Content-based policy compliance systems and methods

Description

BACKGROUND AND SUMMARY

This document relates generally to systems and methods for processing communications and more particularly to systems and methods for filtering communications.

In the electronic mail filtering industry, most existing systems are aimed at filtering incoming messages. Content policy compliance (e.g., compliance with corporate or governmental policy) can be an important consideration for companies in view of the increasingly electronic character of important communications and availability of a variety of electronic communication techniques.

In accordance with the teachings disclosed herein, methods and systems are provided for operation upon one or more data processors to filter communications in accordance with content based policy compliance. For example, a method and system can include: defining a classification associated with the content of a class of files; receiving a set of characteristics distinctive to the classification; wherein the set of characteristics has been derived based upon the set of files; receiving a rule defining the treatment of content substantially similar to the set of characteristics; and, wherein the rule defines whether to forward a communication to a recipient based upon the classification of the content and at least one of the recipient or the sender.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting a system for handling transmissions being sent over a network.

FIG. 2 is a block diagram depicting a compliance system that has been configured for classifying files and applying policies.

FIG. 3 is a block diagram depicting a compliance system operating on a local computer.

FIG. 4 is a block diagram depicting a compliance system that has been configured for classifying files based upon a combination of analysis techniques.

FIG. 5 is a block diagram depicting a compliance system that has been configured to use existing content to develop characteristics associated with a class.

FIG. 6 is a block diagram depicting a compliance system that has been configured to accept one or more content based policies from an administrator.

FIG. 7 is a flowchart depicting an operational scenario for allowing content based policy(ies).

FIG. 8 is a flowchart depicting an operational scenario for allowing content based policy(ies) whereby the characteristics of the content are automatically generated based upon a set of related files associated with a classification.

FIG. 9 is a flowchart depicting an operational scenario for generating content based policy compliance using access control rights to generate policy.

FIG. 10 is a flowchart depicting an operational scenario for filtering messages based upon content based policy(ies).

FIG. 11 is a flowchart depicting an operational scenario for converting communications from multiple formats and/or languages into a common format and/or language and distilling the communication into metadata describing the communication prior to parsing the message for any content match.

FIG. 12 is a block diagram depicting a server access architecture.

FIG. 13 is a block diagram depicting another server access architecture.

DETAILED DESCRIPTION

FIG. 1 depicts at 100 a system for handling transmissions received over a network 110. The transmissions can be many different types of communications, such as electronic mail (e-mail) messages sent from one or more messaging entities 120. The system 100 uses a messaging policy compliance system 130 to help process the communications from an originating system 120. The messaging policy compliance system 130 examines characteristics associated with the communications from the originating system 120, and based upon the examination, an action is taken with respect to the communications. For example, a communication may be determined to be legitimate and thus the communication should not be filtered by the messaging policy compliance system 130 and instead provided to a receiving system 140 for delivery to the intended recipient.

This disclosure relates to filtering the content of packets communicated over the network based upon a classification associated with the communication. It should therefore be understood that such communications can include e-mail, voice over internet protocol (VoIP) packets, instant messaging (IM), file transfer protocol (FTP) packets, hypertext transfer protocol (HTTP) packets, Gopher packets, and any other method whereby protected or sensitive content (e.g., trade secrets, privileged information, etc.) can be transferred over a network to another user.

It should be further understood that an organization often includes several departments which operate, to some degree, independently of one another. However, an organization may wish to prevent theft or disclosure of information based upon the person accessing the information, or based upon the person to whom the information is being sent. For example, an organization may not want engineering content disclosed to persons outside of the organization. Thus, the organization desires to limit the recipients of messages that include content related to engineering. However, traditional filtering systems do not provide an accurate classification of content being sent to/from users within an organization.

To increase the accuracy of classifying content associated with messages property (e.g., engineering files, marketing files, legal files, etc., including text documents, voice recordings, images, drawings, among others), a messaging policy compliance system 200 can be configured with a message content classification program 210 as shown in FIG. 2. A message content classification program 210 can use one or more message classification techniques or filters to classify message content.

The message content classification program 210 analyzes the content of a communication (included to travel across the network to a recipient) in order to classify the content of the communication. However, it should be understood that the messaging policy compliance system can also inspect incoming communications before distributing the communications to a receiving system. The messaging policy compliance system 200 compares at 220 the classification produced by the message content classification program 210 to a set of one or more rules to determine whether the message is in compliance with policy.

If the communication is in compliance with the organization's policies, the communication is forwarded to a recipient via the network 230. However, if the communication is not in compliance with the organization's policies, the communication is quarantined, dropped, notify an administrator or a sender/recipient, or take other action, as illustrated by block 240. Other actions can include, for example, stripping content and/or attachment of the message before forwarding, automatically encrypting the message before forwarding, delay delivery of the message, or other appropriate actions in response to a compliance violation. It should be understood that automatic encryption can include requesting a user or administrator's approval to encrypt. Moreover, automatic encryption can further include completely automating the decision to encrypt content at the server or client level, in accordance with policy and without user or administrator approval.

If only a portion of the communication is not in compliance with the organization's policies (e.g., a message contains two attachments where one complies with the policy(ies) and the other does not), the communication may be blocked (e.g., dropped, quarantined, etc.). Alternatively, such a communication could be automatically redacted by the messaging policy compliance system 200, such that it complies with the organization's policy(ies). Moreover, in the event that message cannot be transferred to a recipient because of a policy violation, a notification can be delivered to the originating system. It should be noted that the originating system can notify a system administrator. Alternatively, a system administrator can be notified directly by the messaging policy compliance system. It should be understood that there are numerous ways to manage a response to policy violations, each of which is intended to be included within the scope of this disclosure.

Another example of a messaging policy compliance system is shown in FIG. 3. For example, the messaging policy compliance agent 260 is located on a user's computer 256. In addition to the messaging policy compliance agent 260, the local computer 265 can include an communication client 270. It should be understood that the communication client 270 could be integrated with the messaging policy compliance agent 260, in some examples.

Upon receiving a message from the communication client 270, the messaging policy compliance agent 260 would use the message content classification program 275 to determine a classification associated with the content of the communication. The messaging policy compliance agent 260 at 220 compares the classification associated with the content of the communication with a content-based messaging policy which could be set by the user, or by a system administrator. Where the communication does not comply with a content-based messaging policy, the agent can drop the communication, quarantine the communication, etc. as shown by block 285. It should be understood that such functionality could be integrated with the communication client. However, it should also be noted that the functionality of block 285 could be provided by the agent itself.

If the communication complies with the content-based policy(ies), the messaging policy compliance agent forwards the message to the originating system 290. It should be understood that the functionality of the originating system 290 could be included on the local computer 265 itself. The originating system 290 then sends the message to a recipient system via network(s) 295.

It should be noted that the messaging policy compliance agent can be used in conjunction with a messaging policy compliance server. Using such an architecture could provide multiple levels of content compliance checks. The agent/server architecture could allow the messaging policy compliance agent to record the user's activity and/or various events that occur on the computer (e.g., policy violations), and periodically provide updates of the user's activity to a messaging policy compliance server. The agent/server architecture could further allow the messaging policy server to periodically communicate updated content-based policy(ies) to the agent. It should be further noted that a messaging policy compliance agent 260, where practicable, can include any of the functionality of a messaging policy compliance system as described in the present disposure. As such, any of the functionality described with respect to a messaging policy compliance system can be used on a messaging policy compliance agent in accordance with the present disclosure.

