Data positioning and alerting system

US 8,499,152 B1
Filed: 05/28/2009
Issued: 07/30/2013
Est. Priority Date: 05/28/2009
Status: Active Grant

First Claim

Patent Images

1. A method of tracking confidential files within a computer network, said method comprising:

receiving at a client computer in said computer network from a server computer a file policy for a confidential computer file, said file policy including at least one event, a corresponding action, and one or more unique file identifiers, one of said unique file identifiers uniquely identifying said confidential computer file;

detecting by said client computer a user-initiated activity on said client computer that affects a client computer file;

determining that said client computer file is said confidential computer file by comparing a unique identifier of the client computer file to one or more of said unique file identifiers stored in the file policy;

determining a location of said confidential computer file based upon said comparing;

sending from said client computer to said server computer the location of said confidential computer file within said computer network; and

sending from said client computer to said server computer an indication of said user-initiated activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A file policy is created for each confidential file in a server computer including a list of events and a corresponding action. The file policies for the confidential files are sent to each client computer in the computer network. A software agent on each client computer detects when an activity occurs that affects one of the confidential files having a file policy. The activity is reported to the server computer and, if the activity matches an event in the policy, the corresponding action is taken. Events include: copying a file, printing, accessing, sending via e-mail, renaming, etc. Actions include: alerting an administrator, temporary blocking the activity or preventing the activity. If the activity is temporarily blocked from occurring, the agent queries the user as to whether the user wishes to request approval, and forwards that requests on to the server computer. If the activity is approved then the software agent removes the temporary block from the user activity and allows the user'"'"'s activity concerning the confidential file to occur.

58 Citations

View as Search Results

31 Claims

1. A method of tracking confidential files within a computer network, said method comprising:
- receiving at a client computer in said computer network from a server computer a file policy for a confidential computer file, said file policy including at least one event, a corresponding action, and one or more unique file identifiers, one of said unique file identifiers uniquely identifying said confidential computer file;
  
  detecting by said client computer a user-initiated activity on said client computer that affects a client computer file;
  
  determining that said client computer file is said confidential computer file by comparing a unique identifier of the client computer file to one or more of said unique file identifiers stored in the file policy;
  
  determining a location of said confidential computer file based upon said comparing;
  
  sending from said client computer to said server computer the location of said confidential computer file within said computer network; and
  
  sending from said client computer to said server computer an indication of said user-initiated activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1 further comprising:
    - determining that said user-initiated activity matches said event of said file policy;
      
      executing said action of said file policy; and
      
      sending from said client computer to said server computer an indication of said executed action.
  - 3. A method as recited in claim 1 wherein said action prevents execution of said user-initiated activity on said client computer.
  - 4. The method as recited in claim 1 wherein said event is a user-initiated activity of said client computer.
  - 5. The method as recited in claim 1 further comprising:
    - performing said step of detecting by using a software hook module that hooks an operating system command of said client computer.
  - 6. The method as recited in claim 1 further comprising:
    - receiving a plurality of file policies at said client computer, each of said file policies corresponding to at least one of a plurality of confidential files in said computer network and each of said file policies including at least one identifier of said confidential files.
  - 7. The method of claim 1, further comprising:
    - recording the user-initiated activity in a chronological record unique to said client computer file.
  - 8. The method of claim 7, wherein the chronological record is also unique to said file policy.
  - 9. The method of claim 1, further comprising:
    - storing one or more unique identifiers in the file policy.
  - 10. The method of claim 1, further comprising:
    - prompting a user whether or not to request approval to access the confidential computer file; and
      
      receiving from said user an indication to seek approval to access the confidential computer file.
  - 11. The method of claim 1, further comprising:
    - sending a request from said client computer to said server computer to allow said user-initiated activity that affects said client computer file to occur on said client computer;
      
      receiving an approval from said server computer to allow said user-initiated activity; and
      
      allowing said user-initiated activity to occur on said client computer.

