Managing data loss prevention policies

US 8,656,455 B1
Filed: 03/31/2011
Issued: 02/18/2014
Est. Priority Date: 03/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for use in managing data loss prevention policies, the method comprising:

providing a device having data loss prevention (DLP) logic based on policies;

at the device, detecting an attempt to perform an action that is prohibited by the DLP logic;

at the device, displaying to a user a first code upon detecting an attempt to perform the action that is prohibited by the DLP logic, wherein the first code is required to obtain a second code that facilitates suspending the policy that prohibited the action;

submitting the first code to a server in exchange for the second code, wherein the server includes the DLP logic;

at the server, generating a second code, wherein the second code is generated by the DLP logic;

at the device, using the second code to enter an override code to allow performance of the action;

at the device, determining the override code to allow performance of the action; and

at the device, suspending the policy that prohibited the action in response to the override code being valid, wherein the suspension of the policy allows performance of the action.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is used in managing data loss prevention policies. A device having data loss prevention (DLP) logic based on policies is provided. An attempt to perform an action that is prohibited by the DLP logic is performed at the device. An override code to allow performance of the action is determined at the device.

22 Citations

View as Search Results

19 Claims

1. A method for use in managing data loss prevention policies, the method comprising:
- providing a device having data loss prevention (DLP) logic based on policies;
  
  at the device, detecting an attempt to perform an action that is prohibited by the DLP logic;
  
  at the device, displaying to a user a first code upon detecting an attempt to perform the action that is prohibited by the DLP logic, wherein the first code is required to obtain a second code that facilitates suspending the policy that prohibited the action;
  
  submitting the first code to a server in exchange for the second code, wherein the server includes the DLP logic;
  
  at the server, generating a second code, wherein the second code is generated by the DLP logic;
  
  at the device, using the second code to enter an override code to allow performance of the action;
  
  at the device, determining the override code to allow performance of the action; and
  
  at the device, suspending the policy that prohibited the action in response to the override code being valid, wherein the suspension of the policy allows performance of the action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein determining an override code further comprises checking a memory location for the override code.
  - 3. The method of claim 1, further comprising:
    - at the device, prompting a user to enter an input before an attempt to perform an action prohibited by the DLP logic is performed.
  - 4. The method of claim 1, further comprising:
    - at the device, prompting a user to enter an override code after an attempt to perform an action prohibited by the DLP logic is performed.
  - 5. The method of claim 1, further comprising:
    - at the device, scanning outgoing data based on policies; and
      
      determining, based on a type of the outgoing data, whether an action is prohibited by the DLP logic.
  - 6. The method of claim 1, further comprising:
    - at the device, prompting the user to enter a justification for performing an action prohibited by the DLP logic.
  - 7. The method of claim 4, further comprising:
    - at the device, sending a request to a server for an override code, wherein the server includes the DLP logic; and
      
      at the device, using the override code received from the server to allow performance of the action.
  - 8. The method of claim 1, wherein the override code includes a one time password.
  - 9. The method of claim 1, wherein the second code expires after the second code is used once at the device.
  - 10. The method of claim 1, wherein the device includes a smart phone.
  - 11. The method of claim 1, wherein the device includes a sensor indicating a location of the device, wherein the override code to allow performance of an action is determined based on the location of the device.
  - 12. The method of claim 1, wherein the device includes a telecommunication device, wherein the telecommunication device communicates with another device to perform an action.

13. A system for use in managing data loss prevention policies, the system comprising:
- first logic providing a device having data loss prevention (DLP) logic based on policies;
  
  second logic detecting, at the device, an attempt to perform an action that is prohibited by the DLP logic;
  
  at the device, third logic displaying to a user a first code upon detecting an attempt to perform the action that is prohibited by the DLP logic, wherein the first code is required to obtain a second code that facilitates suspending the policy that prohibited the action;
  
  fourth logic submitting the first code to a server in exchange for the second code, wherein the server includes the DLP logic;
  
  at the server, fifth logic generating a second code, wherein the second code is generated by the DLP logic;
  
  at the device, sixth logic using the second code to enter an override code to allow performance of the action;
  
  at the device, seventh logic determining the override code to allow performance of the action; and
  
  at the device, eighth logic suspending the policy that prohibited the action in response to the override code being valid, wherein the suspension of the policy allows performance of the action.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the override code includes a one time password.
  - 15. The system of claim 13, wherein the device includes a smart phone.
  - 16. The system of claim 13, wherein the device includes a sensor indicating a location of the device, wherein the override code to allow performance of an action is determined based on the location of the device.
  - 17. The system of claim 13, wherein the device includes a telecommunication device, wherein the telecommunication device communicates with another device to perform an action.
  - 18. The system of claim 13, further comprising:
    - ninth logic prompting, at the device, a user to enter an input before an attempt to perform an action prohibited by the DLP logic is performed.
  - 19. The system of claim 13, further comprising:
    - tenth logic prompting, at the device, a user to enter an override code after an attempt to perform an action prohibited by the DLP logic is performed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Bailey, Daniel V., Bell, John P. II, Navare, Siddharth, Pedasingu, Vishnu C., Pidva, Rishi
Primary Examiner(s)
Harriman, Dant Shaifer

Application Number

US13/076,619
Time in Patent Office

1,055 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04W 12/02   Protecting privacy or anony...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Managing data loss prevention policies

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Managing data loss prevention policies

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links