The messaging policy compliance agent could further allow a user to request the addition of content-based policy(ies) at the local or server level. Where the requested content-based policy(ies) do not conflict with administrator content-based policy(ies), the local and/or server could apply the user requested content-based policy. Further, the messaging policy compliance agent could allow the user to request encryption on a communication via the communication client interface. Where the encryption request complies with content-based policy(ies) at the agent and/or server level, the requested encryption can be performed by either the server or the agent.

By way of example, a message content classification program 310, as shown in FIG. 4, can include a number of classification techniques 360, 370, 380. Example message content classification techniques or filters 360, 370, 380 that a message content classification program 310 can use include:

- Contextual Analysis—a classification technique that performs a Markovian analysis of files to identify phases and words which are unique to a classification of file, which can be done by analyzing the rarity of a word or phrase to a particular type of file, and treating such words or phrases as indicative of a group of files with some percentage of certainty.
- Fingerprint Analysis—a technique to identify copying between two electronic texts at multiple levels (e.g. whole file, paragraph, sentence, or unstructured alphanumeric components) by, for example: 1) Applying a normalization layer to remove whitespace and other noise; and, 2) utilizing a winnowing algorithm to generate a minimized, yet optimal number of hashes for each file, adding an ambiguity factor to identify files with very minimal, but significant duplications of data.
- Cluster Analysis—a classification technique that partitions the data into related subsets sharing a common trait that can be defined as a function of a defined distance measure (e.g., Euclidian distance) that marks a point as a part of at least one cluster.
- Adaptive Lexical Analysis—a classification technique which can be performed on electronic text or data which adaptively learns structures of sparse and nonsparse patterns by, for example: 1) Instantiating a series of Markov chains using components of the presented classification medium as members; and, 2) Applying a series of weights based on the complexity of the chain, factored with the learned appearance vectors of each chain to deduce a probability. This process allows for the learning and identification of sparse patterns, exact phrases, words, or binary patterns which have a probability of one disposition based on their historical occurrence across a continually building corpus, using the original medium as a process of continuing self-calibration.
  
  It should be understood that these analysis techniques can be modified (sometimes significantly) based upon the desired results, and the all implementations of these analysis techniques are intended to be included within the present disclosure. For example, the cluster analysis filter 380 can use a number of different algorithms to identify clusters, such available techniques can include, for example, but not limited to: k-means clustering, quality threshold (QT) clustering, fuzzy c-means clustering, and spectral clustering, among others.

Thus, it should be recognized that using a combination of classification algorithms on the content passing through the messaging policy compliance system 300 can provide a classification 390 associated with the content, and make a determination, as shown by decision block 320, whether the content of the message complies with content policy. Where the content complies with content policy the message is forwarded to a recipient system via a network 330. Where the content does not comply with content policy, the content can be dropped, quarantined, etc. as shown by block 340. Where the message is not forwarded to the recipient system, the messaging policy compliance system 300 can notify a sender, an originating system 350 and/or an administrator (not shown).

As an example, a policy could limit engineering-type information from being transmitted by human resources staff or to individuals outside of the company. The message content classification could identify engineering-type information, for example, by the inclusion of equations or words or phrases that are most commonly associated with engineering documents, presentations or drawings—and/or one of the classification techniques previously listed in this application. Communications identified as including characteristics in common with engineering documents, presentations or drawings would be tested by examining a message header to determine whether the sender was a human resources employee, or whether the recipient domain was not associated with the company.

It should be understood that using this method, an administrator could identify an individual suspected of leaking information. This individual could be monitored for compliance with company policy. Moreover, the message content classification program 310 can detect situation where the user is sending subsets of files, or where the individual is summarizing or rewording documents to avoid detection.

As shown in FIG. 5, a message compliance system 400 could be configured to example an existing set of related files 492, as specified by an administrator 494, to create identification characteristics associated with the set of related files 492. The files 492 could be supplied to the message content classification program 410. The message content classification program 410 could use each of the techniques 460, 470, 480 on the set of related files to determine what features or characterizations mark their relationship. For example, legal documents might often include Latin phrases such as in re, ipso facto, or prima facie. Such an inclusion could be discoverable by a message content classification program 410.

A message content classification program 410 can generate a set of identifying characteristics for a class of content. The same techniques 460, 470, 480 are then used on communications entering the messaging policy compliance system 400. The characteristics of the communication may then be compared to the identifying characteristics for a class of content to determine in which class (if any) the content of the communication belongs, thereby producing a content classification 490 for the communication. The messaging policy compliance system 400 then applies any policies related to the content classification, as shown by decision block 420, to determine whether the communication will be delivered via network 430, or dropped, quarantined, etc. as shown by block 440. In the event that a communication does not satisfy policy, the originating system 450 can be alerted to the policy failure. The messaging content compliance system could also notify a system administrator and/or sender of the policy failure.

It should be recognized that content policy can be created in a myriad of ways. For example, as shown in FIG. 6, the messaging policy compliance system can accept content based policies 596 from a system administrator 594. The administrator 594 can supply a content policy by supplying both the related content 592 for the message content classification program 510, and supplying a set of policy rules 596 configured to be parsed by a policy compliance decision block 520.

It should also be recognized that a messaging policy compliance system can be set up to inspect access control right of users authorized to access a set of related files. These access control rights can be used to automatically analyze content-based policy, where the users (who are authorized) view and/or modify the set of related files also have the ability to send and/or receive such similar content as they are allowed to access.

Furthermore, it should be recognized that a messaging policy compliance system can be trained for recognizing content-based anomalous behavior associated with the users of the system. For example, a messaging policy compliance system can observe all communications sent through the system over a period of time. Then, upon detecting that a user is sending communications that include content that is abnormal with respect to the historical usage patterns of that user, the messaging policy compliance system can be configured to drop/quarantine the communication and/or notify a system administrator. In an adaptive manner, a messaging policy compliance system can generate content-based policy(ies) based upon historical usage of content.

FIG. 7 depicts a flowchart illustrating an operational scenario 600 for a messaging policy compliance system, whereby a system administrator can define content-based policy. At step 610, a system administrator creates a classification of content. For example, classifications could include, engineering content, medical records content, human resources content, legal content, marketing content, accounting content, forecasting content, etc.

A messaging policy compliance system could then receive a set of characteristics associated with the created classification, as shown at step 620. It should be noted that these characteristics could be internally generated, or received from another system. At step 630, the operation scenario allows an administrator to define a rule or policy for communications that include content that matches the characteristics associated with the created classification, whereby a message filtering system could be configured to block messages that do not comply with the defined rule/policy.

FIG. 8 depicts a flowchart illustrating an operational scenario 700 for a messaging policy compliance system, whereby a system administrator can define content-based policy for communications by supplying a set of related files. At step 710, the messaging policy compliance system receives a new classification from the administrator. At step 720, the system administrator provides a set of related files which exemplify the new classification. The messaging policy compliance system generates a set of characteristics associated with the set of related files, as shown by step 730. At step 740, the messaging policy compliance system receives a rule for communications identified as belonging to the new classification.

