×

Selective encryption of outgoing data

  • US 9,917,817 B1
  • Filed: 06/10/2013
  • Issued: 03/13/2018
  • Est. Priority Date: 06/10/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • monitoring a set of outgoing data generated by a first user via a user computing device, wherein said monitoring is carried out, prior to transmission of the set of outgoing data from the user computing device, by a data monitoring agent executing in the background of operations of the user computing device;

    identifying one or more items of sensitive information from the set of outgoing data, wherein said identifying is carried out, prior to transmission of the set of outgoing data from the user computing device, by a data policy enforcement agent executing in the background of operations of the user computing device, and wherein said identifying comprises;

    implementing, via one or more content blades, one or more data loss prevention policies against the set of outgoing data, wherein the data loss prevention policies define items of sensitive information, and wherein the one or more content blades encapsulate one or more detection rules and one or more contextual rules related to identifying items of sensitive information, wherein;

    the detection rules comprise (i) one or more inclusion rules, which describe items of information that should be contained in outgoing data, and (ii) one or more exclusion rules, which describe items of information that should not be contained in outgoing data, wherein said implementing the one or more data loss prevention policies comprises;

    comparing (i) the number of matches between the one or more exclusion rules and the outgoing data and (ii) the number of matches between the one or more inclusion rules and the outgoing data;

    determining, based on said comparing, the outgoing data to be a false positive match with the detection rules upon a determination that the number of matches between the one or more exclusion rules and the outgoing data exceeds the number of matches between the one or more inclusion rules and the outgoing data; and

    precluding use of one or more of the content blades upon a determination that the outgoing data is a false positive match with the detection rules; and

    the contextual rules describe proximity parameters for defined items of sensitive information with respect to one or more predetermined categories of information items;

    selectively encrypting a sub-set of the set of outgoing data, wherein the sub-set consists of the one or more identified items of sensitive information, to produce one or more items of encrypted sensitive information, wherein said encrypting is carried out, prior to transmission of the set of outgoing data from the user computing device, by an encryption agent executing in the background of operations of the user computing device; and

    replacing the one or more items of sensitive information with the one or more items of encrypted sensitive information in the set of outgoing data to produce a version of the set of outgoing data that comprises (i) the encrypted sub-set of the outgoing data and (ii) one or more unencrypted sub-sets of the outgoing data, wherein said replacing is carried out, prior to transmission of the set of outgoing data from the user computing device, by the encryption agent executing in the background of operations of the user computing device.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×