Classification of security sensitive information and application of customizable security policies
First Claim
Patent Images
1. A method, comprising:
- performing, by one or more computers;
classifying information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive;
in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information;
in response to determining that the data includes security sensitive information, determining at the application level a security policy for the security sensitive information;
applying the security policy at the application level to the security sensitive information, wherein applying the security policy comprises;
determining, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; and
in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level; and
in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted.
2 Assignments
0 Petitions
Accused Products
Abstract
Classification of security sensitive information and application of customizable security policies are described, including classifying information as security sensitive information at an application level, the security sensitive information being associated with a security sensitive category, determining a security policy for the security sensitive information, the security policy being configured to secure the security sensitive information, and applying the security policy to the security sensitive information at the application level, the policy being based on the security sensitive category.
-
Citations
22 Claims
-
1. A method, comprising:
-
performing, by one or more computers; classifying information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information; in response to determining that the data includes security sensitive information, determining at the application level a security policy for the security sensitive information; applying the security policy at the application level to the security sensitive information, wherein applying the security policy comprises; determining, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; and in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level; and
in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
a memory storing executable instructions; a processor configured to execute the instructions to; classify information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information; in response to determining that the data includes security sensitive information, determine at the application level a security policy for the security sensitive information; apply the security policy at the application level to the security sensitive information, wherein to apply the security policy the instructions are executable by the processor to; determine, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level; and in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted.
-
-
17. A method, comprising:
-
performing by one or more computers; classifying information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information; in response to determining that the data includes security sensitive information, determining at the application level a security policy specifying public key encryption for the security sensitive information; applying the security policy at the application level to the security sensitive information, wherein applying the security policy comprises; determining, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level according to the public key encryption specified by the security policy; and in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted. - View Dependent Claims (18, 19)
-
-
20. A system, comprising:
-
one or more computers, comprising; a classification module executable on said one or more computers, the classification module configured to classify information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, and wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; wherein the classification module is further configured to, in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information wherein the classification module is further configured to, in response to determining that the data includes security sensitive information, determining at the application level a security policy specifying public key encryption for the security sensitive information; a policy application module executable on said one or more computers, the policy application module configured to apply the security policy at the application level to the security sensitive information, wherein to apply the security policy the policy application module is further configured to; determine, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypt the security sensitive information at the application level according to the public key encryption specified by the security policy; and an application interface module executable on said one or more computers to, in response to a determination at the application level that the domain is trusted, send said encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted.
-
-
21. A non-transitory computer readable storage medium storing computer instructions that when executed by a computer implement:
-
classifying information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information; in response to determining that the data includes security sensitive information, determining at the application level a security policy for the security sensitive information; applying the security policy at the application level to the security sensitive information, wherein applying the security policy comprises; determining, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level; and in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted.
-
-
22. A non-transitory computer readable storage medium storing computer instructions that when executed by a computer implement:
-
classifying information as security sensitive at an application level of an application, the security sensitive information being associated with a security sensitive category, wherein the security sensitive information is either user-specified as security sensitive or system-specified as security sensitive; in response to an attempt to send data over a network to a domain via the application, determining at the application level whether the data includes any information classified as security sensitive information; in response to determining that the data includes security sensitive information, determining at the application level a security policy specifying public key encryption security sensitive information; applying the security policy at the application level to the security sensitive information wherein applying the security policy comprises; determining, at the application level, whether the security sensitive information is to be sent over a secure transport layer and whether the domain is trusted; in response to determining that the security sensitive information is not to be sent over the secure transport layer, encrypting the security sensitive information at the application level according to the public key encryption specified by the security policy; and in response to determining at the application level that the domain is trusted, sending the encrypted security sensitive information to that domain, wherein the encrypted security sensitive information is not sent to the domain if the domain is not determined at the application level to be trusted.
-
Specification