Methods for automatic categorization of internal and external communication for preventing data loss

US 8,051,187 B2
Filed: 12/22/2008
Issued: 11/01/2011
Est. Priority Date: 12/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method, executing on hardware, for automatic categorization of internal and external communication, the method comprising the steps of:

(a) defining groups of entities that use hardware to transmit data;

(b) monitoring data flow of said groups;

(c) extracting said data, from said data flow, for learning traffic-flow characteristics of said groups;

(d) classifying said data into group flows;

(e) upon said data being transmitted, checking said data to determine whether said data is designated as group-internal; and

(f) if said data is designated as group-internal;

blocking said transmission of said data beyond said group to which said data is group-internal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods for automatic categorization of internal and external communication, the method including the steps of: defining groups of entities that transmit data; monitoring data flow of the groups; extracting the data, from the data flow, for learning traffic-flow characteristics of the groups; classifying the data into group flows; upon the data being transmitted, checking the data to determine whether the data is designated as group-internal; and blocking data traffic for data that is group-internal. Preferably, the step of monitoring includes assigning data weights to the data using Bayesian methods. Most preferably, the step of classifying includes classifying the data using Bayesian methods for evaluating the data weights. Preferably, the step of blocking includes blocking data traffic between members of two or more groups. Preferably, the method further includes the step of: enabling an authorized entity to unblock the data traffic.

41 Citations

View as Search Results

16 Claims

1. A method, executing on hardware, for automatic categorization of internal and external communication, the method comprising the steps of:
- (a) defining groups of entities that use hardware to transmit data;
  
  (b) monitoring data flow of said groups;
  
  (c) extracting said data, from said data flow, for learning traffic-flow characteristics of said groups;
  
  (d) classifying said data into group flows;
  
  (e) upon said data being transmitted, checking said data to determine whether said data is designated as group-internal; and
  
  (f) if said data is designated as group-internal;
  
  blocking said transmission of said data beyond said group to which said data is group-internal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said step of defining is performed by manually designating said entities.
  - 3. The method of claim 1, wherein said step of defining is performed by automatically extracting said entities from a database according to a grouping rule.
  - 4. The method of claim 1, wherein said data flow includes at least one data object selected from the group consisting of:
    - an e-mail message, an instant message, an EDI (Electronic Data Interchange) transaction, a business-to-business message, and an ebXML (Electronic Business using eXtensible Markup Language) message.
  - 5. The method of claim 1, wherein said step of monitoring includes assigning data weights to said data using Bayesian methods.
  - 6. The method of claim 5, wherein said step of classifying includes classifying said data using Bayesian methods for evaluating said data weights.
  - 7. The method of claim 1, wherein said step of blocking includes blocking said transmission of said data between members of two or more groups.
  - 8. The method of claim 1, the method further comprising the step of:
    - (g) enabling an authorized entity to unblock said transmission of said data.

9. A non-transitory computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for defining groups of entities that use hardware to transmit data;
  
  (b) program code for monitoring data flow of said groups;
  
  (c) program code for extracting said data, from said data flow, for learning traffic-flow characteristics of said groups;
  
  (d) program code for classifying said data into group flows;
  
  (e) program code for, upon said data being transmitted, checking said data to determine whether said data is designated as group-internal; and
  
  (f) program code for;
  
  if said data is designated as group-internal;
  
  blocking said transmission of said data beyond said group to which said data is group-internal.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The storage medium of claim 9, wherein said program code for defining is operative to enable said entities to be manually designated.
  - 11. The storage medium of claim 9, wherein said program code for defining is operative to automatically extract said entities from a database according to a grouping rule.
  - 12. The storage medium of claim 9, wherein said data flow includes at least one data object selected from the group consisting of:
    - an e-mail message, an instant message, an EDI (Electronic Data Interchange) transaction, a business-to-business message, and an ebXML (Electronic Business using extensible Markup Language) message.
  - 13. The storage medium of claim 9, wherein said program code for monitoring includes program code for assigning data weights to said data using Bayesian methods.
  - 14. The storage medium of claim 13, wherein said program code for classifying includes program code for classifying said data using Bayesian methods for evaluating said data weights.
  - 15. The storage medium of claim 9, wherein said program code for blocking includes program code for blocking said transmission of said data between members of two or more said groups.
  - 16. The storage medium of claim 9, the computer-readable code further comprising:
    - (g) program code for enabling an authorized entity to unblock said transmission of said data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
Noy, Tomer, Bialik, Uri, Kantor, Alon, Kirsch, Yoav
Primary Examiner(s)
Coulter; Kenneth R

Application Number

US12/340,830
Publication Number

US 20100161830A1
Time in Patent Office

1,044 Days
Field of Search

709/224, 709/225, 709220-222, 709/229, 706/14, 706/12, 706/45, 726/4, 726 26- 30
US Class Current

709/229
CPC Class Codes

H04L 12/185   with management of multicas...

H04L 43/026   using flow identification

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/104   Grouping of entities

Y02D 30/50   in wire-line communication ...

Methods for automatic categorization of internal and external communication for preventing data loss

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for automatic categorization of internal and external communication for preventing data loss

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links