Method and system for protecting confidential information
First Claim
Patent Images
1. A method for computer workstation based information protection, the method comprising:
- a) monitoring a user'"'"'s actions on said computer workstation;
b) detecting whether content in use at said workstation in association with said actions being monitored comprises confidential information, said detecting comprising said workstation performing a statistical analysis of said content in use by said user using identifiers from a content identifier database, said statistical analysis using said identifiers to associate said content with respective confidential information, said confidential information being associated with respective predefined policies;
c) analyzing said monitored action with respect to a respective pre-defined policy associated with any confidential information identified by said analysis as being associated with said content in use at said workstation, to determine whether said actions prejudice said confidential information; and
d) executing said policy in accordance with the results of said determination to control said actions;
wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application authenticates itself to a server before at least some of the sessions wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist.
20 Assignments
0 Petitions
Accused Products
Abstract
A method for computer workstation based information protection is presented, the method comprises: a) monitoring user'"'"'s actions on the computer workstation, b) analysis of the actions in respect to a pre-defined policy to determine whether the actions prejudice information to which the policy applies, and c) executing the policy in accordance with the results of the analysis to prevent or modify or restrict or monitor or log the actions.
67 Citations
102 Claims
-
1. A method for computer workstation based information protection, the method comprising:
-
a) monitoring a user'"'"'s actions on said computer workstation; b) detecting whether content in use at said workstation in association with said actions being monitored comprises confidential information, said detecting comprising said workstation performing a statistical analysis of said content in use by said user using identifiers from a content identifier database, said statistical analysis using said identifiers to associate said content with respective confidential information, said confidential information being associated with respective predefined policies; c) analyzing said monitored action with respect to a respective pre-defined policy associated with any confidential information identified by said analysis as being associated with said content in use at said workstation, to determine whether said actions prejudice said confidential information; and d) executing said policy in accordance with the results of said determination to control said actions;
wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application authenticates itself to a server before at least some of the sessions wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A method for information protection, said information comprising information items, said information being for usage on a computer workstation, comprising:
-
a) defining an information protection policy with respect to an information item, said defining comprising determining at least one measure, required to be enforced by said workstation, in said policy to protect said information item; b) using identifiers obtained from a content identifier database, said workstation performing a statistical analysis of content in use on said computer workstation to identify said information item as comprising confidential information to a given level of confidence, and c) allowing said usage on a computer workstation of content comprising said information item only while said required measures in said policy are being applied by said workstation in view of said level of confidence;
wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application authenticates itself to a server before at least some of the sessions wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76)
-
-
77. A method for computer workstation based information protection, the method comprising:
-
a) detecting an event occurring at said workstation, said event being associated with content; b) said workstation performing a statistical analysis of said content associated with said event to identify confidential information within said content, said statistical analysis utilizing an identifier extracted from a content identifier database, said statistical analysis providing said identification; and c) employing information protection based on an assessment of an importance of said event to protection of said confidential information, said assessment identifying at least one policy, wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application authenticates itself to a server before at least some of the sessions wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist. - View Dependent Claims (78, 79)
-
-
80. A system for computer workstation based information protection, the system comprising:
-
A computer workstation comprising; i) a monitor configured for monitoring a user'"'"'s actions on said computer workstation, said actions being associated with content; ii) an analyzer associated with a content identifier database, said analyzer configured for; performing a statistical analysis of said associated content in use by said user using content identifiers from said database to identify confidential information in said content, said identifying being provided with a level of confidence; and analyzing said actions with respect to a pre-defined policy associated with said identified confidential information to determine whether said actions prejudice said information; and iii) a policy execution module configured for executing said policy in accordance with the results of said analysis, including said level of confidence, to control said actions in accordance with said policy;
wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application is configured for authentication to a server before at least some of the sessions, wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist. - View Dependent Claims (81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100)
-
-
101. A system for information protection, said information comprising information items, said information being for usage on a computer workstation, the system comprising:
-
A computer workstation comprising; a) a policy reference monitor configured for identifying particular information items as requiring protection, defining respective information protection policies with respect to said identified information items, said defining comprising determining measures required to protect said information, said policy reference monitor further configured to place in a content identifier database an identifier for any such information for which a policy has been defined; and
wherein, in the event of two or more conflicting policies being defined, a strictest one of the policies is identified and used;b) a policy execution module configured for using said identifiers in a statistical analysis of content being used at said workstation to identify information items for which a policy has been defined, said identifying comprising providing a level of confidence, and for allowing said usage on a computer workstation of information comprising said items for which an information protection policy is defined only while said required measures are being applied in view of said level of confidence, wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application is configured for authentication to a server before at least some of the sessions, wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist.
-
-
102. A method for computer workstation based information protection, the method comprising:
-
a) monitoring a user'"'"'s actions on said computer workstation; b) detecting whether content in use at said workstation in association with said actions being monitored comprises confidential information, said detecting comprising said workstation performing a statistical analysis of said content in use by said user using identifiers from a content identifier database, said statistical analysis using said identifiers to associate said content with respective confidential information, said confidential information being associated with respective predefined policies; c) analyzing said monitored action with respect to a respective pre-defined policy associated with any confidential information identified by said analysis as being associated with said content in use at said workstation, to determine whether said actions prejudice said confidential information; and d) executing said policy in accordance with the results of said determination to control said actions;
wherein in the event of two or more conflicting policies being found, a policy comprising the union of restrictions of said policies is used, wherein said information protection comprises protecting information held within a software data processing application able to process said information, wherein said software data processing application authenticates itself to a server before at least some of the sessions wherein said authentication depends on a classification level assigned to said protected information, wherein connection to at least two servers are required in order to determine said policy and wherein said software data processing application is entangled with said server'"'"'s software, such that a functioning stand-alone copy of said software data processing application does not exist.
-
Specification