System and method for securing documents prior to transmission

US 9,948,676 B2
Filed: 08/08/2013
Issued: 04/17/2018
Est. Priority Date: 07/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method executed by a computer system for securing an electronic message comprised of data stored on the computer system, that is in a state of being composed as a result of a user operating a computer program running on said computer comprising:

automatically detecting a change in at least one of a plurality of predetermined conditions of the data representing the electronic message during the period that the electronic message is in the state of being composed;

in response to the automatic detection of the change of the at least one predetermined condition, applying at least one security policy rule to the data representing the electronic message while the electronic message remains in the state of being composed, said at least one security policy being selected by the computer system in dependence on which of the at least one of the plurality of predetermined conditions was detected as having been changed;

wherein the step of applying at least one of the security policy rule comprises;

determining a first security indicia for a file attachment to the electronic message;

determining a second security indicia for the security privilege of the user composing the electronic message;

using the first and second security indicia to determine whether to prevent the file attachment from being transmitted in the electronic message, and in dependence on such determination, either modifying a data structure associated with the electronic message to remove the file attachment from the electronic message or blocking the transmission of the electronic message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securing documents attached to emails is disclosed. The system and method apply security rules to an email as it is being composed to ensure that the security policies have been expressed prior to the email being sent. The security program hooks in to the message object model so that as the message is modified, the security rules are applied to each modification.

Citations

28 Claims

1. A method executed by a computer system for securing an electronic message comprised of data stored on the computer system, that is in a state of being composed as a result of a user operating a computer program running on said computer comprising:
- automatically detecting a change in at least one of a plurality of predetermined conditions of the data representing the electronic message during the period that the electronic message is in the state of being composed;
  
  in response to the automatic detection of the change of the at least one predetermined condition, applying at least one security policy rule to the data representing the electronic message while the electronic message remains in the state of being composed, said at least one security policy being selected by the computer system in dependence on which of the at least one of the plurality of predetermined conditions was detected as having been changed;
  
  wherein the step of applying at least one of the security policy rule comprises;
  
  determining a first security indicia for a file attachment to the electronic message;
  
  determining a second security indicia for the security privilege of the user composing the electronic message;
  
  using the first and second security indicia to determine whether to prevent the file attachment from being transmitted in the electronic message, and in dependence on such determination, either modifying a data structure associated with the electronic message to remove the file attachment from the electronic message or blocking the transmission of the electronic message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 further comprising:
    - determining if the detected change of at least one predetermined condition corresponds to an addition of a recipient to the electronic message, and if so, applying at least one security policy rule associated with a characteristic of the recipient added to the electronic message.
  - 3. The method of claim 2 where the characteristic of the recipient is the domain of the recipient'"'"'s email address.
  - 4. The method of claim 2 where the characteristic of the recipient is the identity of the recipient by name.
  - 5. The method of claim 1 further comprising:
    - determining if the detected change of at least one predetermined condition corresponds to the addition of the file attachment to the electronic message, and if so, applying at least one security policy rule associated with a characteristic of the file attachment.
  - 6. The method of claim 5 where the characteristic of the file attachment is the file type.
  - 7. The method of claim 5 where the characteristic of the file attachment is an indicia of sensitivity of the file attachment, and the method is further comprised of obtaining from data storage an indicia of sensitivity of the file attachment by using a reference to the file attachment.
  - 8. The method of claim 1 further comprising:
    - determining if the detected change of at least one predetermined condition corresponds to the addition to the electronic message of the file attachment containing a predetermined one or more words, and if so, applying at least one security policy rule associated with the predetermined one or more words.
  - 9. The method of claim 8 where the predetermined one or more words are determined to be contained in the file attachment by inspecting encoded characters in the file.
  - 10. The method of claim 8 where the predetermined one or more words are determined to be contained in the file attachment by using pattern recognition of a portion of an image comprising the file attachment.
  - 11. The method of claim 8 further comprising:
    - inspecting the file attachment in order to determine the presence of a code number embedded in the file attachment in a manner that is not readily apparent or easily removed.
  - 12. The method of claim 1 further comprising determining if the detected change of at least one predetermined condition corresponds to an addition of a predetermined one or more words to the body of the electronic message, and if so, applying at least one security policy rule associated with the predetermined one or more words.
  - 13. The method of claim 1 where the step of detecting a change in at least one of a plurality of predetermined conditions is comprised of:
    - hooking into an object model associated with the electronic message so as to have at least one object method used to determine the change in the condition of the electronic message as it is in the state of being composed.
  - 14. The method of claim 13 where the at least one of the object methods are a first and a second object methods that correspond to the addition of a recipient and the addition of the file attachment, where the first and second object methods express security policy rules corresponding to recipients and file attachments respectively.

