Methods and systems for protect agents using distributed lightweight fingerprints

US 8,555,080 B2
Filed: 09/11/2008
Issued: 10/08/2013
Est. Priority Date: 09/11/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:

implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point;

comparing a first set of client fingerprints associated with the input information received by the first protect agent against a lightweight fingerprint database, wherein registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;

maintaining the registered fingerprints in a registered fingerprint server;

upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and

upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides methods and systems to protect an organization'"'"'s secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user'"'"'s computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization'"'"'s secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization'"'"'s secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided. In one embodiment, a combined approach, utilizing both the local lightweight fingerprint database and a remote fingerprint server comprising registered fingerprints is used to achieve overall protection of the organization'"'"'s secure information.

169 Citations

38 Claims

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point;
  
  comparing a first set of client fingerprints associated with the input information received by the first protect agent against a lightweight fingerprint database, wherein registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  maintaining the registered fingerprints in a registered fingerprint server;
  
  upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and
  
  upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the database of registered fingerprints is located locally at the site of the first protect agent.
  - 3. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the fingerprint compression includes generating raw fingerprints by removing metadata associated with the registered fingerprints.
  - 4. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 3, wherein the fingerprint compression includes storing the registered fingerprints in a probabilistic data structure.
  - 5. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 4, wherein the probabilistic data structure is a Bloom filter.
  - 6. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, the computer implemented method further comprising:
    - updating the lightweight fingerprint database using updates from the registered fingerprint server.
  - 7. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 6, wherein the lightweight fingerprint database receives updates from the registered fingerprint server utilizing a network.
  - 8. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 7, wherein the network includes a local network.
  - 9. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 7, wherein the network includes public internet.
  - 10. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 7, wherein the network includes a combination of the local network and the public internet.
  - 11. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 7, the computer implemented method further comprising:
    - using a diff approach to update the lightweight fingerprint database, whereby the first protect agent communicates a current version of an associated lightweight fingerprint database to the registered fingerprint server, and the registered fingerprint server responds with a relational information to update the lightweight fingerprint database.
  - 12. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the first protect agent communicates with the registered fingerprint server utilizing a network.
  - 13. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 12, wherein the network includes at least one of a local network or public internet, such that:
    - the first protect agent communicates with the registered fingerprint server utilizing the local network when the first protect agent is connected to the local network; and
      
      otherwise, the first protect agent communicates with the registered fingerprint server that operates as a hosted service provider, when the first protect agent is disconnected from the local network.
  - 14. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the overhead information includes metadata associated with the fingerprint comparison positives.

15. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point;
  
  generating a first set of client fingerprints representing the input information;
  
  maintaining a lightweight fingerprint database locally at the site of the first protect agent, wherein registered fingerprints are generated from the organization'"'"'s secure information, wherein the lightweight fingerprint database includes lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  comparing the first set of client fingerprints against the lightweight fingerprint database of registered fingerprints; and
  
  maintaining the registered fingerprints in a registered fingerprint server;
  
  upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and
  
  upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
- View Dependent Claims (16, 17)
- - 16. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 15, wherein the egress point is selected from the group consisting of:
    - a printer;
      
      a removable data storage medium;
      
      a clipboard associated with a local operating system;
      
      an email server connected to the network;
      
      a print server connected to the network; and
      
      a network appliance connected to the network.
  - 17. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 15, wherein the security action includes at least one of:
    - preventing the input information from being disclosed;
      
      logging the event as a security violation;
      
      requiring a password from the user to allow the input information to be disclosed;
      
      blocking the user'"'"'s access to the input information;
      
      sending out a security alert;
      
      orintegration of the input information with rights management information.

18. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point, and further wherein the first protect agent compares a first set of client fingerprints associated with the input information against a lightweight fingerprint database of registered fingerprints, wherein the registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; and
  
  a registered fingerprint server containing the registered fingerprints,wherein upon the first protect agent detecting one or more positives during the comparison and the first protect agent is able to communicate with the registered fingerprint server, the first protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and
  
  upon the first protect agent detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 18, wherein the lightweight fingerprint database of registered fingerprints is located locally at the site of the first protect agent.
  - 20. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 18, wherein the fingerprint compression includes generating raw fingerprints by removing metadata associated with the registered fingerprints.
  - 21. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 20, wherein the fingerprint compression includes storing the registered fingerprints in a probabilistic data structure.
  - 22. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 21, wherein the probabilistic data structure is a Bloom filter.
  - 23. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 18, wherein the registered fingerprint server further updates the lightweight fingerprint database.
  - 24. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 23, wherein the lightweight fingerprint database receives updates from the registered fingerprint server utilizing a network.
  - 25. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 24, wherein the network includes a local network.
  - 26. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 24, wherein the network includes public internet.
  - 27. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 24, wherein the network includes a combination of the local network and the public internet.
  - 28. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 24, wherein the registered fingerprint server further updates the lightweight fingerprint database using a diff approach, whereby the first protect agent communicates a current version of an associated lightweight fingerprint database to the registered fingerprint server, and the registered fingerprint server responds with a relational information to update the lightweight fingerprint database.
  - 29. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 18, wherein the first protect agent communicates with the registered fingerprint server utilizing a network.
  - 30. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 29, wherein the network includes at least one of a local network or public internet, such that:
    - the first protect agent communicates with the registered fingerprint server utilizing the local network when the first protect agent is connected to the local network; and
      
