Data leakage prevention for resource limited device
First Claim
1. A method of creating a local signature database on a mobile computing device, said method comprising:
- identifying digital files present upon a mobile computing device, said mobile computing device subject to a DLP (data leakage prevention) policy of an enterprise;
for each of said digital files, calculating a unique digital signature on said mobile device;
sending said calculated digital signatures of said digital files over a communication link from said mobile device to a computer of said enterprise having a global signature database;
receiving, from said enterprise computer, an identification of a subset of said sent calculated digital signatures, said subset deemed by said enterprise to represent sensitive files; and
creating a local signature database on said mobile device using said subset of said sent calculated digital signatures, whereby said local signature database represents a subset of said digital files present upon said mobile device that may not be transferred from said mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
When a resource-limited device (such as a mobile telephone) joins a network associated with an enterprise, the agent in the device generates digital signatures for all the files in the device and sends them to an enterprise controller. The controller compares them to the global signature database; it filters out the sensitive digital signatures and feeds them back to the agent in the device. The agent receives the feedback of digital signatures and consolidates them into its own local signature database. The agent analyzes each file that is attempting to be output from the device according to the local signature database and DLP policy. If the signature of the file is present in the local database then the action to output file is blocked. If a new file is created on the device, the agent generates and sends its digital signature to the controller for inspection. If the signature is sensitive, this new digital signature will be placed into the local signature database. If the DLP controller updates the global signature database, the device will send its signatures once again for comparison.
-
Citations
20 Claims
-
1. A method of creating a local signature database on a mobile computing device, said method comprising:
-
identifying digital files present upon a mobile computing device, said mobile computing device subject to a DLP (data leakage prevention) policy of an enterprise; for each of said digital files, calculating a unique digital signature on said mobile device; sending said calculated digital signatures of said digital files over a communication link from said mobile device to a computer of said enterprise having a global signature database; receiving, from said enterprise computer, an identification of a subset of said sent calculated digital signatures, said subset deemed by said enterprise to represent sensitive files; and creating a local signature database on said mobile device using said subset of said sent calculated digital signatures, whereby said local signature database represents a subset of said digital files present upon said mobile device that may not be transferred from said mobile device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of screening a file on a mobile computing device, said mobile computing device subject to a DLP (data leakage prevention) policy of an enterprise, said method comprising:
-
determining that a triggering event has occurred on said mobile computing device, said triggering event including an identification of a digital file on said mobile device; determining that said triggering event is an event covered by said DLP policy, said DLP policy being stored in a database on said mobile device; determining a unique characteristic of said digital file; searching a local signature database of said mobile device to determine whether said unique characteristic of said digital file is present within said local signature database, wherein said local signature database is a subset of calculated digital signatures sent by a computer of said enterprise having a global signature database; and when it is determined that said unique characteristic is present within said local signature database, blocking said triggering event from occurring on said mobile device. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of filtering digital signatures from a mobile computing device, said method comprising:
-
generating a database of digital signatures, each digital signature uniquely representing a computer file within an enterprise, wherein each of said computer files is deemed a sensitive file of said enterprise; establishing a network connection between said enterprise and a mobile computing device, wherein said mobile computing device is subject to a DLP (data leakage prevention) policy of said enterprise; receiving a plurality of digital signatures from said mobile device, said received digital signatures representing computer files present on said mobile device; comparing said received digital signatures with said database of digital signatures; and returning to said mobile computing device an identification of those received digital signatures that match with any of said database of digital signatures, wherein said mobile computing device is apprised of sensitive files of said enterprise. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification