Method and apparatus for handling messages containing pre-selected data

US 8,011,003 B2
Filed: 02/14/2005
Issued: 08/30/2011
Est. Priority Date: 02/14/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

monitoring, by a computer system, messages transmitted via a network for presence of pre-selected data, the pre-selected data from a source having a tabular structure;

upon determining, by the computer system, that a header of an original message transmitted by a sender via the network indicates that the original message is to be searched for pre-selected data, searching, by the computer system, the original message for data fragments that match elements of the pre-selected data from at least one random row within the tabular structure of the source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network, and preventing, by the computer system, an unauthorized transmission of the original message that includes the pre-selected data to a recipient to prevent loss of the security-sensitive information; and

upon determining, by the computer system, that the header of the original message transmitted by the sender indicates that the original message is not to be searched, facilitating an authorized transmission of the original message to the recipient without searching the original message transmitted by the sender for the pre-selected data and regardless of the presence of the pre-selected data in the original message transmitted by the sender.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for blocking messages containing pre-selected data is described. In one embodiment, the method includes determining that a message transmitted to a recipient via a network includes pre-selected data. The pre-selected data contains information from at least one random row within the tabular structure of source data. The method further includes preventing an unauthorized transmission of the pre-selected data to the recipient.

Citations

21 Claims

1. A method comprising:
- monitoring, by a computer system, messages transmitted via a network for presence of pre-selected data, the pre-selected data from a source having a tabular structure;
  
  upon determining, by the computer system, that a header of an original message transmitted by a sender via the network indicates that the original message is to be searched for pre-selected data, searching, by the computer system, the original message for data fragments that match elements of the pre-selected data from at least one random row within the tabular structure of the source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network, and preventing, by the computer system, an unauthorized transmission of the original message that includes the pre-selected data to a recipient to prevent loss of the security-sensitive information; and
  
  upon determining, by the computer system, that the header of the original message transmitted by the sender indicates that the original message is not to be searched, facilitating an authorized transmission of the original message to the recipient without searching the original message transmitted by the sender for the pre-selected data and regardless of the presence of the pre-selected data in the original message transmitted by the sender.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein preventing the unauthorized transmission of the pre-selected data to the recipient comprises:
    - blocking a transmission of the message to the recipient.
  - 3. The method of claim 2 further comprising:
    - notifying at least one of a sender and the recipient of the blocking.
  - 4. The method of claim 1 wherein preventing the unauthorized transmission of the pre-selected data to the recipient comprises:
    - rerouting the message to at least one of a quarantine server and an archiving server.
  - 5. The method of claim 4 further comprising:
    - receiving from the quarantine server an indication that the message is part of an authorized business process; and
      
      transmitting the message to the recipient.
  - 6. The method of claim 4 further comprising:
    - receiving from the quarantine server an indication that the message is not part of an authorized business process; and
      
      blocking a transmission of the message to the recipient.
  - 7. The method of claim 4 wherein the quarantine server keeps the message for a specific period of time or until a specified time.
  - 8. The method of claim 1 further comprising:
    - sending a copy of the message to an alternate site.
  - 9. The method of claim 1 wherein preventing the unauthorized transmission of the pre-selected data to the recipient comprises:
    - injecting into a communication stream additional network packets that terminate a transmission of the message.
  - 10. The method of claim 1 wherein preventing the unauthorized transmission of the pre-selected data to the recipient comprises:
    - re-routing the message through a network segment with at least one higher level of channel security.
  - 11. The method of claim 1 wherein preventing the unauthorized transmission of the pre-selected data to the recipient comprises:
    - applying at least one action to the message according to a message action policy that specifies the at least one action to be applied to the message if one or more rules of the message action policy are satisfied.
  - 12. The method of claim 11 wherein the one or more rules of the message action policy are selected from the group consisting ofone or more rules pertaining to the pre-selected data,one or more rules pertaining to characteristics of the at least one action,a rule specifying an expression pattern,a rule specifying a message attachment type,a rule specifying a message attachment size,a rule specifying a sender identifier pattern,a rule specifying a recipient identifier pattern,a rule specifying keywords,a rule specifying a file attachment name pattern,a rule specifying a protocol to carry the message, anda rule specifying a newsgroup name.
  - 13. The method of claim 11 wherein the message action policy comprises an exception clause identifying an exception to the one or more rules.
  - 14. The method of claim 13 wherein the exception clause declares at least one of a sender and a recipient authorized to have access to the pre-selected data.
  - 15. The method of claim 11 wherein the message action policy specifies additional conditions for triggering at least one action, the additional conditions pertaining to historical data associated with at least one of a sender and the recipient.
  - 16. The method of claim 1 wherein the message is any one of an outbound message, an inbound message and an internal message.
  - 17. The method of claim 1 wherein the message is any one of an email message, an instant messaging (IM) message, a message exchange during a telnet session, a message exchanged during a file transfer protocol (FTP) session, a message exchanged during a hypertext transfer protocol (HTTP) session, a message exchanged during a simple object access protocol (SOAP) session, a message exchanged during a transmission control protocol/Internet protocol (TCP/IP) session, a message exchanged during a user datagram protocol (UDP) session, a message exchanged during an Ethernet session, and a message exchanged during a 801.11 session.

