Selective removal of protected content from web requests sent to an interactive website

US 9,118,720 B1
Filed: 07/10/2014
Issued: 08/25/2015
Est. Priority Date: 09/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information;

evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application;

determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy;

determining data boundaries of the web request upon receiving the web request at the DMS;

selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element;

reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission;

upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive website; and

upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one method, the method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one data element triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.

178 Citations

20 Claims

1. A method comprising:
- identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information;
  
  evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application;
  
  determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy;
  
  determining data boundaries of the web request upon receiving the web request at the DMS;
  
  selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element;
  
  reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission;
  
  upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive website; and
  
  upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the web request uses Hypertext Transfer Protocol (HTTP) as an application-level protocol, and the web request is encapsulated according to a data structure specified by the interactive website.
  - 3. The method of claim 2, wherein determining the data boundaries of the web request comprises determining a rule used to capture the specified data structure of the web request sent to the interactive website, and wherein the specified data structure specifies the data boundaries of the web request.
  - 4. The method of claim 1, wherein selectively removing the data content within the data boundaries comprises replacing the data content with replacement content based on a data type and length of the web request.
  - 5. The method of claim 1, wherein the web request with the at least one data element selectively-removed comprises a header as the indication that the web request with the at least one data element selectively-removed is the resubmission for content validation, and wherein the header is removed from the web request sent to the interactive website.
  - 6. The method of claim 1, wherein selectively removing the data content within the data boundaries further comprises:
    - identifying the data boundaries of the web request containing the at least one data element that triggered the violation; and
      
      redacting the identified data boundaries to selectively remove the at least one data element from the web request.
  - 7. The method of claim 6, wherein selectively removing the data content within the data boundaries further comprises filling the identified data boundaries of the web request with replacement content, and wherein redacting the identified data boundaries comprises replacing an attachment file including the at least one data element that triggered the violation with a marker file containing the replacement content.
  - 8. The method of claim 3, wherein determining the rule comprises matching a request Uniform Resource Identifier (URI) of the web request to one of a plurality of URI patterns, each corresponding to a predefined request grammar rule, wherein the predefined request grammar rule that corresponds to the matched one of the plurality of URI patterns is the rule used for the interactive website.
  - 9. The method of claim 8, wherein the predefined request grammar rule is determined by,monitoring a plurality of web requests previously sent to the interactive website;
    - analyzing syntax of the plurality of web requests to define the predefined request grammar rule used for the interactive website; and
      
      providing a URI pattern for the interactive website as one of the plurality of URI patterns to correspond to the predefined request grammar rule used for the interactive website.
  - 10. The method of claim 3, wherein determining the rule comprises defining the rule using an expression language, wherein the rule comprises a Uniform Resource Identifier (URI) pattern to match a URI request contained in the web request, and an action to be performed in response to detecting the violation in the web request.
  - 11. The method of claim 10, wherein the expression language is Backus-Naur Form (BNF) based expression language.
  - 12. The method of claim 10, wherein the rule further comprises an action message to be inserted into the web request for the at least one data element that triggered the violation, and a field type and description that is used to identify a field of the web request that is likely to contain the at least one data element.
  - 13. The method of claim 1, comprising:
    - intercepting by a proxy the web request sent to the interactive website from a web browser;
      
      sending the web request to the DMS from the proxy;
      
      decomposing the web request at the DMS into a plurality of different components;
      
      for each of the plurality of different components, determining by the DMS that data content of the particular component includes a data element that triggers a violation of the policy;
      
      for each violation, selectively removing the data content within the particular component containing the data element that triggered the violation;
      
      recomposing a modified web request using each of the plurality of different components without the selectively-removed data content to enable the interactive web site to interpret the modified web request as if it were the original web request; and
      
      sending the modified web request to the interactive website from the proxy.
  - 14. The method of claim 13, wherein the web request uses Hypertext Transfer Protocol (HTTP) as an application-level protocol, and comprises a HTTP header and a HTTP body, and wherein selectively removing the data content comprises:
    - determining a request grammar rule using a request Uniform Resource Identifier (URI) present in the HTTP header;
      
      determining whether the violation is present in the HTTP body;
      
      if the violation is present in the HTTP body, determining which data boundaries need to be selectively-removed using the request grammar rule; and
      
      selectively removing the data boundaries that need to be selectively-removed.
  - 15. The method of claim 14, wherein selectively removing comprises:
    - removing the data element that triggered the violation; and
      
      replacing the removed data element with a replacement message as defined in the request grammar rule.
  - 16. The method of claim 14, further comprising:
    - determining whether the violation is present in an attachment file that is part of the web request resulting from a file upload operation;
      
      if the violation is present in the attachment file, identifying file start and end locations of the attachment file to determine data boundaries to be selectively-removed using the request grammar rule; and
      
      replacing the attachment file with a marker file within the data boundaries.
  - 17. The method of claim 13, wherein recomposing the modified web request comprises setting a request length of the modified web request to match the request length of the original web request.

18. An apparatus comprising:
- a network interface device to receive a web request sent to an interactive website as part of a web-based application, the web-based application being hosted from the interactive website; and
  
  a processing device coupled to the network interface device, the processing device to identify a policy for protecting source data having a plurality of data elements, the policy maintained by an organization to prevent loss of sensitive information, to evaluate the web request to determine that the web request includes at least one of the plurality of data elements triggering a violation of the policy, to determine data boundaries of the web request upon receiving the web request at the processing device, to selectively remove data content within the data boundaries containing the at least one data element that triggered the violation, to reevaluate the web request without the selectively-removed data content to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, the web request with the at least one data element selectively-removed comprising an indication that the web request with the at least one data element selectively-removed is a resubmission, to send the web request to the interactive website upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, and to block the web request or allow the web request to be sent to the interactive website unmodified upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request.
- View Dependent Claims (19)
- - 19. The apparatus of claim 18, wherein the processing device comprises:
    - a content matching engine to evaluate the web request to determine that the web request includes the at least one of the plurality of data elements triggering the violation of the policy; and
      
      a rule enforcement engine coupled to the content matching engine, the rule enforcement engine to determine data boundaries of the original web request, to selectively remove the at least one data element triggering the violation within the determined data boundaries, and to generate a modified web request without the at least one data element triggering the violation.

20. A non-transitory computer-readable storage medium having instructions stored thereon that when executed by a computer cause the computer to perform operations comprising:
- identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information;
  
  evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application;
  
  determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy;
  
  determining data boundaries of the web request upon receiving the web request at the DMS;
  
  selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element;
  
  reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission;
  
  upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive web site; and
  
  upon determining that the at least one data element that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Raman, Shree, Ferguson, John Gerald, Wootton, Bruce Christopher, Chen, Hai, Wyatt, Timothy Michael
Primary Examiner(s)
Chao, Michael

Application Number

US14/328,274
Time in Patent Office

411 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 11/004   Error avoidance G06F11/07 a...

G06F 21/552   involving long-term monitor...

G06F 21/556   involving covert channels, ...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/20   for managing network securi...

Selective removal of protected content from web requests sent to an interactive website

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

178 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Selective removal of protected content from web requests sent to an interactive website

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

178 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others