Methods and systems for normalizing data loss prevention categorization information

US 8,060,596 B1
Filed: 03/31/2009
Issued: 11/15/2011
Est. Priority Date: 12/26/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for normalizing data-loss-prevention categorization information, at least a portion of the method being performed by a computing system comprising at least one processor, the method comprising:

identifying a data object at a first time;

applying a set of data-loss-prevention rules to the data object to determine a set of categorizations of the data object;

distinguishing a set of content-based categorizations in the set of categorizations from a set of context-based categorizations in the set of categorizations;

storing the set of content-based categorizations;

applying, based on the set of categorizations, a first data-loss-prevention policy to the data object;

identifying the data object at a second time;

reusing the set of content-based categorizations to apply a second data-loss-prevention policy to the data object, wherein reusing the set of content-based categorizations to apply the second data-loss-prevention policy to the data object comprises;

determining a new set of context-based categorizations of the data object at the second time;

forming a new set of categorizations based on the new set of context-based categorizations and the set of content-based categorizations; and

applying, based on the new set of categorizations, the second data-loss-prevention policy to the data object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for normalizing data-loss-prevention categorization information, at least a portion of the method being performed by a computing system comprising at least one processor, may identify a data object at a first time. The method may apply a first version of a set of data-loss-prevention rules to the data object to determine a set of categorizations of the data object. The method may distinguish a set of content-based categorizations in the set of categorizations from a set of context-based categorizations in the set of categorizations. The method may apply, based on the set of categorizations, a first data-loss-prevention policy to the data object. The method may identify the data object at a second time, and apply, based on the set of content-based categorizations, a second data-loss-prevention policy to the data object. Various other methods, systems, and computer-readable media are also disclosed.

72 Citations

View as Search Results

19 Claims

1. A computer-implemented method for normalizing data-loss-prevention categorization information, at least a portion of the method being performed by a computing system comprising at least one processor, the method comprising:
- identifying a data object at a first time;
  
  applying a set of data-loss-prevention rules to the data object to determine a set of categorizations of the data object;
  
  distinguishing a set of content-based categorizations in the set of categorizations from a set of context-based categorizations in the set of categorizations;
  
  storing the set of content-based categorizations;
  
  applying, based on the set of categorizations, a first data-loss-prevention policy to the data object;
  
  identifying the data object at a second time;
  
  reusing the set of content-based categorizations to apply a second data-loss-prevention policy to the data object, wherein reusing the set of content-based categorizations to apply the second data-loss-prevention policy to the data object comprises;
  
  determining a new set of context-based categorizations of the data object at the second time;
  
  forming a new set of categorizations based on the new set of context-based categorizations and the set of content-based categorizations; and
  
  applying, based on the new set of categorizations, the second data-loss-prevention policy to the data object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, further comprising:
    - before applying the second data-loss-prevention policy to the data object, determining that the set of data-loss-prevention rules, as it existed at the first time, is applicable to the data object.
  - 3. The computer-implemented method of claim 2, further comprising:
    - determining a difference between a first state of the set of data-loss-prevention rules at the first time and a second state of the set of data-loss-prevention rules at the second time, wherein determining that the first version of the set of data-loss-prevention rules is applicable to the data object comprises determining that the difference is below a predefined threshold.
  - 4. The computer-implemented method of claim 3, wherein:
    - the difference comprises a difference between the first time and the second time.
  - 5. The computer-implemented method of claim 3, wherein:
    - the difference between the first and second states of the set of data-loss-prevention rules comprises a distance between the first and second states of the set of data-loss-prevention rules.
  - 6. The computer-implemented method of claim 1, further comprising:
    - including the set of content-based categorizations with the data object as metadata of the data object.
  - 7. The computer-implemented method of claim 1, wherein applying the first version of the set of data-loss-prevention rules to the data object comprises:
    - parsing a protocol of the data object;
      
      extracting, based on the protocol, content of the data object;
      
      comparing the content of the data object to the set of data-loss-prevention rules.
  - 8. The computer-implemented method of claim 1, further comprising:
    - calculating a signature for content of the data object;
      
      associating the signature with one or more rules from the set of data-loss-prevention rules.
  - 9. The computer-implemented method of claim 1, further comprising:
    - discarding the set of context-based categorizations;
      
      storing the set of content-based categorizations for later use.
  - 10. The computer-implemented method of claim 1, wherein the first data-loss-prevention policy comprises the second data-loss-prevention policy.
  - 11. The computer-implemented method of claim 1, tangibly embodied as computer-readable instructions on at least one non-transitory computer-readable-storage medium.