Another example of an operational scenario 800 for a messaging policy compliance system is shown in FIG. 9. At step 810, an administrator provides a new classification to the messaging policy compliance system. At step 820, the administrator provides a set of related files which correspond to new classification provided at step 810. The messaging policy compliance system then generates a set of characteristics that distinguish the set of related files from other types/classes of files, as shown by step 830. The messaging policy compliance system then examines the access control rights of each of the related files in order to develop content-based policy, thereby allowing users with access to the set of related files to send content which shares distinguishing characteristics with the related files.

A messaging policy compliance system can filter messages, for example, as shown by the operational scenario 900 in FIG. 10. At step 910, a communication is received. At step 910, the content of the communications is compared to existing classifications. This is done, for example, by using one or more techniques that attempt to match elements of the content to sets of characteristics associated with the existing classifications. At decision block 930, the messaging policy compliance system determines whether a threshold match has been made to identify the communication content as being related to the existing classifications.

Where the messaging policy compliance system is unable to discover a threshold match between the content and the existing classifications, the communication is determined to contain no protected content as shown by step 940. Communications which contain no protected content can be forwarded to the recipient(s), as shown by step 950.

However, where the messaging policy compliance system determines there is a threshold match between the content of the communication and the existing classifications, the communication is examined to determine if content-based policy is satisfied, as shown by decision block 960. Where the content-based policy is not satisfied, the communication is quarantined, dropped, or otherwise blocked by the system, as shown in step 970. Where the content-based policy is satisfied, the communication is forwarded to the one or more systems associated with the intended recipient(s).

FIG. 11 depicts an alternative operational scenario 980 used to parse communication prior to forwarding the messaging to a recipient. At step 982, a communication is received. At step 984, the communication is normalized. Normalization in various examples, can include converting the communication to a common protocol. For example, where the system receives a VoIP packet, the communication could be converted to another format (e.g., a text based format) for examination. It should be understood that communications in any format can be converted to any other format for passing, and that the present disclosure is not limited to converting all varied protocol to any particular protocol, but that the choice of a common comparison protocol is merely a design choice to be made in light of the circumstances of a particular solution (e.g., where the primary communication mechanism is VoIP, the common comparison protocol may be chosen to be VoIP to reduce the resources used for protocol translation).

In various examples, normalization can also include translating a communication from a variety of languages into a common comparison language. For example, where a communication is in German, comparison techniques would not detect a classification match where the classification has been defined by English language documents. Thus, for a more complete analysis of all communications, communications can be translated to a common comparison language. It should be understood that this disclosure is not limited to a particular common comparison language. Moreover, it should be understood that the common comparison language may not even be a practiced language, but may merely be a language that is created by a user which has special characteristics that aid in classification of the communication. Further, the common comparison language in various examples may include a combination of several different languages, such as where discrete concepts used in different languages are not adequately described by a single language.

In step 986, the operational scenario 980 generates metadata related to the communication. The metadata can distill the files into identifying characteristics and reduce superfluous language which may not be helpful in associating the communication with any of the classifications. For example, definite and indefinite article, pronouns, and various other linguistic devices are often irrelevant to classification of a file. At step 988, the metadata associated with the communication is compared to existing metadata triggers to determine a classification associated with the communication. At decision block 990, the messaging policy compliance system determines whether a threshold match has been made to identify the communication metadata as being related to the existing classification metadata.

Where the messaging policy compliance system is unable to discover a threshold match between the content and the existing classifications, the communication is determined to contain no protected content as shown by step 992. Communications which contain no protected content can be forwarded to the recipient(s), as shown by step 994.

However, where the messaging policy compliance system determines there is a threshold match between the content of the communication and the existing classifications, the communication is examined to determine if content-based policy is satisfied, as shown by decision block 996. Where the content-based policy is not satisfied, the communication is quarantined, dropped, or otherwise blocked or delayed by the system, as shown in step 998. Where the content-based policy is satisfied, the communication is forwarded to the one or more systems associated with the intended recipient(s).

The system and methods disclosed herein are presented only by way of example and are not meant to limit the scope of the invention. Other variations of the systems and methods described above will be apparent to those skilled in the art and as such are considered to be within scope of the invention. For example, a system and method can be configured to handle many different types of communications, such as legitimate messages or unwanted communications or communications violative of a pre-selected policy. As an illustration, a communication could include a type of content as recognized by the system, and a policy could include a corporate communication policy, a messaging policy, a legislation or regulatory policy, or an international communication policy.

As an example of an architecture the could be used in accordance with systems and methods disclosed herein, an originating system 1000, a receiving system 1010, and a messaging policy compliance system 1020 can each be connected via one or more networks, as shown by FIG. 12. The originating system 1000 can send a communication to the receiving system 1010 via the messaging policy compliance system and network(s) 1030. The messaging policy compliance system 1030 would then be operable forward the message to the receiving system 1010 via network(s). It should be understood that network(s) 1030 can include many subnets including but not limited to wireless networks, local area network, wide area networks, metropolitan area networks, corporate intranets, and combinations thereof.

It should also be noted that originating system 1000 and/or receiving system 1010 can include an electronic mail server and/or client, an instant messaging server and/or client, a voice over internet protocol (VoIP) server and/or client, a gopher server and/or client, a file transfer protocol (FTP) server and/or client, a hypertext transfer protocol (HTTP) server and/or client, and combinations thereof, among many other existing network communications protocols.

As another example of the wide scope and variations of systems and methods disclosed herein, the systems and methods may be implemented on various types of computer architectures, such as for example on different types of networked environments. As an illustration, FIG. 13 depicts a server access architecture within which the disclosed systems and methods may be used (e.g., as shown at 1100 in FIG. 8). The architecture in this example includes a corporation's local network 1190 and a variety of computer systems residing within the local network 1190. These systems can include application servers 1120 such as Web servers and e-mail servers, user workstations running local clients 1130 such as e-mail reader and Web browsers, and data storage devices 1110 such as databases and network connected disk. These systems communicate with each other via a local communication network such as Ethernet 1150. Firewall system 1140 resides between the local communication network and Internet 1160. Connected to the Internet 1160 are a host of external servers 1170 and external clients 1180. It should be understood that the present disclosure can any variety of network, including, but not limiting to an intranet, wireless network, wide area networks, local area networks, and combinations thereof, in order to facilitate communication between components.

Local clients 1130 can access application servers 1120 and shared data storage 1110 via the local communication network. External client 1180 can access external application servers 1170 via the Internet 1160. In instances where a local server 1120 or a local client 1130 requires access to an external server 1170 or where an external client 1180 or an external server 1170 requires access to a local server 1120, electronic communications in the appropriate protocol for a given application server flow through “always open” ports of firewall system 1140.

A system 1100 as disclosed herein may be located in a hardware device or on one or more servers connected to the local communication network such as Ethernet 1180 and logically interposed between the firewall system 1140 and the local servers 1120 and clients 1130. Application-related electronic communications attempting to enter or leave the local communications network through the firewall system 1140 are routed to the system 1100.

