Methods and systems for protect agents using distributed lightweight fingerprints
First Claim
1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
- implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point;
comparing a first set of client fingerprints associated with the input information received by the first protect agent against a lightweight fingerprint database, wherein registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression;
maintaining the registered fingerprints in a registered fingerprint server;
upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and
upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides methods and systems to protect an organization'"'"'s secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user'"'"'s computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization'"'"'s secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization'"'"'s secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided. In one embodiment, a combined approach, utilizing both the local lightweight fingerprint database and a remote fingerprint server comprising registered fingerprints is used to achieve overall protection of the organization'"'"'s secure information.
169 Citations
38 Claims
-
1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
-
implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point; comparing a first set of client fingerprints associated with the input information received by the first protect agent against a lightweight fingerprint database, wherein registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; maintaining the registered fingerprints in a registered fingerprint server; upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
-
implementing a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point; generating a first set of client fingerprints representing the input information; maintaining a lightweight fingerprint database locally at the site of the first protect agent, wherein registered fingerprints are generated from the organization'"'"'s secure information, wherein the lightweight fingerprint database includes lightweight fingerprints generated from registered fingerprints using a fingerprint compression; comparing the first set of client fingerprints against the lightweight fingerprint database of registered fingerprints; and maintaining the registered fingerprints in a registered fingerprint server; upon detecting one or more positives during the comparison, and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and upon detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information. - View Dependent Claims (16, 17)
-
-
18. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
-
a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point, and further wherein the first protect agent compares a first set of client fingerprints associated with the input information against a lightweight fingerprint database of registered fingerprints, wherein the registered fingerprints are generated from the organization'"'"'s secure information, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; and a registered fingerprint server containing the registered fingerprints, wherein upon the first protect agent detecting one or more positives during the comparison and the first protect agent is able to communicate with the registered fingerprint server, the first protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and upon the first protect agent detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
-
a first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point, and further wherein the first protect agent generates a first set of client fingerprints representing the input information; a lightweight fingerprint database of registered fingerprints situated locally at the site of the first protect agent, wherein the registered fingerprints are generated from the organization'"'"'s secure information, wherein the lightweight fingerprint database of registered fingerprints includes lightweight fingerprints generated from registered fingerprints using a fingerprint compression; means for comparing the first set of client fingerprints against the lightweight fingerprint database of registered fingerprints; and a registered fingerprint server containing the registered fingerprints, upon the first protect agent detecting one or more positives during the comparison and the first protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes information for eliminating false positives detected during the comparison; and upon the first protect agent detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information. - View Dependent Claims (33, 34)
-
-
35. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
-
a computer implemented first protect agent at a first egress point, wherein the first protect agent receives input information for transmission outside of the organization, and wherein the input information is transmitted outside of the organization through the first egress point; a lightweight fingerprint database stored in a computer readable medium, wherein-registered fingerprints are generated from the organization'"'"'s secure information, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; a computer implemented comparator for comparing a first set of client fingerprints associated with the input information received by the first protect agent against the lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data; and a registered fingerprint server containing the registered fingerprints, wherein upon the comparator detecting one or more positives by the comparison and the first protect agent is able to communicate with the registered fingerprint server, the first protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the first protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and upon the comparator detecting one or more positives during the comparison, and the first protect agent is unable to communicate with the registered fingerprint server, performing a security action by the first protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information. - View Dependent Claims (36)
-
-
37. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented method comprising:
-
maintaining the registered fingerprints in a registered fingerprint server, wherein registered fingerprints are generated from the organization'"'"'s secure information; and implementing a distributed fingerprint service within a network array that includes a plurality of egress points, wherein a protect agent at each of the egress points in the network array performs a fingerprint lookup upon receiving input information for transmission outside of the network array, wherein the input information is transmitted outside of the network array through the egress point, wherein the fingerprint lookup includes the steps of; comparing a set of client fingerprints associated with the input information against a lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; upon the comparator detecting one or more positives during the comparison and the protect agent is able to communicate with the registered fingerprint server, transmitting information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and upon the comparator detecting one or more positives during the comparison, and the protect agent is unable to communicate with the registered fingerprint server, performing a security action by the protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
-
-
38. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
-
a network array including a plurality of egress points, wherein input information can be transmitted outside of the given organization through each egress point of the plurality of egress points; and a fingerprint lookup component implemented at each egress point of the network array, wherein the fingerprint lookup component includes; a computer implemented protect agent, wherein the protect agent receives the input information for transmission outside of a given organization; a lightweight fingerprint database stored in a computer readable medium, wherein registered fingerprints are generated from the organization'"'"'s secure information, and further wherein the lightweight fingerprint database stores lightweight fingerprints generated from registered fingerprints using a fingerprint compression; a computer implemented comparator for comparing a first set of client fingerprints associated with the input information received by the first protect agent against the lightweight fingerprint database, each fingerprint of the registered fingerprints and of the first set of client fingerprints representing a specific piece of secure data; and a registered fingerprint server containing the registered fingerprints, wherein upon the comparator detecting one or more positives by the comparison and the protect agent is able to communicate with the registered fingerprint server, the protect agent transmits information about the positives to the registered fingerprint server, and in response the registered fingerprint server provides to the protect agent overhead information corresponding to the positives, wherein the overhead information includes metadata associated with the fingerprint comparison positives; and upon the comparator detecting one or more positives during the comparison, and the protect agent is unable to communicate with the registered fingerprint server, performing a security action by the protect agent, wherein performance of the security action safeguards the organization against unauthorized disclosure of the input information.
-
Specification