Protecting content from third party using client-side security protection

US 9,756,080 B2
Filed: 07/06/2016
Issued: 09/05/2017
Est. Priority Date: 01/20/2009
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more processing units; and

memory comprising instructions that when executed by at least some of the one or more processing units performs one or more steps, the one or more steps comprising;

determining that an untrusted message service is being used to transmit a message to a recipient;

analyzing the message using one or more rules from a rules component, wherein the one or more rules are used to generate security for the message, and wherein analyzing the message comprises;

evaluating input during composition of the message;

applying the one or more rules to the message;

monitoring for changes to the input of the message; and

when changes to the input are detected, reevaluating the input;

applying the security to the message, wherein the security prevents a body portion of the message from being exposed at the untrusted message service, and wherein the security includes attaching one or more attributes of the security to the message, and wherein the security is applied in response to a determination that the untrusted message service is being used to send the message; and

sending the message to the recipient using the untrusted message service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

39 Citations

View as Search Results

19 Claims

1. A system, comprising:
- one or more processing units; and
  
  memory comprising instructions that when executed by at least some of the one or more processing units performs one or more steps, the one or more steps comprising;
  
  determining that an untrusted message service is being used to transmit a message to a recipient;
  
  analyzing the message using one or more rules from a rules component, wherein the one or more rules are used to generate security for the message, and wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input;
  
  applying the security to the message, wherein the security prevents a body portion of the message from being exposed at the untrusted message service, and wherein the security includes attaching one or more attributes of the security to the message, and wherein the security is applied in response to a determination that the untrusted message service is being used to send the message; and
  
  sending the message to the recipient using the untrusted message service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, further comprising:
    - composing the message using a client computing device; and
      
      using the client computing device to transmit the secured message to the recipient.
  - 3. The system of claim 2, wherein the rules component is associated with the untrusted message service, and wherein the rules component transmits the rules to the client computing device.
  - 4. The system of claim 3, wherein the secured message is associated with a rules property, wherein the rules property indicates a date the rules of the client computing device and the rules of the rules component were synchronized.
  - 5. The system of claim 2, wherein the client computing device is configured to automatically receive at least one of updated rules and new rules from the rules component.
  - 6. The system of claim 2, wherein applying the security to the message comprises:
    - providing a notification to the user device that the security has been triggered;
      
      providing an option to disable the triggered security;
      
      determining whether the option has been selected; and
      
      when the option is determined to be selected, preventing the triggered security from being applied to the message.
  - 7. The system of claim 1, wherein the security allows exposure of a header portion and a subject portion of the message at the untrusted message service.

8. A messaging system comprising:
- a computing device using an untrusted message service for transmitting a message;
  
  a rules component associated with the untrusted message service, wherein the rules component is configured to analyze the message using one or more rules, wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input; and
  
  a security component associated with the computing device, wherein the security component is configured to apply the security to the message, wherein the security prevents a body portion of the message from being exposed at the untrusted message service when the message is transmitted, and wherein the security includes attaching one or more attributes of the security to the message, and wherein the security is applied in response to a determination that the untrusted message service is being used to send the message.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the security component is associated with the computing device and the rules component is associated with the untrusted message service.
  - 10. The system of claim 8, wherein the rules are used to determine when automatic protection is applied to the message and the level of protection applied to the message.
  - 11. The system of claim 8, wherein the rules correspond to at least one of updated rules and new rules.
  - 12. The system of claim 8, wherein the security allows exposure of a header portion and a subject portion of the message at the untrusted message service.
  - 13. The system of claim 8, wherein the computing device and the security component are trusted and are located at one or more trusted locations.
  - 14. The system of claim 8, wherein the one or more rules comprise at least one of a predicate, an action and configuration information.

15. A method of processing messages, the method comprising:
- receiving, by a computing device, a message from a client to a recipient;
  
  analyzing the message using rules from a rules component, wherein the rules are used to generate security for the message, and wherein analyzing the message comprises;
  
  evaluating input during composition of the message;
  
  applying the one or more rules to the message;
  
  monitoring for changes to the input of the message; and
  
  when changes to the input are detected, reevaluating the input;
  
  applying, by the computing device, the security to the message, wherein the security prevents a body portion of the message from being exposed at the untrusted message service, and wherein the security includes attaching one or more attributes of the security to the message, and wherein the security is applied in response to a determination that the untrusted message service is being used to send the one or more messages; and
  
  sending the message to the recipient using the untrusted message service.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, further comprising:
    - composing the message using the client computing device; and
      
      using the client computing device to transmit the secured message to the first recipient.
  - 17. The method of claim 15, wherein the untrusted message service is configured to supply one or more of modified rules and new rules to the computing device to generate a security template.
  - 18. The method of claim 15, wherein analyzing the message comprises:
    - evaluating the first recipient of the message; and
      
      based on the evaluation, applying the one or more rules to the message.
  - 19. The method of claim 18, wherein analyzing further comprises:
    - receiving as input a second recipient of the message;
      
      evaluating the second recipient of the message; and
      
      based on the evaluation, applying a first rule in the one or more rules to the message and a second rule in the one or more rules to the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Banti, Edward T., Byrum, Frank, Carvalho Neto, Mayerber L., Knibb, James R., Biswas, Palash, Barnes, Christopher
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/202,875
Publication Number

US 20160337405A1
Time in Patent Office

426 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/0263   Rule management

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

Protecting content from third party using client-side security protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting content from third party using client-side security protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links