Method and apparatus for searching a storage system for confidential data

US 7,958,102 B1
Filed: 03/28/2007
Issued: 06/07/2011
Est. Priority Date: 03/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of searching a computer for confidential data related to a user, comprising:

obtaining user information comprising the confidential data from a digital identity for the user;

wherein the digital identity comprises a managed digital identity, and wherein the step of obtaining comprises;

identifying an object maintained on the computer that is associated with the managed digital identity;

requesting a token from an identity provider representing the managed digital identity; and

extracting one or more claims comprising the user information from the token;

generating a rule that provides a secure representation of the user information; and

searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for searching a storage system for confidential data is described. One aspect of the invention relates to searching a computer for confidential data related to user. User information comprising the confidential data is obtained from a digital identity for the user. A rule that provides a secure representation of the user information is generated. A storage system in the computer is searched using the rule to detect one or more instances of the user information within at least one file.

21 Citations

View as Search Results

16 Claims

1. A method of searching a computer for confidential data related to a user, comprising:
- obtaining user information comprising the confidential data from a digital identity for the user;
  
  wherein the digital identity comprises a managed digital identity, and wherein the step of obtaining comprises;
  
  identifying an object maintained on the computer that is associated with the managed digital identity;
  
  requesting a token from an identity provider representing the managed digital identity; and
  
  extracting one or more claims comprising the user information from the token;
  
  generating a rule that provides a secure representation of the user information; and
  
  searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the digital identity comprises a self-issued digital identity, and wherein the step of obtaining comprises:
    - obtaining an object maintained on the computer, the object representing the self-issued digital identity; and
      
      extracting one or more claims comprising the user information from the object.
  - 3. The method of claim 1, wherein the digital identity comprises a managed digital identity, and wherein the step of obtaining comprises:
    - obtaining a token generated by an identity provider for an undisclosed transaction with a relying party, the token representing the managed digital identity;
      
      extracting one or more claims comprising the user information from the token.
  - 4. The method of claim 3, further comprising:
    - linking the rule to an object maintained on the computer that is associated with the managed digital identity.
  - 5. The method of claim 1, wherein the step of searching comprises:
    - searching all existing files stored on the storage system using the rule; and
      
      searching, in real time, each newly created file and each of the existing files that has been modified using the rule.
  - 6. The method of claim 1, wherein the user information includes authentication information used to authenticate the digital identity.
  - 7. The method of claim 1, wherein the secure representation comprises a hash of the user information.

8. Apparatus for searching a computer for confidential data related to a user, comprising:
- means for obtaining user information comprising the confidential data from a digital identity for the user wherein the digital identity comprises a managed digital identity, and wherein the means for obtaining comprises;
  
  means for identifying an object maintained on the computer that is associated with the managed digital identity;
  
  means for requesting a token from an identity provider representing the managed digital identity; and
  
  means for extracting one or more claims comprising the user information from the token;
  
  means for generating a rule that provides a secure representation of the user information; and
  
  means for searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, wherein the digital identity comprises a self-issued digital identity, and wherein the means for obtaining comprises:
    - means for obtaining an object maintained on the computer, the object representing the self-issued digital identity; and
      
      means for extracting one or more claims comprising the user information from the object.
  - 10. The apparatus of claim 9, wherein the digital identity comprises a managed digital identity, and wherein the means for obtaining comprises:
    - means for obtaining a token generated by an identity provider for an undisclosed transaction with a relying party, the token representing the managed digital identity;
      
      means for extracting one or more claims comprising the user information from the token.
  - 11. The apparatus of claim 10, further comprising:
    - means for linking the rule to an object maintained on the computer that is associated with the managed digital identity.
  - 12. The apparatus of claim 8, wherein the means for searching comprises:
    - means for searching all existing files stored on the storage system using the rule; and
      
      means for searching, in real time, each newly created file and each of the existing files that has been modified using the rule.

13. A computer system, comprising:
- a storage system configured to store files;
  
  an identity manager configured to manage a digital identity for a user; and
  
  a security agent configured to;
  
  obtain user information comprising confidential data from the digital identity, wherein the digital identity is a managed digital identity;
  
  generate a rule that provides a secure representation of the user information;
  
  search the storage system using the rule to detect one or more instances of the user information within at least one file;
  
  link the rule to the object;
  
  identify an object maintained on the computer that is associated with the managed digital identity;
  
  request a token from an identity provider representing the managed digital identity; and
  
  extract one or more claims comprising the user information from the token; and
  
  an identity store configured to store an object associated with the digital identity.
- View Dependent Claims (14, 15, 16)
- - 14. The computer system of claim 13, wherein the security agent is configured to:
    - search all existing ones of the files stored on the storage system using the rule; and
      
      search, in real time, each newly created one of the files and each of the files that has been modified using the rule.
  - 15. The computer system of claim 13, wherein the user information includes authentication information used to authenticate the digital identity.
  - 16. The computer system of claim 13, wherein the secure representation comprises a hash of the user information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Hernacki, Brian
Primary Examiner(s)
Thai; Hanh B

Application Number

US11/729,397
Time in Patent Office

1,532 Days
Field of Search

707 3- 9, 707/706, 707/720, 713164-165, 713/172, 713/185
US Class Current

707/706
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

Method and apparatus for searching a storage system for confidential data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for searching a storage system for confidential data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links