System 1100 could be used to handle many different types of e-mail and its variety of protocols that are used for e-mail transmission, delivery and processing including SMTP and POP3. These protocols refer, respectively, to standards for communicating e-mail messages between servers and for server-client communication related to e-mail messages. These protocols are defined respectively in particular RFC's (Request for Comments) promulgated by the IETF (Internet Engineering Task Force). The SMIP protocol is defined in RFC 1221, and the POP3 protocol is defined in RFC 1939.

Since the inception of these standards, various needs have evolved in the field of e-mail leading to the development of further standards including enhancements or additional protocols. For instance, various enhancements have evolved to the SMTP standards leading to the evolution of extended SMTP. Examples of extensions may be seen in (1) RFC 1869 that defines a framework for extending the SMTP service by defining a means whereby a server SMTP can inform a client SMTP as to the service extensions it supports and in (2) RFC 1891 that defines an extension to the SMTP service, which allows an SMTP client to specify (s) that delivery status notifications (DSNs) should be generated under certain conditions, (b) whether such notifications should return the contents of the message, and (c) additional information, to be returned with a DSN, that allows the sender to identify both the recipient(s) for which the DSN was issued, and the transaction in which the original message was sent.

In addition, the IMAP protocol has evolved as an alternative to POP3 that supports more advanced interactions between e-mail servers and clients. The protocol is described in RFC 2060.

Other communication mechanisms are also widely used over networks. These communication mechanisms include, but are not limited to, Voice Over IP (VoIP) and Instant Messaging. VoIP is used in IP telephony to provide a set of facilities for managing the delivery of voice information using the Internet Protocol (IP). Instant Messaging is a type of communication involving a client which hooks up to an instant messaging service that delivers communications (e.g., conversations) in realtime.

It is further noted that the systems and methods disclosed herein may use data signals conveyed via networks (e.g., local network, wide are network, internet, etc.), fiber optic medium, carrier waves, wireless networks, etc. for communication with one or more data processing devices. The data signals can carry any or all of the data disclosed herein that is provided to or from a device.

Additionally, methods and systems described herein may be implemented on many different types of processing devices by program code comprising program instructions that are executable by one or more processors. The software program instructions may include source code, object code, machine code, or any other stored data that is operable to cause a processing system to perform methods described herein.

The systems' and methods' data (e.g., associations, mapping, etc.)may be stored and implemented in one or more different types of computer-implemented ways, such as different types of storage devices and programming constructs (e.g., data stores, RAM, ROM. Flush memory, flat files, databases, programming data structures, programming variables, IF-THEN (or similar type) statement constructs, etc.). It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.

The systems and methods may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.

The computer components, software modules, functions and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that software instructions or a module can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code or firmware. The software components and/or functionality may be located on a single device or distributed across multiple devices depending upon the situation at hand.

It should be understood that as used in the description herein and throughout the claims that follow, the meaning of “a,” “and,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise. Finally, as used in the description herein and throughout the claims that follow, the meanings of “and” and “or” include both the conjunctive and disjunctive and may be used interchangeably unless the context clearly dictates otherwise; the phrase “exclusive or” may be used indicate situation where only the disjunctive meaning may apply.

