SCRIPTING LANGUAGE PROCESSING ENGINE IN DATA LEAK PREVENTION APPLICATION

US 20120023480A1
Filed: 07/26/2010
Published: 01/26/2012
Est. Priority Date: 07/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method of categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:

providing a data leak prevention application that categorizes documents by data type, a data type being a classification of a document based on what data the document contains;

embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine Ruining part of the application as hard code;

configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code; and

activating relevant code portions of the scripting language processing engine to either detect new date types or to enhance an accuracy of an existing data type.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.

24 Citations

View as Search Results

21 Claims

1. A method of categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:
- providing a data leak prevention application that categorizes documents by data type, a data type being a classification of a document based on what data the document contains;
  
  embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine Ruining part of the application as hard code;
  
  configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code; and
  
  activating relevant code portions of the scripting language processing engine to either detect new date types or to enhance an accuracy of an existing data type.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further including setting criteria for when the relevant code portions of the scripting language processing engine activate.
  - 3. The method of claim 1, wherein a DLP administrator performs the configuring.
  - 4. The method of claim 1, further including activating the relevant code portions of the scripting language to detect a new data type.
  - 5. The method of claim 1, further including activating the relevant code portions of the scripting language to enhance the accuracy of the existing data types.
  - 6. The method of claim 1, further including activating the relevant code portions of the scripting language to detect a new data type and to enhance the accuracy of existing data types.

7. A method of categorizing documents by classifying the documents according to a sensitivity of the documents, comprising:
- embedding a scripting language processing engine into a data leak prevention application, the scripting language processing engine forming part of the application, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user;
  
  setting criteria for when relevant code portions of the scripting language processing engine activate; and
  
  activating relevant code portions of the scripting language to either validate an existing data type or to detect a new data type, a data type being a classification of a document containing data based on a sensitivity of the document and based on a type of data the document contains.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein a DLP administrator sets the criteria.
  - 9. The method of claim 7, wherein the scripting language processing engine has access to variables available to the data leak prevention application.
  - 10. The method of claim 9, wherein the variables include IP connection details, user names, rule names, data type match, email details and file identification.
  - 11. The method of claim 7, further including activating the relevant code portions of the scripting language processing engine to detect a new data type.
  - 12. The method of claim 7, further including activating the relevant code portions of the scripting language processing engine to validate an existing data type.

13. A method of detecting sensitive documents, comprising:
- using a data leak prevention application to categorize documents by data type, a data type being a classification of a document containing data based on a size of the document and based on a type of data the document contains;
  
  categorizing the documents further based on a protocol of the document;
  
  for email documents categorizing the email documents further in terms of sensitivity by checking a source and destination of the email documents; and
  
  a scripting language processing engine embedded in the data leak prevention application validating an accuracy of the data type, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the data type includes compound data types.
  - 15. The method of claim 13, wherein the scripting language has features that allow the scripting language processing engine to be used in security-critical software.

16. A method of detecting sensitive documents, comprising:
- using a data leak prevention application to select a sensitivity category for a document based on a size of the document, a data type and a protocol of the document;
  
  checking a source and destination of the document if the protocol is for email;
  
  a user configuring interaction of a scripting language processing engine with the data leak prevention application to activate code portions of the scripting language processing engine at a run time event of the data leak prevention application, the scripting language processing engine embedded in the data leak prevention application and having access to data accessible to the data leak prevention application;
  
  using the scripting language processing engine to validate the data type of the document; and
  
  re-selecting a sensitivity category for the document based on the validation.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further including using the data leak prevention application to perform an action to either block further dissemination of the document or to alert select individuals regarding dissemination of the document.
  - 18. The method of claim 17, wherein the data accessible to the data leak prevention application includes IP connection details, user name, rule name, data type match, email details or file identification.
  - 19. The method of claim 17, further including selecting the sensitivity category of the document based on a data type characterized by a frequency of occurrence in the document of an identification number.
  - 20. The method of claim 19, wherein validating the data type means validating the identification number.

21. A data leak prevention system, comprising:
- a data leak prevention application;
  
  a scripting language processing engine embedded into the DLP application and forming part of the hard code thereof, an interaction of the scripting language processing engine with the data leak prevention application configurable by a user;
  
  the scripting language processing engine including snippets that activate based on criteria configurable by a user at run time events of the data leak prevention application, the snippets also modifiable by a user; and
  
  documents of various data types stored by the user and categorized by the data leak prevention application as to sensitivity upon the scripting language processing engine validating existing data types or creating new data types.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
Perlmutter, Amnon, Gonda, Oded, Mor, Aviad, Raz, Ofer, LeGrow, Matt

Granted Patent

US 8,776,017 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/115
CPC Class Codes

G06F 21/6218 to a system of files or obj...

SCRIPTING LANGUAGE PROCESSING ENGINE IN DATA LEAK PREVENTION APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SCRIPTING LANGUAGE PROCESSING ENGINE IN DATA LEAK PREVENTION APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links