Confidential data protection through usage scoping

US 8,161,561 B1
Filed: 09/17/2010
Issued: 04/17/2012
Est. Priority Date: 10/05/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting confidential data, the method executed by a computer and comprising:

using the computer to monitor data the computer attempts to communicate to a website;

identifying within the monitored data a data string;

categorizing the data string with a description that describes a pattern of previous usage of the data string with other websites;

locating a website characteristic profile for the website, the web site characteristic profile describing a pattern of previous usage of the website;

comparing the website characteristic profile with the data string'"'"'s categorization to determine whether the pattern of previous usage of the data string matches the pattern of previous usage of the website;

responsive to the comparison indicating that the pattern of previous usage of the data string matches the pattern of previous usage of the website, allowing communication of the data string to the website; and

responsive to the comparison indicating that the pattern of previous usage of the data string does not match the pattern of previous usage of the website, blocking communication of the data string to the website.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses, and computer-readable media for protecting confidential data on a network. An embodiment of the inventive method comprises the steps of: monitoring 110 data directed to a website; identifying 120 a data string having at least one confidential characteristic; categorizing the data string with a categorization level; examining 140 the website for at least one characteristic consistent with confidential data; creating 155 a website characteristic profile; comparing 170 the website characteristic profile with the data string'"'"'s categorization level for compatibility; and determining 180 whether the data string can be communicated to the website.

Citations

20 Claims

1. A computer-implemented method for protecting confidential data, the method executed by a computer and comprising:
- using the computer to monitor data the computer attempts to communicate to a website;
  
  identifying within the monitored data a data string;
  
  categorizing the data string with a description that describes a pattern of previous usage of the data string with other websites;
  
  locating a website characteristic profile for the website, the web site characteristic profile describing a pattern of previous usage of the website;
  
  comparing the website characteristic profile with the data string'"'"'s categorization to determine whether the pattern of previous usage of the data string matches the pattern of previous usage of the website;
  
  responsive to the comparison indicating that the pattern of previous usage of the data string matches the pattern of previous usage of the website, allowing communication of the data string to the website; and
  
  responsive to the comparison indicating that the pattern of previous usage of the data string does not match the pattern of previous usage of the website, blocking communication of the data string to the website.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the using the computer to monitor data comprises tracking user inputs.
  - 3. The method of claim 1, wherein the data string comprises financial information.
  - 4. The method of claim 1, wherein the data string comprises personal information.
  - 5. The method of claim 1, wherein the data string comprises security information.
  - 6. The method of claim 1, wherein the categorizing the data string further comprises categorizing the data string with a categorization of requiring transmission via secure communication.
  - 7. The method of claim 1, wherein the categorizing the data string further comprises categorizing the data string with a categorization of requiring transmission to certified websites.
  - 8. The method of claim 1, wherein the categorizing the data string further comprises retrieving a predetermined data string categorization list.
  - 9. The method of claim 8, wherein the categorizing the data string further comprises adding the data string to the predetermined data string categorization list.
  - 10. The method of claim 1, wherein the categorizing the data string further comprises selecting a default categorization based on usage of the data string.
  - 11. The method of claim 1, wherein the categorizing the data string further comprises categorizing the data string using a user-specified categorization.
  - 12. The method of claim 1, further comprising:
    - generating a data string categorization list comprising a plurality of data strings, each data string having an associated categorization describing usage of the data string with other websites; and
      
      updating the categorization of each data string in the data string categorization list based on the pattern of usage of the data string within the website.
  - 13. The method of claim 1, wherein the website characteristic profile comprises geo-location data associated with the website.
  - 14. The method of claim 1, wherein the website characteristic profile for the website further describes characteristics of intended usage of the website by a user of the computer.
  - 15. The method of claim 1, wherein the monitored data comprises data entered by a user into a form of a web page provided by the website for making financial transactions in the website.

16. At least one non-transitory computer-readable storage medium containing executable computer program instructions for protecting confidential information, the computer program instructions performing the steps of:
- monitoring data a computer attempts to communicate to a website;
  
  identifying within the monitored data a data string;
  
  categorizing the data string with a description that describes a pattern of previous usage of the data string with other websites;
  
  locating a website characteristic profile for the website, the web site characteristic profile describing a pattern of previous usage of the website;
  
  comparing the website characteristic profile with the data string'"'"'s categorization to determine whether the pattern of previous usage of the data string matches the pattern of previous usage of the website;
  
  responsive to the comparison indicating that the pattern of previous usage of the data string matches the pattern of previous usage of the website, allowing communication of the data string to the website; and
  
  responsive to the comparison indicating that the pattern of previous usage of the data string does not match the pattern of previous usage of the website, blocking communication of the data string to the website.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The at least one non-transitory computer-readable storage medium of claim 16, wherein the categorizing the data string further comprises retrieving a predetermined data string categorization list.
  - 18. The at least one non-transitory computer-readable storage medium of claim 17, wherein the categorizing comprises adding the data string to the predetermined data string categorization list.
  - 19. The at least one non-transitory computer-readable storage medium of claim 16, wherein the categorizing the data string further comprises selecting a default categorization based on usage of the data string.
  - 20. The at least one non-transitory computer-readable medium of claim 16, further comprising:
    - generating a data string categorization list comprising a plurality of data strings, each data string having an associated categorization describing usage of the data string with other websites; and
      
      updating the categorization of each data string in the data string categorization list based on the pattern of usage of the data string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E., McCorkendale, Bruce, Willey, Richard
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Su, Sarah

Application Number

US12/885,166
Time in Patent Office

578 Days
Field of Search

726/26, 726/30, 705/26, 705/51, 709/225
US Class Current

726/26
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 30/00   Commerce

G06Q 30/0633   Lists, e.g. purchase orders...

Confidential data protection through usage scoping

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential data protection through usage scoping

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links