Claims

1. A method for operation upon one or more data processors to filter communications based upon content based policy compliance, the method comprising: for each of a plurality of sets of pre-existing files, defining a corresponding classification to be associated with the set of pre-existing files, the corresponding classification classifying content of the set of files as being associated with at least one of a plurality of departments of a business;processing each of the sets of pre-existing files by one or more classification techniques;generating a set of identifying characteristics for each corresponding classification, each set of identifying characteristics based on the set of pre-existing files associated with the corresponding classification;for each of the plurality of corresponding classifications, receiving a rule specifying treatment of content identified as associated with the classification based on the set of known identifying characteristics; andwherein each rule defines whether to forward a communication including content to a recipient based upon the classification of the content and at least one of the recipient and the sender.
2. The method of claim 1, wherein the set of identifying characteristics associated with each correspond classification are generated by examining the content of the set of files associated with the corresponding classification.
3. The method of claim 2, wherein the processing each of the sets of pre-existing files includes fingerprinting analysis, a cluster analysis, a contextual analysis, and an adaptive lexical analysis.
4. The method of claim 1, wherein the rule is generated according to access control rights associated with at least one of the sender or the recipient, wherein the access control rights are derived from access control rights associated with the set of files.
5. The method of claim 4, wherein the access control rights associated with the set of files controls who can view the files.
6. The method of claim 1, wherein the rule is defined based upon access control rights associated with at least one of the sender or the recipient and content contained in a communication.
7. The method of claim 6, wherein access control rights are provided to groups of users, wherein the sender and the recipient are included in at least one group of users.
8. The method of claim 1, further comprising the steps of: receiving a communication from an originating system;extracting identifying characteristics associated with the communication;comparing the communication's identifying characteristics with the set of identifying characteristics for each of the corresponding classification to identify a classification to be associated with the communication; andapplying a rule associated with the corresponding classification, the rule specifying whether the communication should be forwarded to its intended recipient.
9. The method of claim 8, further comprising the step of forwarding the communication based upon application of the rule.
10. The method of claim 8, further comprising the step of forwarding the communication responsive to the communication not being associated with any identifying characteristics.
11. The method of claim 8, further comprising the step of automatically generating a rule responsive to learning communications patterns between a group of users and based on types of content being distributed among the group of users.
12. The method of claim 11, wherein the users belong to the same organization.
13. The method of claim 8, further comprising delaying delivery of the communication based upon application of the rule.
14. The method of claim 13, further comprising notifying an originator of the communication responsive to delivery of the communication being delayed.
15. The method of claim 14, wherein the delay is at least one of storing the communication in a quarantine folder, dropping the communication, temporarily rejecting the communication, storing the communication until approval is received from an administrator to forward the communication, automatically encrypting the communication, notifying an administrator, notifying a recipient, or combinations thereof
16. The method of claim 8, further comprising converting a communication from one of a plurality of mismatched formats to a comparison format prior to extracting identifying characteristics from the communication.
17. The method of claim 8, further comprising translating a file or communication into a common language or format prior to extracting identifying characteristics or generating the known identifying characteristics.
18. The method of claim 17, wherein the translating step creates metadata to be used in extracting identifying characteristics.
19. The method of claim 8, further comprising the steps of: observing communication traffic;identifying one or more patterns exhibited by observed communication traffic; andgenerating a rule based upon the identified one or more patterns.
20. The method of claim 19, wherein a communication falling outside of one or more identified traffic patterns is sent to a quarantine folder, dropped, temporarily rejected, stored until approval is received from an administrator to forward the communication, automatically encrypted, a recipient is notified, a sender is notified, or combinations thereof.
21. The method of claim 1, wherein the corresponding classifications are at least one of: management files, legal files, technical files, marketing files, financial files, information technology files, proprietary files, strategy files, sensitive files, or government classified files.
22. The method of claim 1, wherein a system administrator specifies the rule by selecting a corresponding classification of files for application of the rule, selecting a class of users who are permitted to send the selected classification of files, and selecting a class of users who are permitted to receive the selected classification of files.
23. The method of claim 22, wherein the steps of selecting a class of users comprises selecting individual users who have permission to send or receive the selected classification of files.
24. A content-based policy compliance system configured to filter messages based upon content and at least one of senders or recipients associated with the messages, the system comprising: a messaging content classifier configured to:access a plurality of sets of pre-existing files and for each set of pre-existing files define corresponding classification to be associated with the set of pre-existing files, the corresponding classification classifying content of the set of files as being associated with at least one of a plurality of departments of a business;processing each of the sets of pre-existing files by one or more classification techniques;generating a set of identifying characteristics for each corresponding classification, each set of identifying characteristics based on the set of pre-existing files associated with the corresponding classification;receive a message and classify the message as associated with at least one of the corresponding classifications associated with the business departments based upon the content of the message and the sets of identifying characteristics of the plurality of content classifications;a messaging filter configured to receive the at least one corresponding classification from the messaging content classifier and to apply a rule to the message based upon the at least one corresponding classification and upon at least one of a sender or recipient of the message; andforwarding logic configured to transmit the message responsive to output from the messaging filter.
25. The system of claim 24, further comprising a user interface configured to receive the plurality of files and the specified classification from a user and provide the plurality of files and the specified classification to the messaging content classifier.
26. The system of claim 25, wherein the user interface is further configured to allow a user to specify rules for the messaging filter.
27. The system of claim 26, wherein the rules specify which classes of individuals are permitted to send and receive a specified content classification associated with the rule.
28. The system of claim 27, wherein the messaging content classifier is configured to use one or more of the following identification techniques to identify commonalities between the plurality of files as well as to classify messages with one of the plurality of classes: a fingerprinting analysis, a cluster analysis, a contextual analysis, and an adaptive lexical analysis.
29. The system of claim 24, wherein the forwarding logic is operable to forward the message to a recipient, quarantine the message, drop the message, or encrypt the message before forwarding the message to a recipient.
30. The system of claim 24, wherein the system is a messaging client, wherein the messaging client periodically receives updates from a messaging server comprising at least one of update rules, updated content classifications, or updated identifying characteristics for the content classifications.
31. The system of claim 24, wherein the message comprises an e-mail communication, an instant messaging communication, an HTTP communication, an FTP communication, a WAIS communication, a telnet communication, a Gopher communication, or a voice over internet protocol communication.
32. Computer readable storage media storing instructions that upon execution by a system processor cause the system processor to filter communications transmitted over a communication network based upon the content of a communication and upon the sender and recipient(s) of the communication, the media having stored instruction that cause the system processor to perform operations comprising: for each of a plurality of sets of pre-existing files, defining a corresponding classification to be associated with the set of pre-existing files, the corresponding classification classifying content of the set of files as being associated with at least one of a plurality of departments of a business;processing each of the sets of pre-existing files by one or more classification techniques;generating a set of identifying characteristics for each corresponding classification, each set of identifying characteristics based on the set of pre-existing files associated with the corresponding classification;for each of the plurality of corresponding classifications, receiving a rule specifying treatment of content identified as associated with the classification based on the set of known identifying characteristics; andwherein each rule defines whether to forward a communication including content to a recipient based upon the classification of the content and at least one of the recipient and the sender.receiving a communication from a user, the communication containing an originating address, a receiving address, and content;determining whether the content of the communication substantially matches any of the corresponding classifications based upon the sets of known identifying characteristics associated with the corresponding classifications, respectively; andforwarding the communication responsive to the rule associated with the substantially matched corresponding classification, wherein the rule specifies an action to perform on the communication based upon the corresponding classification of the communication and upon the originating address and the receiving address of the communication.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to and the benefit of commonly assigned U.S. Provisional Application Ser. No. 60/736,121, entitled “CONTENT-BASED POLICY COMPLIANCE SYSTEMS AND METHODS,” filed Nov. 10, 2005, which is incorporated herein by reference in its entirety. This application is continuation-in-part of and claims priority to and the benefit of commonly assigned U.S. application Ser. No. 11/173,941, entitled “MESSAGE PROFILING SYSTEMS AND METHODS,” filed on Jul. 1, 2005, which is a continuation-in-part of, and claims priority to and benefit of U.S. application Ser. No. 11/142,943, entitled “SYSTEMS AND METHODS FOR CLASSIFICATION OF MESSAGING ENTITIES,” filed on Jun. 2, 2005, both of which claim priority to and benefit of U.S. Provisional Application Ser. No. 60/625,507, entitled“Classification of Messaging Entities,” filed on Nov. 5, 2004, all of which are incorporated herein by reference in their entirety. This application is a continuation-in-part of and claims priority to and the benefit of commonly assigned U.S. patent application Ser. No. 10/093,553, entitled “SYSTEMS AND METHODS FOR ADAPTIVE MESSAGE INTERROGATION THROUGH MULTIPLE QUEUES,” U.S. patent application Ser. No. 10/094,211, entitled “SYSTEMS AND METHODS FOR ENHANCING ELECTRONIC COMMUNICATION SECURITY,” and U.S. patent application Ser. No. 10/094,266, entitled “SYSTEMS AND METHODS FOR ANOMALY DETECTION IN PATTERNS OF MONITORED COMMUNICATION,” all filed on Mar. 8, 2002, each of which are hereby incorporated by reference in their entirety. This application is also a continuation in part of and claims priority to and the benefit of commonly assigned U.S. patent application Ser. No. 10/361,091, filed Feb. 7, 2003, entitled “SYSTEMS AND METHODS FOR MESSAGE THREAT MANAGEMENT,” U.S. patent application Ser. No. 10/373,325, filed Feb. 24, 2003, entitled “SYSTEMS AND METHODS FOR UPSTREAM THREAT PUSHBACK,” U.S. patent application Ser. No. 10/361,067, filed Feb. 7, 2003, entitled “SYSTEMS AND METHODS FOR AUTOMATED WHITELISTING IN MONITORED COMMUNICATIONS,” and U.S. patent application Ser. No. 10/384,924, filed Mar. 6, 2003, entitled “SYSTEMS AND METHODS FOR SECURE COMMUNICATION DELIVERY.” The entire disclosure of all these applications is incorporated herein by reference.

