Method and apparatus for managing the transfer of sensitive information to mobile devices

US 9,241,259 B2
Filed: 11/30/2012
Issued: 01/19/2016
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method of preventing the loss of sensitive data, comprising:

receiving a request via a network from a mobile device for email data;

filtering an email data set to produce a filtered email data set, the filtering based, at least in part, on properties of the mobile device; and

sending a response to the mobile device via the network, the response based, at least in part, on the filtered email data set;

determining that a received email message is not authorized to be transferred to the mobile device;

sending a block notification message in response to the determining to the mobile device;

receiving an indication that the received email message is authorized to be transferred to the mobile device after sending the response to the mobile device;

in response to the indication, sending a first network message to the mobile device, the first message indicating a property of the block notification message has changed from a first value to a second value;

receiving a second request from the mobile device for an email data set after sending the first network message; and

in response to the second request, sending a response to the mobile device including the received email message instead of the block notification message.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus provide data loss protection for mobile devices. In one aspect, data is analyzed by a data loss protection server to determine if it is authorized by data loss protection policies to be transferred to a mobile device. The time necessary to analyze the data may exceed a mobile device timeout value. To prevent the mobile device from timing out, the DLP server may send one or more portions of a response to the mobile device at a time interval less than the mobile device timeout value. Some portions of the response may be sent before the analyzing of the data is completed.

Citations

24 Claims

1. A method of preventing the loss of sensitive data, comprising:
- receiving a request via a network from a mobile device for email data;
  
  filtering an email data set to produce a filtered email data set, the filtering based, at least in part, on properties of the mobile device; and
  
  sending a response to the mobile device via the network, the response based, at least in part, on the filtered email data set;
  
  determining that a received email message is not authorized to be transferred to the mobile device;
  
  sending a block notification message in response to the determining to the mobile device;
  
  receiving an indication that the received email message is authorized to be transferred to the mobile device after sending the response to the mobile device;
  
  in response to the indication, sending a first network message to the mobile device, the first message indicating a property of the block notification message has changed from a first value to a second value;
  
  receiving a second request from the mobile device for an email data set after sending the first network message; and
  
  in response to the second request, sending a response to the mobile device including the received email message instead of the block notification message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the properties of the mobile device include at least one of the mobile device model number, mobile device EUN, or mobile device operating system.
  - 3. The method of claim 1, wherein the properties of the mobile device include whether the mobile device is communicating over a secure channel.
  - 4. The method of claim 1, wherein filtering the data set comprises:
    - initiating filter processing of the data set to produce the filtered data; and
      
      sending a plurality of portions of the response to the network request to the mobile device in separate network messages, at an interval that is less than a mobile device timeout value and greater than a timer value, while the filter processing of the data set is in progress.
  - 5. The method of claim 4, wherein the mobile device timeout value is based on the operating system of the mobile device.
  - 6. The method of claim 4, further comprising:
    - limiting each of the plurality of portions to include four or less bytes of data; and
      
      generating each of the plurality of portions to not include data derived from the data set.
  - 7. The method of claim 4, wherein the timer value is greater than 500 milliseconds.
  - 8. The method of claim 1, wherein filtering the data set comprisesinitiating filter processing of the data set to produce the filtered data set;
    - andwhile the filter processing of the data set is incomplete;
      
      setting a timer with a duration less than a mobile device timeout value,receiving notification that the timer has expired, andsending a portion of the response to the mobile device in response to expiration of the timer, wherein sending the response comprises completing transmission of the response in response to the completion of filter processing of the data set.
  - 9. The method of claim 8, wherein a portion of the response comprises at least a portion of a http header.
  - 10. The method of claim 8, wherein a portion of the response comprises a portion of a WBXML file.
  - 11. The method of claim 8, further comprising:
    - sending a server request for the data set to a server in response to receiving the request from the mobile device; and
      
      receiving the data set from the server in response to the server request.
  - 12. The method of claim 1, further comprising indicating the received email message is quarantined when sending the response to the mobile device.
  - 13. The method of claim 8, wherein the receiving notification, sending of a portion, and setting of a timer are iteratively performed until filter processing of the data set is complete.
  - 14. The method of claim 13, wherein the portions do not include email message data or attachments from the data set.
  - 15. The method of claim 1, wherein the request is an http or https request and the response comprises an http or https response.
  - 16. The method of claim 1, wherein the request for data requests one or more of contact data, task data, calendar data, or notes data.
  - 17. The method of claim 1, further comprising in response to the indication, sending a second network message to the mobile device, the second message indicating a property of the block notification message has changed from the second value to the first value.
  - 18. The method of claims 1, wherein the first message indicates that the block email message folder location has changed from a first name to a second name.

