System and method for identity consolidation

US 8,935,752 B1
Filed: 03/23/2009
Issued: 01/13/2015
Est. Priority Date: 03/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a processing device executing an identification engine, user identification data extracted from an electronic communication, the user identification data corresponding to an unknown identity of a sender of the electronic communication;

determining, by the processing device, a known identity for the sender using the user identification data extracted from the electronic communication;

associating, by the processing device, the known identity with the unknown identity of the sender of the electronic communication, an association between the known identity and the unknown identity being maintained to determine whether parties of subsequent information transfers are authorized to participate in the information transfers;

determining a measure of correlation strength for the association between the known identity and the unknown identity based on at least one of how often the association is detected and how many times the association has been detected, wherein the correlation strength is maintained with the association; and

transmitting the known identity as the sender of the electronic communication and the measure of correlation strength to a communications data monitoring system to monitor information content to detect policy violation incidents.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for identity consolidation for a plurality of electronic identities is described. In one embodiment, the method includes receiving user identification data extracted from an electronic communication, the user identification data corresponding to an unknown identity of a sender of the electronic communication. The method further includes determining a known identity for the sender using the user identification data extracted from the electronic communication and associating the known identity with the unknown identity of the sender of the electronic communication. In one embodiment, an association between the known identity and the unknown identity is maintained to determine whether parties of subsequent information transfers are authorized to participate in the information transfers.

Citations

17 Claims

1. A computer-implemented method, comprising:
- receiving, by a processing device executing an identification engine, user identification data extracted from an electronic communication, the user identification data corresponding to an unknown identity of a sender of the electronic communication;
  
  determining, by the processing device, a known identity for the sender using the user identification data extracted from the electronic communication;
  
  associating, by the processing device, the known identity with the unknown identity of the sender of the electronic communication, an association between the known identity and the unknown identity being maintained to determine whether parties of subsequent information transfers are authorized to participate in the information transfers;
  
  determining a measure of correlation strength for the association between the known identity and the unknown identity based on at least one of how often the association is detected and how many times the association has been detected, wherein the correlation strength is maintained with the association; and
  
  transmitting the known identity as the sender of the electronic communication and the measure of correlation strength to a communications data monitoring system to monitor information content to detect policy violation incidents.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving identification data extracted from a user endpoint device that is transmitting the electronic communication;
      
      determining the known identity from the identification data extracted from the user endpoint device;
      
      creating a correlation between the known identity and the user identification data extracted from the electronic communication; and
      
      storing the correlation in a database.
  - 3. The method of claim 1, further comprising:
    - updating the correlation strength based on at least one of how often the association is detected or how many times the association has been detected.
  - 4. The method of claim 2, wherein the user endpoint device is selected from a group consisting of a personal digital assistant, cellular telephone, laptop computer, or personal computer.
  - 5. The method of claim 1, wherein:
    - the electronic communication is in a format type selected from a group consisting of an electronic mail message, an instant message, or a text message; and
      
      the user identification information extracted from the electronic communication is selected from a group consisting of an electronic mail address, an instant message handle, an internet protocol (IP) address from which the electronic communication was sent, or an online social network identification.
  - 6. The method of claim 1, wherein the known identity is derived from a corporate directory system.
  - 7. The method of claim 1, further comprising:
    - responding to a request for an identity report with the known identity, the identity report for determining whether an information transfer associated with the known identity is authorized in accordance with a data loss prevention policy.

8. A system comprising:
- a memory and a processing device coupled to the memory, wherein the processing device is configured to execute an identification data receipt engine and an identification correlation engine;
  
  the identification data receipt engine, configured to receive user identification data extracted from an electronic communication, the user identification data corresponding to an unknown identity of a sender of the electronic communication; and
  
  the identification correlation engine, configured to;
  
  determine a known identity for the sender using the user identification data extracted from the electronic communication;
  
  associate the known identity with the unknown identity of the sender of the electronic communication, an association between the known identity and the unknown identity being maintained to determine whether parties of subsequent information transfers are authorized to participate in the information transfers;
  
  determine a measure of correlation strength for the association between the known identity and the unknown identity based on at least one of how often the association is detected and how many times the association has been detected, wherein the correlation strength is maintained with the association; and
  
  transmit the known identity as the sender of the electronic communication and the measure of correlation strength to a communications data monitoring system to monitor information content to detect policy violation incidents.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - the identification data receipt engine to receive identification data extracted from a user endpoint device that is transmitting the electronic communication;
      
      the identification correlation engine to determine the known identity from the identification data extracted from the user endpoint device and create a correlation between the known identity and the user identification data extracted from the electronic communication; and
      
      a database to store the correlation.
  - 10. The system of claim 8, further comprising:
    - the identification correlation engine to update the correlation strength based on at least one of how often the association is detected or how many times the association has been detected.
  - 11. The system of claim 9, wherein the user endpoint device is selected from a group consisting of a personal digital assistant, cellular telephone, laptop computer, or personal computer.
  - 12. The system of claim 8, wherein:
    - the electronic communication is in a format type selected from a group consisting of an electronic mail message, an instant message, or a text message; and
      
      the user identification information extracted from the electronic communication is selected form a group consisting of an electronic mail address, an instant message handle, an internet protocol (IP) address from which the electronic communication was sent, or an online social network identification.
  - 13. The system of claim 8, wherein the known identity is derived from a corporate directory system.
  - 14. The system of claim 8, further comprising:
    - a reporting engine, to be executed by the processing device, to respond to a request for an identity report with the known identity, the identity report for determining whether an information transfer associated with the known identity is authorized in accordance with a data loss prevention policy.

15. A non-transitory computer readable storage medium that provides instructions, which when executed on a processing device, cause the processing device to perform a method comprising:
- receiving, by the processing device, user identification data extracted from an electronic communication, the user identification data corresponding to an unknown identity of a sender of the electronic communication;
  
  determining, by the processing device, a known identity for the sender using the user identification data extracted from the electronic communication;
  
  associating, by the processing device, the known identity with the unknown identity of the sender of the electronic communication, an association between the known identity and the unknown identity being maintained to determine whether parties of subsequent information transfers are authorized to participate in the information transfers;
  
  determining a measure of correlation strength for the association between the known identity and the unknown identity based on at least one of how often the association is detected and how many times the association has been detected, wherein the correlation strength is maintained with the association; and
  
  transmitting the known identity as the sender of the electronic communication and the measure of correlation strength to a communications data monitoring system to monitor information content to detect policy violation incidents.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer readable storage medium of claim 15, further comprising:
    - receiving identification data extracted from a user endpoint device that is transmitting the electronic communication;
      
      determining the known identity from the identification data extracted from the user endpoint device;
      
      creating a correlation between the known identity and the user identification data extracted from the electronic communication; and
      
      storing the correlation in a database.
  - 17. The non-transitory computer readable storage medium of claim 15, further comprising:
    - updating the correlation strength based on at least one of how often the association is detected or how many times the association has been detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Chen, Shun, DiCorpo, Phillip, Wootton, Bruce Christopher, Kessler, Dirk, Wyatt, Timothy Micheal, Dandliker, Richard Bruce
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US12/409,449
Time in Patent Office

2,122 Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06Q 10/10   Office automation; Time man...

H04L 63/1408   by monitoring network traff...

H04W 12/08   Access security

System and method for identity consolidation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identity consolidation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links