US Referenced Citations (392)

Number	Name	Date	Kind
4289930	Connolly et al.	Sep 1981	A
4384325	Slechta et al.	May 1983	A
4386416	Giltner et al.	May 1983	A
4532588	Foster	Jul 1985	A
4713780	Schultz et al.	Dec 1987	A
4754428	Schultz et al.	Jun 1988	A
4837798	Cohen et al.	Jun 1989	A
4853961	Pastor	Aug 1989	A
4864573	Horsten	Sep 1989	A
4951196	Jackson	Aug 1990	A
4975950	Lentz	Dec 1990	A
4979210	Nagata et al.	Dec 1990	A
5008814	Mathur	Apr 1991	A
5020059	Gorin et al.	May 1991	A
5051886	Kawaguchi et al.	Sep 1991	A
5054096	Beizer	Oct 1991	A
5105184	Pirani et al.	Apr 1992	A
5119465	Jack et al.	Jun 1992	A
5144557	Wang	Sep 1992	A
5144659	Jones	Sep 1992	A
5144660	Rose	Sep 1992	A
5167011	Priest	Nov 1992	A
5210824	Putz et al.	May 1993	A
5210825	Kavaler	May 1993	A
5235642	Wobber et al.	Aug 1993	A
5239466	Morgan et al.	Aug 1993	A
5247661	Hager et al.	Sep 1993	A
5276869	Forrest et al.	Jan 1994	A
5278901	Shieh et al.	Jan 1994	A
5283887	Zachery	Feb 1994	A
5293250	Okumura et al.	Mar 1994	A
5313521	Torii et al.	May 1994	A
5319776	Hile et al.	Jun 1994	A
5355472	Lewis	Oct 1994	A
5367621	Cohen et al.	Nov 1994	A
5377354	Scannell et al.	Dec 1994	A
5379340	Overend et al.	Jan 1995	A
5379374	Ishizaki et al.	Jan 1995	A
5404231	Bloomfield	Apr 1995	A
5406557	Baudoin	Apr 1995	A
5414833	Hershey et al.	May 1995	A
5416842	Aziz	May 1995	A
5418908	Keller et al.	May 1995	A
5424724	Williams et al.	Jun 1995	A
5479411	Klein	Dec 1995	A
5481312	Cash et al.	Jan 1996	A
5483466	Kawahara et al.	Jan 1996	A
5485409	Gupta et al.	Jan 1996	A
5495610	Shing et al.	Feb 1996	A
5509074	Choudhury et al.	Apr 1996	A
5511122	Atkinson	Apr 1996	A
5513126	Harkins et al.	Apr 1996	A
5513323	Williams et al.	Apr 1996	A
5530852	Meske, Jr. et al.	Jun 1996	A
5535276	Ganesan	Jul 1996	A
5541993	Fan et al.	Jul 1996	A
5544320	Konrad	Aug 1996	A
5550984	Gelb	Aug 1996	A
5550994	Tashiro et al.	Aug 1996	A
5557742	Smaha et al.	Sep 1996	A
5572643	Judson	Nov 1996	A
5577209	Boyle et al.	Nov 1996	A
5602918	Chen et al.	Feb 1997	A
5606668	Shwed	Feb 1997	A
5608819	Ikeuchi	Mar 1997	A
5608874	Ogawa et al.	Mar 1997	A
5619648	Canale et al.	Apr 1997	A
5632011	Landfield et al.	May 1997	A
5638487	Chigier	Jun 1997	A
5644404	Hashimoto et al.	Jul 1997	A
5657461	Harkins et al.	Aug 1997	A
5673322	Pepe et al.	Sep 1997	A
5675507	Bobo, II	Oct 1997	A
5675733	Williams	Oct 1997	A
5677955	Doggett et al.	Oct 1997	A
5694616	Johnson et al.	Dec 1997	A
5696822	Nachenberg	Dec 1997	A
5706442	Anderson et al.	Jan 1998	A
5708780	Levergood et al.	Jan 1998	A
5708826	Ikeda et al.	Jan 1998	A
5710883	Hong et al.	Jan 1998	A
5727156	Herr-Hoyman et al.	Mar 1998	A
5740231	Cohn et al.	Apr 1998	A
5742759	Nessett et al.	Apr 1998	A
5742769	Lee et al.	Apr 1998	A
5745574	Muftic	Apr 1998	A
5751956	Kirsch	May 1998	A
5758343	Vigil et al.	May 1998	A
5764906	Edelstein et al.	Jun 1998	A
5768528	Stumm	Jun 1998	A
5771348	Kubatzki et al.	Jun 1998	A
5778372	Cordell et al.	Jul 1998	A
5781857	Hwang et al.	Jul 1998	A
5781901	Kuzma	Jul 1998	A
5790789	Suarez	Aug 1998	A
5790790	Smith et al.	Aug 1998	A
5790793	Higley	Aug 1998	A
5793763	Mayes et al.	Aug 1998	A
5793972	Shane	Aug 1998	A
5796942	Esbensen	Aug 1998	A
5796948	Cohen	Aug 1998	A
5801700	Ferguson	Sep 1998	A
5805719	Pare, Jr. et al.	Sep 1998	A
5812398	Nielsen	Sep 1998	A
5812776	Gifford	Sep 1998	A
5822526	Waskiewicz	Oct 1998	A
5822527	Post	Oct 1998	A
5826013	Nachenberg	Oct 1998	A
5826014	Coley et al.	Oct 1998	A
5826022	Nielsen	Oct 1998	A
5826029	Gore, Jr. et al.	Oct 1998	A
5835087	Herz et al.	Nov 1998	A
5845084	Cordell et al.	Dec 1998	A
5850442	Muftic	Dec 1998	A
5855020	Kirsch	Dec 1998	A
5860068	Cook	Jan 1999	A
5862325	Reed et al.	Jan 1999	A
5864852	Luotonen	Jan 1999	A
5878230	Weber et al.	Mar 1999	A
5884033	Duvall et al.	Mar 1999	A
5892825	Mages et al.	Apr 1999	A
5893114	Hashimoto et al.	Apr 1999	A
5896499	McKelvey	Apr 1999	A
5898836	Freivald et al.	Apr 1999	A
5903723	Becker et al.	May 1999	A
5911776	Guck	Jun 1999	A
5923846	Gage et al.	Jul 1999	A
5930479	Hall	Jul 1999	A
5933478	Ozaki et al.	Aug 1999	A
5933498	Schneck et al.	Aug 1999	A
5937164	Mages et al.	Aug 1999	A
5940591	Boyle et al.	Aug 1999	A
5948062	Tzelnic et al.	Sep 1999	A
5958005	Thorne et al.	Sep 1999	A
5963915	Kirsch	Oct 1999	A
5978799	Hirsch	Nov 1999	A
5987609	Hasebe	Nov 1999	A
5991881	Conklin et al.	Nov 1999	A
5999932	Paul	Dec 1999	A
6003027	Prager	Dec 1999	A
6006329	Chi	Dec 1999	A
6012144	Pickett	Jan 2000	A
6014651	Crawford	Jan 2000	A
6023723	McCormick et al.	Feb 2000	A
6029256	Kouznetsov	Feb 2000	A
6035423	Hodges et al.	Mar 2000	A
6052709	Paul	Apr 2000	A
6058381	Nelson	May 2000	A
6058482	Liu	May 2000	A
6061448	Smith et al.	May 2000	A
6061722	Lipa et al.	May 2000	A
6072942	Stockwell et al.	Jun 2000	A
6092114	Shaffer et al.	Jul 2000	A
6092194	Touboul	Jul 2000	A
6094277	Toyoda	Jul 2000	A
6094731	Waldin et al.	Jul 2000	A
6104500	Alam et al.	Aug 2000	A
6108688	Nielsen	Aug 2000	A
6108691	Lee et al.	Aug 2000	A
6108786	Knowlson	Aug 2000	A
6118856	Paarsmarkt et al.	Sep 2000	A
6119137	Smith et al.	Sep 2000	A
6119142	Kosaka	Sep 2000	A
6119230	Carter	Sep 2000	A
6119236	Shipley	Sep 2000	A
6122661	Stedman et al.	Sep 2000	A
6141695	Sekiguchi et al.	Oct 2000	A
6141778	Kane et al.	Oct 2000	A
6145083	Shaffer et al.	Nov 2000	A
6151675	Smith	Nov 2000	A
6161130	Horvitz et al.	Dec 2000	A
6185689	Todd, Sr. et al.	Feb 2001	B1
6192360	Dumais et al.	Feb 2001	B1
6192407	Smith et al.	Feb 2001	B1
6199102	Cobb	Mar 2001	B1
6202157	Brownlie et al.	Mar 2001	B1
6219714	Inhwan et al.	Apr 2001	B1
6223213	Cleron et al.	Apr 2001	B1
6249575	Heilmann et al.	Jun 2001	B1
6249807	Shaw et al.	Jun 2001	B1
6260043	Puri et al.	Jul 2001	B1
6269447	Maloney et al.	Jul 2001	B1
6269456	Hodges et al.	Jul 2001	B1
6272532	Feinleib	Aug 2001	B1
6275942	Bernhard et al.	Aug 2001	B1
6279113	Vaidya	Aug 2001	B1
6279133	Vafai et al.	Aug 2001	B1
6282565	Shaw et al.	Aug 2001	B1
6285991	Powar	Sep 2001	B1
6289214	Backstrom	Sep 2001	B1
6298445	Shostack et al.	Oct 2001	B1
6301668	Gleichauf et al.	Oct 2001	B1
6304898	Shiigi	Oct 2001	B1
6304973	Williams	Oct 2001	B1
6311207	Mighdoll et al.	Oct 2001	B1
6317829	Van Oorschot	Nov 2001	B1
6320948	Heilmann et al.	Nov 2001	B1
6321267	Donaldson	Nov 2001	B1
6324569	Ogilvie et al.	Nov 2001	B1
6324647	Bowman-Amuah	Nov 2001	B1
6324656	Gleichauf et al.	Nov 2001	B1
6330589	Kennedy	Dec 2001	B1
6347374	Drake et al.	Feb 2002	B1
6353886	Howard et al.	Mar 2002	B1
6363489	Comay et al.	Mar 2002	B1
6370648	Diep	Apr 2002	B1
6373950	Rowney	Apr 2002	B1
