one of;
  
  requesting that the user confirm a communication of the data;
  
  warning the user that communicating the data might result in an unintentional release of sensitive data to an illegitimate or unintended entity;
  
  preventing the client application from communicating the data; and
  
  logging a communication of the data by the client application.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 37, 38, 39, 40)
- - 24. The computer-implemented method of claim 23 wherein the client application includes a web page with an input form.
  - 25. The computer-implemented method of claim 23 wherein the client application is an instant messaging application.
  - 26. The computer-implemented method of claim 23 wherein the client application is an e-mail application.
  - 27. The computer-implemented method of claim 23 further comprising:
    - determining whether the intended recipient of the data entered into the client application is known to be an illegitimate or unintended entity.
  - 28. The computer-implemented method of claim 23 further comprising:
    - determining whether the intended recipient of the data entered into the client application is known to be a legitimate or intended entity.
  - 29. The computer-implemented method of claim 23 further comprising:
    - passing the data entered into the client application to a matcher program or object; and
      
      passing at least one of the string-matching patterns to the matcher program or object.
  - 30. The computer-implemented method of claim 23 further comprising:
    - selecting at least one matcher program or object; and
      
      detecting an entry or partial entry of a variation of the sensitive data by;
      
      passing data entered into the client application to the selected matcher program or object;
      
      passing the sensitive data to the matcher program or object; and
      
      comparing the data entered to a variation of the sensitive data encoded in the matcher program or object.
  - 31. The computer-implemented method of claim 23 further comprising:
    - determining whether a sequence of events preceding the entry of the data is known to be characteristic of an unintentional giveaway of sensitive data to an illegitimate or unintended entity.
  - 33. The computer-implemented method of claim 23 wherein the action comprises preventing the client application from communicating the data.
  - 34. The computer-implemented method of claim 23 wherein the action comprises warning the user that communicating the data might result in an unintentional giveaway of sensitive data to an illegitimate or unintended entity.
  - 35. The computer-implemented method of claim 23 wherein the action comprises logging a communication of the data by the client application.
  - 36. The computer-implemented method of claim 23 wherein the action comprises requesting that the user confirm a communication of the data.
  - 37. The computer-implemented method of claim 23 wherein the data comprises security credentials.
  - 38. The computer-implemented method of claim 37 wherein the security credentials comprise security credentials used to log onto an ISP'"'"'s network.
  - 39. The computer-implemented method of claim 37 wherein the security credentials comprise security credentials used to log onto a website.
  - 40. The computer-implemented method of claim 23 wherein the data comprises a credit card number.

41. A non-transitory computer-usable medium storing a computer program for protecting against an unintentional release of sensitive data to an illegitimate or unintended entity, the computer program comprising instructions for causing at least one processor to:
- monitor data being entered by a user into a client application, wherein the monitoring comprises at least one of;
  
  determining whether an intended recipient of the data provided to the client application is globally trusted; and
  
  determining whether the intended recipient of the data provided to the client application is personally trusted;
  
  access a set of pattern generating functions;
  
  generate a set of string matching patterns by applying the set of pattern generating functions to sensitive data;
  
  determine that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns;
  
  in response to determining that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns, perform at least one of;
  
  requesting that the user confirm a communication of the data;
  
  warning the user that communicating the data might result in an unintentional release of sensitive data to an illegitimate or unintended entity;
  
  preventing the client application from communicating the data;
  
  or logging a communication of the data by the client application.

42. A computer-implemented method of protecting against an unintentional release of sensitive data to an illegitimate or unintended entity, the method comprising:
- monitoring data being entered by a user into a client application, wherein the monitoring comprises at least one of;
  
  determining whether an intended recipient of the data provided to the client application is globally trusted; and
  
  determining whether the intended recipient of the data provided to the client application is personally trusted;
  
  accessing a set of pattern generating functions;
  
  generating a set of string matching patterns by applying the set of pattern generating functions to sensitive data;
  
  determining, with a processor, that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns;
  
  in response to determining that the data being entered into the client application matches one or more of the string matching patterns in the set of string matching patterns, performing at least one of;
  
  requesting that the user confirm a communication of the data;
  
  warning the user that communicating the data might result in an unintentional giveaway of sensitive data to an illegitimate or unintended entity;
  
  preventing the client application from communicating the data;
  
  or logging a communication of the data by the client application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
AOL Inc. (Apollo Global Management, Inc.)
Inventors
TOOMEY, CHRISTOPHER

Granted Patent

US 8,464,352 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

H04L 63/1408   by monitoring network traff...

H04L 63/1483   service impersonation, e.g....

TECHNIQUES FOR DETECTING AND PREVENTING UNINTENTIONAL DISCLOSURES OF SENSITIVE DATA

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR DETECTING AND PREVENTING UNINTENTIONAL DISCLOSURES OF SENSITIVE DATA

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links