Methods and systems for preventing transmission of sensitive data from a remote computer device
First Claim
1. A computer system secured against unauthorized external communications of data items from an egress point of the system, the system comprising:
- a memory;
a central server;
at least one remote device connected to the central server by a data network, wherein the remote device is authorized to communicate with the central server using the data network, the remote device comprised of a local data scanning component, wherein the local data scanning component is configured by logic to inspect data comprising content of an outgoing message stored on the remote device to determine if the outgoing message is comprised of data indicating a message destination accessed through the egress point and in dependence on the determination and prior to permitting transmission of the outgoing message, scan the data comprising the content of the outgoing message using a first at least one security rule stored locally on the remote device and in case of the scan resulting in triggering said first at least one security ride, transmit a portion of the data comprising the content of the outgoing message to the central server;
wherein the central server is further comprised of a security component that is adapted by logic to receive the transmitted portion of the data comprising the content of the outgoing message, determine a security action by scanning the received transmitted portion of the data comprising the content of the outgoing message using a second at least one security rule stored on the central server and transmit, to the remote device, data representing a command encoding the determined security action, wherein the remote device is further configured by logic to execute the determined security action on the outgoing message prior to permitting transmission of the outgoing message through the egress point.
6 Assignments
0 Petitions
Accused Products
Abstract
A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.
-
Citations
27 Claims
-
1. A computer system secured against unauthorized external communications of data items from an egress point of the system, the system comprising:
-
a memory; a central server; at least one remote device connected to the central server by a data network, wherein the remote device is authorized to communicate with the central server using the data network, the remote device comprised of a local data scanning component, wherein the local data scanning component is configured by logic to inspect data comprising content of an outgoing message stored on the remote device to determine if the outgoing message is comprised of data indicating a message destination accessed through the egress point and in dependence on the determination and prior to permitting transmission of the outgoing message, scan the data comprising the content of the outgoing message using a first at least one security rule stored locally on the remote device and in case of the scan resulting in triggering said first at least one security ride, transmit a portion of the data comprising the content of the outgoing message to the central server; wherein the central server is further comprised of a security component that is adapted by logic to receive the transmitted portion of the data comprising the content of the outgoing message, determine a security action by scanning the received transmitted portion of the data comprising the content of the outgoing message using a second at least one security rule stored on the central server and transmit, to the remote device, data representing a command encoding the determined security action, wherein the remote device is further configured by logic to execute the determined security action on the outgoing message prior to permitting transmission of the outgoing message through the egress point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method executed by a computer system comprised of a central server and a remote computer connected to the central server by a data network, to secure the system against unauthorized external communications of data items from an egress point of the system, said method comprising:
-
using the remote computer to automatically inspect data comprising content of an outgoing message stored on the remote computer to determine if the outgoing message is comprised of data indicating a message destination accessed through the egress point and in dependence on the determination and prior to permitting transmission of the outgoing message, scan the data comprising the content of the outgoing message using a first at least one security rule stored locally on the remote computer and in case of the scan resulting in triggering said first at least one security rule, transmit a portion of the data comprising the content of the outgoing message data to the central server; using the central server to receive the transmitted portion of the data comprising the content of the outgoing message, determine a security action by scanning the received transmitted portion of the data comprising the content of the outgoing message using a second at least one security rule stored on the central server and transmit, to the remote computer, data representing a command encoding the determined security action; and using the remote computer to execute the determined security action on the outgoing message prior to permitting transmission of the outgoing message through the egress point. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification