PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

US 20170359386A1
Filed: 08/07/2017
Published: 12/14/2017
Est. Priority Date: 01/20/2009
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Citations

40 Claims

1-20. -20. (canceled)

21. A system, comprising:
- at least one processor; and
  
  memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising;
  
  analyzing a message using one or more rules used to generate security for the message, wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input;
  
  applying the security to the message, wherein the security includes attaching one or more attributes of the security to the message; and
  
  sending the message to a recipient using an untrusted message service.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The system of claim 21, the method further comprising:
    - receiving the one or more rules from a rules component associated with the untrusted message service; and
      
      composing the message to be sent to the recipient.
  - 23. The system of claim 22, wherein the one or more rules comprise at least one of a predicate defining sender and recipient constraints, an action and configuration information, and wherein the rules component is polled for updates to the one or more rules.
  - 24. The system of claim 22, wherein the message is composed using a secure computing device located at a trusted location;
    - and the untrusted message service is located at an untrusted location.
  - 25. The system of claim 21, the method further comprising determining the untrusted message service is being used to transmit the message to the recipient.
  - 26. The system of claim 21, wherein the security prevents a body portion of the message from being exposed at the untrusted message service.
  - 27. The system of claim 26, wherein the security further allows exposure of a header portion and a subject portion of the message at the untrusted message service.
  - 28. The system of claim 21, wherein the recipient is able to access the message using an encryption key shared by the sender of the message and the recipient.
  - 29. The system of claim 21, wherein the input corresponds to a set of recipients, and one or more recipients in the set of recipients is associated with different levels of the security.
  - 30. The system of claim 29, wherein a level of the security applied to the message is based on the one or more recipients associated with the highest security level.
  - 31. The system of claim 30, wherein applying the security to the message comprises:
    - providing a notification to a sender of the message that the security has been triggered;
      
      providing an option to disable the triggered security;
      
      determining whether the option has been selected; and
      
      when the option is determined to be selected, preventing the triggered security from being applied to the message.

32. A method comprising:
- analyzing, by a trusted computing device, a message using one or more rules used to generate security for the message, wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input;
  
  applying the security to the message, wherein the security includes attaching one or more attributes of the security to the message; and
  
  sending the message to a recipient using an untrusted message service.
- View Dependent Claims (33, 32, 33, 36, 37, 38, 39)
- - 33. The method of claim 32, further comprising:
    - receiving, by the trusted computing device, the one or more rules from a rules component associated with the untrusted message service;
      
      caching the rules on the trusted computing device; and
      
      composing the message to be sent to the recipient.
  - 32-1. The method of claim 33, wherein the analyzing of the message is performed during an offline state of the trusted computing device using the cached rules.
  - 33-1. The method of claim 33, further comprising periodically polling the rules component to download new or updated rules to the trusted computing device.
  - 36. The method of claim 32, wherein the security comprises allowing exposure of a header portion and a subject portion of the message at the untrusted message service and preventing exposure of a body portion of the message at the untrusted message service.
  - 37. The method of claim 36, wherein the security further comprises storing, at a trusted location, an encryption key used to access the message.
  - 38. The method of claim 37, wherein the security enables exposure of the header portion and the subject portion of the message to the recipient using the encryption key.
  - 39. The method of claim 32, wherein a level of the security applied to the message in based at least on the input.

40. A messaging system comprising:
- a computing device using an untrusted message service for transmitting a message;
  
  a rules component associated with the untrusted message service, wherein the rules component is configured to analyze the message using one or more rules, wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input; and
  
  a security component associated with the computing device, wherein the security component is configured to apply security to the message based on the one or more rules, wherein the security includes attaching one or more attributes of the security to the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Banti, Edward T., Byrum, Frank, Carvalho Neto, Mayerber L., Knibb, James R., Biswas, Palash, Barnes, Christopher

Granted Patent

US 10,044,763 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/0263   Rule management

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

PROTECTING CONTENT FROM THIRD PARTY USING CLIENT-SIDE SECURITY PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links