Identifying and Preventing Leaks of Sensitive Information

US 20140230066A1
Filed: 02/08/2013
Published: 08/14/2014
Est. Priority Date: 02/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

extracting, by a computer system, a plurality of terms from a plurality of documents for a plurality of profiles, wherein each profile in the plurality of profiles is associated with a particular user in a plurality of users using a network of electronics devices;

generating, by the computer system, for the plurality of terms in each of the plurality of profiles, a plurality of associated inferred meanings based on a plurality of usages of the plurality of terms in the plurality of documents;

generating for each profile in the plurality of profiles, by the computer system, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms categorize the plurality of terms based on the associated inferred meanings;

generating, by the computer system, a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms;

determining, by the computer system, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies; and

storing, by the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Determining sensitive information and preventing the unauthorized or unintended dissemination of such information are disclosed. Terms are determined from documents associated with users in a network. Distributions among users and relative frequencies with which the terms are used are determined. Link strengths between users are calculated. Based on the distribution of the terms, the relative frequencies of use among the user profiles and link strengths between users conducting information transactions that include the terms, a sensitivity level for each term can be determined. To determine whether a particular information transaction with particular terms may be conducted between two users in the network, a combination of link strength between the users and sensitivity level of the terms with respect to the users or users'"'"' profiles are considered. If the information transaction includes terms that are unknown to one of the users, then a warning or alarm can be raised.

Citations

20 Claims

1. A method comprising:
- extracting, by a computer system, a plurality of terms from a plurality of documents for a plurality of profiles, wherein each profile in the plurality of profiles is associated with a particular user in a plurality of users using a network of electronics devices;
  
  generating, by the computer system, for the plurality of terms in each of the plurality of profiles, a plurality of associated inferred meanings based on a plurality of usages of the plurality of terms in the plurality of documents;
  
  generating for each profile in the plurality of profiles, by the computer system, a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms categorize the plurality of terms based on the associated inferred meanings;
  
  generating, by the computer system, a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms;
  
  determining, by the computer system, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies; and
  
  storing, by the computer system, the plurality of sensitivity level values for the plurality of categorical terms, wherein the plurality of sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is permitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising determining, by the computer system, a distribution of the plurality of terms among the plurality of profiles, and wherein the plurality of sensitivity level values are further based on the distribution of the plurality of terms among the plurality of profiles.
  - 3. The method of claim 1, further comprising determining, by the computer system, a plurality of link strength values for a plurality of pairs of users in the plurality of the users based on an occurrence of common terms in profiles associated with each of the pairs of users, wherein the plurality of link strength values describe a relationship between an associated pair of users in the plurality of pairs of users, and wherein sensitivity level values in the plurality of sensitivity level values are further based on the plurality of link strength values.
  - 4. The method of claim 3, wherein determining the plurality of sensitivity level values further comprises calculating a plurality of weighted conditional probabilities based on the plurality of link strength values and the plurality profiles.
  - 5. The method of claim 4, wherein each of the plurality of profiles comprises information regarding a level of knowledge a user associated a profile possesses regarding the categorical terms in the profile associated with the user.
  - 6. The method of claim 3, wherein determining a plurality of link strength values further comprises monitoring a plurality of frequencies associated with the plurality of pairs of user, wherein each of the plurality of frequencies corresponds to an associated frequency with which each of the plurality of pairs of users conduct information transactions.
  - 7. The method of claim 1, further comprising:
    - detecting, by the computer system, a first information transaction between a first pair of users in the plurality of pairs of users that includes a first term associated with a first categorical term in the plurality of categorical terms;
      
      determining a first sensitivity level value for the first categorical term; and
      
      generating an alert in response to the first sensitivity level value.
  - 8. The method of claim 7, wherein generating the alert comprises comparing the first sensitivity level to a threshold sensitivity level value associated with a first user or a second user in the first pair of users.
  - 9. The method of claim 7, wherein the alert comprises a message displayed to a first user in the first pair of users regarding a sensitivity of the first information transaction or automatically blocking the information transaction in response to the alert.
  - 10. The method of claim 1, wherein the plurality of documents comprises email messages, social media posts, social media feeds, shared-access documents, or audio-visual files.
  - 11. A non-transitory computer-readable storage medium comprising computer-executable code for performing the method of claim 1.