6385655	Smith et al.	May 2002	B1
6393465	Leeds	May 2002	B2
6393568	Ranger et al.	May 2002	B1
6405318	Rowland	Jun 2002	B1
6442588	Clark et al.	Aug 2002	B1
6442686	McArdle et al.	Aug 2002	B1
6453345	Trcka et al.	Sep 2002	B2
6460141	Olden	Oct 2002	B1
6470086	Smith	Oct 2002	B1
6487599	Smith et al.	Nov 2002	B1
6487666	Shanklin et al.	Nov 2002	B1
6502191	Smith et al.	Dec 2002	B1
6516411	Smith	Feb 2003	B2
6519703	Joyce	Feb 2003	B1
6539430	Humes	Mar 2003	B1
6546416	Kirsch	Apr 2003	B1
6546493	Magdych et al.	Apr 2003	B1
6550012	Villa et al.	Apr 2003	B1
6574737	Kingsford et al.	Jun 2003	B1
6578025	Pollack et al.	Jun 2003	B1
6609196	Dickinson, III et al.	Aug 2003	B1
6650890	Irlam et al.	Nov 2003	B1
6654787	Aronson et al.	Nov 2003	B1
6675153	Cook et al.	Jan 2004	B1
6681331	Munson et al.	Jan 2004	B1
6687687	Smadja	Feb 2004	B1
6697950	Ko	Feb 2004	B1
6701440	Kim et al.	Mar 2004	B1
6704874	Porras et al.	Mar 2004	B1
6711127	Gorman et al.	Mar 2004	B1
6725377	Kouznetsov	Apr 2004	B1
6732101	Cook	May 2004	B1
6732157	Gordon et al.	May 2004	B1
6735703	Kilpatrick et al.	May 2004	B1
6738462	Brunson	May 2004	B1
6742124	Kilpatrick et al.	May 2004	B1
6742128	Joiner	May 2004	B1
6754705	Joiner et al.	Jun 2004	B2
6757830	Tarbotton et al.	Jun 2004	B1
6768991	Hearnden	Jul 2004	B2
6769016	Rothwell et al.	Jul 2004	B2
6775657	Baker	Aug 2004	B1
6792546	Shanklin et al.	Sep 2004	B1
6892178	Zacharia	May 2005	B1
6892179	Zacharia	May 2005	B1
6892237	Gai et al.	May 2005	B1
6895385	Zacharia et al.	May 2005	B1
6907430	Chong et al.	Jun 2005	B2
6910135	Grainger	Jun 2005	B1
6928556	Black et al.	Aug 2005	B2
6941348	Petry et al.	Sep 2005	B2
6941467	Judge et al.	Sep 2005	B2
6968461	Lucas et al.	Nov 2005	B1
7155243	Baldwin et al.	Dec 2006	B2
20010049793	Sugimoto	Dec 2001	A1
20020004902	Toh et al.	Jan 2002	A1
20020016910	Wright et al.	Feb 2002	A1
20020023140	Hile et al.	Feb 2002	A1
20020026591	Hartley et al.	Feb 2002	A1
20020032871	Malan et al.	Mar 2002	A1
20020035683	Kaashoek et al.	Mar 2002	A1
20020042876	Smith	Apr 2002	A1
20020046041	Lang	Apr 2002	A1
20020049853	Chu et al.	Apr 2002	A1
20020078382	Sheikh et al.	Jun 2002	A1
20020087882	Schneier et al.	Jul 2002	A1
20020095492	Kaashoek et al.	Jul 2002	A1
20020112185	Hodges	Aug 2002	A1
20020116627	Tarbotton et al.	Aug 2002	A1
20020120853	Tyree	Aug 2002	A1
20020133365	Grey et al.	Sep 2002	A1
20020138416	Lovejoy et al.	Sep 2002	A1
20020138755	Ko	Sep 2002	A1
20020138759	Dutta	Sep 2002	A1
20020138762	Horne	Sep 2002	A1
20020143963	Converse et al.	Oct 2002	A1
20020147734	Shoup et al.	Oct 2002	A1
20020152399	Smith	Oct 2002	A1
20020165971	Baron	Nov 2002	A1
20020169954	Bandini et al.	Nov 2002	A1
20020172367	Mulder et al.	Nov 2002	A1
20020178227	Matsa et al.	Nov 2002	A1
20020178383	Hrabik et al.	Nov 2002	A1
20020188864	Jackson	Dec 2002	A1
20020194469	Dominique et al.	Dec 2002	A1
20020199095	Bandini et al.	Dec 2002	A1
20030005326	Flemming	Jan 2003	A1
20030009554	Burch et al.	Jan 2003	A1
20030009693	Brock et al.	Jan 2003	A1
20030009696	Bunker et al.	Jan 2003	A1
20030009699	Gupta et al.	Jan 2003	A1
20030014664	Hentunen	Jan 2003	A1
20030023692	Moroo	Jan 2003	A1
20030023695	Kobata et al.	Jan 2003	A1
20030023736	Abkemeier	Jan 2003	A1
20030023873	Ben-Itzhak	Jan 2003	A1
20030023874	Prokupets et al.	Jan 2003	A1
20030023875	Hursey et al.	Jan 2003	A1
20030028803	Bunker et al.	Feb 2003	A1
20030033516	Howard et al.	Feb 2003	A1
20030033542	Goseva-Popstojanova et al.	Feb 2003	A1
20030041264	Black et al.	Feb 2003	A1
20030046253	Shetty et al.	Mar 2003	A1
20030051026	Carter et al.	Mar 2003	A1
20030051163	Bidaud	Mar 2003	A1
20030051168	King et al.	Mar 2003	A1
20030055931	Cravo De Almeida et al.	Mar 2003	A1
20030061506	Cooper et al.	Mar 2003	A1
20030065943	Geis et al.	Apr 2003	A1
20030084280	Bryan et al.	May 2003	A1
20030084320	Tarquini et al.	May 2003	A1
20030084323	Gales	May 2003	A1
20030084347	Luzzatto	May 2003	A1
20030088792	Card et al.	May 2003	A1
20030093667	Dutta et al.	May 2003	A1
20030093695	Dutta	May 2003	A1
20030093696	Sugimoto	May 2003	A1
20030095555	McNamara et al.	May 2003	A1
20030097439	Strayer et al.	May 2003	A1
20030097564	Tewari et al.	May 2003	A1
20030105976	Copeland, III	Jun 2003	A1
20030110392	Aucsmith et al.	Jun 2003	A1
20030110396	Lewis et al.	Jun 2003	A1
20030115485	Milliken	Jun 2003	A1
20030115486	Choi et al.	Jun 2003	A1
20030123665	Dunstan et al.	Jul 2003	A1
20030126464	McDaniel et al.	Jul 2003	A1
20030126472	Banzhof	Jul 2003	A1
20030135749	Gales et al.	Jul 2003	A1
20030140137	Joiner et al.	Jul 2003	A1
20030140250	Taninaka et al.	Jul 2003	A1
20030145212	Crumly	Jul 2003	A1
20030145225	Bruton, III et al.	Jul 2003	A1
20030145226	Bruton, III et al.	Jul 2003	A1
20030149887	Yadav	Aug 2003	A1
20030149888	Yadav	Aug 2003	A1
20030154393	Young	Aug 2003	A1
20030154399	Zuk et al.	Aug 2003	A1
20030154402	Pandit et al.	Aug 2003	A1
20030158905	Petry et al.	Aug 2003	A1
20030159069	Choi et al.	Aug 2003	A1
20030159070	Mayer et al.	Aug 2003	A1
20030167402	Stolfo et al.	Sep 2003	A1
20030172166	Judge et al.	Sep 2003	A1
20030172167	Judge et al.	Sep 2003	A1
20030172289	Soppera	Sep 2003	A1
20030172291	Judge et al.	Sep 2003	A1
20030172292	Judge	Sep 2003	A1
20030172294	Judge	Sep 2003	A1
20030172301	Judge et al.	Sep 2003	A1
20030172302	Judge et al.	Sep 2003	A1
20030187996	Cardina et al.	Oct 2003	A1
20030212791	Pickup	Nov 2003	A1
20030233328	Scott et al.	Dec 2003	A1
20040015554	Wilson	Jan 2004	A1
20040025044	Day	Feb 2004	A1
20040054886	Dickinson et al.	Mar 2004	A1
20040058673	Irlam et al.	Mar 2004	A1
20040059811	Sugauchi et al.	Mar 2004	A1
20040088570	Roberts et al.	May 2004	A1
20040111531	Staniford et al.	Jun 2004	A1
20040139160	Wallace et al.	Jul 2004	A1
20040139334	Wiseman	Jul 2004	A1
20040177120	Kirsch	Sep 2004	A1
20040203589	Wang et al.	Oct 2004	A1
20040205135	Hallam-Baker et al.	Oct 2004	A1
20040267893	Lin	Dec 2004	A1
20050021738	Goeller et al.	Jan 2005	A1
20050052998	Oliver et al.	Mar 2005	A1
20050060643	Glass et al.	Mar 2005	A1
20050065810	Bouron	Mar 2005	A1
20050102366	Kirsch	May 2005	A1
20050160148	Yu	Jul 2005	A1
20050204001	Stein et al.	Sep 2005	A1
20050262209	Yu	Nov 2005	A1
20050262210	Yu	Nov 2005	A1
20060036727	Kurapati et al.	Feb 2006	A1
20060042483	Work et al.	Mar 2006	A1
20060095404	Adelman et al.	May 2006	A1
20060123083	Goutte et al.	Jun 2006	A1
20060212925	Shull et al.	Sep 2006	A1
20060212930	Shull et al.	Sep 2006	A1
20060212931	Shull et al.	Sep 2006	A1
20060230039	Shull et al.	Oct 2006	A1
20060253458	Dixon et al.	Nov 2006	A1

