Information security implementations with extended capabilities

US 8,918,867 B1
Filed: 03/11/2011
Issued: 12/23/2014
Est. Priority Date: 03/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:

executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;

in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and

restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and

executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;

monitor actions of the other applications identified as accessing sensitive data;

determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and

transmit, in response to determining that the trigger event has occurred, the notification to the central server, whereinthe parameters of the configuration data identify a data file as sensitive based on location of the data file and access permission of the data file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, devices or methods provide for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers. A particular method relates to the execution of software code on the at least one central server to monitor data communications of the plurality of client computers for sensitive data. A subset of the data communications is restricted when sensitive data is detected. Configuration data is provided to each of the plurality of client computers. Software code is executed on each of the plurality of client computers to detect accesses to sensitive data by one or more applications running on a client computer. Actions of the one or more applications running on a client computer are monitored to determine whether or not a trigger event has occurred. In response to determining that the trigger event has occurred, a notification is sent.

92 Citations

View as Search Results

22 Claims

1. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and
  
  executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications identified as accessing sensitive data;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, whereinthe parameters of the configuration data identify a data file as sensitive based on location of the data file and access permission of the data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the monitored actions of the identified other applications includes copying of data to a clipboard, capturing of a screenshot, accessing a portable medium, accessing a printer, accessing email, and accessing a remote website.
  - 3. The method of claim 1, wherein executing software code on the at least one central server is further configured to:
    - designate file storage locations as containing sensitive data;
      
      scan data content stored at the designated file storage locations; and
      
      generate the configuration data based upon the scanned data content.
  - 4. The method of claim 1, wherein the configuration data includes sensitive data definitions and wherein executing software code on each of the plurality of client computers is further to use a viral scanning suite to scan files for data content consistent with the sensitive data definitions.
  - 5. The method of claim 1, further including the step of executing software code on each of the plurality of client computers to establish a security setting that a designated user of a respective one of the plurality of client computers confirms before the access thereto is granted.
  - 6. The method of claim 1, wherein the first set of software code on the at least one central server is further configured to verify correct operation of security software on at least one client computer of the plurality of client computers by:
    - performing actions to trigger a test trigger event at the client computer; and
      
      determining whether the at least one client computer transmits a notification indicating the test trigger event has occurred.
  - 7. The method of claim 1, wherein the first set of software code is configured to cause the at least one central server to encrypt and transmit the subset of the reviewed data communications in response to detecting sensitive data.

8. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
  
  executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications identified as accessing sensitive data;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein;
  
  the notification to the central server includes tagging the sensitive data with information about one or more of the trigger events, the monitored actions and the identified other applications; and
  
  the first set of software code on the at least one central server is configured to;
  
  for each of the monitored data communications, assign a scanning priority based on access permissions of the monitored data communications that are indicated in the notification, where data communication of publically available files are assigned a low scanning priority and data communication of restricted files are assigned a high scanning priority; and
  
  scan the data communications as a function of the assigned scanning priority.

9. A security system comprising:
- a plurality of client computers;
  
  at least one central server coupled to the plurality of client computers and configured to;
  
  provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and
  
  wherein each of the plurality of client computers is configured and arranged toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the security system is configured to, in response to the identifying accesses to sensitive data, tag data files including the sensitive data to provide an indication of a risk-level for the data files.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The system of claim 9, wherein the central server is configured to use known sets of sensitive and non-sensitive data to apply a learning algorithm that defines parameters for detecting sensitive data.
  - 11. The system of claim 9, wherein the client computers are configured to receive the configuration data as part of a viral definitions file that identifies both sensitive data and potential viruses.
  - 12. The system of claim 9, wherein the central server is configured to scan content of directories designated as secure and to identify sensitive content according to results of the scan.
  - 13. The system of claim 9, wherein:
    - the plurality of client computers are configured to process and evaluate the risk-level of the data files according to which trigger events were detected; and
      
