Methods and systems to implement fingerprint lookups across remote agents

US 9,473,512 B2
Filed: 09/11/2008
Issued: 10/18/2016
Est. Priority Date: 07/21/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure outside of an organization'"'"'s protected computer environment, said environment comprised of at least one computing device, using at least one instances of a protect agent installed and operating on the at least one computing devices, the computer implemented method comprising:

monitoring, by the at least one protect agents operating on the at least one computing devices, the activity of each of an at least one computing device egress points;

determining, by the at least one protect agent operating on the at least one computing device, an attempt by the computing device to transmit a data file outside the monitored organization'"'"'s protected computer environment using one of the at least one egress points;

based on a determination, by the protect agent operating on the computing device, of an attempt by the computing device to transmit the data file outside the monitored organization'"'"'s protected computer environment, transmitting the data file to a fingerprint server prior to the data file being transmitted to the determined destination outside of the organization'"'"'s protected computer environment;

receiving, by the fingerprint server, the data file transmitted by the protect agent operating on the computing device;

converting, by the fingerprint server, a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file;

determining, by the fingerprint server, whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server;

based on a determination, of a match, selecting a security action associated with the matched fingerprint; and

transmitting, by the fingerprint server, to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides methods and systems to protect an organization'"'"'s secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user'"'"'s computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization'"'"'s secure data. In one embodiment, the protect agents transmit fingerprints associated with the user'"'"'s information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Citations

26 Claims

1. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure outside of an organization'"'"'s protected computer environment, said environment comprised of at least one computing device, using at least one instances of a protect agent installed and operating on the at least one computing devices, the computer implemented method comprising:
- monitoring, by the at least one protect agents operating on the at least one computing devices, the activity of each of an at least one computing device egress points;
  
  determining, by the at least one protect agent operating on the at least one computing device, an attempt by the computing device to transmit a data file outside the monitored organization'"'"'s protected computer environment using one of the at least one egress points;
  
  based on a determination, by the protect agent operating on the computing device, of an attempt by the computing device to transmit the data file outside the monitored organization'"'"'s protected computer environment, transmitting the data file to a fingerprint server prior to the data file being transmitted to the determined destination outside of the organization'"'"'s protected computer environment;
  
  receiving, by the fingerprint server, the data file transmitted by the protect agent operating on the computing device;
  
  converting, by the fingerprint server, a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file;
  
  determining, by the fingerprint server, whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server;
  
  based on a determination, of a match, selecting a security action associated with the matched fingerprint; and
  
  transmitting, by the fingerprint server, to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 25)
- - 2. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is a printer.
  - 3. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is a removable data storage medium.
  - 4. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is an email server connected to the network.
  - 5. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is a print server connected to the network.
  - 6. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is a network appliance connected to the network.
  - 7. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the one of the at least one egress points is a data object residing in the computing device, said data object representing a portion of a document file selected by the user using a clipboard associated with a local operating system.
  - 8. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, further comprising:
    - adding to the data file, by the protect agent, data comprising the data representing the security action.
  - 9. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 8, further comprising:
    - encrypting the data file prior to the transmission to the fingerprint server.
  - 10. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein the environment includes a local network associated with the organization.
  - 11. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 10, wherein the network includes a public internet.
  - 12. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 11, wherein the fingerprint server is hosted and maintained by a hosted fingerprint service provider.
  - 13. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 11, wherein the network further includes a public internet.
  - 14. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, the computer implemented method further comprising:
    - maintaining a plurality of fingerprint servers, wherein each of the plurality of the fingerprint servers includes the database of preexisting fingerprints.
  - 15. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 14, wherein the plurality of fingerprint servers are connected to the network.
  - 16. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 14, further comprising:
    - selecting the fingerprint server to receive the data file in dependence on a load distribution.
  - 17. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 14, wherein one or more of the plurality of fingerprint servers are located in geographically diverse locations.
  - 18. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, wherein communication between the protect agent and the fingerprint server is by means of web service calls.
  - 19. A computer implemented method for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 1, further comprising:
    - storing in memory on the computing device operating the protect agent at least one of the preexisting fingerprints and associated security actions, wherein the protect agent converts the data file to a fingerprint and attempts to match the converted fingerprint against the at least one preexisting fingerprints stored in memory, and in dependence on a match, selecting a security action associated with the matched preexisting fingerprint and not executing the transmitting step to the fingerprint server.
  - 25. The method of claim 1 where:
    - there is no step of transmitting the data file to the fingerprint server and instead there is the step of transmitting to the fingerprint server a fingerprint derived from the data that is generated on the computing device; and
      
      there is no step of receiving by the fingerprint server the data file nor the step of converting on the fingerprint server the data file into the fingerprint and instead the receiving by the fingerprint server step is the step of receiving by the fingerprint server the transmitted fingerprint.

20. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure, the computer implemented system comprising:
- an at least one processor within a corresponding an at least one computing device;
  
  an at least one corresponding non-transitory memory in the corresponding at least one processors storing code which, when executed by the at least one processor on the at least one computing device, causes the at least one processor on the computing device to perform the steps of;
  
  monitoring the activity of each of an at least one computing system device egress points;
  
  determining an attempt by the at least one computing device to transmit a data file outside at least one of the egress points;
  
  based on a determination of an attempt by the computing device to transmit the data file outside the at least one egress points, transmitting the data file to a fingerprint server prior to the data file being transmitted outside the at least one egress points;
  
  a processor on a fingerprint server;
  
  a non-transitory memory comprising the fingerprint server for storing code which, when executed by the processor on the fingerprint server, causes the processor on the fingerprint server to perform the steps of;
  
  receiving the data file transmitted by the protect agent operating on the computing device;
  
  converting a portion of the information contained in the transmitted data file to at least one fingerprints representative of the information contained in the data file;
  
  determining whether the at least one fingerprint matches at least one of a plurality of preexisting fingerprints residing in a database of fingerprints accessible to the fingerprint server;
  
  based on a determination of a match, selecting a security action; and
  
  transmitting to the protect agent operating on the computing device, a data representing the security action selected by the fingerprint server.
- View Dependent Claims (21, 22, 23, 24, 26)
- - 21. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 20, wherein the one of the at least one egress points is at least one of:
    - a printer;
      
      a removable data storage medium;
      
      a clipboard associated with a local operating system;
      
      an email server connected to the network;
      
      a print server connected to the network;
      
      or a network appliance connected to the network.
  - 22. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 20, wherein the security action is comprised of encrypting the digital data prior to transmission to the fingerprint server.
  - 23. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 20, wherein the network includes a local network.
  - 24. A computer implemented system for protecting an organization'"'"'s secure information from unauthorized disclosure as recited in claim 23, wherein the network further includes a public internet.
  - 26. The system of claim 20 wherethere is no step of transmitting the data file to the fingerprint server and instead there is the step of transmitting to the fingerprint server a fingerprint derived from the data that is generated on the computing device;
    - andthere is no step of receiving by the fingerprint server the data file nor the step of converting on the fingerprint server the data file into the fingerprint and instead the receiving by the fingerprint server step is the step of receiving by the fingerprint server the transmitted fingerprint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Freedom Solutions Group, LLC
Original Assignee
Workshare Technology Incorporated
Inventors
More, Scott, Beyer, Ilya, Sweeting, Daniel Christopher John
Primary Examiner(s)
Ravetti, Dante

Application Number

US12/209,096
Publication Number

US 20100064372A1
Time in Patent Office

2,959 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/608   Secure printing

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 63/0245   Filtering by information in...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

Methods and systems to implement fingerprint lookups across remote agents

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems to implement fingerprint lookups across remote agents

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links