19. An apparatus for preventing the loss of sensitive data on a mobile device, comprising:
- a processor; and
  
  a memory operatively coupled to the processor, the memory storing instructions that configure the processor to perform a method of;
  
  receiving a request for data from the mobile device, andfiltering an email data set to produce a filtered email data set, the filtering based, at least in part, on properties of the mobile device,sending a response to the mobile device based, at least in part, on the filtered email data set,determining that a received email message is not authorized to be transferred to the mobile device,sending a block notification message in response to the determining to the mobile device,receiving an indication that the received email message is authorized to be transferred to the mobile device after sending the response to the mobile device;
  
  in response to the indication, sending a first network message to the mobile device, the first message indicating a property of the block notification message has changed from a first value to a second value,receiving a second request from the mobile device for an email data set after sending the first network message, andin response to the second request, sending a response to the mobile device including the received email message instead of the block notification message.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the method further comprises initiating filter processing of the data set to produce the filtered data set,sending one or more portions of the response to the mobile device at time intervals less than a mobile device timeout value while the filter processing of the data set is incomplete, wherein the plurality of portions do not include data derived from the data set, andsending a remaining portion of the response to the mobile device in response to the completion of filter processing of the data set.

21. An apparatus for preventing the loss of sensitive data on a mobile device, comprising:
- means for receiving a request for email data from the mobile device;
  
  means for filtering an email data set to produce a filtered email data set, the filtering based, at least in part, on properties of the mobile device;
  
  means for sending a response to the mobile device based, at least in part, on the filtered email data set;
  
  means for determining that a received email message is not authorized to be transferred to the mobile device;
  
  means for sending a block notification message in response to the determining to the mobile device;
  
  means for receiving an indication that the received email message is authorized to be transferred to the mobile device after sending the response to the mobile device;
  
  means for in response to the indication, sending a first network message to the mobile device, the first message indicating a property of the block notification message has changed from a first value to a second value;
  
  means for receiving a second request from the mobile device for an email data set after sending the first network message; and
  
  means for in response to the second request, sending a response to the mobile device including the received email message instead of the block notification message.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, wherein the means for filtering of the data set comprises:
    - means for initiating filter processing of the data set to produce the filtered data set; and
      
      means for sending a plurality of portions of the response to the network request to the mobile device in separate network messages, at an interval that is less than a mobile device timeout value while the filter processing of the data set is in progress, wherein the plurality of portions do not include data derived from the data set.

23. A non-transitory computer readable medium, storing instructions that when executed by a processor perform a method of preventing the loss of sensitive data on a mobile device, the method comprising:
- receiving a request for email data from the mobile device;
  
  filtering an email data set to produce a filtered email data set, the filtering based, at least in part, on properties of the mobile device;
  
  completing a response to the mobile device based, at least in part, on the filtered email data set;
  
  determining that a received email message is not authorized to be transferred to the mobile device;
  
  sending a block notification message in response to the determining to the mobile device;
  
  receiving an indication that the received email message is authorized to be transferred to the mobile device after sending the response to the mobile device;
  
  in response to the indication, sending a first network message to the mobile device, the first message indicating a property of the block notification message has changed from a first value to a second value;
  
  receiving a second request from the mobile device for an email data set after sending the first network message; and
  
  in response to the second request, sending a response to the mobile device including the received email message instead of the block notification message.
- View Dependent Claims (24)
- - 24. The computer readable medium of claim 23, wherein filtering of the data set comprisesinitiating filter processing of the data set to produce the filtered data set;
    - sending a plurality of portions of the response to the network request to the mobile device in separate network messages, at an interval that is less than a mobile device timeout value while the filter processing of the data set is in progress, wherein the plurality of portions do not include data derived from the data set; and
      
      sending a remaining portion of the response to the mobile device in response to the completion of filter processing of the data set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Original Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Inventors
Daniela, Ramon, Ostrer, Mark, Stoler, Michael
Primary Examiner(s)
SHEDRICK, CHARLES TERRELL

Application Number

US13/691,544
Publication Number

US 20140155028A1
Time in Patent Office

1,145 Days
Field of Search

455/411, 455/412.1, 713/151
US Class Current

1/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 51/58   Message adaptation for wire...

H04L 63/0227   Filtering policies mail mes...

H04W 12/02   Protecting privacy or anony...

H04W 12/121   Wireless intrusion detectio...

Method and apparatus for managing the transfer of sensitive information to mobile devices

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing the transfer of sensitive information to mobile devices

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links