System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof

US 8,862,752 B2
Filed: 04/11/2007
Issued: 10/14/2014
Est. Priority Date: 04/11/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

identifying, by a processor, a request from a remote computer to transfer data over a network connection;

determining, by the processor, a location from which the data is sought to be transferred;

comparing, by the processor, the location of the data to a list of predefined locations for which data transfers are allowed;

identifying, by the processor, a destination address to which the data is sought to be transferred;

comparing, by the processor, the destination address to the list of predefined locations for which data transfers are allowed;

calculating, by the processor, a hash of the data; and

preventing, by the processor, the transfer of the data if both the location from which the data is sought to be transferred and the destination address to which the data is sought to be transferred are not in the list of predefined locations for which data transfers are allowed, wherein the preventing the transfer of the data prevents data leakage of confidential information.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for conditionally preventing the transfer of data. In use, a request to transfer data is identified. In addition, a location of the data is determined. Further, the transfer of the data is conditionally prevented based on the location.

Citations

41 Claims

1. A computer-implemented method, comprising:
- identifying, by a processor, a request from a remote computer to transfer data over a network connection;
  
  determining, by the processor, a location from which the data is sought to be transferred;
  
  comparing, by the processor, the location of the data to a list of predefined locations for which data transfers are allowed;
  
  identifying, by the processor, a destination address to which the data is sought to be transferred;
  
  comparing, by the processor, the destination address to the list of predefined locations for which data transfers are allowed;
  
  calculating, by the processor, a hash of the data; and
  
  preventing, by the processor, the transfer of the data if both the location from which the data is sought to be transferred and the destination address to which the data is sought to be transferred are not in the list of predefined locations for which data transfers are allowed, wherein the preventing the transfer of the data prevents data leakage of confidential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the request includes a request to transfer the data from a first location to a second different location.
  - 3. The method of claim 1, wherein the request includes a request to copy the data from a first location and store the copy of the data in a second different location.
  - 4. The method of claim 1, wherein the request to transfer the data is initiated by an application.
  - 5. The method of claim 1, wherein the transfer of the data is prevented if the location of the data includes a protected location.
  - 6. The method of claim 1, wherein the transfer of the data is allowed if the location of the data includes an unprotected location.
  - 7. The method of claim 1, wherein the transfer of the data is conditionally prevented based on at least one rule associated with the location of the data.
  - 8. The method of claim 1, wherein the request to transfer the data is identified utilizing a data transfer controller.
  - 9. The method of claim 8, wherein the data transfer controller is located at a data access point of a device in which the data is located.
  - 10. The method of claim 1, further comprising generating, by the processor, metadata associated with the data.
  - 11. The method of claim 1, further comprising comparing, by the processor, the hash to a plurality of predetermined hashes.
  - 12. The method of claim 1, wherein the location of the data is determined based, at least, on metadata, wherein the metadata includes the location of the data, a size of the data, an inode of the data, a type of the data, open modes of the data, and portions of the data previously accessed.
  - 13. The method of claim 1, wherein the location of the data is determined based, at least, on metadata, wherein the metadata identifies at least one of a protected location in which the data requested to be transferred is located, and an unprotected location in which the data requested to be transferred is located.
  - 14. The method of claim 1, wherein a metadata generator located at a data access point of an operating system kernel intercepts the request to transfer the data and generates metadata.
  - 15. The method of claim 14, wherein the metadata generator transmits the metadata to a metadata repository that includes a database, and the metadata repository stores the metadata in the database in association with a unique identifier of the data.

16. A computer program product embodied on a non-transitory tangible computer readable medium for performing operations, comprising:
- identifying a request from a remote computer to transfer data;
  
  determining a location from which the data is sought to be transferred;
  
  comparing the location of the data to a list of predefined locations for which data transfers are allowed;
  
  identifying a destination address to which the data is sought to be transferred;
  
  comparing the destination address to the list of predefined locations for which data transfers are allowed;
  