15. A system comprised of at least one computer for securing an electronic message comprised of data stored on the computer, that is in a state of being composed as a result of a user operating a computer program running on one of said at least one computers comprising:
- a module configured to automatically detect a change in at least one of a plurality of predetermined conditions of the data representing the electronic message during the period that the electronic message is in the state of being composed;
  
  and in response to the automatic detection of the change of the at least one predetermined condition, apply at least one security policy rule to the data representing the electronic message while the electronic message remains in the state of being composed, said at least one security policy being selected by the computer system in dependence on which of the plurality of at least one of the predetermined conditions was detected as having been changed;
  
  wherein the module is further configured to apply at least one security policy rule by;
  
  determining a first security indicia for a file attachment to the electronic message;
  
  determining a second security indicia for the security privilege of the user composing the electronic message;
  
  using the first and second security indicia to determine whether to prevent the file attachment from being transmitted in the electronic message, and in dependence on such determination, either modifying a data structure associated with the electronic message to remove the file attachment from the electronic message or blocking the transmission of the electronic message.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15 where the module is further configured to determine if the detected change of condition corresponds to an addition of a recipient to the electronic message, and if so, apply at least one security policy rule associated with a characteristic of the recipient added to the electronic message.
  - 17. The system of claim 16 where the characteristic of the recipient is the domain of the recipient'"'"'s email address.
  - 18. The system of claim 16 where the characteristic of the recipient is the identity of the recipient by name.
  - 19. The system of claim 15 where the module is further configured to determine if the detected change of condition corresponds to the addition of the file attachment to the electronic message, and if so, apply at least one security policy rule associated with a characteristic of the file attachment.
  - 20. The system of claim 19 where the characteristic of the file attachment is the file type.
  - 21. The system of claim 19 where the characteristic of the file attachment is an indicia of sensitivity of the file attachment, and where the module is further configured to obtain from data storage an indicia of sensitivity of the file attachment by using a reference to the file attachment.
  - 22. The system of claim 15 where the module is further configured to determine if the detected change of condition corresponds to the addition to the electronic message of the file attachment containing a predetermined one or more words, and if so, apply at least one security policy rule associated with the predetermined one or more words.
  - 23. The system of claim 22 where the module is further configured to determine if the predetermined one or more words are contained in the file attachment by inspecting encoded characters in the file.
  - 24. The system of claim 22 where the module is further configured to determine if the predetermined one or more words are contained in the file attachment by using pattern recognition of a portion of an image comprising the file attachment.
  - 25. The system of claim 22 where the module is further configured to inspect the file attachment in order to determine the presence of a code number embedded in the file attachment in a manner that is not readily apparent or easily removed.
  - 26. The system of claim 15 where the module is further configured to determine if the detected change of condition corresponds to an addition of a predetermined one or more words to the body of the electronic message, and if so, apply at least one security policy rule associated with the predetermined one or more words.
  - 27. The system of claim 15 where the module is further configured to detect a change in at least one of a plurality of predetermined conditions by hooking into an object model associated with the electronic message so as to have at least one object method used to determine the change in the condition of the electronic message as it is being composed.
  - 28. The system of claim 27 where the at least one of the object methods are a first and second object method that correspond to the addition of a recipient and the addition of the file attachment, where the first and second object methods express security policy rules corresponding to recipients and file attachments respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workshare Technology Incorporated
Original Assignee
Workshare Technology Incorporated
Inventors
Mulder, Matthew
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Tran, Baotram

Application Number

US13/962,096
Publication Number

US 20150033283A1
Time in Patent Office

1,713 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

System and method for securing documents prior to transmission

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing documents prior to transmission

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links