Method and system for scanning a computer system for sensitive content

US 8,898,774 B2
Filed: 06/25/2009
Issued: 11/25/2014
Est. Priority Date: 06/25/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing a scan of a computer for sensitive data, the computer-implemented method comprising the steps of:

providing a first computer comprising a non-transitory computer-readable medium and a scan manager module;

receiving at the first computer a request from a user to scan a second computer and identify sensitive files stored on the second computer, wherein sensitive files have content that includes at least one category of sensitive information and wherein sensitive information includes data that the user intends to protect from unauthorized access by others;

receiving at the first computer recipient information comprising information identifying intended recipients of a scan report including results of the scan;

using the scan manager module to respond to the request to scan by;

generating a user profile identifying the at least one category of sensitive information and the recipient information;

making the user profile available to a category server for use in creating a scan profile defining scan criteria;

deploying a scan agent to the second computer to conduct the scan of the files of the second computer, the scan conducted based on the scan profile, and identifying the sensitive files based on their content, wherein the scan agent is configured to cause the second computer to remove the scan agent in response to an uninstall request received from the category server and the category server is configured to provide, upon completion of the scan, repeated uninstall requests to the scan agent until the category server receives an indication of the removal of the scan agent; and

when the scan is complete, making the scan report including results of the scan generated by the category server available to intended recipients based on the recipient information included in the user profile, wherein the scan report includes information about the sensitive files identified by the scan.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for scanning a computer system for sensitive data. A scan manager manages a scan of files of a second computer. The scan manager receives a request to scan and identify files stored on the second computer based on at least one category of sensitive data. The scan manager receives scan report recipient information and generates a user profile based on the at least one category and the recipient information. The scan manager makes the user profile available to a category server for use in creating a scan profile defining the scan criteria and deploys a scan agent to a computer to conduct the scan based on the scan profile. When the scan is complete and upon creation of the scan report, the scan manager makes the scan report available to the intended recipients.

31 Citations

View as Search Results

37 Claims

1. A computer-implemented method for managing a scan of a computer for sensitive data, the computer-implemented method comprising the steps of:
- providing a first computer comprising a non-transitory computer-readable medium and a scan manager module;
  
  receiving at the first computer a request from a user to scan a second computer and identify sensitive files stored on the second computer, wherein sensitive files have content that includes at least one category of sensitive information and wherein sensitive information includes data that the user intends to protect from unauthorized access by others;
  
  receiving at the first computer recipient information comprising information identifying intended recipients of a scan report including results of the scan;
  
  using the scan manager module to respond to the request to scan by;
  
  generating a user profile identifying the at least one category of sensitive information and the recipient information;
  
  making the user profile available to a category server for use in creating a scan profile defining scan criteria;
  
  deploying a scan agent to the second computer to conduct the scan of the files of the second computer, the scan conducted based on the scan profile, and identifying the sensitive files based on their content, wherein the scan agent is configured to cause the second computer to remove the scan agent in response to an uninstall request received from the category server and the category server is configured to provide, upon completion of the scan, repeated uninstall requests to the scan agent until the category server receives an indication of the removal of the scan agent; and
  
  when the scan is complete, making the scan report including results of the scan generated by the category server available to intended recipients based on the recipient information included in the user profile, wherein the scan report includes information about the sensitive files identified by the scan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The computer-implemented method of claim 1, wherein deploying the scan agent further comprises the steps of:
    - receiving at the first computer a message from the category server that the scan profile is complete;
      
      prompting a user to download the scan agent to the second computer.
  - 3. The computer-implemented method of claim 1, further comprising the step of, when the scanning is complete, causing the category server to generate the scan report.
  - 4. The computer-implemented method of claim 1, further comprising the step of using the scan manager module for sending an error notification to at least one selected recipient.
  - 5. The computer-implemented method of claim 4, wherein sending an error notification further comprises the steps of:
    - receiving at the first computer error information and a request to mail the error notification to the at least one selected recipient; and
      
      creating the error notification based on the error information.
  - 6. The computer-implemented method of claim 5, wherein the error information comprises an identification of at least one of the following:
    - a first scan state indicating continued installation of the scan agent;
      
