Enforcing rights management through edge email servers
First Claim
1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages according to policies and semantics, the method comprising acts of:
- receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
accessing a policy document containing one or more pieces of evidence, which are configurable characteristics comprising semantic recognition data corresponding to the sensitive subject matter contained within the message, and the policy document also containing policy remedies indicating actions to be taken;
comparing each of the one or more pieces of evidence within the policy document with content within the message for identifying the sensitive subject matter in the message;
identifying the sensitive subject matter by determining that there is at least one match between at least one of the pieces of evidence of the policy document and content within the message;
based upon the at least one match between the at least one piece of evidence and the content within the message, determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains; and
taking the determined one or more actions in accordance with the policy remedies as contained within the policy document.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides for methods, systems, and computer program products for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. The present invention utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.
-
Citations
18 Claims
-
1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages according to policies and semantics, the method comprising acts of:
-
receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain; accessing a policy document containing one or more pieces of evidence, which are configurable characteristics comprising semantic recognition data corresponding to the sensitive subject matter contained within the message, and the policy document also containing policy remedies indicating actions to be taken; comparing each of the one or more pieces of evidence within the policy document with content within the message for identifying the sensitive subject matter in the message; identifying the sensitive subject matter by determining that there is at least one match between at least one of the pieces of evidence of the policy document and content within the message; based upon the at least one match between the at least one piece of evidence and the content within the message, determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains; and taking the determined one or more actions in accordance with the policy remedies as contained within the policy document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages, the method comprising:
-
an act of receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain; a step for identifying the message as sensitive by using a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter; an act of determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains; wherein the one or more actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and wherein the one or more of the one or more actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of; sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter; querying the sender whether they still want to transfer the message between the at least two domains; and establishing one or more secure links between the at least two domains for transferring the message. - View Dependent Claims (16)
-
-
17. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages and policy remedies that define how to process the sensitive messages, the method comprising acts of:
-
receiving a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain; accessing a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter; scanning the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and based on the identified one or more pieces of evidence, triggering one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains; wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of; sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter; querying the sender whether they still want to transfer the message between the at least two domains; and establishing one or more secure links between the at least two domains for transferring the message.
-
-
18. A computer program product for use in an electronic messaging system, the computer program product used to implement a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying sensitive messages and policy remedies that define how to process the sensitive messages, the computer program product comprising one or more computer readable storage media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
-
receive a message at a message transfer agent located at a boundary between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain; access a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter; scan the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and based on the identified one or more pieces of evidence, trigger one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains; wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender; and wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, the computer program product further comprising computer executable instructions that; sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter; querying the sender whether they still want to transfer the message between the at least two domains; and establishing one or more secure links between the at least two domains for transferring the message.
-
Specification