Foreign Referenced Citations (32)

Number	Date	Country
2564533	Dec 2005	CA
0375138	Jun 1990	EP
0413537	Feb 1991	EP
0420779	Apr 1991	EP
0720333	Jul 1996	EP
0838774	Apr 1998	EP
0869652	Oct 1998	EP
0907120	Apr 1999	EP
1326376	Jul 2003	EP
1271846	Jul 2005	EP
2271002	Mar 1994	GB
18350870	Dec 2006	JP
2006-0012137	Feb 2006	KR
1020060041934	May 2006	KR
WO 9635994	Nov 1996	WO
WO 9905814	Feb 1999	WO
WO 9933188	Jul 1999	WO
WO 9937066	Jul 1999	WO
WO 0042748	Jul 2000	WO
WO 0117165	Mar 2001	WO
WO 0150691	Jul 2001	WO
WO 0176181	Oct 2001	WO
WO 0213469	Feb 2002	WO
WO 0213489	Feb 2002	WO
WO 0275547	Sep 2002	WO
02082293	Oct 2002	WO
WO 02091706	Nov 2002	WO
2004061698	Jul 2004	WO
WO 2004061703	Jul 2004	WO
WO 2004081734	Sep 2004	WO
2005086437	Sep 2005	WO
WO 2005116851	Dec 2005	WO

Related Publications (1)

	Number	Date	Country
	20070195779 A1	Aug 2007	US

Provisional Applications (2)

	Number	Date	Country
	60736121	Nov 2005	US
	60625507	Nov 2004	US

Continuation in Parts (10)

	Number	Date	Country
Parent	11173941	Jul 2005	US
Child	11383347		US
Parent	11142943	Jun 2005	US
Child	11173941		US
Parent	11383347		US
Child	11173941		US
Parent	10093553	Mar 2002	US
Child	11383347		US
Parent	10094211	Mar 2002	US
Child	10093553		US
Parent	10094266	Mar 2002	US
Child	10094211		US
Parent	10361091	Feb 2003	US
Child	10094266		US
Parent	10373325	Feb 2003	US
Child	10361091		US
Parent	10361067	Feb 2003	US
Child	10373325		US
Parent	10384924	Mar 2003	US
Child	10361067		US

Content-based policy compliance systems and methods

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications

Term Extension

Abstract