12. A method of monitoring confidential file usage within a computer network, said method comprising:
- receiving at a client computer in said computer network from a server computer a file policy for a confidential computer file, said file policy including at least one event, a corresponding action, and a unique file identifier uniquely identifying said confidential computer file;
  
  detecting by said client computer a user-initiated activity on said client computer that affects a client computer file;
  
  determining that said client computer file is said confidential computer file by comparing a unique identifier of the client computer file to said unique file identifier stored in the file policy;
  
  determining that said user-initiated activity matches said event of said file policy;
  
  executing said action of said file policy by temporarily blocking said user-initiated activity from occurring on said client computer;
  
  sending a request from said client computer to said server computer to allow said user-initiated activity that affects said client computer file to occur on said client computer;
  
  receiving an approval from said server computer to allow said user-initiated activity; and
  
  allowing said user-initiated activity that affects said client computer file to occur on said client computer.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method as recited in claim 12 further comprising:
    - sending from said client computer to said server computer the location of said client computer file within said computer network.
  - 14. The method as recited in claim 12 further comprising:
    - prompting a user of said client computer whether or not to request approval for said user-initiated activity; and
      
      receiving from said user an indication to seek approval for said user-initiated activity.
  - 15. The method as recited in claim 12 wherein said event is a user-initiated activity of said client computer.
  - 16. The method as recited in claim 12 further comprising:
    - performing said step of detecting by using a software hook module that hooks an operating system command of said client computer.
  - 17. The method as recited in claim 12 further comprising:
    - performing said step of determining that said client computer file is said confidential computer file by comparing an identifier of said client computer file with an identifier of said file policy.
  - 18. The method of claim 12, wherein said chronological record is stored on said server computer.
  - 19. The method of claim 12, wherein said chronological record is also unique to said file policy.
  - 20. The method of claim 12, further comprising:
    - sending from said client computer to said server the location of said confidential computer file based upon said step of determining that said client computer file is said confidential computer file.
  - 21. The method of claim 12, further comprising:
    - recording the user-initiated activity in a chronological record unique to said client computer file.
  - 22. The method of claim 21, wherein the chronological record is also unique to said file policy.

23. A method of tracking confidential files within a computer network, said method comprising:
- sending from a server computer in said computer network to a plurality of client computers a file policy for a confidential computer file, said file policy including at least one event, a corresponding action and a unique identifier corresponding to the confidential computer file;
  
  receiving from one of said client computers an indication that a user-initiated activity has occurred on said one client computer that affects said confidential computer file;
  
  determining that said user-initiated activity occurring on said one client computer affects said confidential computer file by matching said unique identifier of said file policy with a unique identifier of a client computer file on said one client computer;
  
  recording said user-initiated activity, an indication of said one client computer, and an indication of said confidential computer file in a database record of said server computer; and
  
  receiving from said one client computer an indication that said user-initiated activity matches said event of said file policy and a notification alert corresponding to said action alerting said server computer that said event has been attempted by said one client computer.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The method as recited in claim 23, wherein said notification alert alerts said server computer that said user-initiated activity has been temporarily blocked on said one client computer, said method further comprising:
    - receiving a request from said one client computer to allow said user-initiated activity to occur on said one client computer; and
      
      sending an approval to said one client computer to allow said user-initiated activity to occur on said one client computer.
  - 25. The method as recited in claim 23, wherein said notification alert alerts said server computer that said user-initiated activity has been permanently blocked on said one client computer.
  - 26. The method as recited in claim 23 further comprising:
    - sending from said server computer to said client computers a plurality of file policies, each of said file policies corresponding to at least one of a plurality of confidential files in said computer network.
  - 27. The method as recited in claim 23 further comprising:
    - receiving from said one client computer a plurality of indications that user-initiated activity has occurred on said one client computer that affects said confidential computer file, each of said indications reflecting a discrete user-initiated activity affecting said confidential computer file, wherein said indications are recorded chronologically in said database record of said server computer.
  - 28. The method as recited in claim 23 further comprising:
    - reviewing a plurality of computer files on said computer server;
      
      identifying a subset of said computer files as confidential computer files; and
      
      marking said confidential computer files as being confidential in a way that differentiates said confidential computer files from computer files that are not identified as being confidential.
  - 29. The method of claim 23, further comprising:
    - recording the user-initiated activity in a chronological record unique to said client computer file.
  - 30. The method of claim 29, wherein the chronological record is also unique to said file policy.
  - 31. The method as recited in claim 23 further comprising:
    - receiving from one client computer an indication that said confidential computer file is located upon said client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Chen, Li-Ming, Lin, Chin-Ju
Primary Examiner(s)
Reza, Mohammad W

Application Number

US12/473,723
Time in Patent Office

1,524 Days
Field of Search

726/1, 726/2, 713/155, 713/165
US Class Current

713/165
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Data positioning and alerting system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Data positioning and alerting system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links