      the data files include a first data file associated with a low risk-level and a second data file associated with a high risk-level.
  - 14. The system of claim 9, wherein a trigger event includes one or more of sending data to email groups, uploading files to remote locations, editing sensitive data content, attempts to access restricted data storage locations, inclusion of internal links within external communications, and cut-and-paste with sensitive data in an active window and print screen.
  - 15. The system of claim 9, wherein the plurality of client computers are configured to detect accesses to sensitive data by applications running on the plurality of client computers.
  - 16. The system of claim 9, wherein the security system is configured to categorize the sensitivity level of data according to a creator and a user of the data.
  - 17. The system of claim 16, wherein the sensitivity level of the data is in response to a level of secure access afforded to the creator and the user of the data.
  - 18. The system of claim 16, wherein the plurality of client computers are configured to tag transmitted data, in response to the transmitted data including sensitive data, and wherein the at least one central server is configured to select from a plurality of scan levels in response to the tag.

19. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
  
  executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications identified as accessing sensitive data;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server,executing software code on each of the plurality of client computers to establish a security setting that a designated user of a respective one of the plurality of client computers confirms before the access thereto is granted, and further includingusing security databases as a reference for identifying sensitive data, wherein the databases include keywords, locations, document types, specific content and heuristic signatures to assess and determine a risk level.

20. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
  
  executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications identified as accessing sensitive data;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, further includingusing security databases as a reference for identifying sensitive data, wherein the databases include keywords, locations, document types, specific content and heuristic signatures to assess and determine a risk level.

21. A method for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers, the method comprising:
- executing a first set of software code on the at least one central server, the first set of software code causing the at least one central server toprovide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data;
  
  executing a second set of software code on each of the plurality of client computers, the second set of software code causing each of the plurality of client computers toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications identified as accessing sensitive data;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, wherein the first set of software code is further configured to cause the at least one central server to;
  
  determine ones of the data communications that are higher-risk, based on a respective number of trigger events associated with each of the data communications in the notification and a sensitivity level of each data communication indicated in the notification, where a higher number of trigger events indicates higher risk and higher sensitivity level indicates higher risk; and
  
  prevent transmission data communications determined to be high-risk unless the data communications are encrypted.

22. A security system comprising:
- a plurality of client computers;
  
  at least one central server coupled to the plurality of client computers and configured to;
  
  provide configuration data to each of the plurality of client computers, the configuration data including parameters that define criteria for identifying sensitive data and trigger events on the client computers;
  
  in response to a notification received from one of the plurality of client computers, monitor data communications of the one of the plurality of client computers for sensitive data by reviewing data communications indicated by the notification; and
  
  restrict transmission for a subset of the reviewed data communications in response to detecting sensitive data; and
  
  wherein each of the plurality of client computers is configured and arranged toidentify other applications, running on the client computer, that access sensitive data matching the criteria indicated by the configuration data;
  
  monitor actions of the other applications;
  
  determine whether or not one of the trigger events, defined by the configuration data, has occurred as a function of a sensitivity level of the sensitive data and the monitored actions; and
  
  transmit, in response to determining that the trigger event has occurred, the notification to the central server, whereinthe notification to the central server includes sensitive data tagged with information about one or more of the trigger events, the monitored actions, and the identified other applications; and
  
  the at least one central server is configured tofor each of the monitored data communications, assign a scanning priority based on access permissions of the monitored data communication that are indicated in the notification, where data communication of publically available files are assigned a low scanning priority and data communication of restricted files are assigned a high scanning priority; and
  
  scan the data communications as a function of the assigned scanning priority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
8X8, Inc.
Original Assignee
8X8, Inc.
Inventors
Salour, Mehdi
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US13/046,025
Time in Patent Office

1,383 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3041   where the computing system ...

G06F 11/3072   where the reporting involve...

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

H04L 63/1425   Traffic logging, e.g. anoma...

Information security implementations with extended capabilities

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Information security implementations with extended capabilities

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links