Apparatus and method for controlling unauthorized dissemination of electronic mail

US 8,478,824 B2
Filed: 02/04/2003
Issued: 07/02/2013
Est. Priority Date: 02/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for classification and enforcement of security requirements to an existing information dissemination system, the method comprising the steps of:

providing, to a user of said existing information dissemination system, a user interface for selecting security requirements for user classification of respective information to be distributed, wherein said user comprises a creator of said information to be distributed;

accepting respective security requirements from said interface for enforcement in respect of dissemination of the corresponding information;

modifying a definition of an existing message sensitivity field within a header definition of said information dissemination system such that the field within said header carries a classification tag, wherein said classification tag indicates said user classification of said information, said classification indicating information for legitimizing at a sending end prior to sending such that said sending is carried out only as legitimized, said information for legitimizing at a sending end comprising authorized recipients and a legitimate one of a group of sending methods, wherein said message sensitivity field is indicative of a sensitivity of said corresponding information;

associating with said dissemination system an enforcement module embodied on a computer recordable medium, said module being operable to receive said security requirements via said classification tag, andenforcing said dissemination via said module in accordance with said classification tag, such that said information is disseminated to authorized recipients and blocked from other recipients.

View all claims

26 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for classification and enforcement of security requirements in an information dissemination system, said information dissemination system not being designed for said security requirements and enforcement. The method comprising the steps of: accepting a user specification of said security requirements for dissemination of respective information, said specifying is done using a user interface; Associating with said dissemination system an enforcement module, said module being operable to receive said security requirements and apply them to control dissemination via said dissemination system, and then enforcing said dissemination via said module.

62 Citations

View as Search Results

26 Claims

1. A method for classification and enforcement of security requirements to an existing information dissemination system, the method comprising the steps of:
- providing, to a user of said existing information dissemination system, a user interface for selecting security requirements for user classification of respective information to be distributed, wherein said user comprises a creator of said information to be distributed;
  
  accepting respective security requirements from said interface for enforcement in respect of dissemination of the corresponding information;
  
  modifying a definition of an existing message sensitivity field within a header definition of said information dissemination system such that the field within said header carries a classification tag, wherein said classification tag indicates said user classification of said information, said classification indicating information for legitimizing at a sending end prior to sending such that said sending is carried out only as legitimized, said information for legitimizing at a sending end comprising authorized recipients and a legitimate one of a group of sending methods, wherein said message sensitivity field is indicative of a sensitivity of said corresponding information;
  
  associating with said dissemination system an enforcement module embodied on a computer recordable medium, said module being operable to receive said security requirements via said classification tag, andenforcing said dissemination via said module in accordance with said classification tag, such that said information is disseminated to authorized recipients and blocked from other recipients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1 wherein said classification comprises at least one of the following:
    - an identity of said information;
      
      a specified authorized recipient group of said information;
      
      a specified authorized recipient of said information;
      
      an authorized sender group of said information;
      
      an authorized sender of said information;
      
      a specified security level of said information;
      
      a specified allowed destination and sending method of said information;
      
      a specified confidentiality level of said information;
      
      a secrecy level of said information; and
      
      a subject of said information.
  - 3. A method according to claim 1 wherein said security requirements comprise requirements about at least one of the following:
    - an authorized recipient group of said information;
      
      an authorized recipient of said information;
      
      an authorized sender group of said information;
      
      an authorized sender of said information;
      
      a security level of said information;
      
      an allowed destination and said allowed sending method of said information; and
      
      said allowed sending method of said information.
  - 4. A method according to claim 1 wherein said information comprises at least one of the following:
    - at least one E-mail message;
      
      at least one document; and
      
      at least one file.
  - 5. A method according to claim 1 wherein said security requirements are associated with said information via storage in said field in at least one of the following ways:
    - embedding as meta data;
      
      embedding as access control data;
      
