ON-DEMAND CONTENT CLASSIFICATION USING AN OUT-OF-BAND COMMUNICATIONS CHANNEL FOR FACILITATING FILE ACTIVITY MONITORING AND CONTROL

US 20140258294A1
Filed: 03/06/2013
Published: 09/11/2014
Est. Priority Date: 03/06/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for on-demand classification of content using an out-of-band communications channel comprising:

monitoring communications to a server over an in-band communications channel;

identifying, based on the communications, a request to access a particular file stored by the server;

identifying one or more rules based on the request to access the particular file;

determining that the rules require evaluation of classification information for contents of the particular file;

determining whether classification information for the contents of the particular file is available; and

responsive to determining that the classification information for the contents is not available;

obtaining classification information using an out-of-band communications channel different from the in-band communications channel; and

performing processing based on the classification information for the contents of the particular file and the identified one or more rules.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communications to a server over an in-band communications channel are monitored for requests to access a file. Based on the communications, a request to access a particular file stored by the server is identified. Security and/or audit rules are identified based on the request. A determination is thereafter made that the security and/or audit rules require evaluation of classification information for contents of the requested file. Thus, a determination is made as to whether classification information for the contents of the particular file is available, such as determining whether the classification information is stored in a local classification cache. Responsive to a determination that the classification information is not available, classification information is obtained for the contents of the particular file using an out-of-band communications channel. Thereafter, processing with respect to the request to access the particular file is performed based on the obtained classification information and the one or more security and/or audit rules.

17 Citations

View as Search Results

20 Claims

1. A computer-implemented method for on-demand classification of content using an out-of-band communications channel comprising:
- monitoring communications to a server over an in-band communications channel;
  
  identifying, based on the communications, a request to access a particular file stored by the server;
  
  identifying one or more rules based on the request to access the particular file;
  
  determining that the rules require evaluation of classification information for contents of the particular file;
  
  determining whether classification information for the contents of the particular file is available; and
  
  responsive to determining that the classification information for the contents is not available;
  
  obtaining classification information using an out-of-band communications channel different from the in-band communications channel; and
  
  performing processing based on the classification information for the contents of the particular file and the identified one or more rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein determining whether classification information for the contents is available comprises determining whether the classification information for the contents of the particular file is stored in an associated classification cache.
  - 3. The computer-implemented method of claim 1, further comprising storing the obtained classification information for the contents of the particular file in an associated classification cache.
  - 4. The computer-implemented method of claim 1, wherein performing processing based on the classification information for the contents of the particular file and the identified one or more rules comprises:
    - determining that the classification information indicates that the contents of the particular file include one or more sensitive types of data;
      
      determining, based on the one or more rules, that access to a file having contents that include the one or more sensitive types of data is restricted; and
      
      restricting access to the particular file based on the determination that access to a file having contents including the one or more sensitive types of data is restricted.
  - 5. The computer-implemented method of claim 1, wherein performing processing based on the classification information for the contents of the particular file and the identified one or more rules comprises:
    - determining that the classification information indicates that the contents of the particular file include one or more sensitive types of data;
      
      determining, based on the one or more rules, that access to a file having contents that include the one or more sensitive types of data is to be recorded; and
      
      recording information describing the request to access the particular file in an audit log associated with the server.
  - 6. The computer-implemented method of claim 5, wherein the one or more sensitive types of data include at least one of:
    - financial records, health records, credit card data, personal information, or user access information.
  - 7. The computer-implemented method of claim 1, wherein the out-of-band communications channel is established over a different network than a network over which the in-band communications channel is established.
  - 8. The computer-implemented method of claim 1, wherein obtaining the classification information comprises:
    - transmitting a request for the particular file to the server via the out-of-band communications channel;
      
      responsively receiving the particular file from the server via the out-of-band communications channel; and
      
      generating classification information for the contents of the particular file based on an analysis of the contents of the file received from the server.
  - 9. The computer-implemented method of claim 8, wherein generating the classification information for the contents of the particular file comprises:
    - determining whether an existing classification job associated with the particular file is in a classification queue;
      
      responsive to determining that an existing classification job associated with the particular file is in the classification queue, associating the existing classification job with the received request to access the particular file stored by the server; and
      
