Systems and methods for enforcing data-loss-prevention policies using mobile sensors

US 8,925,037 B2
Filed: 01/02/2013
Issued: 12/30/2014
Est. Priority Date: 01/02/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

detecting an attempt by a user to access sensitive data on a mobile computing device;

collecting, via at least one sensor of the mobile computing device, audio sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;

determining a privacy level of the environment by comparing the audio sensor data with a set of predefined audio profiles of environments, whereina first predefined audio profile within the set of predefined audio profiles is correlated with a first risk of data loss;

a second predefined audio profile within the set of predefined audio profiles is correlated with a second risk of data loss that is different than the first risk of data loss;

restricting, based at least in part on the privacy level of the environment determined by comparing the audio sensor data with the set of predefined audio profiles, the attempt by the user to access the sensitive data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed.

Citations

20 Claims

1. A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting an attempt by a user to access sensitive data on a mobile computing device;
  
  collecting, via at least one sensor of the mobile computing device, audio sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  determining a privacy level of the environment by comparing the audio sensor data with a set of predefined audio profiles of environments, whereina first predefined audio profile within the set of predefined audio profiles is correlated with a first risk of data loss;
  
  a second predefined audio profile within the set of predefined audio profiles is correlated with a second risk of data loss that is different than the first risk of data loss;
  
  restricting, based at least in part on the privacy level of the environment determined by comparing the audio sensor data with the set of predefined audio profiles, the attempt by the user to access the sensitive data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the privacy level of the environment represents a privacy classification of the environment.
  - 3. The method of claim 1, wherein determining the privacy level of the environment further comprises using the audio sensor data to identify a venue type of the environment that comprises a risk factor for data loss.
  - 4. The method of claim 3, wherein:
    - the audio sensor data indicates a geographic location of the environment;
      
      using the audio sensor data to identify the venue type of the environment comprises querying a venue-type database using the geographic location for the venue type of the environment.
  - 5. The method of claim 1, wherein the sensor of the mobile computing device comprises at least one of:
    - an audio sensor,a microphone;
      
      a network sensor;
      
      a proximity sensor.
  - 6. The method of claim 5, wherein collecting the audio sensor data comprises collecting the audio sensor data before, when, or after the attempt by the user to access the sensitive data is detected.
  - 7. The method of claim 5, wherein collecting the audio sensor data comprises collecting the audio sensor data at times unrelated to the attempt by the user to access the sensitive data.
  - 8. The method of claim 1, wherein restricting the attempt by the user to access the sensitive data comprises restricting the attempt by the user to access the sensitive data according to a data-loss-prevention (DLP) policy.
  - 9. The method of claim 8, wherein restricting the attempt by the user to access the sensitive data according to the DLP policy comprises at least one of:
    - gathering additional authentication information from the user before allowing the user to access the sensitive data;
      
      limiting an amount of time that the user has access to the sensitive data;
      
      preventing the user from accessing the sensitive data when the computing device is in certain orientations or positions associated with the environment.
  - 10. The method of claim 8, wherein restricting the attempt by the user to access the sensitive data according to the DLP policy comprises allowing the user to access the sensitive data only through a secure application running on the mobile computing device that encrypts the sensitive data.
  - 11. The method of claim 8, wherein restricting the attempt by the user to access the sensitive data according to the DLP policy comprises prohibiting the user from at least one of copying, saving, or emailing the sensitive data.
  - 12. The method of claim 1, wherein:
    - collecting the audio sensor data comprises;
      
      collecting, prior to the attempt by the user to access the sensitive data, past audio sensor data that is indicative of the environment in which the user is attempting to access the sensitive data;
      
      collecting, in response to the attempt by the user to access the sensitive data, present audio sensor data that is indicative of the environment in which the user is attempting to access the sensitive data;
      
      determining the privacy level of the environment comprises comparing the past audio sensor data with the present audio sensor data.
  - 13. The method of claim 1, wherein:
    - the audio sensor data further indicates a geographic location of the environment;
      
      determining the privacy level of the environment further comprises;
      
      querying a remote source using the geographic location of the environment for additional information about the environment;
      
      using the additional information to determine the privacy level of the environment.
  - 14. The method of claim 1, further comprising reporting to an administrator at least one of:
    - the environment in which the user is attempting to access the sensitive data;
      
      the privacy level of the environment.

15. A system for enforcing data-loss-prevention policies using mobile sensors, the system comprising:
- a detection module programmed to detect an attempt by a user to access sensitive data on a mobile computing device;
  
  a collection module programmed to collect, via at least one sensor of the mobile computing device, image sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  a determination module programmed to determine a privacy level of the environment by determining a number or proximity of people in the environment based at least in part on the image sensor data, wherein;
  
  a first number or proximity of people in the environment is correlated with a first risk of data loss;
  
  a second number or proximity of people in the environment is correlated with a second risk of data loss that is different than the first risk of data loss;
  
  a restricting module programmed to restrict, based at least in part on the privacy level of the environment determined by determining the number or proximity of people in the environment based on the image sensor data, the attempt by the user to access the sensitive data;
  
  at least one computer processor that executes the detection module, the collection module, the determination module, and the restricting module.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the privacy level of the environment represents a privacy classification of the environment.
  - 17. The system of claim 15, wherein the determination module is further programmed to determine the privacy level of the environment by using the image sensor data to identify a venue type of the environment that comprises a risk factor for data loss.
  - 18. The system of claim 15, wherein the sensor of the mobile computing device comprises at least one of:
    - a network sensor;
      
      a light sensor;
      
      an image sensor;
      
      a proximity sensor.
  - 19. The system of claim 15, wherein the determination module is programmed to determine the number or proximity of people in the environment based at least in part on the image sensor data by using a facial recognition system to determine the number or proximity of people in the environment.

20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- detect an attempt by a user to access sensitive data on a mobile computing device;
  
  collect, via at least one sensor of the mobile computing device, audio sensor data that is indicative of an environment in which the user is attempting to access the sensitive data;
  
  determine a privacy level of the environment by comparing the audio sensor data with a set of predefined audio profiles of environments, whereina first predefined audio profile within the set of predefined audio profiles is correlated with a first risk of data loss;
  
  a second predefined audio profile within the set of predefined audio profiles is correlated with a second risk of data loss that is different than the first risk of data loss;
  
  restrict, based at least in part on the privacy level of the environment determined by comparing the audio sensor data with the set of predefined audio profiles, the attempt by the user to access the sensitive data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Marino, Daniel, Shou, Darren, McCorkendale, Bruce
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/733,131
Publication Number

US 20140189784A1
Time in Patent Office

727 Days
Field of Search

726 1- 6, 726 16- 18, 726 26- 30
US Class Current

726/1
CPC Class Codes

G06F 21/60 Protecting data

Systems and methods for enforcing data-loss-prevention policies using mobile sensors

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for enforcing data-loss-prevention policies using mobile sensors

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links