System and method for adding context to prevent data leakage over a computer network

US 9,609,001 B2
Filed: 01/19/2015
Issued: 03/28/2017
Est. Priority Date: 02/02/2007
Status: Active Grant

First Claim

Patent Images

1. A system for preventing unauthorized transmission of data over a computer network, the system comprising:

a network gateway device in communication with the computer network, the network gateway device configured to receive data in transit between a source and a destination, wherein the network gateway device comprises;

a classification module configured to determine whether the data in transit includes prohibited content,a context information module configured to generate destination contextual information related to the destination of the received data, wherein the destination contextual information comprises a categorization of an Internet Protocol (IP) address of the destination, and wherein the categorization of the IP address of the destination is based at least in part on website content stored at the destination, anda transmission policy module configured to determine a transmission policy based on the determination of the classification module and the destination contextual information.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information.

202 Citations

18 Claims

1. A system for preventing unauthorized transmission of data over a computer network, the system comprising:
- a network gateway device in communication with the computer network, the network gateway device configured to receive data in transit between a source and a destination, wherein the network gateway device comprises;
  
  a classification module configured to determine whether the data in transit includes prohibited content,a context information module configured to generate destination contextual information related to the destination of the received data, wherein the destination contextual information comprises a categorization of an Internet Protocol (IP) address of the destination, and wherein the categorization of the IP address of the destination is based at least in part on website content stored at the destination, anda transmission policy module configured to determine a transmission policy based on the determination of the classification module and the destination contextual information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising a database of IP addresses sorted by categories, wherein the categorization of the destination is further based on a comparison of the IP address of the destination to the database of internet protocol addresses.
  - 3. The system of claim 1, wherein the destination contextual information is further based on a geographic location of the destination.
  - 4. The system of claim 1, wherein the context information module is further configured to generate sender contextual information related to the source of the received data, and the transmission policy module is further configured to determine the transmission policy based on the sender contextual information.
  - 5. The system of claim 4, wherein the sender contextual information comprises a user name or a group of users.
  - 6. The system of claim 1, wherein the destination contextual information further comprises an IP address of the destination, a network of the destination or a category of the destination.
  - 7. The system of claim 1, wherein the transmission policy module is further configured to determine whether the network gateway transmits the data or blocks transmission of the data.
  - 8. The system of claim 1, wherein the transmission policy module is further configured to report that the source is attempting to transmit data.
  - 9. The system of claim 1, wherein the data source is an electronic device connected to the computer network, and one of:
    - a personal digital assistant (PDA);
      
      a computer; and
      
      a cell phone.
  - 10. The system of claim 1, wherein the network gateway further comprises an enforcement module configured to transmit or block the data in response to data received from the transmission policy module.

11. A method of preventing an unauthorized transmission of data over a computer network, the method comprising:
- receiving, at a network gateway device connected to the computer network, data in transit between a source and a destination;
  
  classifying, using one or more electronic processing circuits, the data to determine whether the data includes prohibited content;
  
  generating, using the one or more electronic processing circuits, destination contextual information related to the destination of the data, wherein the destination contextual information comprises a categorization of an Internet Protocol (IP) address of the destination, wherein the categorization of the IP address of the destination is based on website content stored at the destination; and
  
  determining, using the one or more electronic processing circuits, a transmission policy for the data in response to the classification of the data and the destination contextual information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising transmitting or blocking the data based on the transmission policy.
  - 13. The method of claim 12, further comprising reporting that the data is to be transmitted.
  - 14. The method of claim 11, wherein the destination contextual information is further based on a geographic location of the destination.
  - 15. The method of claim 11, further comprising storing a database of IP addresses sorted by categories, wherein the categorization of the destination is further based on a comparison of the IP address of the destination to the database of IP addresses.
  - 16. The method of claim 11, further comprising generating sender contextual information related to the source of the data, wherein the determining of a transmission policy for the data further based on the sender contextual information.
  - 17. The method of claim 16, wherein the sender contextual information comprises an IP address of the sender, a user name of a sender of the data in transit or a group name of a sender of the data in transit.
  - 18. The method of claim 11, wherein the source of the data is an electronic device connected to the computer network, wherein the electronic device is one of:
    - a personal digital assistant (PDA);
      
      a computer; and
      
      a cell phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Websense, Llc (Forcepoint LLC)
Inventors
Hubbard, Daniel Lyle
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/599,967
Publication Number

US 20150143476A1
Time in Patent Office

799 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0245   Filtering by information in...

H04L 63/107   wherein the security polici...

H04L 63/123   received data contents, e.g...

System and method for adding context to prevent data leakage over a computer network

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for adding context to prevent data leakage over a computer network

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links