Method, a system, and an apparatus for content security in computer networks

US 8,776,206 B1
Filed: 09/02/2005
Issued: 07/08/2014
Est. Priority Date: 10/18/2004
Status: Active Grant

First Claim

Patent Images

1. A system for controlling data transfers in a network comprising:

a protective device for controlling data transfers in the network comprising;

a first importing device coupled to said network and that is configured for identifying protected data residing in computer operating system files;

a second importing device coupled to said network for identifying excluded data and wherein excluded data is excluded from the protected data;

an outgoing transmission inspection/comparing device coupled to said network to read and inspect all content of a data transmission out of said network, including protected and excluded content, said outgoing transmission inspection/comparing device for comparing all content anywhere in a data stream to be transmitted out of said network with said protected data, said outgoing transmission inspection/comparing device detecting the presence of protected data in said content in said outgoing transmission, said outgoing transmission inspection/comparing device indicating a security breach when at least a threshold amount of said detected protected data of said content to be transmitted matches data of said protected data, wherein the outgoing transmission is interrupted when the threshold amount of protected data is found, and the outgoing transmission that is not a part of the threshold amount of protected data is transmitted out of the network;

an administrator interface for defining on which data streams said inspection device will perform certain pre-defined actions;

said administrator interface defining data streams by setting one or more attributes, including presence of encryption.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method, a system, and an apparatus for protecting data in a computer network. A device is placed on a network edge in such a way, that all outgoing data has to pass through it. Separately, a set of protected files that are not allowed to leave the network is defined. The device checks the passing data for the presence of the data from the defined set (protected data). If a threshold amount of the protected data is present, the device interrupts the connection or takes another appropriate action.

56 Citations

View as Search Results

20 Claims

1. A system for controlling data transfers in a network comprising:
- a protective device for controlling data transfers in the network comprising;
  
  a first importing device coupled to said network and that is configured for identifying protected data residing in computer operating system files;
  
  a second importing device coupled to said network for identifying excluded data and wherein excluded data is excluded from the protected data;
  
  an outgoing transmission inspection/comparing device coupled to said network to read and inspect all content of a data transmission out of said network, including protected and excluded content, said outgoing transmission inspection/comparing device for comparing all content anywhere in a data stream to be transmitted out of said network with said protected data, said outgoing transmission inspection/comparing device detecting the presence of protected data in said content in said outgoing transmission, said outgoing transmission inspection/comparing device indicating a security breach when at least a threshold amount of said detected protected data of said content to be transmitted matches data of said protected data, wherein the outgoing transmission is interrupted when the threshold amount of protected data is found, and the outgoing transmission that is not a part of the threshold amount of protected data is transmitted out of the network;
  
  an administrator interface for defining on which data streams said inspection device will perform certain pre-defined actions;
  
  said administrator interface defining data streams by setting one or more attributes, including presence of encryption.

2. A system for controlling data transfers in a network comprising:
- a protective device for controlling data transfers in the network comprising;
  
  a storage device configured for storing an automatically generated search index of protected data residing in computer operating system files;
  
  an outgoing transmission inspection device coupled to the network to read and inspect all content transmissions out of the network, the inspection device for comparing said content of said data to be transmitted out of the network with the search index stored in the storage device the outgoing transmission inspection device detecting the presence of any part of the protected data in said content of said outgoing transmission, the outgoing transmission inspection device outputting a signal indicating a security breach when at least a threshold amount of the detected protected data to be transmitted matches protected data with the index in the storage device,wherein the outgoing transmission is interrupted when the threshold amount of protected data is found, and the outgoing transmission that is not a part of the threshold amount of protected data is transmitted out of the network.
- View Dependent Claims (3, 4, 5)
- - 3. The system of claim 2 further including a device coupled to the network for creating the search index of the protected data.
  - 4. The system of claim 2 further including means of alerting security personnel on the security breach signal.
  - 5. The system of claim 2 further including means of stopping transmission of the transmitted data on the security breach signal.

6. A system for controlling data transfers in a network comprising:
- a protective device for controlling data transfers in the network comprising;
  
  a storage device configured for storing automatically generated digital digests of protected data residing in computer operating system files;
  
  means for initializing a relational database query to select the protected data before fingerprinting it;
  
  an outgoing transmission inspection device coupled to the network to read and inspect all content transmissions out of the network, the inspection device computing digital digests on the content of the data to be transmitted out of the network, the outgoing transmission inspection device comparing digital digests on the content of the data to be transmitted out of the network with the digital digests, stored in the storage device, the outgoing transmission inspection device detecting the presence of digital digests of any part of the protected data in the content of said outgoing transmission, the outgoing transmission inspection device outputting a signal indicating a security breach when at least a threshold amount of the detected digital digests on the content of the data to be transmitted matches digital digests in the storage device,wherein the outgoing transmission is interrupted when the threshold amount of protected data is found, and the outgoing transmission that is not a part of the threshold amount of protected data is transmitted out of the network.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The system of claim 6 further including a device coupled to the network for computing the digital digests of the protected data.
  - 8. The system of claim 6 further including means of alerting security personnel on the security breach signal.
  - 9. The system of claim 6 further including means of stopping transmission of the transmitted data on the security breach signal.
  - 10. The system of claim 6, further comprising an administrative interface for specifying inspection rules.
  - 11. The system of claim 6, where protected data takes a form of computer files and multiple digital digests are computed for each file.
  - 12. The system of claim 6, where protected data takes a form of database queries output and multiple digital digests are computed for each database query output.
  - 13. The system of claim 11, further including a device coupled to the network for computing the digital digests of the protected data.

14. A method of controlling data transfer in a network comprising:
- in a protection device;
  
  controlling data transfers in the network by;
  
  identifying certain data in the network as protected data;
  
  automatically computing a search index on the protected data residing in computer operating system files;
  
  storing the search index in a permanent storage;
  
  read and inspect all content of the data in an attempt to transmit outgoing data out of the network;
  
  searching for the protected data in the content of the data to be transmitted out of the network;
  
  detecting any part of the text of the protected data in the content of the outgoing data;
  
  outputting a signal indicating a security breach when at least a threshold level of the detected protected data to be transmitted matches content in the data in the protected data,wherein the outgoing data is interrupted when the threshold level of protected data is found, and wherein the outgoing data that is not a part of the threshold level of protected data is transmitted out of the network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising a step of specifying rules to be used by a protection device, the rules based on parameters from the set:
    - transmission source IP addresstransmission destination IP addresstransmission source emailtransmission destination emailtimedateapplication level protocol.
  - 16. The method of claim 15, further including a step of initializing a database query in order to select the protected data.
  - 17. The method of claim 15, further including a step of alerting security personnel upon the security breach signal.
  - 18. The method of claim 15, further including a step of stopping transmission of the data to be transmitted on the security breach signal.
  - 19. The method of claim 15, where protected data takes a form of computer files and multiple digital digests are computed for each file.
  - 20. The method of claim 15, where protected data takes a form of database queries output and multiple digital digests are computed for each database query output.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GTB Technologies Incorporated
Original Assignee
GTB Technologies Incorporated
Inventors
Goldstein, Leonid
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US11/219,615
Time in Patent Office

3,231 Days
Field of Search

726/11, 726/12, 726/13, 726/30, 713/154
US Class Current

726/11
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

Method, a system, and an apparatus for content security in computer networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, a system, and an apparatus for content security in computer networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links