Method and apparatus to report policy violations in messages

US 7,886,359 B2
Filed: 07/15/2004
Issued: 02/08/2011
Est. Priority Date: 09/18/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying, by a computer system, a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;

searching, by the computer system, the text in the message for fragments that match the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content;

determining, by the computer system, a violation of the policy based on the matching message fragments; and

reporting, by the computer system, the violation of the policy, the reporting comprising specifying the one or more columns and the message fragments that match the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content, the specified message fragments indicating an intent of the user to send the use-restricted content outside of the organization.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for reporting policy violations in messages is described. In one embodiment, a violation is identified by detecting fragments in a message that match information from any one or more rows within a tabular structure of source data. The fragments that match this information are then specified as part of reporting the violation.

151 Citations

View as Search Results

49 Claims

1. A computer-implemented method comprising:
- identifying, by a computer system, a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching, by the computer system, the text in the message for fragments that match the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content;
  
  determining, by the computer system, a violation of the policy based on the matching message fragments; and
  
  reporting, by the computer system, the violation of the policy, the reporting comprising specifying the one or more columns and the message fragments that match the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content, the specified message fragments indicating an intent of the user to send the use-restricted content outside of the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 49)
- - 2. The method of claim 1 wherein the matching message fragments are specified via any one of a user interface and a structured output format.
  - 3. The method of claim 1 wherein the reporting further specifies at least one of a message component containing the matching message fragments, the source data, the one or more rows within the tabular data structure, a number of the one or more rows within the tabular data structure, the policy being violated, and one or more rules of the policy being violated.
  - 4. The method of claim 1 wherein matching fragments to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content comprises:
    - searching the message for the fragments that contain one or more sub-sets of tokens, each of the one or more sub-sets of tokens matching information from a single row within the tabular data structure; and
      
      determining that the message violates the policy.
  - 5. The method of claim 4 wherein the policy comprises at least one rule selected from the group consisting of one or more rules pertaining to the source data, a rule specifying an expression pattern, a rule specifying a message attachment type, a rule specifying a message attachment size, a rule specifying a sender identifier pattern, a rule specifying a recipient identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 6. The method of claim 1 wherein specifying the one or more columns and the message fragments comprises highlighting the matching message fragments on a screen.
  - 7. The method of claim 6 further comprising:
    - providing a link from the matching message fragments highlighted on the screen to the message containing the matching message fragments.
  - 8. The method of claim 1 wherein specifying the one or more columns and the message fragments comprises:
    - determining a permission level of a user with respect to access to the source data; and
      
      presenting information pertaining to the one or more columns and the matching message fragments in accordance with the permission level of the user.
  - 9. The method of claim 8 wherein presenting information pertaining to the one or more columns and the matching message fragments comprises:
    - displaying the matching message fragments to the user as redacted.
  - 10. The method of claim 8 wherein presenting information pertaining to the one or more columns and the matching message fragments comprises:
    - identifying, to the user, the one or more columns within the tabular data structure that contain data matching the fragments from the message, and displaying the matching message fragments to the user as redacted.
  - 49. The computer-implemented method of claim 1, wherein the searching comprises:
    - determining that the fragments resemble data from the one or more columns and any one or more rows within the tabular structure of the use-restricted content without using data values from the one or more columns and any one or more rows within the tabular structure of the use-restricted content.

11. A computer-implemented method comprising:
- identifying, by a computer system, a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching, by the computer system, the text in the message for a plurality of fragments in the message that violates the policy by matching the plurality of fragments to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content;
  
  presenting, by the computer system, the plurality of message fragments that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content, the presented message fragments indicating an intent of the user to send the use-restricted content outside of the organization; and
  
  presenting the one or more columns that contain the matching use-restricted content.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The method of claim 11 wherein the plurality of message fragments are presented to the user via any one of a user interface and a structured output format.
  - 13. The method of claim 11 wherein presenting the plurality of message fragments to the user comprises highlighting the plurality of message fragments on a screen.
  - 14. The method of claim 11 further comprising:
    - identifying to the user at least one of a message component containing the matching message fragments, the source data, the one or more rows within the tabular data structure, and a number of the one or more rows within the tabular data structure.
  - 15. The method of claim 11 wherein detecting in the message the plurality of fragments comprises:
    - searching the message for the plurality of fragments that contains one or more sub-sets of tokens, each of the one or more sub-sets of tokens matching information from a single row within the tabular data structure; and
      
      determining that the message violates the policy.
  - 16. The method of claim 15 further comprising:
    - identifying the policy to the user.
  - 17. The method of claim 15 further comprising:
    - identifying one or more rules of the policy to the user.
  - 18. The method of claim 15 wherein the policy comprises at least one rule selected from the group consisting of one or more rules pertaining to the source data, a rule specifying an expression pattern, a rule specifying a message attachment type, a rule specifying a message attachment size, a rule specifying a sender identifier pattern, a rule specifying a recipient identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 19. The method of claim 13 further comprising:
    - providing a link from the plurality of message fragments highlighted on a screen to the message containing the plurality of message fragments.
  - 20. The method of claim 11 wherein presenting the plurality of message fragments to the user comprises:
    - determining a permission level of the user with respect to access to the source data; and
      