      otherwise, the first protect agent communicates with the registered fingerprint server that operates as a hosted service provider, when the first protect agent is disconnected from the local network.
  - 31. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 18, wherein the overhead information includes metadata associated with the fingerprint comparison positives.

32. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point, and further wherein the first protect agent generates a first set of client fingerprints representing the input information;
  
  a lightweight fingerprint database of registered fingerprints situated locally at the site of the first protect agent, wherein the registered fingerprints are generated from the organization'"'"'s secure information, wherein the lightweight fingerprint database of registered fingerprints includes lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  means for comparing the first set of client fingerprints against the lightweight fingerprint database of registered fingerprints; and
  
  a registered fingerprint server containing the registered fingerprints,upon the first protect agent detecting one or more positives during the comparison and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and
  
  upon the first protect agent detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
- View Dependent Claims (33, 34)
- - 33. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 32, wherein the egress point is selected from the group consisting of:
    - a printer;
      
      a removable data storage medium;
      
      a clipboard associated with a local operating system;
      
      an email server connected to the network;
      
      a print server connected to the network; and
      
      a network appliance connected to the network.
  - 34. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 32, wherein the security action includes at least one of:
    - preventing the input information from being disclosed;
      
      logging the event as a security violation;
      
      requiring a password from the user to allow the input information to be disclosed;
      
      blocking the user'"'"'s access to the input information;
      
      sending out a security alert;
      
      orintegration of the input information with rights management information.

35. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- a computer implemented first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point;
  
  a lightweight fingerprint database stored in a computer readable medium, wherein-registered fingerprints are generated from the organization'"'"'s secure information, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  a computer implemented comparator for comparing a first set of client fingerprints associated with the input information received by the first protect agent against the lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data; and
  
  a registered fingerprint server containing the registered fingerprints,wherein upon the comparator detecting one or more positives by the comparison and the first protect agent is able to communicate with the registered fingerprint server, the first protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and
  
  upon the comparator detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
- View Dependent Claims (36)
- - 36. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 35, wherein the lightweight fingerprint database precludes the secure information corresponding to the lightweight fingerprints from being deciphered.

37. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- maintaining the registered fingerprints in a registered fingerprint server, wherein registered fingerprints are generated from the organization'"'"'s secure information; and
  
  implementing a distributed fingerprint service within a network array that includes a plurality of egress points, wherein a protect agent at each of the egress points in the network array performs a fingerprint lookup upon receiving input information for transmission outside of the network array, wherein the input information is transmitted outside of the network array through the egress point,wherein the fingerprint lookup includes the steps of;
  
  comparing a set of client fingerprints associated with the input information against a lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  upon the comparator detecting one or more positives during the comparison and the protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and
  
  upon the comparator detecting one or more positives during the comparison, and the protect agent is unable to communicate with the registered fingerprint server, performing a security action by the protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.

38. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- a network array including a plurality of egress points, wherein input information can be transmitted outside of the given organization through each egress point of the plurality of egress points; and
  
  a fingerprint lookup component implemented at each egress point of the network array, wherein the fingerprint lookup component includes;
  
  a computer implemented protect agent, wherein the protect agent receives the input information for transmission outside of a given organization;
  
  a lightweight fingerprint database stored in a computer readable medium, wherein registered fingerprints are generated from the organization'"'"'s secure information, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
  
  a computer implemented comparator for comparing a first set of client fingerprints associated with the input information received by the first protect agent against the lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data; and
  
  a registered fingerprint server containing the registered fingerprints,wherein upon the comparator detecting one or more positives by the comparison and the protect agent is able to communicate with the registered fingerprint server, the protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and
  
  upon the comparator detecting one or more positives during the comparison, and the protect agent is unable to communicate with the registered fingerprint server, performing a security action by the protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Freedom Solutions Group, LLC
Original Assignee
Workshare Technology Incorporated
Inventors
More, Scott, Beyer, Ilya, Sweeting, Daniel Christopher John
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
ZAIDI, SYED A

Application Number

US12/209,082
Publication Number

US 20100064347A1
Time in Patent Office

1,853 Days
Field of Search

713/186, 726/30
US Class Current

713/186
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Methods and systems for protect agents using distributed lightweight fingerprints

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

169 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for protect agents using distributed lightweight fingerprints

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

169 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links