SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS

US 20140189784A1
Filed: 01/02/2013
Published: 07/03/2014
Est. Priority Date: 01/02/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

detecting an attempt by a user to access sensitive data on a mobile computing device;

collecting, via at least one sensor of the mobile computing device, sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;

determining, based at least in part on the sensor data, a privacy level of the environment;

restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a data-loss-prevention (DLP) policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.

86 Citations

View as Search Results

20 Claims

1. A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting an attempt by a user to access sensitive data on a mobile computing device;
  
  collecting, via at least one sensor of the mobile computing device, sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  determining, based at least in part on the sensor data, a privacy level of the environment;
  
  restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a data-loss-prevention (DLP) policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify at least one characteristic of the environment that comprises a risk factor for data loss.
  - 3. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify a venue type of the environment that comprises a risk factor for data loss.
  - 4. The method of claim 3, wherein:
    - the sensor data indicates a geographic location of the environment;
      
      using the sensor data to identify the venue type of the environment comprises querying a venue-type database using the geographic location for the venue type of the environment.
  - 5. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify a number of people within the environment that comprises a risk factor for data loss.
  - 6. The method of claim 5, wherein:
    - the sensor data comprises audio data collected via an audio sensor of the mobile computing device;
      
      using the sensor data to identify the number of people within the environment comprises analyzing the audio data to determine the number of people within the environment.
  - 7. The method of claim 5, wherein:
    - the sensor data comprises image data collected via an image sensor of the mobile computing device;
      
      using the sensor data to identify the number of people within the environment comprises analyzing the image data to determine the number of people within the environment.
  - 8. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify a number of additional computing devices within the environment that comprises a risk factor for data loss.
  - 9. The method of claim 8, wherein:
    - the sensor data comprises network data collected via a network sensor of the mobile computing device;
      
      using the sensor data to identify the number of additional computing devices within the environment comprises analyzing the network data to determine the number of additional computing devices within the environment.
  - 10. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify a proximity of people within the environment that comprises a risk factor for data loss.
  - 11. The method of claim 1, wherein determining the privacy level of the environment comprises using the sensor data to identify an orientation of the mobile computing device that comprises a risk factor for data loss.
  - 12. The method of claim 1, wherein:
    - collecting sensor data that is indicative of the environment comprises;
      
      collecting, prior to the attempt to access the sensitive data, past sensor data that is indicative of the environment in which the user is attempting to access the sensitive data;
      
      collecting, in response to the attempt to access the sensitive data, present sensor data that is indicative of the environment in which the user is attempting to access the sensitive data;
      
      determining the privacy level of the environment comprises comparing the past sensor data with the present sensor data.
  - 13. The method of claim 1, wherein:
    - the sensor data indicates a geographic location of the environment;
      
      determining the privacy level of the environment comprises;
      
      querying a remote source using the geographic location of the environment for additional information about the environment;
      
      using the additional information to determine the privacy level of the environment.
  - 14. The method of claim 1, further comprising reporting to an administrator at least one of:
    - the environment in which the user is attempting to access the sensitive data;
      
      the privacy level of the environment.

15. A system for enforcing data-loss-prevention policies using mobile sensors, the system comprising:
- a detection module programmed to detect an attempt by a user to access sensitive data on a mobile computing device;
  
  a collection module programmed to collect, via at least one sensor of the mobile computing device, sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  a determination module programmed to determine, based at least in part on the sensor data, a privacy level of the environment;
  
  a restricting module programmed to restrict, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a data-loss-prevention (DLP) policy;
  
  at least one processor configured to execute the detection module, the collection module, the determination module, and the restricting module.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the determination module is programmed to determine the privacy level of the environment by using the sensor data to identify at least one characteristic of the environment that comprises a risk factor for data loss.
  - 17. The system of claim 15, wherein the determination module is programmed to determine the privacy level of the environment by using the sensor data to identify a venue type of the environment that comprises a risk factor for data loss.
  - 18. The system of claim 15, wherein the determination module is programmed to determine the privacy level of the environment by using the sensor data to identify a number of people within the environment that comprises a risk factor for data loss.
  - 19. The system of claim 15, wherein the determination module is programmed to determine the privacy level of the environment by using the sensor data to identify a number of additional computing devices within the environment that comprises a risk factor for data loss.

20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- detect an attempt by a user to access sensitive data on a mobile computing device;
  
  collect, via at least one sensor of the mobile computing device, sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  determine, based at least in part on the sensor data, a privacy level of the environment;
  
  restrict, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a data-loss-prevention (DLP) policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
McCorkendale, Bruce, Marino, Daniel, Shou, Darren

Granted Patent

US 8,925,037 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/60 Protecting data

SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others