Securing data based on network connectivity

US 9,553,849 B1
Filed: 09/11/2013
Issued: 01/24/2017
Est. Priority Date: 09/11/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

storing a plurality of data documents;

identifying a trusted computer network;

monitoring a plurality of active network connections;

determining that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network; and

in response to determining that the trusted computer network is unavailable, securing sensitive data documents, wherein securing the sensitive data documents comprises;

for each data document of the plurality of data documents, determining a respective classification of a plurality of classifications, the plurality of classifications comprising a sensitive classification based on predetermined criteria; and

encrypting particular data documents having the sensitive classification;

determining that the trusted computer network is available by determining that the plurality of active network connections comprises the trusted computer network; and

in response to determining that the trusted computer network is available, decrypting the particular data documents.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes identifying a trusted computer network. The method also includes monitoring a plurality of active network connections. The method further includes determining that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network. The method additionally includes, in response to determining that the trusted computer network is unavailable, securing sensitive data documents. Securing the sensitive data documents includes, for each data document of a plurality of data documents, determining a respective classification of a plurality of classifications. The plurality of classifications includes a sensitive classification based on predetermined criteria. Securing the sensitive data documents also includes encrypting particular data documents having the sensitive classification.

27 Citations

View as Search Results

17 Claims

1. A method, comprising:
- storing a plurality of data documents;
  
  identifying a trusted computer network;
  
  monitoring a plurality of active network connections;
  
  determining that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network; and
  
  in response to determining that the trusted computer network is unavailable, securing sensitive data documents, wherein securing the sensitive data documents comprises;
  
  for each data document of the plurality of data documents, determining a respective classification of a plurality of classifications, the plurality of classifications comprising a sensitive classification based on predetermined criteria; and
  
  encrypting particular data documents having the sensitive classification;
  
  determining that the trusted computer network is available by determining that the plurality of active network connections comprises the trusted computer network; and
  
  in response to determining that the trusted computer network is available, decrypting the particular data documents.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein securing the sensitive data documents further comprises:
    - generating the respective classification for each of the plurality of data documents with a classification engine.
  - 3. The method of claim 2, wherein generating the respective classification further comprises generating a classification time stamp for each data document, and wherein the respective classifications are only generated for:
    - each respective data document that has been modified since its respective classification time stamp; and
      
      each data document that does not correspond to any classification.
  - 4. The method of claim 1, wherein encrypting the particular data documents comprises deleting the particular data documents.
  - 5. The method of claim 1, wherein encrypting the particular data documents comprises encrypting the particular data documents using a public-key encryption algorithm.
  - 6. The method of claim 1, wherein the trusted computer network comprises a service set identifier (“
    - SSID”
      
      ).

7. A computer configured to access a storage device, the computer comprising:
- a processor; and
  
  a non-transitory, computer-readable storage medium storing computer-readable instructions that when executed by the processor cause the computer to perform;
  
  store a plurality of data documents;
  
  identifying a trusted computer network;
  
  monitoring a plurality of active network connections, at least one of which providing access to the trusted network;
  
  in response to monitoring the plurality of active network connections, determining that the trusted computer network is no longer available by determining that the plurality of active network connections no longer includes the trusted computer network;
  
  in response to determining that the trusted computer network is unavailable, securing sensitive data documents, wherein securing the sensitive data documents comprises;
  
  for each data document of the plurality of data documents, determining a respective classification of a plurality of classifications, the plurality of classifications comprising a sensitive classification based on predetermined criteria; and
  
  encrypting particular data documents having the sensitive classification;
  
  determining that the trusted computer network is available by determining that the plurality of active network connections comprises the trusted computer network; and
  
  in response to determining that the trusted computer network is available, decrypting the particular data documents.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer of claim 7, wherein securing the sensitive data documents further comprises:
    - generating the respective classification for each of the plurality of data documents with a classification engine.
  - 9. The computer of claim 8, wherein generating the respective classification further comprises generating a classification time stamp for each data document, and wherein the respective classifications are only generated for:
    - each respective data document that has been modified since its respective classification time stamp; and
      
      each data document that does not correspond to any classification.
  - 10. The computer of claim 7, wherein encrypting the particular data documents comprises deleting the particular data documents.
  - 11. The computer of claim 7, wherein encrypting the particular data documents comprises encrypting the particular data documents using a public-key encryption algorithm.
  - 12. The computer of claim 7, wherein the trusted computer network comprises a service set identifier (“
    - SSID”
      
      ).

13. A computer program product comprising:
- a non-transitory computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code comprising;
  
  computer-readable program code configured to store a plurality of data documents;
  
  computer-readable program code configured to identify a trusted computer network;
  
  computer-readable program code configured to monitor a plurality of active network connections;
  
  computer-readable program code configured to determine that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network;
  
  computer-readable program code configured to, in response to determining that the trusted computer network is unavailable, secure sensitive data documents, wherein securing the sensitive data documents comprises;
  
  for each data document of the plurality of data documents, determining a respective classification of a plurality of classifications, the plurality of classifications comprising a sensitive classification based on predetermined criteria; and
  
  encrypting particular data documents having the sensitive classification;
  
  computer-readable program code configured to determine that the trusted computer network is available by determining that the plurality of active network connections comprises the trusted computer network; and
  
  in response to determining that the trusted computer network is available, decrypting the particular data documents.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, wherein securing the sensitive data documents further comprises:
    - generating the respective classification for each of the plurality of data documents with a classification engine.
  - 15. The computer program product of claim 14, wherein generating the respective classification further comprises generating a classification time stamp for each data document, and wherein the respective classifications are only generated for:
    - each respective data document that has been modified since its respective classification time stamp; and
      
      each data document that does not correspond to any classification.
  - 16. The computer program product of claim 13, wherein encrypting the particular data documents comprises deleting the particular data documents.
  - 17. The computer program product of claim 13, wherein encrypting the particular data documents comprises encrypting the particular data documents using a public-key encryption algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Smalley, Howard
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/024,158
Time in Patent Office

1,231 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/6245   Protecting personal data, e...

G06F 21/88   Detecting or preventing the...

H04L 63/0428   wherein the data content is...

H04L 63/205   involving negotiation or de...

Securing data based on network connectivity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Securing data based on network connectivity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links