      Storing in a database; and
      
      Storing in said enforcement module.
  - 6. A method according to claim 1 wherein said information comprises at least one E-mail message, and wherein said security requirements are embedded in at least one of the following:
    - in meta data;
      
      in access control data; and
      
      in at least one header.
  - 7. A method according to claim 1 wherein said enforcement module comprises at least one of the following:
    - a mail server add-in operable to interface a mail server and to enforce said security requirements on mail traffic of said mail server; and
      
      a mail security server operable to intercept mail messages from a mail server and enforce said security requirements on mail traffic of said mail server.
  - 8. A method according to claim 1 wherein said information dissemination system comprises software embodied on a computer recordable medium, and wherein said method is implemented by at least one of the following:
    - implementing an extension to the information dissemination system;
      
      intrinsic support within the information dissemination system;
      
      at least one external software utility;
      
      at least one COM object;
      
      at least one COM object utilizing add-in interface in said information dissemination system;
      
      at least one mailing software plug-in;
      
      extending the meaning of at least one existing data storage field;
      
      extending the meaning of at least one existing data field in a protocol;
      
      extending the meaning of at least one existing data entry field in an existing user interface;
      
      changing enumerated type ranges;
      
      expanding enumerated type ranges;
      
      providing an additional user interface;
      
      providing an additional user interface to be supported by handling at least one event in the dissemination software;
      
      providing an additional user interface to be supported by at least one additional property sheet;
      
      providing an additional user interface to be supported by at least one additional command bar;
      
      providing an additional user interface to be supported by at least one additional command bar button;
      
      providing an additional user interface to be supported by at least one COM object;
      
      providing an additional user interface to be supported by at least one COM object control;
      
      providing an additional user interface supported by at least one COM object utilizing an add-in interface in said dissemination software;
      
      providing an additional user interface to be supported by at least one mailing software plug-in;
      
      providing an additional user interface to be supported by implementing at least one extension to the mailing software;
      
      providing an additional user interface to be supported by intrinsic support within the mailing software; and
      
      providing an additional user interface to be supported by at least one external software utility.
  - 9. A method according to claim 1 wherein said enforcement comprises at least one of the following:
    - blocking said dissemination of said information;
      
      requiring authorization by an authorized party for the sending of said information;
      
      changing said information;
      
      removing parts of said information;
      
      logging dissemination of said information; and
      
      alerting about dissemination of said information.
  - 10. A method according to claim 1 wherein said information dissemination system comprises at least one mailing software.
  - 11. A method according to claim 1 wherein said information dissemination system comprises mailing software, and wherein said modifying a field further comprises modifying one of:
    - categories;
      
      user properties;
      
      companies;
      
      importance;
      
      mileage; and
      
      billing.
  - 12. A method according to claim 1, wherein said modifying an existing field comprises extending the meaning of at least one existing data storage field.
  - 13. A method according to claim 1, wherein said modifying an existing field comprises extending the meaning of at least one existing data field in a protocol.
  - 14. A method according to claim 1, wherein said modifying an existing field comprises extending the meaning of at least one existing data entry field in an existing user interface.
  - 15. A method according to claim 1, wherein said modifying an existing field comprises changing enumerated type ranges of said field.

16. A system for classification and enforcement of security requirements operating in conjunction with an existing information dissemination system, said system for classification and enforcement of security requirements comprising:
- an add-on integration module, configured for modifying an existing message sensitivity field in a header by changing a definition of said field, the field being of said existing information dissemination system to serve as a classification tag, wherein said classification tag indicates a user content-dependent classification of said information, said classification indicating authorized recipients, wherein said user comprises a creator of said information to be distributed, wherein said message sensitivity field is indicative of a sensitivity of said corresponding information;
  
  a user interface embodied on a computer recordable medium configured for specifying said user'"'"'s content dependent security requirements for dissemination of information; and
  
  an enforcement module embodied on a computer recordable medium associable with said information dissemination system, operable to receive said security requirements from said interface, and to perform said enforcement via said association in accordance with said classification tag, such as to enable said enforcement module to disseminate said information to authorized recipients and block said information from other recipients;
  
  wherein said interface is configured for receiving classification data for said information including information for legitimizing at said enforcement module prior to sending, such that said sending is carried out only as legitimized, said information for legitimizing by said enforcement module comprising said authorized recipients and a legitimate one of a group of sending methods, and wherein said security requirements are derived from said classification data.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. A system according to claim 16 wherein said classification data comprises at least one of the following:
    - identity data of said information;
      
      a specified authorized recipient group for said information;
      
      an authorized recipient for said information;
      
      an authorized sender group for said information;
      