12. A computer-implemented method for normalizing data-loss-prevention categorization information, at least a portion of the method being performed by a computing system comprising at least one processor, the method comprising:
- identifying a data object at a first time;
  
  applying a first version of a set of data-loss-prevention rules to the data object to determine a set of categorizations of the data object;
  
  distinguishing a set of content-based categorizations in the set of categorizations from a set of context-based categorizations in the set of categorizations;
  
  applying, based on the set of categorizations, a first data-loss-prevention policy to the data object;
  
  identifying the data object at a second time;
  
  determining a difference between a first state of the set of data-loss-prevention rules at the first time and a second state of the set of data-loss-prevention rules at the second time;
  
  determining, based on the difference, whether to use the set of content-based categorizations to apply a second data-loss-prevention policy to the data object;
  
  reusing the set of content-based categorizations to apply the second data-loss-prevention policy to the data object, wherein reusing the set of content-based categorizations to apply the second data-loss-prevention policy to the data object comprises;
  
  determining a new set of context-based categorizations of the data object at the second time;
  
  forming a new set of categorizations based on the new set of context-based categorizations and the set of content-based categorizations; and
  
  applying, based on the new set of categorizations, the second data-loss-prevention policy to the data object.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-implemented method of claim 12, further comprising:
    - if the difference is below a predetermined threshold, using the set of content-based categorizations to apply the second data-loss-prevention policy to the data object;
      
      if the difference is above the predetermined threshold, updating the set of categorizations.
  - 14. The computer-implemented method of claim 12, further comprising at least one of:
    - caching the set of content-based categorizations;
      
      including the set of content-based categorizations with the data object as metadata of the data object.
  - 15. The computer-implemented method of claim 12, wherein the difference comprises at least one of:
    - a difference between the first time and the second time;
      
      a distance between the first and second states of the set of data-loss-prevention rules.
  - 16. The computer-implemented method of claim 12, tangibly embodied as computer-readable instructions on at least one non-transitory computer-readable-storage medium.

17. A system for normalizing data-loss-prevention categorization information, the system comprising:
- at least one processor;
  
  an identification module programmed to cause the at least one processor to identify a data object at a first time and a second time;
  
  a content-extraction module programmed to cause the at least one processor to extract content from the data object;
  
  a content-matching module programmed to cause the at least one processor to apply a first version of a set of data-loss-prevention rules to the data object to determine a set of categorizations of the data object;
  
  a categorization-normalization module programmed to cause the at least one processor to distinguish a set of content-based categorizations in the set of categorizations from a set of context-based categorizations in the set of categorizations;
  
  an enforcement module programmed to cause the at least one processor to apply, based on the set of categorizations, a first data-loss-prevention policy to the data object;
  
  an applicability module programmed to;
  
  determine a difference between a first state of the set of data-loss-prevention rules at the first time and a second state of the set of data-loss-prevention rules at the second time;
  
  determine, based on the difference, whether to use the set of content-based categorizations to apply a second data-loss-prevention policy to the data object;
  
  wherein the enforcement module is programmed to;
  
  reuse the set of content-based categorizations to apply the second data-loss-prevention policy to the data object, wherein the enforcement module is programmed to reuse the set of content-based categorizations to apply the second data-loss-prevention policy to the data object by;
  
  determining a new set of context-based categorizations of the data object at the second time;
  
  forming a new set of categorizations based on the new set of context-based categorizations and the set of content-based categorizations; and
  
  applying, based on the new set of categorizations, the second data-loss-prevention policy to the data object.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the applicability module is programmed to cause the at least one processor to perform at least one of:
    - if the difference is below a predetermined threshold, using the set of content-based categorizations to apply the second data-loss-prevention policy to the data object;
      
      if the difference is above the predetermined threshold, updating the set of categorizations.
  - 19. The system of claim 17, wherein the categorization-normalization module is programmed to cause the at least one processor to perform at least one of:
    - caching the set of content-based categorizations;
      
      including the set of content-based categorizations with the data object as metadata of the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Tsibulya, Aleksey, Wootton, Bruce, Dandliker, Richard, Bruening, Oskar, Kessler, Dirk
Primary Examiner(s)
Chan; Wing
Assistant Examiner(s)
Yi; David

Application Number

US12/415,329
Time in Patent Office

959 Days
Field of Search

709/223, 709/246, 713/176, 726/1
US Class Current

709/223
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Methods and systems for normalizing data loss prevention categorization information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for normalizing data loss prevention categorization information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links