System and method for controlling and tracking network content flow

US 8,233,388 B2
Filed: 05/30/2006
Issued: 07/31/2012
Est. Priority Date: 05/30/2006
Status: Active Grant

First Claim

Patent Images

1. A system for controlling a flow of information content in a secure network, said system comprising:

a tracking module, for storing;

a sensitivity level of information content; and

a location of said information content with respect to said system;

wherein the tracking module is configured to statically track one or more locations of said information content responsive to a user input and dynamically track one or more locations of said information content responsive to reproduction commands or feedback from a discovery agent, or combinations thereof;

a marking module that receives said sensitivity level from said tracking module upon a call for said information content to be packetized in a packet with a packet header, wherein said packet header is associated with transmission of said information content through a secure network, wherein said marking module appends a sensitivity tag to said packet header associated with said information content in the packet according to said sensitivity level;

controlling said flow of said information content in the packet in said secure network according to said sensitivity tag; and

not approving a routing transaction, wherein the routing transaction involves an unauthorized request for the information content or unauthorized sending of the information content to a non-controlled domain or combinations thereof based on the sensitivity tag;

wherein said flow of said information content is controlled according to said sensitivity tag at Network Layer or Transport Layer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for controlling the flow of information content in a network are described. The system includes a tracking module that remembers a sensitivity level of the information content and a location of that information content with respect to the system. A marking module is included that receives the sensitivity level from the tracking module upon a call for the information content. The marking module marks a sensitivity tag in a packet header associated with the information content according to the sensitivity level. Flow of the information content in the network is controlled according to the sensitivity tag.

74 Citations

View as Search Results

24 Claims

1. A system for controlling a flow of information content in a secure network, said system comprising:
- a tracking module, for storing;
  
  a sensitivity level of information content; and
  
  a location of said information content with respect to said system;
  
  wherein the tracking module is configured to statically track one or more locations of said information content responsive to a user input and dynamically track one or more locations of said information content responsive to reproduction commands or feedback from a discovery agent, or combinations thereof;
  
  a marking module that receives said sensitivity level from said tracking module upon a call for said information content to be packetized in a packet with a packet header, wherein said packet header is associated with transmission of said information content through a secure network, wherein said marking module appends a sensitivity tag to said packet header associated with said information content in the packet according to said sensitivity level;
  
  controlling said flow of said information content in the packet in said secure network according to said sensitivity tag; and
  
  not approving a routing transaction, wherein the routing transaction involves an unauthorized request for the information content or unauthorized sending of the information content to a non-controlled domain or combinations thereof based on the sensitivity tag;
  
  wherein said flow of said information content is controlled according to said sensitivity tag at Network Layer or Transport Layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as recited in claim 1, wherein said information content is transmitted to a document repository where said sensitivity tag is removed from said information content, and wherein said document repository stores an association of said sensitivity level with said information content while said information content remains in said secure network.
  - 3. The system as recited in claim 1, wherein said tracking module receives said sensitivity level from a discovery agent that discovers said sensitivity level in said information content before said information content is packetized.
  - 4. The system as recited in claim 3, wherein said discovery agent discovers said sensitivity level by:
    - crawling through a plurality of pre-existing data;
      
      searching said plurality of pre-existing data for indicators of sensitivity therein; and
      
      assigning said sensitivity level based on said indicators.
  - 5. The system as recited in claim 1, wherein said tracking module receives said sensitivity level from a receiving module, wherein said receiving module detects said sensitivity level among incoming packets, wherein said receiving module extracts said sensitivity level from said packet header, and wherein said receiving module informs said tracking module as to said sensitivity level of incoming packets.
  - 6. The system as recited in claim 1, wherein said tracking module receives said sensitivity level from a user interface with which an author thereof classifies said information content according to said sensitivity level.
  - 7. The system as recited in claim 1, wherein said marking module comprises an application program interface for informing an application to perform marking directly and wherein, upon performing said marking, said application calls a network driver to allow said flow of said information content to said secure network.
  - 8. The system as recited in claim 1, further comprising a component that functions with said tracking module and allows management of said information content based on a life cycle characteristic thereof.
  - 9. The system as recited in claim 1, further comprising a system administrator module for promulgating a policy in said secure network that relates to said sensitivity level and said controlling said flow of information content based thereon.
  - 10. The system as recited in claim 1, wherein said information content and said packet header are packetized as a data packet, and wherein said data packet comprises an International Standards Organization'"'"'s Open Systems Interconnect (OSI) network protocol data packet.

11. A method, comprising:
- identifying information content that is called by a client device prior to packetizing said information content;
  
  encapsulating, by the client device, the information content in a packet with a packet header, wherein said packet header is added to said information content prior to said information content being transmitted over a controlled network;
  
  determining a sensitivity level of said information content;
  
  storing the sensitivity level of said information content;
  
  storing a location of said information content, wherein an associated tracking module configured to determine the location of the information content is configured to statically track the location of said information content responsive to a user input or dynamically track the location of said information content responsive to reproduction commands or feedback from a discovery agent, or combinations thereof;
  
  marking a sensitivity tag in said packet header according to said sensitivity level upon said call for said information content, wherein said packet header is marked with said sensitivity tag by said client device and wherein the sensitivity tag comprises data to be used by network devices to route said information content; and
  
  controlling a flow of said information content through said controlled network according to said sensitivity tag, wherein said flow of said information content is controlled at a Network Layer or a Transport Layer; and
  