      responsive to determining that an existing classification job associated with the particular file is not in the classification queue, adding a new classification job to the classification queue, wherein the new classification job is associated with the received request to access the particular file stored by the server.
  - 10. The computer-implemented method of claim 1, wherein obtaining the classification information comprises:
    - transmitting a request for classification information to a classifying entity via the out-of-band communications channel different from the in-band communications channel;
      
      responsively receiving classification information for the contents of the particular file from the classifying entity via the out-of-band communications channel; and
      
      storing the received classification information for the contents of the particular file in an associated classification cache.
  - 11. The computer-implemented method of claim 10, wherein transmitting the request for classification information to a classifying entity comprises:
    - determining a load level associated with each of a plurality of classifying entities;
      
      selecting a particular classifying entity from the plurality of classifying entities based at least in part on the determined load levels; and
      
      transmitting the request for classification information to the selected classifying entity.

12. A non-transitory computer-readable medium storing executable computer instructions for on-demand classification of content using an out-of-band communications channel, the computer instructions comprising instructions for:
- monitoring communications to a server over an in-band communications channel;
  
  identifying, based on the communications, a request to access a particular file stored by the server;
  
  identifying one or more rules based on the request to access the particular file;
  
  determining that the rules require evaluation of classification information for contents of the particular file;
  
  determining whether classification information for the contents of the particular file is available; and
  
  responsive to determining that the classification information for the contents is not available;
  
  obtaining classification information using an out-of-band communications channel different from the in-band communications channel; and
  
  performing processing based on the classification information for the contents of the particular file and the identified one or more rules.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable medium of claim 12, wherein the instructions for wherein determining whether classification information for the contents is available comprise instructions for determining whether the classification information for the contents of the particular file is stored in an associated classification cache.
  - 14. The computer-readable medium of claim 12, further comprising instructions for storing the obtained classification information for the contents of the particular file in an associated classification cache.
  - 15. The computer-readable medium of claim 12, wherein the instructions for obtaining the classification information comprise instructions for:
    - transmitting a request for classification information to a classifying entity via the out-of-band communications channel different from the in-band communications channel;
      
      responsively receiving classification information for the contents of the particular file from the classifying entity via the out-of-band communications channel; and
      
      storing the received classification information for the contents of the particular file in an associated classification cache.
  - 16. The computer-readable medium of claim 12, wherein the out-of-band communications channel is established over a different network than a network over which the in-band communications channel is established.

17. A system for on-demand classification of content using an out-of-band communications channel, the system comprising:
- a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for;
  
  monitoring communications to a server over an in-band communications channel;
  
  identifying, based on the communications, a request to access a particular file stored by the server;
  
  identifying one or more rules based on the request to access the particular file;
  
  determining that the rules require evaluation of classification information for contents of the particular file;
  
  determining whether classification information for the contents of the particular file is available; and
  
  responsive to determining that the classification information for the contents is not available;
  
  obtaining classification information using an out-of-band communications channel different from the in-band communications channel; and
  
  performing processing based on the classification information for the contents of the particular file and the identified one or more rules; and
  
  a processor for executing the computer program instructions.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the instructions for wherein determining whether classification information for the contents is available comprise instructions for determining whether the classification information for the contents of the particular file is stored in an associated classification cache.
  - 19. The system of claim 17, further comprising instructions for storing the obtained classification information for the contents of the particular file in an associated classification cache.
  - 20. The system of claim 17, wherein the instructions for obtaining the classification information comprise instructions for:
    - transmitting a request for classification information to a classifying entity via the out-of-band communications channel different from the in-band communications channel;
      
      responsively receiving classification information for the contents of the particular file from the classifying entity via the out-of-band communications channel; and
      
      storing the received classification information for the contents of the particular file in an associated classification cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imperva Incorporated (Thales SA)
Original Assignee
Imperva Incorporated (Thales SA)
Inventors
Shulman, Amichai, Naar, Rotem, Einhorn, Moshe

Granted Patent

US 9,128,941 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/737
CPC Class Codes

G06F 16/122   using management policies b...

G06F 40/30   Semantic analysis

H04L 47/2441   relying on flow classificat...

ON-DEMAND CONTENT CLASSIFICATION USING AN OUT-OF-BAND COMMUNICATIONS CHANNEL FOR FACILITATING FILE ACTIVITY MONITORING AND CONTROL

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ON-DEMAND CONTENT CLASSIFICATION USING AN OUT-OF-BAND COMMUNICATIONS CHANNEL FOR FACILITATING FILE ACTIVITY MONITORING AND CONTROL

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links