18. A method comprising:
- monitoring, by a computer system, messages transmitted via a network for presence of pre-selected data, the pre-selected data from a source having a tabular structure;
  
  determining, by the computer system, that a header of a message for transmission to a recipient via the network indicates that the message is to be searched for pre-selected data;
  
  searching, by the computer system, the message for data fragments that match elements of the pre-selected data from at least one random row within the tabular structure of the source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network; and
  
  applying at least one action to the message according to a message action policy that specifies the at least one action to be applied to the message if one or more rules of the message action policy are satisfied, wherein the message action policy comprises an exception clause identifying an exception to the one or more rules and the exception clause requires that a message contain a header identifying the message as marketing material to be sent to the recipient without being searched for the pre-selected data.

19. An apparatus comprising:
- means for monitoring messages transmitted via a network for presence of pre-selected data, the pre-selected data from a source having a tabular structure;
  
  means for determining whether a header of an original message transmitted by a sender via the network indicates that the original message is to be searched for pre-selected data;
  
  means for searching the original message for data fragments that match elements of the pre-selected data, the pre-selected data being from at least one random row within the tabular structure of the source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network, upon determining that the header of the original message transmitted by the sender indicates that the original message is to be searched, and means for preventing an unauthorized transmission of the original message that includes the pre-selected data to a recipient to prevent loss of the security-sensitive information; and
  
  means for facilitating an authorized transmission of the original message to the recipient without searching the original message for the pre-selected data and regardless of the presence of the pre-selected data in the original message transmitted by the sender upon determining that the header of the original message transmitted by the sender indicates that the original message is not to be searched.

20. A system comprising:
- a memory to store information pertaining to pre-selected data and instructions for data loss prevention; and
  
  a processor, coupled to the memory, to execute the instructions, wherein the instructions cause the processor to monitor messages transmitted via a network for presence of pre-selected data, upon a determination that a header of a monitored message for transmission to a recipient via the network indicates that the monitored message is to be searched for pre-selected data, to search the monitored message for data fragments that match elements of the pre-selected data, the pre-selected data being from at least one random row within a tabular structure of a source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network, and to block the monitored message for preventing an unauthorized transmission of the pre-selected data to the recipient to prevent loss of the security-sensitive information, and upon a determination that the header of the monitored message identifies the message as marketing material, to facilitate an authorized transmission of the monitored message to the recipient without searching the monitored message for the pre-selected data.

21. A non-transitory computer readable storage medium that provides instructions, which when executed on a processing system cause the processing system to perform a method comprising:
- monitoring messages transmitted via a network for presence of pre-selected data, the pre-selected data from a source having a tabular structure;
  
  upon determining that a header of an original message transmitted by a sender via the network indicates that the original message is to be searched for pre-selected data, searching the original message for data fragments that match elements of the pre-selected data, the pre-selected data being from at least one random row within the tabular structure of the source, the pre-selected data including security-sensitive information to be protected from being transmitted via the network, and preventing an unauthorized transmission of the original message that includes the pre-selected data to a recipient to prevent loss of the security-sensitive information; and
  
  upon determining that the header of the original message transmitted by the sender indicates that the original message is not to be searched, facilitating an authorized transmission of the original message to the recipient without searching the original message transmitted by the sender for the pre-selected data and regardless of the presence of the pre-selected data in the original message transmitted by the sender.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bothwell, Eric, Fridman, Vitali, Rowney, Kevin T.
Primary Examiner(s)
Abrishamkar; Kaveh

Application Number

US11/057,988
Publication Number

US 20060224589A1
Time in Patent Office

2,388 Days
Field of Search

None
US Class Current

726/13
CPC Class Codes

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

Method and apparatus for handling messages containing pre-selected data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for handling messages containing pre-selected data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links