Enforcing rights management through edge email servers

US 7,454,778 B2
Filed: 09/30/2004
Issued: 11/18/2008
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages according to policies and semantics, the method comprising acts of:

receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;

accessing a policy document containing one or more pieces of evidence, which are configurable characteristics comprising semantic recognition data corresponding to the sensitive subject matter contained within the message, and the policy document also containing policy remedies indicating actions to be taken;

comparing each of the one or more pieces of evidence within the policy document with content within the message for identifying the sensitive subject matter in the message;

identifying the sensitive subject matter by determining that there is at least one match between at least one of the pieces of evidence of the policy document and content within the message;

based upon the at least one match between the at least one piece of evidence and the content within the message, determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains; and

taking the determined one or more actions in accordance with the policy remedies as contained within the policy document.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides for methods, systems, and computer program products for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. The present invention utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.

44 Citations

View as Search Results

18 Claims

1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages according to policies and semantics, the method comprising acts of:
- receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  accessing a policy document containing one or more pieces of evidence, which are configurable characteristics comprising semantic recognition data corresponding to the sensitive subject matter contained within the message, and the policy document also containing policy remedies indicating actions to be taken;
  
  comparing each of the one or more pieces of evidence within the policy document with content within the message for identifying the sensitive subject matter in the message;
  
  identifying the sensitive subject matter by determining that there is at least one match between at least one of the pieces of evidence of the policy document and content within the message;
  
  based upon the at least one match between the at least one piece of evidence and the content within the message, determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains; and
  
  taking the determined one or more actions in accordance with the policy remedies as contained within the policy document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 3. The method of claim 1, wherein the policy document includes evidence about an outside organization'"'"'s policies, and wherein the message is an incoming message from the outside organization.
  - 4. The method of claim 1, wherein the message being transferred between the at least two domains is being tranferred by a secure protocol.
  - 5. The method of claim 4, wherein the message being transferred between the at least two domains is being transferred by a secure protocol.
  - 6. The method of claim 1, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.
  - 7. The method of claim 1, wherein the sensitive subject matter is included in an attachment within the electronic message.
  - 8. The method of claim 1, wherein the message protocol used to transfer the message is SMTP or X400.
  - 9. A computer program product for use in an electronic messaging system, the computer program product for implementing a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages, the computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the method of claim 1.
  - 10. The computer program product of claim 9, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 11. The computer program product of claim 9, wherein the at least two domains are different organizations.
  - 12. The computer program product of claim 9, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.
  - 13. The method of claim 1, wherein the message being transferred between the at least two domains is encrypted.
  - 14. The method of claim 1, wherein the message being transferred between the at least two domains includes a rights management policy with the message.

15. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages, the method comprising:
- an act of receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  a step for identifying the message as sensitive by using a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  an act of determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains;
  
  wherein the one or more actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and
  
  wherein the one or more of the one or more actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of;
  
  sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
  
  querying the sender whether they still want to transfer the message between the at least two domains; and
  
  establishing one or more secure links between the at least two domains for transferring the message.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject mailer or a template corresponding to the sensitive subject matter.

17. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages and policy remedies that define how to process the sensitive messages, the method comprising acts of:
- receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  accessing a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  scanning the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and
  
  based on the identified one or more pieces of evidence, triggering one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains;
  
  wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and
  
  wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of;
  
  sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
  
  querying the sender whether they still want to transfer the message between the at least two domains; and
  
  establishing one or more secure links between the at least two domains for transferring the message.

18. A computer program product for use in an electronic messaging system, the computer program product used to implement a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages and policy remedies that define how to process the sensitive messages, the computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  access a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  scan the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and
  
  based on the identified one or more pieces of evidence, trigger one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains;
  
  wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and
  
  wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, the computer program product further comprising computer executable instructions that;
  
  sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
  
  querying the sender whether they still want to transfer the message between the at least two domains; and
  
  establishing one or more secure links between the at least two domains for transferring the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Atkinson, Robert G., Pearson, Malcolm E., Reed, David R., White, Steven D.
Primary Examiner(s)
Song; Hosuk

Application Number

US10/954,873
Publication Number

US 20060089970A1
Time in Patent Office

1,510 Days
Field of Search

726 1- 6, 726 11- 15, 713/181, 709/200, 709206-207
US Class Current

726/1
CPC Class Codes

H04L 51/212 using filtering or selectiv...

H04L 63/102 Entity profiles

Enforcing rights management through edge email servers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing rights management through edge email servers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links