Systems and methods for protecting sensitive data

US 8,195,939 B2
Filed: 01/12/2007
Issued: 06/05/2012
Est. Priority Date: 01/12/2007
Status: Active Grant

First Claim

Patent Images

1. A method for filtering a message comprising:

receiving the message including a plurality of information elements, at least one of the plurality of information elements having message information and belonging to at least one of a plurality of predefined classes of information elements;

receiving security data related to a destination;

selecting a configuration file based on the security data related to the destination, the configuration file comprising a settings section for indicating a behavior of filtering the message, and at least one section including a target class corresponding to the behavior of filtering;

using the selected configuration file to select, by a processor, at least one of the plurality of information elements belonging to a predefined class corresponding to the target class, the target class including classes of information elements selected for filtering; and

filtering, by the processor, any message information in the message corresponding to the selected information elements to provide a filtered message for transmission to the destination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for protecting sensitive data. In one implementation, a message is received that includes a plurality of information elements, at least one of the plurality of information elements having message information and belonging to at least one of a plurality of predefined classes of information elements. At least one of the plurality of information elements may be selected that belongs to a predefined class corresponding to a target class, the target class including classes of information elements selected for removal. Further, any message information corresponding to the selected information elements may be removed to protect sensitive data.

19 Citations

View as Search Results

20 Claims

1. A method for filtering a message comprising:
- receiving the message including a plurality of information elements, at least one of the plurality of information elements having message information and belonging to at least one of a plurality of predefined classes of information elements;
  
  receiving security data related to a destination;
  
  selecting a configuration file based on the security data related to the destination, the configuration file comprising a settings section for indicating a behavior of filtering the message, and at least one section including a target class corresponding to the behavior of filtering;
  
  using the selected configuration file to select, by a processor, at least one of the plurality of information elements belonging to a predefined class corresponding to the target class, the target class including classes of information elements selected for filtering; and
  
  filtering, by the processor, any message information in the message corresponding to the selected information elements to provide a filtered message for transmission to the destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the the setting section comprises configuration data specifying the target class, andfurther wherein the using the selected configuration file to select at least one information element comprises selecting information elements included in the target class specified in the configuration data.
  - 3. The method of claim 1, wherein the configuration file comprises configuration data specifying the target class and a non-target class, the non-target class including at least one of the plurality of predefined classes of information elements, and further wherein the using the selected configuration to select at least one information element comprises selecting only the information elements included in the target class.
  - 4. The method of claim 1, wherein the configuration file comprises configuration data specifying the target class and at least one non-target class, the non-target class including at least one of the plurality of predefined classes of information elements, and further wherein the using the selected configuration to select at least one information element comprises selecting all information elements except the information elements included in the at least one non-target class.
  - 5. The method of claim 1, wherein the predefined class corresponds to a security classification of an information element.
  - 6. The method of claim 1, wherein filtering the message information comprises deleting the message information.
  - 7. The method of claim 1, wherein filtering the message information comprises deleting the selected information element.
  - 8. The method of claim 1, wherein filtering the message information comprises replacing the information with dummy information.
  - 9. The method of claim 1, wherein the predefined classes are indicated by extensible markup language tags.

10. A system for protecting sensitive data in a message, comprising:
- a processor; and
  
  a program stored in a computer-readable medium and when executed by the processor, operable to;
  
  receive a message including a plurality of information elements, at least one of the plurality of information elements having message information and belonging to at least one of a plurality of predefined classes of information elements,receive security data related to a destination;
  
  select a configuration file based on the security data related to the destination, the configuration file comprising a settings section for indicating a behavior of filtering the message, and at least one section including a target class corresponding to the behavior of filtering;
  
  select, based on the selected configuration file, at least one of the plurality of information elements belonging to a predefined class corresponding to the target class, the target class including classes of information elements selected for filter, andfilter any message information corresponding to the selected information elements to protect sensitive data in the original message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the setting section comprises configuration data specifying the target class, and the program is further operable to select information elements included in the target class.
  - 12. The system of claim 10, wherein the setting section comprises configuration data specifying the target class and a non-target class, the non-target class including at least one of the plurality of predefined classes of information elements, and the program is further operable to select only the information elements included in the target class.
  - 13. The system of claim 10, wherein the setting section comprises configuration data specifying the target class and at least one non-target class, the non-target class including at least one of the plurality of predefined classes of information elements, and the program is further operable to select all information elements except the information elements included in the at least one non-target class.
  - 14. The system of claim 10, wherein the predefined class corresponds to a security classification of an information element.
  - 15. The system of claim 10, wherein the program is operable to delete the message information.
  - 16. The system of claim 10, wherein the program is operable to delete the selected information element.
  - 17. The system of claim 10, wherein the program is operable to replace the information with dummy information.
  - 18. The system of claim 10, wherein the predefined classes are indicated by extensible markup language tags.

19. A method for removing confidential information from a message, comprising:
- receiving a confidential message including a plurality of information elements, at least one of the plurality of information elements having message information and belonging to at least one of a plurality of predefined classes of information elements;
  
  receiving security data related to a destination;
  
  selecting a configuration file based on the security data related to the destination, the configuration file comprising a first section indicating a class of information elements for removal from the message and a second section indicating a class of information elements for retention in the message, the class of information elements for removal comprises at least one of the plurality of predefined classes and includes confidential message information, and the class of information elements for retention comprises at least another of the plurality of predefined classes;
  
  using the selected configuration file to select, by a processor, information elements belonging to the class indicated for removal; and
  
  removing, by the processor, any message information corresponding to the selected information elements.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the message is encoded in extensible markup language format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Reinart, Manfred, Steltz, Jan-Erik
Primary Examiner(s)
Lipman, Jacob

Application Number

US11/652,535
Publication Number

US 20080172745A1
Time in Patent Office

1,971 Days
Field of Search

713/166
US Class Current

713/166
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 21/6245 Protecting personal data, e...

Systems and methods for protecting sensitive data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protecting sensitive data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links