      ora second scan state indicating continued pendency of the scan.
  - 7. The computer-implemented method of claim 4, wherein sending the error notification further comprises the step of creating error notifications in batch form.
  - 8. The computer-implemented method according to claim 4, wherein sending an error notification comprises at least one of the following steps:
    - sending from the first computer a pending scan error notification of a scan in progress for more than a selected time frame;
      
      orsending from the first computer a scan agent error notification for a scan for which an associated scan result has been returned but for which an associated scan agent has not been removed.
  - 9. The computer-implemented method of claim 1, wherein the scan manager module further performs the step of initiating generation of the scan report.
  - 10. The computer-implemented method according to claim 1 further comprising the step of authenticating an identity of the user.
  - 11. The computer-implemented method according to claim 1, wherein the at least one category comprises at least one of the following categories of sensitive data:
    - a mandatory category to be scanned or an optional category to be scanned.
  - 12. The computer-implemented method according to claim 1, wherein the scan manager module further performs the step of displaying a scan history of a user.
  - 13. The computer-implemented method according to claim 1, wherein the scan manager module further performs the step of cancelling the scan.
  - 14. The computer-implemented method of claim 1, wherein sensitive information includes personal information related to the user.
  - 15. The computer-implemented method of claim 1, wherein sensitive files include files stored by the user on the second computer.
  - 16. The computer-implemented method of claim 1, wherein sensitive information includes personal payment card industry information, personal identifiable information, confidential information, financial information, government policy related information, personal history information, personal transaction information, personal property information, or personal intellectual property information.
  - 17. The computer-implemented method of claim 1, further comprising receiving at the first computer a pre-determined list determining the at least one category of sensitive information.
  - 18. The computer-implemented method of claim 17, wherein the pre-determined list includes a mandatory sensitive information type that has to be included in the at least one category of sensitive information.
  - 19. The computer-implemented method of claim 17, wherein the pre-determined list includes an optional sensitive information type that is included in the at least one category of sensitive information, if selected by the user.
  - 20. The computer-implemented method of claim 1,wherein the scan manager module further comprises a user interface;
    - andwherein the at least one category and the recipient information is inputted by a user into the user interface.
  - 21. The computer-implemented method of claim 1, further comprising the step of storing the user profile in at least one database embodied on a second non-transitory computer-readable medium.
  - 22. The computer-implemented method of claim 21, wherein the at least one database is enabled using a structured query language.
  - 23. The computer-implemented method of claim 1, wherein making the scan report available to the intended recipients further comprises the steps of:
    - receiving at the first computer a send request from a category web service, wherein the send request comprises the scan report and a list of the intended recipients of the scan report;
      
      retrieving the list of the intended recipients from the request; and
      
      sending the scan report to the intended recipients.
  - 24. The computer-implemented method of claim 23, wherein sending the scan report to the intended recipients further comprises the steps of:
    - creating a communication comprising the scan report; and
      
      mailing the communication to the intended recipients.
  - 25. The method of claim 24, wherein creating the communication further comprises the steps of:
    - establishing a communication body; and
      
      attaching the scan report to the communication body.

26. A computer program product, comprising:
- a non-transitory computer-readable medium including computer-readable program code comprising instructions adapted to be executed on a first computer comprising a scan manager module and a non-transitory computer-readable medium to implement a method for managing a scan of a computer system for sensitive data, comprising the steps of;
  
  receiving at the first computer a request from a user to scan a second computer and identify sensitive files stored on the second computer, wherein sensitive files have content that includes at least one category of sensitive information and wherein sensitive information includes data that the user intends to protect from unauthorized access by others;
  
  receiving at the first computer recipient information comprising information identifying intended recipients of a scan report including results of the scan;
  
  using the scan manager module to respond to the request to scan by;
  
  generating a user profile identifying the at least one category of sensitive information and the recipient information;
  
  making the user profile available to a category server for use in creating a scan profile defining scan criteria;
  
  deploying a scan agent to the second computer to conduct the scan of the files of the second computer, the scan conducted based on the scan profile, and identifying the sensitive files based on their content, wherein the scan agent is configured to cause the second computer to remove the scan agent in response to an uninstall request received from the category server and the category server is configured to provide, upon completion of the scan, repeated uninstall requests to the scan agent until the category server receives an indication of the removal of the scan agent; and
  
