Selective removal of protected content from web requests sent to an interactive website
First Claim
1. A method comprising:
- identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information;
evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application;
determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy;
determining data boundaries of the web request upon receiving the web request at the DMS;
selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element;
reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission;
upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive website; and
upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one method, the method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one data element triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.
178 Citations
20 Claims
-
1. A method comprising:
-
identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information; evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application; determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy; determining data boundaries of the web request upon receiving the web request at the DMS; selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element; reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission; upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive website; and upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus comprising:
-
a network interface device to receive a web request sent to an interactive website as part of a web-based application, the web-based application being hosted from the interactive website; and a processing device coupled to the network interface device, the processing device to identify a policy for protecting source data having a plurality of data elements, the policy maintained by an organization to prevent loss of sensitive information, to evaluate the web request to determine that the web request includes at least one of the plurality of data elements triggering a violation of the policy, to determine data boundaries of the web request upon receiving the web request at the processing device, to selectively remove data content within the data boundaries containing the at least one data element that triggered the violation, to reevaluate the web request without the selectively-removed data content to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, the web request with the at least one data element selectively-removed comprising an indication that the web request with the at least one data element selectively-removed is a resubmission, to send the web request to the interactive website upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, and to block the web request or allow the web request to be sent to the interactive website unmodified upon determining that the at least one data elements that triggered the violation has not been successfully removed from the web request. - View Dependent Claims (19)
-
-
20. A non-transitory computer-readable storage medium having instructions stored thereon that when executed by a computer cause the computer to perform operations comprising:
-
identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information; evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application; determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy; determining data boundaries of the web request upon receiving the web request at the DMS; selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element; reevaluating, at the DMS, the web request with the at least one data element selectively-removed to determine whether the at least one data element that triggered the violation has been successfully removed from the web request, wherein the web request with the at least one data element selectively-removed comprises an indication that the web request with the at least one data element selectively-removed is a resubmission; upon determining that the at least one data element that triggered the violation has been successfully removed from the web request, sending the web request to the interactive web site; and upon determining that the at least one data element that triggered the violation has not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.
-
Specification