12. A method comprising:
- receiving, by a computer system, a plurality of terms from a plurality of documents for a plurality of profiles, wherein each profile in the plurality of profiles is associated with a particular user in a plurality of users using a network of electronics devices and with one or more electronic devices in the network of electronic devices;
  
  generating, by the computer system, a plurality of categorical terms that categorize the plurality of terms based on syntactic meanings of the plurality of terms;
  
  generating, by the computer system, a plurality of associated categorical term frequencies based on a plurality of frequencies of usage of terms associated with the plurality of categorical terms, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms;
  
  determining, by the computer system, a plurality of link strength values for a plurality of pairs of users in the plurality of users based on an organization chart of the users, wherein each of the plurality of link strength values describe a relationship between an associated pair of users in the plurality of pairs of users; and
  
  determining, by the computer system, a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies and the plurality of link strength values for the plurality of pairs of users of the system, wherein the sensitivity level values are used to analyze whether an information transaction comprising at least one of the plurality of terms is allowable.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising determining, by the computer system, a distribution of the plurality of terms among the plurality of profiles, and wherein the plurality of sensitivity level values are further based on the distribution of the plurality of terms among the plurality of profiles.
  - 14. The method of claim 12, wherein the organizational chart comprises groups of profiles or users defined to be closely linked.
  - 15. The method of claim 14, further comprising determining, by the computer system, a distribution of the plurality of terms among the groups of profiles, and wherein the plurality of sensitivity level values are further based on the distribution of the plurality of terms among the groups of profiles
  - 16. The method of claim 12, wherein determining the plurality of link strength values for the plurality of pairs of users further comprises determining a plurality of associated frequencies with which the plurality of pairs of users conduct information transactions.
  - 17. The method of claim 12, further comprising:
    - detecting, by the computer system, a first information transaction between a first user and a second user in the plurality of pairs of users that includes a first categorical term in the plurality of categorical terms;
      
      determining a first sensitivity level value from the plurality of sensitivity level values for the first categorical term; and
      
      generating an alert in response to the first sensitivity level value.
  - 18. The method of claim 17, wherein generating the alert comprises comparing the first sensitivity level to a threshold sensitivity level value associated with the first user or the second user.
  - 19. A non-transitory computer-readable storage medium comprising computer-executable code for performing the method of claim 12.

20. A system comprising:
- one or more computer processors; and
  
  a non-transitory computer-readable storage medium containing instructions, that when executed, control the one or more computer processors to be configured for;
  
  extracting a plurality of terms from a plurality of documents for a plurality of profiles, wherein each profile in the plurality of profiles is associated with a particular user in a plurality of users using a network of electronics devices;
  
  generating for the plurality of terms in each of the plurality of profiles, a plurality of associated inferred meanings based on a plurality of usages of the plurality of terms in the plurality of documents;
  
  generating for each profile in the plurality of profiles a plurality of categorical terms based on the plurality of inferred meanings, wherein the plurality of categorical terms categorize the plurality of terms based on the associated inferred meanings;
  
  generating a plurality of associated categorical term frequencies based on a plurality of associated frequencies of term occurrences of terms associated with the categorical terms in each of the plurality of profiles, wherein each of the plurality of associated categorical term frequencies is associated with one of the plurality of categorical terms; and
  
  determining a plurality of sensitivity level values for the plurality of categorical terms based on the plurality of associated categorical term frequencies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Hurwitz, Joshua B., Fu, Zhi, Kuhlman, Douglas A.

Granted Patent

US 10,152,611 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/6263   during internet communicati...

G06F 2221/2117   User registration

H04L 63/0245   Filtering by information in...

H04L 63/102   Entity profiles

Identifying and Preventing Leaks of Sensitive Information

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying and Preventing Leaks of Sensitive Information

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links