Data loss prevention (DLP) methods by a cloud service including third party integration architectures

US 9,473,532 B2
Filed: 07/17/2013
Issued: 10/18/2016
Est. Priority Date: 07/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method performed by a cloud-based computer platform for reconciling quarantined drafts and revisions of a file, the method comprising:

receiving, by one or more processors of the cloud-based computer platform, a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user;

receiving, by the one or more processors of the cloud-based computer platform, a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user;

determining a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules;

determining that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file;

committing the second revision of the file to the cloud-based platform;

quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file;

performing a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule;

receiving a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one triggered data loss prevention rule to be triggered;

determining that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file;

making a copy of the branched revision of the first revision of the file available to the second user; and

committing the branched revision of the first revision of the file to the cloud-based platform.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure include data loss prevention methods by a cloud-based service including third party integration architectures. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example, regarding the use, storage, and/or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.

Citations

26 Claims

1. A method performed by a cloud-based computer platform for reconciling quarantined drafts and revisions of a file, the method comprising:
- receiving, by one or more processors of the cloud-based computer platform, a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user;
  
  receiving, by the one or more processors of the cloud-based computer platform, a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user;
  
  determining a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules;
  
  determining that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file;
  
  committing the second revision of the file to the cloud-based platform;
  
  quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file;
  
  performing a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule;
  
  receiving a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one triggered data loss prevention rule to be triggered;
  
  determining that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file;
  
  making a copy of the branched revision of the first revision of the file available to the second user; and
  
  committing the branched revision of the first revision of the file to the cloud-based platform.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the sequence of characters comprises a keyword associated with the at least one of the plurality of data loss prevention rules.
  - 3. The method of claim 1, wherein the keyword is obtained from or provided by a third party metadata provider.

4. A method performed by a cloud-based platform, comprising:
- presenting an administrator with a plurality of quarantine policy parameter input fields;
  
  receiving, via the plurality of quarantine policy parameter input fields, input from the administrator indicating a plurality of quarantine policy parameters;
  
  creating, by one or more processors of the cloud-based platform, a quarantine policy to prevent data loss based, at least in part, on the plurality of quarantine policy parameters;
  
  receiving, from a first user, a first revision of a file for upload;
  
  receiving, from a second user, a second revision of the file for upload;
  
  determining that the quarantine policy applies to at least a portion of contents of the first revision of the file;
  
  committing the second revision of the file to the cloud-based platform;
  
  quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file;
  
  notifying the first user that the quarantine policy applies to at least a portion of contents of the first revision of the file;
  
  receiving a branched revision of the first revision of the file for upload, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the quarantine policy to be applied;
  
  determining that the quarantine policy does not apply to the branched revision of the first revision of the file;
  
  making a copy of the branched revision of the first revision of the file available to the second user; and
  
  committing the branched revision of the first revision of the file to the cloud-based platform.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. The method of claim 4, wherein the plurality of quarantine policy parameter input fields comprise a plurality of steps, each step comprising an if-condition input and a then-consequent input.
  - 6. The method of claim 4, wherein the policy comprises a plurality of data loss prevention rules.
  - 7. The method of claim 6, the at least one of the plurality of data loss prevention rules comprises a character-based search for a particular information type.
  - 8. The method of claim 7, wherein the information type comprises one of a social security number, a tax identification number, and a medical services identification number.
  - 9. The method of claim 7, wherein the information type comprises a user-specified textual string.
  - 10. The method of claim 9, wherein the textual string comprises a product-specific name.
  - 11. The method of claim 4, wherein at least one of the a plurality of quarantine policy parameter input fields includes an indication of a responsive action.
  - 12. The method of claim 11, wherein the responsive action comprises notifying the administrator of the first revision of the file for upload.
  - 13. The method of claim 11, wherein the responsive action comprises preventing a group of individuals from modifying, deleting, or sharing the first revision of the file for upload.

14. A non-transitory machine readable storage medium having instructions stored thereon, which when executed by one or more processors of a cloud-based computer platform, causes the cloud-based computer platform to:
- present a user with a plurality of quarantine policy parameter input fields;
  
  receive, by the cloud-based computer platform a plurality of quarantine policy parameters via the plurality of quarantine policy parameter input fields;
  
  create, by the cloud-based computer platform, a new quarantine policy configured to prevent data loss by a cloud-based service based at least in part upon the plurality of quarantine policy parameters;
  
  receive, by the cloud-based computer platform, a first revision of a file for upload;
  
  receive, by the cloud-based computer platform, a second revision of the file for upload;
  
  determine that the new quarantine policy applies to at least a portion of contents of the first revision of the file, commit the second revision of the file to the cloud-based computer platform;
  
  quarantine the first revision of the file, wherein the quarantine restricts the second user from accessing the first revision of the file;
  
  perform a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user that the new quarantine policy applies to at least a portion of contents of the first revision of the file;
  
  receive a branched revision of the first revision of the file for upload to the cloud-based computer platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the new quarantine policy to be applied;
  
  determine that the new quarantine policy does not apply to the branched revision of the first revision of the file;
  
  make a copy of the branched revision of the first revision of the file available to the second user; and
  
  commit the branched revision of the first revision of the file to the cloud-based computer platform.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The machine readable storage medium of claim 14, wherein the plurality of quarantine policy parameter input fields comprise a plurality of steps, each step comprising an if-condition input and a then-consequent input.
  - 16. The machine readable storage medium of claim 14, wherein the policy comprises a plurality of data loss prevention rules.
  - 17. The machine readable storage medium of claim 16, the at least one of the plurality of data loss prevention rules comprises a character-based search for a particular information type.
  - 18. The machine readable storage medium of claim 17, wherein the information type comprises one of a social security number, a tax identification number, and a medical services identification number.
  - 19. The machine readable storage medium of claim 17, wherein the information type comprises a user-specified textual string.
  - 20. The machine readable storage medium of claim 19, wherein the textual string comprises a product-specific name.
  - 21. The machine readable storage medium of claim 14, wherein at least one of the a plurality of quarantine policy parameter input fields includes an indication of a responsive action.
  - 22. The machine readable storage medium of claim 21, wherein the responsive action comprises notifying an administrator of the first revision of the file for upload.
  - 23. The machine readable storage medium of claim 21, wherein the responsive action comprises preventing a group of individuals from modifying, deleting, or sharing the first revision of the file for upload.

24. A system for reconciling quarantined drafts and revisions of a file, the system comprising:
- one or more processors;
  
  one or more computer readable storage media having instructions stored thereon, which when executed by the one or more processors, cause the system to;
  
  receive a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user;
  
  receive a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user;
  
  determine a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules;
  
  determine that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file;
  
  commit the second revision of the file to the cloud-based platform;
  
  quarantine the first revision of the file, wherein the quarantine restricts the second user from accessing the first revision of the file;
  
  perform a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule;
  
  receive a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one data loss prevention rule to be triggered;
  
  determine that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file;
  
  make a copy of the branched revision of the first revision of the file available to the second user; and
  
  commit the branched revision of the first revision of the file to the cloud-based platform.
- View Dependent Claims (25, 26)
- - 25. The system of claim 24, wherein the sequence of characters comprises a keyword associated with the at least one of the plurality of data loss prevention rules.
  - 26. The system of claim 25, wherein the keyword is obtained from or provided by a third party metadata provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Pearl, Annie, Kiang, Andy, Bailon, Joel
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US13/944,241
Publication Number

US 20140026182A1
Time in Patent Office

1,189 Days
Field of Search

726/1, 713/190, 707/827, 709/213, 709/219
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 2221/2123   Dummy operation

G06Q 10/103   Workflow collaboration or p...

H04L 63/20   for managing network securi...

Data loss prevention (DLP) methods by a cloud service including third party integration architectures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Data loss prevention (DLP) methods by a cloud service including third party integration architectures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links