Protecting sensitive email

US 8,448,246 B2
Filed: 07/08/2010
Issued: 05/21/2013
Est. Priority Date: 07/08/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a computer hardware processor operable to;

receive an email comprising a designation, the designation indicating whether the email communicates sensitive information; and

divert the email; and

an adjudicator computer processor operable to;

receive the email diverted from the computer hardware processor;

apply one or more policies to the email, the one or more policies selected according to the designation, the one or more policies comprising rules for assuring email; and

determine whether to allow or block the email based on the policies; and

a mail transfer computer processor operable to direct the email to one or more recipients if the email is allowed;

the adjudicator computer processor further operable to;

receive a first copy of the email, the first copy encrypted according to an encryption certificate associated with the adjudicator computer processor;

receive a second copy of the email, the second copy encrypted according to an encryption certificate associated with at least one of the recipients;

decrypt the first copy of the email prior to applying the one or more policies; and

direct the second copy of the email to the mail transfer computer processor upon a determination that the first copy of the email complies with the selected one or more policies.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a plurality of components are located within an appliance configured to send and receive email. The appliance receives an email and selects one or more policies to apply based on a designation indicating that the email communicates sensitive information. The policies determine whether to allow or block the email according to rules for assuring email. If the email is allowed, the appliance directs the email to one or more recipients.

20 Citations

View as Search Results

14 Claims

1. A system comprising:
- a computer hardware processor operable to;
  
  receive an email comprising a designation, the designation indicating whether the email communicates sensitive information; and
  
  divert the email; and
  
  an adjudicator computer processor operable to;
  
  receive the email diverted from the computer hardware processor;
  
  apply one or more policies to the email, the one or more policies selected according to the designation, the one or more policies comprising rules for assuring email; and
  
  determine whether to allow or block the email based on the policies; and
  
  a mail transfer computer processor operable to direct the email to one or more recipients if the email is allowed;
  
  the adjudicator computer processor further operable to;
  
  receive a first copy of the email, the first copy encrypted according to an encryption certificate associated with the adjudicator computer processor;
  
  receive a second copy of the email, the second copy encrypted according to an encryption certificate associated with at least one of the recipients;
  
  decrypt the first copy of the email prior to applying the one or more policies; and
  
  direct the second copy of the email to the mail transfer computer processor upon a determination that the first copy of the email complies with the selected one or more policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, further comprising:
    - an auditor computer processor operable to;
      
      create an audit record for the email;
      
      receive a notification indicating whether the email was allowed or blocked; and
      
      determine the information to include in the audit record based on the notification.
  - 3. The system of claim 1, the adjudicator computer processor further comprising:
    - a firewall operable to block the email upon detection of a trigger condition;
      
      a content scanner operable to block the email upon detection of a sensitive term that is not authorized for the email'"'"'s designation; and
      
      an anti-virus computer processor operable to block the email upon detection of a virus.
  - 4. The system of claim 1, the adjudicator computer processor further comprising a firewall operable to block the email upon detection of a trigger condition, the trigger condition indicating that:
    - a file size of the email exceeds a maximum allowable file size;
      
      the email comprises an unauthorized file type;
      
      orat least one of the recipients is not authorized to receive sensitive information associated with the designation.
  - 5. The system of claim 1, the designation further comprising:
    - a classification level identifying a class of candidate recipients authorized to receive sensitive information; and
      
      one or more caveats indicating a subset of the candidate recipients, the subset of candidate recipients authorized to receive the particular sensitive information of the email.
  - 6. The system of claim 1, the designation further comprising a classification level selected from the group consisting of top secret, secret, confidential, for official use only, unclassified, and private.
  - 7. The system of claim 1, the mail transfer computer processor further comprising a webmail delivery computer processor, the webmail delivery computer processor configured to prevent copying the email locally on a computer associated with a sender or the one or more recipients.

8. A method comprising:
- receiving an email at a computer hardware processor;
  
  determining using the computer hardware processor that the email is designated as communicating sensitive information;
  
  applying using the computer hardware processor one or more policies selected according to the designation, the one or more policies comprising rules for assuring email;
  
  determining using the computer hardware processor whether to allow or block the email based on the policies; and
  
  directing using the computer hardware processor the email to one or more recipients if the email is allowed; and
  
  further comprising;
  
  receiving in the computer hardware processor a first copy of the email, the first copy encrypted according to an encryption certificate associated with the appliance;
  
  receiving a second copy of the email, the second copy encrypted according to an encryption certificate associated with at least one of the recipients;
  
  decrypting the first copy of the email prior to applying the one or more policies; and
  
  directing the second copy of the email to the recipient upon a determination that the first copy of the email complies with the selected one or more policies.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising:
    - creating using the computer hardware processor an audit record for the email;
      
      receiving using the computer hardware processor a notification indicating whether the email was allowed or blocked; and
      
      determining using the computer hardware processor the information to include in the audit record based on the notification.
  - 10. The method of claim 8, further comprising:
    - blocking using the computer hardware processor the email upon detection of;
      
      a trigger condition;
      
      a sensitive term that is not authorized for the email'"'"'s designation;
      
      ora virus.
  - 11. The method of claim 8, further comprising:
    - blocking using the computer hardware processor the email upon detection of a trigger condition, the trigger condition indicating that;
      
      a file size of the email exceeds a maximum allowable file size;
      
      the email comprises an unauthorized file type;
      
      orat least one of the recipients is not authorized to receive sensitive information associated with the designation.
  - 12. The method of claim 8, the designation further comprising:
    - a classification level identifying a class of candidate recipients authorized to receive sensitive information; and
      
      one or more caveats indicating a subset of the candidate recipients, the subset of candidate recipients authorized to receive the particular sensitive information of the email.
  - 13. The method of claim 8, the designation further comprising a classification level selected from the group consisting of top secret, secret, confidential, for official use only, unclassified, and private.

14. A system comprising:
- a computer hardware processor configured to;
  
  receive an email comprising a designation, the designation indicating whether the email communicates sensitive information; and
  
  divert the email; and
  
  an adjudicator computer processor operable to;
  
  receive the email diverted from the computer hardware processor;
  
  apply one or more policies to the email, the one or more policies selected according to the designation, the one or more policies comprising rules for assuring email; and
  
  determine whether to allow or block the email based on the policies; and
  
  a mail transfer computer processor operable to direct the email to one or more recipients if the email is allowed;
  
  the adjudicator computer processor further operable to;
  
  receive a first copy of the email, the first copy encrypted according to an encryption certificate associated with the adjudicator computer processor;
  
  receive a second copy of the email, the second copy encrypted according to an encryption certificate associated with at least one of the recipients;
  
  decrypt the first copy of the email prior to applying the one or more policies; and
  
  direct the second copy of the email to the mail transfer computer processor upon a determination that the first copy of the email complies with the selected one or more policies;
  
  wherein a determination that the email is designated as communicating sensitive information includes a determination that the sensitive information is in proximity to other sensitive information and a determination of the frequency of the sensitive information in the email.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Forcepoint LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Guerrero, Richard, Sellier, Nicholas
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US12/832,232
Publication Number

US 20120011361A1
Time in Patent Office

1,048 Days
Field of Search

726 22- 24
US Class Current

726/22
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 63/0236   Filtering by address, proto...

H04L 63/105   Multiple levels of security

Protecting sensitive email

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting sensitive email

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links