Protecting Information Using Policies and Encryption

US 20130097421A1
Filed: 04/04/2012
Published: 04/18/2013
Est. Priority Date: 04/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a document management system managing a plurality of documents wherein the document management system comprises clients and servers;

at a first client, executing a first policy enforcer program;

at the first client, trapping by the first policy enforcer program a request by an e-mail application to send an e-mail with a document attachment, managed by the document management system, to a second client;

at the first policy enforcer program, evaluating at least one policy associated with document attachment;

as a result of the evaluating, determining that the send request is allowed, but before allowing to e-mail application to send the document attachment, encrypting the document attachment; and

allowing to e-mail application to send the encrypted document attachment to the second client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

Citations

5 Claims

1. A method comprising:
- providing a document management system managing a plurality of documents wherein the document management system comprises clients and servers;
  
  at a first client, executing a first policy enforcer program;
  
  at the first client, trapping by the first policy enforcer program a request by an e-mail application to send an e-mail with a document attachment, managed by the document management system, to a second client;
  
  at the first policy enforcer program, evaluating at least one policy associated with document attachment;
  
  as a result of the evaluating, determining that the send request is allowed, but before allowing to e-mail application to send the document attachment, encrypting the document attachment; and
  
  allowing to e-mail application to send the encrypted document attachment to the second client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the document attachment is unencrypted.
  - 3. The method of claim 1 wherein the at least one policy associated with document attachment is stored at the first client.
  - 4. The method of claim 1 wherein the document attachment is encrypted by an encryption module executing on the first client, the encryption module is separate from the policy enforcer program.
  - 5. The method of claim 1 comprising:
    - receiving the encrypted document attachment at the second client;
      
      detecting an attempt to open the encrypted document attachment at the second client at a second policy enforcer program at the second client;
      
      at the second policy enforcer program, evaluating at least one policy associated with encrypted document attachment;
      
      as a result of the evaluating, determining that the open operation is allowed;
      
      at an encryption module executing on the second client, determining the encrypted document attachment is encrypted;
      
      at an encryption module, attempting to obtain a key for the encrypted document attachment by sending a key request to the second policy enforcer program including information comprising a process identifier;
      
      at the second policy enforcer program, receiving the key request from the encryption module and evaluating the request based on the information comprising a process identifier;
      
      when the process identifier matches a previously saved process identifier, at the second policy enforcer program, sending a request to a key server of the document management system;
      
      after receiving a key from the key server at the second client, passing the key to the encryption module; and
      
      at the encryption module, using the received key in unencrypting of the encrypted document attachment to obtain the unencrypted document attachment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng

Granted Patent

US 8,843,734 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

H04L 51/08   Annexed information, e.g. a...

H04L 63/0245   Filtering by information in...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 9/00   Cryptographic mechanisms or...

Protecting Information Using Policies and Encryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting Information Using Policies and Encryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links