  when the scan is complete, making the scan report including results of the scan generated by the category server available to intended recipients based on the recipient information included in the user profile, wherein the scan report includes information about the sensitive files identified by the scan.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The computer program product of claim 26, wherein said method further comprise the steps of storing the user profile in at least one database embodied on a second non-transitory computer-readable medium.
  - 28. The computer program product of claim 26, wherein deploying the scan agent further comprises the steps of:
    - receiving at the first computer a message from the category server that the scan profile is complete;
      
      prompting a user to download the scan agent to the second computer.
  - 29. The computer program product of claim 26, wherein making the scan report available further comprises the steps up:
    - receiving at the first computer a send request from a category web service, wherein the send request comprises the scan report and a list of the intended recipients of the scan report; and
      
      retrieving the list of the intended recipients from the request; and
      
      sending the scan report to the intended recipients.
  - 30. The computer program product of claim 26, wherein said method further comprises the step of sending an error notification to at least one selected recipient.
  - 31. The computer program product of claim 30, wherein sending the error notification further comprises the steps of:
    - receiving at the first computer error information and a request to mail the error notification to the at least one selected recipient; and
      
      creating the error notification based on the error information.

32. A system for managing a scan of a computer system for sensitive data, said system comprising:
- a first computer comprising a scan manager module and a non-transitory computer-readable medium storing data and instructions;
  
  wherein the scan manager module is configured to access the non-transitory computer-readable medium for the data and the instructions and, when executing the instructions, to perform computer-implemented steps on the first computer for managing a scan of files of a second computer, andwherein said first computer is adapted to;
  
  receive at the first computer a request from a user to scan the second computer and identify sensitive files stored on the second computer, wherein sensitive files have content that includes at least one category of sensitive information and wherein sensitive information includes data that the user intends to protect from unauthorized access by others; and
  
  receive at the first computer recipient information comprising information identifying intended recipients of a scan report including results of the scan; and
  
  wherein said scan manager module is adapted to, in response to the request to scan the second computer;
  
  generate a user profile identifying the at least one category of sensitive information and the recipient information;
  
  make the user profile available to a category server for use in creating a scan profile defining scan criteria;
  
  deploy a scan agent to the second computer to conduct the scan of the files of the second computer, the scan conducted based on the scan profile, and identifying the sensitive files based on their content, wherein the scan agent is configured to cause the second computer to remove the scan agent in response to an uninstall request received from the category server and the category server is configured to provide, upon completion of the scan, repeated uninstall requests to the scan agent until the category server receives an indication of the removal of the scan agent; and
  
  when the scan is complete, make the scan report including results of the scan generated by the category server available to intended recipients based on the recipient information included in the user profile, wherein the scan report includes information about the sensitive files identified by the scan.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The system of claim 32, wherein said system further comprises at least one database;
    - and wherein the scan manager module is further adapted to store the user profile in the at least one database embodied on a second non-transitory computer-readable medium.
  - 34. The system of claim 33, wherein the scan manager module is adapted to deploy the scan agent by:
    - receiving at the first computer a message from the category server that the scan profile is complete;
      
      prompting a user to download the scan agent to the second computer.
  - 35. The system of claim 32, wherein the scan manager module is adapted to make the scan report available by:
    - receiving at the first computer a send request from a category web service, wherein the send request comprises the scan report and a list of the intended recipients of the scan report; and
      
      retrieving the list of the intended recipients from the request; and
      
      sending the scan report to the intended recipients.
  - 36. The system of claim 32, wherein said scan manager module is further adapted to send an error notification to at least one selected recipient.
  - 37. The system of claim 36, wherein the scan manager module is adapted to send the error notifications by:
    - receiving at the first computer error information and a request to mail the error notification to the at least one selected recipient; and
      
      creating the error notification based on the error information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Gianoulakis, George P., LePenske, Eric John, Leonard, Kara, Kaplan, Joseph, Yuan, Wangji, McIlrath, Jeffry
Primary Examiner(s)
GOLDBERG, ANDREW C

Application Number

US12/457,954
Publication Number

US 20100333199A1
Time in Patent Office

1,979 Days
Field of Search

726/26
US Class Current

726/22
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2143   Clearing memory, e.g. to pr...

Method and system for scanning a computer system for sensitive content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for scanning a computer system for sensitive content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links