      presenting information pertaining to the plurality of message fragments in accordance with the permission level of the user.
  - 21. The method of claim 20 wherein presenting information pertaining to the plurality of message fragments comprises:
    - displaying the plurality of message fragments to the user as redacted.
  - 22. The method of claim 20 wherein presenting information pertaining to the plurality of message fragments comprises:
    - identifying, to the user, the one or more columns within the tabular data structure that contain data matching the plurality of message fragments from the message, and displaying the plurality of message fragments to the user as redacted.

23. A computer-implemented method comprising:
- Identifying, by a computer system, a set of rules for preventing loss of use-restricted content outside of an organization, the set of rules identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the set of rules triggering a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching, by the computer system, the text in the message for a plurality of tokens in the message that match the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content, wherein the match violates the set of rules;
  
  displaying, by the computer system, the plurality of message tokens that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content to a user, the displayed message tokens indicating an intent of the sender to send the use-restricted content outside of the organization;
  
  displaying the one or more columns that contain the matching use-restricted content; and
  
  upon receiving a user selection of one of the plurality of message tokens,identifying, by the computer system, one or more rules that are violated by the selected message token, anddisplaying, by the computer system, the selected message token and the one or more rules violated by the selected message token.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The method of claim 23 wherein the user selection of the one of the plurality of message tokens is received when the user places a cursor over the one of the plurality of message tokens.
  - 25. The method of claim 23 wherein the set of rules are selected from the group consisting of rules pertaining to components of the use-restricted content having the tabular structure, a rule specifying an expression pattern, a rule specifying message attachment types, a rule specifying a message attachment size, a rule specifying a recipient identifier pattern, a rule specifying a sender identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 26. The method of claim 23 further comprising:
    - upon receiving the user selection of one of the plurality of message tokens, displaying a name of one of the one or more columns from source data that has data matching the one of the plurality of columns from the message.
  - 27. The method of claim 23 further comprising:
    - searching the message for the plurality of tokens that contain one or more sub-sets of tokens, each of the one or more sub-sets of tokens matching information from a single row within a tabular data structure of source data; and
      
      determining that the message violates a policy containing the set of rules.
  - 28. The method of claim 23 wherein displaying the plurality of message tokens to the user comprises highlighting the matching fragments on a screen.
  - 29. The method of claim 23 further comprising:
    - providing a link from the plurality of message tokens to content of the message.

30. A computer-implemented system comprising:
- a memory to store a set of instructions and one or more policies for preventing loss of use-restricted content outside of an organization, the one or more policies identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content and triggering a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization; and
  
  at least one processor coupled to the memory, the at least one processor executing the set of instructions which cause the processor to search the text in the message for fragments in the message that match to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content, to determine a violation of the one or more policies based on the matching message fragments, to specify the one or more columns and the message fragments that match the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content, the specified message fragments indicating an intent of the user to send the use-restricted content outside of an organization.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The system of claim 30 further comprising a user interface to specify the one or more columns and the matching message fragments.
  - 32. The system of claim 30 wherein the reporting tool is further to specify at least one of a message component containing the matching message fragments, the source data, the one or more rows within the tabular data structure, a number of the one or more rows within the tabular data structure, a policy being violated, and one or more rules of the policy being violated.
  - 33. The system of claim 30 wherein the policy being violated comprises at least one rule selected from the group consisting of one or more rules pertaining to the source data, a rule specifying an expression pattern, a rule specifying a message attachment type, a rule specifying a message attachment size, a rule specifying a sender identifier pattern, a rule specifying a recipient identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 34. The system of claim 30 wherein the reporting tool is to highlight the matching message fragments on a screen.
  - 35. The system of claim 30 wherein the reporting tool is to specify the one or more columns and the message fragments by determining a permission level of a user with respect to access to the source data, and presenting information pertaining to the one or more columns and the matching message fragments in accordance with the permission level of the user.

36. A computer-implemented system comprising:
- a memory to store a set of instructions and one or more policies for preventing loss of use-restricted content outside of an organization, the one or more policies identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content and triggering a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization; and
  
  at least one processor coupled to the memory, the at least one processor executing the set of instructions which cause the processor to search the text in the message for a plurality of fragments in the message that violates one or more of the policies by matching the plurality of fragments to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content, and to present the one or more columns and the plurality of message fragments that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content to a user, the presented message fragments indicating an intent of the sender to send the use-restricted content outside of the organization.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The system of claim 36 further comprising a user interface to identify the one or more columns and the plurality of message fragments to the user.
  - 38. The system of claim 36 wherein the reporting tool is further to identify to the user at least one of a message component containing the matching message fragments, the source data, the one or more rows within the tabular data structure, and a number of the one or more rows within the tabular data structure.
  - 39. The system of claim 36 wherein the policy being violated comprises at least one rule selected from the group consisting of one or more rules pertaining to the source data, a rule specifying an expression pattern, a rule specifying a message attachment type, a rule specifying a message attachment size, a rule specifying a sender identifier pattern, a rule specifying a recipient identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 40. The system of claim 36 wherein the reporting tool identifies the one or more columns and the plurality of message fragments to the user by determining a permission level of the user with respect to access to the source data, and presenting information pertaining to the one or more columns and the plurality of fragments in accordance with the permission level of the user.