      an authorized sender for said information;
      
      a security level for said information;
      
      an allowed destination and sending method for said information;
      
      a confidentiality level for said information;
      
      a secrecy level for said information; and
      
      a subject for said information.
  - 18. A system according to claim 16 wherein said security requirements comprise requirements about at least one of the following:
    - an authorized recipient group of said information;
      
      an authorized recipient of said information;
      
      an authorized sender group for said information;
      
      an authorized sender of said information;
      
      a security level of said information;
      
      an allowed destination and said sending method for said information; and
      
      said allowed sending method for said information.
  - 19. A system according to claim 16 wherein said information comprises at least one of the following:
    - at least one E-mail message;
      
      at least one document; and
      
      at least one file.
  - 20. A system according to claim 16 wherein said security requirements are stored in at least one of the following ways:
    - by embedding in meta data;
      
      by embedding in the access control data;
      
      by storing in a database; and
      
      by storing in said enforcement module.
  - 21. A system according to claim 16 wherein said information comprises at least one E-mail message, and wherein said security requirements are embedded in at least one of the following:
    - at least one attachment;
      
      in meta data;
      
      in the access control data; and
      
      in at least one header.
  - 22. A system according to claim 16 wherein said enforcement module comprises at least one of the following:
    - a mail server add-in operable to interface a mail server and to enforce said security requirements on mail traffic of said mail server; and
      
      a mail security server operable to intercept mail messages from a mail server and enforce said security requirements on mail traffic of said mail server.
  - 23. A system according to claim 16 wherein said information dissemination system comprises software embodied on a computer recordable medium, and wherein said system for classification and enforcement of security requirements is implemented by at least one of the following:
    - implementing an extension to the information dissemination system;
      
      intrinsic support within the information dissemination system;
      
      at least one external software utility;
      
      at least one COM object;
      
      at least one COM object utilizing add-in interface in said dissemination software;
      
      at least one mailing software plug-in;
      
      extending the meaning of at least one existing data storage field;
      
      extending the meaning of at least one existing data field in a protocol;
      
      extending the meaning of at least one existing data entry field in an existing user interface;
      
      changing enumerated type ranges;
      
      expanding enumerated type ranges;
      
      an additional user interface;
      
      an additional user interface to be supported by handling at least one event in the dissemination software;
      
      an additional user interface to be supported by at least one additional property sheet;
      
      an additional user interface to be supported by at least one additional command bar;
      
      an additional user interface to be supported by at least one additional command bar button;
      
      an additional user interface to be supported by at least one COM object;
      
      an additional user interface to be supported by at least one COM object control;
      
      an additional user interface to be supported by at least one COM object utilizing an add-in interface in said dissemination software;
      
      an additional user interface to be supported by at least one mailing software plug-in;
      
      an additional user interface to be supported by implementing at least one extension to the mailing software;
      
      an additional user interface to be supported by intrinsic support within the mailing software; and
      
      an additional user interface to be supported by at least one external software utility.
  - 24. A system according to claim 16 wherein said enforcement module is operable to carry out enforcing by at least one of the following:
    - blocking said dissemination of said information;
      
      requiring authorization by an authorized party for the sending of said information;
      
      changing said information;
      
      removing parts of said information;
      
      logging dissemination of said information; and
      
      alerting about dissemination of said information.
  - 25. A system according to claim 16 wherein said information dissemination system comprises at least one mailing software.
  - 26. A system according to claim 16 wherein said information dissemination system comprises mailing software, and wherein said modifying a field further comprises modifying one of:
    - categories;
      
      user properties;
      
      companies;
      
      importance;
      
      mileage; and
      
      billing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
PortAuthority Technologies, Inc. (Forcepoint LLC)
Inventors
Peled, Ariel, Carny, Ofir
Primary Examiner(s)
LIN, KENNY S

Application Number

US10/357,201
Publication Number

US 20030149732A1
Time in Patent Office

3,801 Days
Field of Search

709204-206, 709217-219, 709/246, 726 11- 13, 726 26- 30, 713160-161
US Class Current

709/206
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

Apparatus and method for controlling unauthorized dissemination of electronic mail

First Claim

26 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for controlling unauthorized dissemination of electronic mail

First Claim

26 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links