Enforcing rights mangement through edge email servers

US 20060089970A1
Filed: 09/30/2004
Published: 04/27/2006
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages, the method comprising acts of:

receiving a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;

accessing a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;

comparing the one or more pieces of evidence with content within the message for identifying the sensitive subject matter in the message; and

determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately, transferred between the at least two domains.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides for methods, systems, and computer program products for ensuring that sensitive subject matter within electronic messages is not inappropriately transferred between domains with differing security rights. The present invention utilizes the appropriate placement of message transfer agents or servers along with policy documents that include configurable semantics pattern recognition data for identifying deviant messages. Once deviant messages or messages that potentially have sensitive subject matter are identified, the present invention further provides for adaptable actions or remedies for ensuring that the sensitive subject matter is not inappropriately transferred between domains.

Citations

40 Claims

1. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages, the method comprising acts of:
- receiving a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  accessing a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  comparing the one or more pieces of evidence with content within the message for identifying the sensitive subject matter in the message; and
  
  determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately, transferred between the at least two domains.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 3. The method of claim 1, wherein the policy document includes evidence about an outside organization'"'"'s policies, and wherein the message is an incoming message from the outside organization.
  - 4. The method of claim 1, wherein the at least two domains are different departments of a single organization.
  - 5. The method of claim 1, wherein the at least two domains are different organizations.
  - 6. The method of claim 1, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.
  - 7. The method of claim 1, wherein the sensitive subject matter is included in an attachment within the electronic message.
  - 8. The method of claim 1, wherein the message protocol used to transfer the message is SMTP or X400.

9. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages, the method comprising:
- an act of receiving a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  a step for identifying the message as deviant by using a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter; and
  
  an act of determining one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the one or more actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender.
  - 11. The method of claim 10, wherein the one or more of the one or more actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of:
    - sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
      
      querying the sender whether they still want to transfer the message between the at least two domains; and
      
      establishing one or more secure links between the at least two domains for transferring the message.
  - 12. The method of claim 11, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.

13. In an electronic messaging system, a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages and policy remedies that define how to process the deviant messages, the method comprising acts of:
- receiving a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  accessing a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  scanning the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and
  
  based on the identified one or more pieces of evidence, triggering one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 14. The method of claim 13, wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender.
  - 15. The method of claim 14, wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, wherein the method further includes the acts of:
    - sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
      
      querying the sender whether they still want to transfer the message between the at least two domains; and
      
      establishing one or more secure links between the at least two domains for transferring the message.
  - 16. The method of claim 13, wherein the one or more adaptable actions to be taken are based on a number of matches between content within the message and the one or more evidence within the policy document.
  - 17. The method of claim 13, wherein the one or more adaptable actions to be taken are further based on a sender of the message, an intended recipient of the message, or both.
  - 18. The method of claim 17, wherein an override feature is provided within the policy document based on the sender, the intended recipient, or both.
  - 19. The method of claim 13, wherein the one or more adaptable actions to be taken are further based on a particular match between content within the message and the one or more pieces of evidence within the policy document.
  - 20. The method of claim 13, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 21. The method of claim 13, wherein the policy document includes evidence about an outside organization'"'"'s policies, and wherein the message is an incoming message from the outside organization.
  - 22. The method of claim 13, wherein the at least two domains are different departments of a single organization.
  - 23. The method of claim 13, wherein the at least two domains are different organizations.
  - 24. The method of claim 13, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.
  - 25. The method of claim 13, wherein the sensitive subject matter is included in an attachment within the electronic message.
  - 26. The method of claim 13, wherein the message protocol used to transfer the message is SMTP or X400.

27. A computer program product for use in an electronic messaging system, the computer program product for implementing a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  access a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  compare the one or more pieces of evidence with content within the message for identifying the sensitive subject matter in the message; and
  
  determine one or more actions to be taken on the message in accordance with policy remedies for ensuring that the sensitive subject matter is not inappropriately transferred between the at least two domains.
- View Dependent Claims (28, 29, 30)
- - 28. The computer program product of claim 27, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 29. The computer program product of claim 27, wherein the at least two domains are different organizations.
  - 30. The computer program product of claim 27, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.

31. A computer program product for use in an electronic messaging system, the computer program product used to implement a method of ensuring that confidential, proprietary, privileged or other sensitive subject matter is not inappropriately transferred between domains with differing security rights by utilizing policy documents that include semantics pattern recognition data for identifying deviant messages and policy remedies that define how to process the deviant messages, the computer program product comprising one or more computer readable media having stored thereon computer executable instructions that, when executed by a processor, can cause the distributed computing system to perform the following:
- receive a message at a message transfer agent located at an edge between at least two domains with different security rights, the message including sensitive subject matter that is not supposed to be inappropriately transferred between the at least two domains based on the security rights of each domain;
  
  access a policy document that includes one or more pieces of evidence, which are configurable characteristics corresponding to the sensitive subject matter;
  
  scan the message for identifying the one or more pieces of evidence corresponding to the sensitive subject matter within the message; and
  
  based on the identified one or more pieces of evidence, trigger one or more adaptable actions for ensuring the sensitive subject matter is not inappropriately transferred between the at least two domains.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The computer program product of claim 31, wherein the one or more adaptable actions applied are one or more of a deleting the message, deleting the sensitive subject matter, sending a non-delivery receipt back to a client that sent the message, forwarding the message to a system administrator, or forwarding the message to a supervisor of a sender.
  - 33. The computer program product of claim 32, wherein the one or more of the one or more adaptable actions applied further include identifying that the message can be sent using a secure protocol, the computer program product further comprising computer executable instructions that:
    - sending a message to the sender'"'"'s address indicating that the message includes the sensitive subject matter;
      
      querying the sender whether they still want to transfer the message between the at least two domains; and
      
      establishing one or more secure links between the at least two domains for transferring the message.
  - 34. The computer program product of claim 31, wherein the one or more adaptable actions to be taken are based on a number of matches between content within the message and the one or more evidence within the policy document.
  - 35. The computer program product of claim 31, wherein the one or more adaptable actions to be taken are further based on a sender of the message, an intended recipient of the message, or both.
  - 36. The computer program product of claim 35, wherein an override feature is provided within the policy document based on the sender, the intended recipient, or both.
  - 37. The computer program product of claim 31, wherein the one or more adaptable actions to be taken are further based on a particular match between content within the message and the one or more pieces of evidence within the policy document.
  - 38. The computer program product of claim 31, wherein the one or more pieces of evidence are created based on one or more of input from a system administrator, input from an originator of the sensitive subject matter, a semantics algorithm or a hashing function.
  - 39. The computer program product of claim 31, wherein the at least two domains are different departments of a single organization.
  - 40. The computer program product of claim 31, wherein the characteristics are one or more of a tagging, pattern of the sensitive subject matter, hash of the sensitive subject matter, word for word match of the sensitive subject matter, extracts from the sensitive subject matter, keywords associated with the sensitive subject matter, paraphrasing of the sensitive subject matter, summary of the sensitive subject matter or a template corresponding to the sensitive subject matter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Atkinson, Robert G., Pearson, Malcolm E., Reed, David R., White, Steven D.

Granted Patent

US 7,454,778 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

H04L 63/102 Entity profiles

Enforcing rights mangement through edge email servers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing rights mangement through edge email servers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links