Secure and scalable detection of preselected data embedded in electronically transmitted messages
First Claim
Patent Images
1. A computer-implemented method comprising:
- identifying, by a policy management system comprising a first processor, data to be protected based on a security policy, wherein the data comprises tabular-formatted data comprising a plurality of cells;
deriving, by the policy management system, an abstract data structure from the identified data by generating an entry of the abstract data structure for a first cell of the plurality of cells of the tabular-formatted data based on a placement of the first cell in relation to the plurality of cells, wherein the entry comprises a row number of the first cell, a column number of the first cell, and a data type indicator associated with the first cell, and wherein the abstract data structure does not reveal sensitive data elements of the data; and
sending, by the policy management system, the abstract data structure and information regarding the security policy over a network to a message monitoring system comprising a second processor, to enable the message monitoring system to perform content searches on a plurality of messages electronically transmitted to reach respective destinations, the content searches to be performed based on the security policy to determine whether one or more of the plurality of searched messages contains at least a portion of the data to be protected using the entry of the abstract data structure for the first cell of the plurality of cells of the tabular-formatted data.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for detecting preselected data embedded in electronically transmitted messages is described. In one embodiment, the method comprises monitoring messages electronically transmitted over a network for embedded preselected data and performing content searches on the messages to detect the presence of the embedded preselected data using an abstract data structure derived from the preselected data.
-
Citations
18 Claims
-
1. A computer-implemented method comprising:
-
identifying, by a policy management system comprising a first processor, data to be protected based on a security policy, wherein the data comprises tabular-formatted data comprising a plurality of cells; deriving, by the policy management system, an abstract data structure from the identified data by generating an entry of the abstract data structure for a first cell of the plurality of cells of the tabular-formatted data based on a placement of the first cell in relation to the plurality of cells, wherein the entry comprises a row number of the first cell, a column number of the first cell, and a data type indicator associated with the first cell, and wherein the abstract data structure does not reveal sensitive data elements of the data; and sending, by the policy management system, the abstract data structure and information regarding the security policy over a network to a message monitoring system comprising a second processor, to enable the message monitoring system to perform content searches on a plurality of messages electronically transmitted to reach respective destinations, the content searches to be performed based on the security policy to determine whether one or more of the plurality of searched messages contains at least a portion of the data to be protected using the entry of the abstract data structure for the first cell of the plurality of cells of the tabular-formatted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium that provides instructions that, when executed by a first processor of a policy management system, causes the policy management system to perform operations comprising:
-
identifying, by the policy management system, data to be protected based on a security policy, wherein the data comprises tabular-formatted data comprising a plurality of cells; deriving, by the policy management system, an abstract data structure from the identified data by generating an entry of the abstract data structure for a first cell of the plurality of cells, wherein the entry comprises a row number of the first cell, a column number of the first cell, and a data type indicator associated with the first cell, and wherein the abstract data structure does not reveal sensitive data elements of the data; and sending, by the policy management system, the abstract data structure and information regarding the security policy over a network to a message monitoring system comprising a second processor, to enable the message monitoring system to perform content searches on a plurality of messages electronically transmitted to reach respective destinations, the content searches to be performed based on the security policy to determine whether one or more of the plurality of searched messages contains at least a portion of the data to be protected using the entry of the abstract data structure for the first cell of the plurality of cells o the tabular-formatted data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A policy management system comprising:
-
a memory; and a first processor operatively coupled to the memory, the first processor configured to; identify data to be protected based on a security policy, wherein the data comprises tabular-formatted data comprising a plurality of cells; derive an abstract data structure from the identified data by generating an entry of the abstract data structure for a first cell of the plurality of cells of the tabular-formatted data based on a placement of the first cell in relation to the plurality of cells, wherein the entry comprises a row number of the first cell, a column number of the first cell, and a data type indicator associated with the first cell, and wherein the abstract data structure does not reveal sensitive data elements of the data; and send the abstract data structure and information regarding the security policy over a network to a message monitoring system comprising a second processor, to enable the message monitoring system to perform content searches on a plurality of messages electronically transmitted to reach respective destinations, the content searches to be performed based on the security policy to determine whether one or more of the plurality of searched messages contains at least a portion of the data to be protected using the entry of the abstract data structure for the first cell of the plurality of cells of the tabular-formatted data. - View Dependent Claims (18)
-
Specification