  calculating a hash of the data; and
  
  preventing the transfer of the data if both the location from which the data is sought to be transferred and the destination address to which the data is sought to be transferred are not in the list of predefined locations for which data transfers are allowed, wherein the preventing the transfer of the data prevents data leakage of confidential information.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The computer program product of claim 16, wherein the request includes a request to transfer the data from a first location to a second different location.
  - 18. The computer program product of claim 16, wherein the request includes a request to copy the data from a first location and store the copy of the data in a second different location.
  - 19. The computer program product of claim 16, wherein the transfer of the data is prevented if the location of the data includes a protected location.
  - 20. The computer program product of claim 16, wherein the transfer of the data is allowed if the location of the data includes an unprotected location.
  - 21. The computer program product of claim 16, wherein the transfer of the data is conditionally prevented based on at least one rule associated with the location of the data.
  - 22. The computer program product of claim 16, the operations further comprising generating metadata associated with the data.
  - 23. The computer program product of claim 16, the operations further comprising comparing the hash to a plurality of predetermined hashes.
  - 24. The computer program product of claim 16, wherein the location of the data is determined based, at least, on metadata, wherein the metadata includes the location of the data, a size of the data, an inode of the data, a type of the data, open modes of the data, and portions of the data previously accessed.
  - 25. The computer program product of claim 16, wherein the location of the data is determined based, at least, on metadata, wherein the metadata identifies at least one of a protected location in which the data requested to be transferred is located, and an unprotected location in which the data requested to be transferred is located.

26. A system, comprising:
- a memory; and
  
  a processor coupled to the memory, the processor for performing operations associated with the system, including;
  
  identifying a request from a remote computer to transfer data over a network connection;
  
  determining a location from which the data is sought to be transferred;
  
  comparing the location of the data to a list of predefined locations for which data transfers are allowed;
  
  identifying a destination address to which the data is sought to be transferred;
  
  comparing the destination address to the list of predefined locations for which data transfers are allowed;
  
  calculating a hash of the data; and
  
  preventing the transfer of the data if both the location from which the data is sought to be transferred and the destination address to which the data is sought to be transferred are not in the list of predefined locations for which data transfers are allowed, wherein the preventing the transfer of the data prevents data leakage of confidential information.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 27. The system of claim 26, further comprising the memory coupled to the processor via a bus.
  - 28. The system of claim 26, wherein the request includes a request to transfer the data from a first location to a second different location.
  - 29. The system of claim 26, wherein the request includes a request to copy the data from a first location and store the copy of the data in a second different location.
  - 30. The system of claim 26, wherein the request to transfer the data is initiated by an application.
  - 31. The system of claim 26, wherein the transfer of the data is prevented if the location of the data includes a protected location.
  - 32. The system of claim 26, wherein the transfer of the data is allowed if the location of the data includes an unprotected location.
  - 33. The system of claim 26, wherein the transfer of the data is conditionally prevented based on at least one rule associated with the location of the data.
  - 34. The system of claim 26, wherein the request to transfer the data is identified utilizing a data transfer controller.
  - 35. The system of claim 34, wherein the data transfer controller is located at a data access point of a device in which the data is located.
  - 36. The system of claim 26, the operations further comprising generating metadata associated with the data.
  - 37. The system of claim 26, the operations further comprising comparing the hash to a plurality of predetermined hashes.
  - 38. The system of claim 26, wherein the location of the data is determined based, at least, on metadata, wherein the metadata includes the location of the data, a size of the data, an inode of the data, a type of the data, open modes of the data, and portions of the data previously accessed.
  - 39. The system of claim 26, wherein the location of the data is determined based, at least, on metadata, wherein the metadata identifies at least one of a protected location in which the data requested to be transferred is located, and an unprotected location in which the data requested to be transferred is located.
  - 40. The system of claim 26, wherein a metadata generator located at a data access point of an operating system kernel intercepts the request to transfer the data and generates metadata.
  - 41. The system of claim 40, wherein the metadata generator transmits the metadata to a metadata repository that includes a database, and the metadata repository stores the metadata in the database in association with a unique identifier of the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Das, Sudeep, Paranjape, Sameer Shashikant, Sharma, Pramod
Primary Examiner(s)
SERRAO, RANODHI N

Application Number

US11/734,062
Publication Number

US 20130246557A1
Time in Patent Office

2,743 Days
Field of Search

709/217, 709/229, 711/152
US Class Current

709/229
CPC Class Codes

H04L 67/60 Scheduling or organising th...

H04L 67/63 Routing a service request d...

System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links