  not approving a routing transaction through the controlled network, wherein the routing transaction is associated with an unauthorized request for the information content or an unauthorized request to send the packet including the information content to a non-controlled domain based on the sensitivity tag;
  
  wherein said controlling of the flow of said information content is controlled according to said sensitivity tag at Network Layer or Transport Layer.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method as recited in claim 11, further comprising assessing a fee to a user of said controlled network in exchange for said controlling.
  - 13. The method as recited in claim 11, further comprising discovering said sensitivity level in said information content wherein said information content comprises data that is pre-existing on said client device.
  - 14. The method as recited in claim 13, wherein said discovering comprises:
    - crawling through a plurality of said pre-existing data;
      
      searching said plurality of pre-existing data for indicators of sensitivity therein; and
      
      assigning said sensitivity level based on said indicators.
  - 15. The method as recited in claim 13, wherein said marking comprises said discovering.
  - 16. The method as recited in claim 11, further comprising:
    - the storing the location of said information content, wherein said information content is stored as metadata;
      
      maintaining an association between said sensitivity level and said metadata;
      
      extracting said header;
      
      decoding said header and processing said sensitivity information therein; and
      
      controlling said tracking according to said processing sensitivity information wherein said maintaining an association is performed according to said sensitivity information.
  - 17. The method as recited in claim 11, wherein said packet header comprises an OSI packet header, and wherein said information content and said packet header are combined as an OSI data packet.

18. A non-transitory computer readable medium that contains encoded thereon computer usable code that causes a computer system to perform a process comprising:
- identifying a call for information content, wherein said information content is packetized, in a packet to include a packet header associated with transmission of said information content through a controlled network;
  
  determining a sensitivity level of said information content;
  
  tracking said information content, wherein said tracking comprises;
  
  storing the sensitivity level of said information content;
  
  at least one of statically tracking one or more locations of said information content responsive to a user input or dynamically tracking one or more locations of said information content responsive to reproduction commands or feedback from a discovery agent, or combinations thereof;
  
  storing location information of said information content, wherein said information content is stored at a location identified by said location information as metadata;
  
  maintaining an association between said sensitivity level and said metadata;
  
  marking a sensitivity tag in said packet header associated with said information content according to said sensitivity level; and
  
  routing said information content in said controlled network according to said sensitivity tag;
  
  not approving a routing transaction including an unauthorized request for the information content in the packet or an unauthorized request to send the packet including the information content to a non-controlled domain or combinations thereof based on the sensitivity tag;
  
  wherein said routing of said information content is controlled according to said sensitivity tag at Network Layer or Transport Layer.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The non-transitory computer readable medium as recited in claim 18, wherein said process further comprises:
    - discovering said sensitivity level in said information content wherein said information content comprises pre-existing data.
  - 20. The non-transitory computer readable medium as recited in claim 19, wherein said discovering comprises:
    - crawling through a plurality of said pre-existing data;
      
      searching said plurality of said pre-existing data for indicators of sensitivity therein; and
      
      assigning said sensitivity level based on said indicators.
  - 21. The non-transitory computer readable medium as recited in claim 18, wherein said process further comprises:
    - detecting said sensitivity level among incoming packets wherein said incoming packets comprise a header and content and wherein said header comprises information relating to said sensitivity of said content;
      
      extracting said header from said incoming packets;
      
      decoding said header;
      
      processing said sensitivity information in the header; and
      
      controlling said tracking according to said processing said sensitivity information wherein said maintaining an association is performed according to said sensitivity information.
  - 22. The non-transitory computer readable medium as recited in claim 18, wherein said packet header comprises an International Standards Organization'"'"'s Open Systems Interconnect (OSI) packet header.
  - 23. The non-transitory computer readable medium as recited in claim 18, wherein said sensitivity tag comprises an International Standards Organization'"'"'s Open Systems Interconnect (OSI) tag corresponding to Transport Layer 4 of an OSI Standard.

24. A system comprising:
- means for determining a sensitivity level of information content identified for transmission in a controlled network;
  
  means for tracking said information content;
  
  means for statically tracking one or more locations of said information content responsive to a user input and dynamically tracking one or more locations of said information content responsive to reproduction commands or feedback from a discovery agent, or combinations thereof;
  
  means for storing location information of said information content, wherein said information content is stored at a location identified by said location information as metadata;
  
  means for maintaining an association between said sensitivity level and said metadata;
  
  means for marking a sensitivity tag in a packet header associated with said information content according to said sensitivity level wherein said sensitivity tag includes data to be used for routing a flow of said information content in said controlled network at a Network Layer or a Transport Layer of an OSI network protocol;
  
  means for not approving a routing transaction if the routing transaction is associated with an unauthorized request for the information content or is associated with an unauthorized request to send the information content to a non-controlled domain, wherein the not approving is based on the sensitivity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Zheng, Danyang Raymond, Cham, Jack C.
Primary Examiner(s)
Yao, Kwang B
Assistant Examiner(s)
DUDA, ADAM K

Application Number

US11/444,206
Publication Number

US 20070280112A1
Time in Patent Office

2,254 Days
Field of Search

370/325, 370/229, 370/230, 370/230.1, 370/231, 370/232, 370/235, 370/236
US Class Current

370/229
CPC Class Codes

H04L 12/66 Arrangements for connecting...

H04L 63/105 Multiple levels of security

System and method for controlling and tracking network content flow

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling and tracking network content flow

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links