Systems and methods for data loss prevention while preserving privacy

US 9,740,877 B2
Filed: 09/22/2015
Issued: 08/22/2017
Est. Priority Date: 09/22/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of detecting data leakage, the method comprising:

receiving, at a host external to a firewall of an enterprise, a data communication originating from an online account of a user device associated with the enterprise;

the host performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication;

the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise;

in response to receiving the host-encrypted data communication, and by using a common encryption key, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication;

providing the software agent-encrypted database of enterprise information and the re-encrypted data communication to the host;

the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication;

performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication;

the host configured to report the match to the software agent, and the software agent configured to take a first action, when the match is determined to exist; and

the host configured to take a second action when the match is determined to not exist.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for data loss prevention while preserving privacy are described, including receiving a data communication originating from an online account of a user device associated with the enterprise; performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication; encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise; receiving a software agent-encrypted database of enterprise communication and the host-encrypted data communication, re-encrypted by the software agent; decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication; if the match exists, reporting the match to the software agent; and if the match does not exist, the host taking an action.

25 Citations

View as Search Results

20 Claims

1. A computer-implemented method of detecting data leakage, the method comprising:
- receiving, at a host external to a firewall of an enterprise, a data communication originating from an online account of a user device associated with the enterprise;
  
  the host performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication;
  
  the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise;
  
  in response to receiving the host-encrypted data communication, and by using a common encryption key, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication;
  
  providing the software agent-encrypted database of enterprise information and the re-encrypted data communication to the host;
  
  the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication;
  
  performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication;
  
  the host configured to report the match to the software agent, and the software agent configured to take a first action, when the match is determined to exist; and
  
  the host configured to take a second action when the match is determined to not exist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the software agent at the enterprise is not provided with a key used by the host encrypting the data communication originating from the online account, and the host is not provided with the common encryption key of the software agent.
  - 3. The computer-implemented method of claim 1, wherein the performing the matching operation comprises applying a set intersection algorithm.
  - 4. The computer-implemented method of claim 1, wherein the host partially encrypts the data communication, and leaves an unencrypted portion of the data communication as cleartext, and provides the partially encrypted data communication and the cleartext to the software agent.
  - 5. The computer-implemented method of claim 1, further comprising the software agent adding noise into the encrypted database and sends the encrypted database with the noise to the host.
  - 6. The computer-implemented method of claim 1, wherein the host performing the analysis to determine that the data communication is the candidate data leakage comprises the application of a Bloom filter to determine that the data communication is the candidate data leakage.
  - 7. The computer-implemented method of claim 1, further comprising the software agent re-ordering values in the host-encrypted data communication during the re-encryption of the host-encrypted data communication.
  - 8. The computer-implemented method of claim 1, wherein the first action by the software agent comprises at least one of includes deleting the data communication, quarantining the data communication, and sending the data communication to a recipient with an alert.
  - 9. The computer-implemented method of claim 1, wherein the second action by the host comprises not providing a report to the software agent.

10. A computer-implemented method of detecting data leakage at a host external to a firewall of an enterprise, the method comprising:
- receiving, a data communication originating from an online account of a user device associated with the enterprise;
  
  performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication;
  
  encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise;
  
  receiving a software agent-encrypted database of enterprise information and the host-encrypted data communication, re-encrypted by the software agent;
  
  decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication;
  
  performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication;
  
  reporting the match to the software agent when the match is determined to exist; and
  
  the host configured to take an action when the match is determined to not exist.
- View Dependent Claims (11, 12, 13)
- - 11. The computer-implemented method of claim 10, wherein the performing the matching operation comprises applying a set intersection algorithm.
  - 12. The computer-implemented method of claim 10, wherein the host partially encrypts the data communication, and leaves an unencrypted portion of the data communication as cleartext, and provides the partially encrypted data communication and the cleartext to the software agent.
  - 13. The computer-implemented method of claim 10, wherein the host performing the analysis to determine that the data communication is the candidate data leakage comprises the application of a Bloom filter to determine that the data communication is the candidate data leakage.

14. A computer-implemented method of detecting data leakage from an enterprise having a software agent, the method comprising:
- receiving, from a host external to a firewall of the enterprise, a host-encrypted data communication that originated from an online account of a user device associated with the enterprise;
  
  using a common encryption key, encrypting a database of enterprise information and re-encrypting the host-encrypted data communication;
  
  providing the encrypted database of enterprise information and the re-encrypted data communication to the host;
  
  receiving a report from the host indicative of a match existing between the encrypted database of information and the re-encrypted data communication; and
  
  taking a first action when the match is determined to exist between the encrypted database of information and the re-encrypted data communication.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer-implemented method of claim 14, wherein the software agent at the enterprise is not provided with a key used by the host encrypting the data communication originating from the online account, and the host is not provided with the common encryption key of the software agent.
  - 16. The computer-implemented method of claim 14, further comprising the software agent adding noise into the encrypted database and sends the encrypted database with the noise to the host.
  - 17. The computer-implemented method of claim 14, further comprising the software agent re-ordering values in the host-encrypted data communication during the re-encryption of the host-encrypted data communication.
  - 18. The computer-implemented method of claim 14, wherein the first action by the software agent comprises at least one of includes deleting the data communication, quarantining the data communication, and sending the data communication to a recipient with an alert, and wherein the first action is not taken when the match is determined to not exist between the encrypted database of information and the re-encrypted data communication.

19. A system for detecting data leakage at a host external to a firewall of an enterprise, the system comprising:
- the host external to the firewall of the enterprise including a hardware processor and having executable instructions stored on a computer-readable medium, the instructions at the host comprising,receiving, a data communication originating from an online account of a user device associated with the enterprise;
  
  performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication;
  
  encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise;
  
  receiving a software agent-encrypted database of enterprise information and the host-encrypted data communication, re-encrypted by the software agent;
  
  decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication;
  
  performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication;
  
  the match is capable of being reported to the software agent when the match is determined to exist; and
  
  the software agent is configured to take a first action when the match is determined to exist; and
  
  the enterprise including a hardware processor and having executable instructions stored on a computer-readable mediumreceiving, from the host external to a firewall of the enterprise, the host-encrypted data communication;
  
  using a common encryption key, encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the software agent-encrypted database and the re-encrypted data communication to the host;
  
  receiving a report from the host indicative of the match existing between the encrypted database of information and the software agent-encrypted data communication; and
  
  taking a second action.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the software agent at the enterprise is not provided with a key used by the host encrypting the data communication originating from the online account, and the host is not provided with the common encryption key of the software agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Medvedev, Ivan
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US14/862,086
Publication Number

US 20170083717A1
Time in Patent Office

700 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G07C 9/00309   operated with bidirectional...

H04L 5/16   Half-duplex systems; Simple...

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

H04L 7/033   using the transitions of th...

H04L 9/14   using a plurality of keys o...

H04L 9/302   involving the integer facto...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 56/001   Synchronization between nodes

Systems and methods for data loss prevention while preserving privacy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for data loss prevention while preserving privacy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links