41. A computer-implemented system comprising:
- a memory to store a set of instructions and a set of rules for preventing loss of use-restricted content outside of an organization, the one or more rules identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content and triggering a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  at least one processor coupled to the memory, the at least one processor executing the set of instructions which cause the processor to search the text in the message for a plurality of tokens in the message to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content, wherein the match violates the set of rules; and
  
  a user interface to display the one or more columns and the plurality of message tokens that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content to a user, to receive a user selection of one of the plurality of message tokens, to identify one or more rules that are violated by the selected message tokens, and to display the selected message token and the one or more rules violated by the selected message token, wherein the displayed message tokens indicate an intent of the sender to send the use-restricted content outside of the organization.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The system of claim 41 wherein the set of rules are selected from the group consisting of rules pertaining to components of the use-restricted content having the tabular structure, a rule specifying an expression pattern, a rule specifying message attachment types, a rule specifying a message attachment size, a rule specifying a recipient identifier pattern, a rule specifying a sender identifier pattern, a rule specifying keywords, a rule specifying a file attachment name pattern, a rule specifying a protocol to carry the message, and a rule specifying a newsgroup name.
  - 43. The system of claim 41 wherein the user interface is further to display a name of a column of the one or more columns from source data that has data matching one of the plurality of columns from the message upon receiving the user selection of the one of the plurality of message tokens.
  - 44. The system of claim 41 wherein the user interface is to highlight the matching message fragments on a screen.
  - 45. The system of claim 41 wherein the user interface is to provide a link from the plurality of message tokens to content of the message.

46. A computer readable medium that provides instructions, which cause a processor to perform a method comprising:
- identifying a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching the text in the message for fragments in the message to the use-restricted content from the one or more columns and any one or more rows within the tabular structure of the use-restricted content;
  
  determining a violation of the policy based on the matching message fragments; and
  
  reporting the violation of the policy, the reporting comprising specifying the one or more columns and the message fragments that match the use-restricted content from the one or more columns and any of the one or more rows within tabular structure of the use-restricted content, the specified message fragments indicating an intent of the user to send the use-restricted content outside of the organization.

47. A computer readable medium that provides instructions, which cause a processor to perform a method comprising:
- identifying, by a computer system, a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching the text in the message for a plurality of fragments in the message that violates the policy by matching the plurality of fragments to the use-restricted content from the one or more columns and any one or more rows within the tabular structure of the use-restricted content; and
  
  presenting the plurality of message fragments that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content, the presented message fragments indicating an intent of the user to send the use-restricted content outside of the organization; and
  
  presenting the one or more columns that contain the matching use-restricted content.

48. A computer readable medium that provides instructions, which cause a processor to perform a method comprising:
- identifying a policy for preventing loss of use-restricted content outside of an organization, the policy identifying source data that includes the use-restricted content and one or more columns within a tabular structure of the use-restricted content, the policy to trigger a violation when at least a portion of the use-restricted content is present in text of a message sent by a user to a recipient outside of the organization;
  
  searching the text in the message for a plurality of tokens in the message to the use-restricted content from one or more columns and any one or more rows within the tabular structure of the use-restricted content, wherein the match violates the set of rules;
  
  displaying the plurality of message tokens that match at least a portion of the use-restricted content from the one or more columns and any of the one or more rows within the tabular structure of the use-restricted content to a user, the displayed message tokens indicating an intent of the sender to send the use-restricted content outside of the organization;
  
  displaying the one or more columns that contain the matching use-restricted content to a user; and
  
  upon receiving a user selection of one of the plurality of message tokens,identifying one or more rules that are violated by the selected message token, anddisplaying the selected message token and the one or more rules violated by the selected message token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Wolfe, Michael R., Ansanelli, Joseph, Jones, Chris, Chen, Hai, Rowney, Kevin T.
Primary Examiner(s)
Cottingham; John R.
Assistant Examiner(s)
Reyes; Mariela D

Application Number

US10/892,982
Publication Number

US 20050027723A1
Time in Patent Office

2,399 Days
Field of Search

707/6, 707/758, 707/785, 707/781, 707/783, 726/26
US Class Current

726/26
CPC Class Codes

G06F 16/334 Query execution G06F16/335 ...

G06Q 10/107 Computer-aided management o...

Method and apparatus to report policy violations in messages

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

151 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to report policy violations in messages

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links