Sending out-of-band notifications

US 8,839,350 B1
Filed: 01/25/2012
Issued: 09/16/2014
Est. Priority Date: 01/25/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for sending an out-of-band notification of a security policy enforcement action to a user of a client, the method comprising:

receiving outbound network traffic sent from the client to a server, the outbound network traffic comprising a hypertext transport protocol (HTTP) POST message;

analyzing the HTTP POST message to determine whether the message contains data violating a data loss prevention (DLP) policy of an enterprise with which the client is associated;

responsive to a determination that the message contains data violating the DLP policy, performing an enforcement action by blocking the message from reaching the server or redacting the data violating the DLP policy from the message;

inserting an out-of-band notification message describing the enforcement action into a response to the outbound network traffic; and

sending the response including the inserted out-of-band notification message to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Out-of-band notifications are used to inform users of clients of security policy enforcement actions, such as enforcement of a data loss prevention (DLP) policy. Code for instantiating a notification agent at a client used by a user is inserted into network traffic inbound to the client. Outbound network traffic sent from the client to a server is monitored for compliance with one or more security policies. If it is determined that the network traffic violates a security policy, an enforcement action is taken. An out-of-band notification message describing the enforcement action is inserted into a response to the outbound network traffic and sent to the client. The notification agent at the client receives the notification message and presents the message to the user.

261 Citations

16 Claims

1. A computer-implemented method for sending an out-of-band notification of a security policy enforcement action to a user of a client, the method comprising:
- receiving outbound network traffic sent from the client to a server, the outbound network traffic comprising a hypertext transport protocol (HTTP) POST message;
  
  analyzing the HTTP POST message to determine whether the message contains data violating a data loss prevention (DLP) policy of an enterprise with which the client is associated;
  
  responsive to a determination that the message contains data violating the DLP policy, performing an enforcement action by blocking the message from reaching the server or redacting the data violating the DLP policy from the message;
  
  inserting an out-of-band notification message describing the enforcement action into a response to the outbound network traffic; and
  
  sending the response including the inserted out-of-band notification message to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein inserting the out-of-band notification message comprises:
    - inserting one or more headers describing the notification message into a HTTP RESPONSE message that forms a response to the HTTP POST message in the received outbound network traffic.
  - 3. The method of claim 2, wherein the inserted headers comprise one or more headers marked as containing information that is not part of a HTTP standard.
  - 4. The method of claim 1, wherein the inserted out-of-band notification message comprises a digital signature that serves to authenticate the notification message.
  - 5. The method of claim 1, further comprising:
    - receiving inbound network traffic from the server to the client;
      
      analyzing the received inbound network traffic; and
      
      selectively injecting agent code into the inbound network traffic responsive to the analysis of the received inbound network traffic, the agent code adapted to execute at the client to instantiate a notification agent at the client, the notification agent adapted to receive the inserted out-of-band notification message and present the notification message to a user of the client.
  - 6. The method of claim 5, wherein analyzing the received inbound network traffic comprises examining the inbound network traffic from the server to the client to detect inbound network traffic containing a web page acting as an anchor page for a web application provided by the server and the selectively injecting injects the agent code into the web page acting as the anchor page for the web application and does not inject the agent code into web pages not acting as the anchor page for the web application.

7. A non-transitory computer-readable storage medium storing executable computer program instructions for sending an out-of-band notification of a security policy enforcement action to a user of a client, the instructions executable to perform steps comprising:
- receiving outbound network traffic sent from the client to a server, the outbound network traffic comprising a hypertext transport protocol (HTTP) POST message;
  
  analyzing the HTTP POST message to determine whether the message contains data violating a data loss prevention (DLP) policy of an enterprise with which the client is associated;
  
  responsive to a determination that the message contains data violating the DLP policy, performing an enforcement action by blocking the message from reaching the server or redacting the data violating the DLP policy from the message;
  
  inserting an out-of-band notification message describing the enforcement action into a response to the outbound network traffic; and
  
  sending the response including the inserted out-of-band notification message to the client.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer-readable storage medium of claim 7, wherein inserting the out-of-band notification message comprises:
    - inserting one or more headers describing the notification message into a HTTP RESPONSE message that forms a response to the HTTP POST message in the received outbound network traffic.
  - 9. The computer-readable storage medium of claim 7, wherein the inserted out-of-band notification message comprises a digital signature that serves to authenticate the notification message.
  - 10. The computer-readable storage medium of claim 7, further comprising:
    - receiving inbound network traffic from the server to the client;
      
      analyzing the received inbound network traffic; and
      
      selectively injecting agent code into the inbound network traffic responsive to the analysis of the received inbound network traffic, the agent code adapted to execute at the client to instantiate a notification agent at the client, the notification agent adapted to receive the inserted out-of-band notification message and present the notification message to a user of the client.
  - 11. The computer-readable storage medium of claim 10, wherein analyzing the received inbound network traffic comprises examining the inbound network traffic from the server to the client to detect inbound network traffic containing a web page acting as an anchor page for a web application provided by the server and the selectively injecting injects the agent code into the web page acting as the anchor page for the web application and does not inject the agent code into web pages not acting as the anchor page for the web application.

12. A computer system for sending an out-of-band notification of a security policy enforcement action to a user of a client, the computer system comprising:
- a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for;
  
  receiving outbound network traffic sent from the client to a server;
  
  receiving inbound network traffic from the server to the client, the inbound network traffic including a response to the outbound network traffic;
  
  analyzing the received inbound network traffic;
  
  selectively injecting agent code into the inbound network traffic responsive to the analysis of the inbound network traffic, the agent code adapted to execute at the client to instantiate a notification agent at the client, the notification agent adapted to receive the inserted out-of-band notification message and present the notification message to the user of the client;
  
  analyzing the HTTP POST message to determine whether the message contains data violating a data loss prevention (DLP) policy of an enterprise with which the client is associated;
  
  responsive to a determination that the message contains data violating the DLP policy, performing an enforcement action by blocking the message from reaching the server or redacting the data violating the DLP policy from the message;
  
  inserting an out-of-band notification message describing the enforcement action into the response to the outbound network traffic; and
  
  sending the response including the inserted out-of-band notification message to the client; and
  
  a processor for executing the computer program instructions.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein inserting the out-of-band notification message comprises:
    - inserting one or more headers describing the notification message into a HTTP RESPONSE message that forms a response to the HTTP POST message in the received outbound network traffic.
  - 14. The system of claim 13, wherein the inserted headers comprise one or more headers marked as containing information that is not part of a HTTP standard.
  - 15. The system of claim 12, wherein the inserted out-of-band notification message comprises a digital signature that serves to authenticate the notification message.
  - 16. The system of claim 12, wherein analyzing the HTTP POST message comprises examining the inbound network traffic from the server to the client to detect inbound network traffic containing a web page acting as an anchor page for a web application provided by the server, and the selectively injecting injects the agent code into the web page acting as the anchor page for the web application and does not inject the agent code into web pages not acting as the anchor page for the web application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
McNair, D. Trent, Mears, John, Shapcott, David
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/358,501
Time in Patent Office

965 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Sending out-of-band notifications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

261 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Sending out-of-band notifications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

261 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others