Patent Grant
9948676
The present invention generally relates to the field of digital document management and security. More particularly, the present invention relates to methods and systems for determining whether the transmission of a document on a computer network would comply with security policies set by the system operator.
In the modern office workplace, documents are now embodied in digital data files. These files are readily transmitted over digital communications networks. The typical office is comprised of several computers that share a local network connection, where all of the computers on that local connection are part of one company or, from a security perspective, one locus. The typical office work involving transactions requires sharing documents between two companies, for example, that is, a document may have to be shared between two network loci. In this case, a document may be transmitted from the local network out across a wider network to some other loci associated with the other company. The security policy of the first company may require that each document be checked prior to such a transmission outside the secure locus.
The problem faced by most computers in the office context is that an email program or other communication program is used to transmit or cause the transmission of the document as a MIME attachment, in the case of email, or in some other way relying on FTP, HTTP or other network protocols. Email is typically insecure, and transmission outside the security locus may be impermissible anyway. Therefore the security policy for each document has to be checked for each such email or other transmission. In the prior art, the email program relies on external code modules to perform the security check. These modules are typically invoked when the email program is given the command to transmit the email message. The problem with this approach is that nothing ensures the order of execution of these external code modules. As a result, this approach is prone to error and therefore is a security vulnerability.
The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed invention. In the drawings, the same reference numbers and any acronyms identify elements or acts with the same or similar structure or functionality for ease of understanding and convenience. To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the Figure number in which that element is first introduced (e.g., element 104 is first introduced and discussed with respect to
Various examples of the invention will now be described. The following description provides specific details for a thorough understanding and enabling description of these examples. One skilled in the relevant art will understand, however, that the invention may be practiced without many of these details. Likewise, one skilled in the relevant art will also understand that the invention can include many other features not described in detail herein. Additionally, some well-known structures or functions may not be shown or described in detail below, so as to avoid unnecessarily obscuring the relevant description. The terminology used below is to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific examples of the invention. Indeed, certain terms may even be emphasized below; however, any terminology intended to be interpreted in any restricted manner will be overtly and specifically defined as such in this Detailed Description section. Where the specification recites an email program, other communication programs may equally apply. For example, various kinds of instant messaging programs also may be used to transmit documents using FTP or IRC protocols.
The method and system operates on one or more computers. In one embodiment, the user's computer is connected within the secure locus to a local server. The user computer operates the email client, and the server operates as an email server. When the user computer transmits an email it is sent to the server, which then routes the transmission out of the first secure locus to another locus. In another embodiment, the user computer may be a mobile device that may be operating outside the local network and sending emails using a publicly available email server. In this embodiment, if the mobile device (400) retrieves a document from the secure locus, by means of authenticating itself with a document management system that manages a document server (404). The mobile device may still introduce a security vulnerability if the document is attached to an email and transmitted further on to the recipient (402) using a public server (401). In either case, the document has to be reliably checked before the user's email or other communication program attempts to transmit the message containing the document.
In the preferred embodiment, the server also contains a data structure stored within it that organizes logical rules that are referred to as “policies.” The policies dictate how a document that is attached to an email is to be treated. The user computer retains a local cache copy of the current policies. Referring to
In one embodiment, the email program operating on the user's computer may be configured so that the documents that are attached to messages, referred to in
The advantage of this approach is that the outgoing message is checked for adherence to security policies as it is being composed. While prior art approaches to email security execute security checks after the email is designated for sending, this introduces a risk of security failure. To the extent the additional code modules that execute the security checks are external to the email program itself, there is a risk of compatibility problems, where one code module that works with the email, for example, a document management plug-in, conflicts with the security check module. The present invention avoids this problem by running the security checks while the email is being composed. In addition, the email message can automatically be fixed in accordance with the security policies.
The system operates by hooking into the email client program. In one embodiment, the system hooks into the Outlook™ object model. The object oriented computing construct permits the system to respond to the cases when a document is added to a message being composes or when recipients are added. The system creates a temporary file when the email is first created, and then stores logical values representing the results of applying the security policy rules each time the Outlook object model alerts the system that the email message object has been changed, for example, by adding recipients or adding attachments. Each modification of the email message object, while it is being composed, will trigger the security system logic. The system can thereby execute the logic for applying the security policy rules to an email message prior to the message being sent.
In one embodiment, a policy can be expressed in logic that checks whether a destination of a recipient is external to the security locus. The rule may require in those cases that any documents be collapsed into flat images that cannot be modified. Or the rule may prohibit editable document formats from leaving the security locus. And further, the security policy may query a document management system using the filename or other indicia or metadata in the attachment to determine if the document management system has indicated that the document cannot leave the security locus. In that case, the attachment is removed from the email.
In one embodiment, the policy rule can be expressed as conditional logic statement. In the following example, the security rule check whether the email message is going outbound, and if so, whether there is an attachment, and if so, if it is a Word™ document, and if so, it automatically converts it to a PDF and makes that .pdf file the attachment:
In another embodiment, the rule checks the user's authority to transmit a document externally to the security locus, and if the security level doesn't match the security level of the document, then the attachment is removed from the message and a notification is transmitted to a data security officer:
These security policy rules can be stored in a data structure either on the server or on the user's computer. When the system detects a change in the email object, then the security rules can be checked and acted upon.
Another advantage of this approach is that different policies may apply to different recipients. In this embodiment, an email that has a Powerpoint™ file as an attachment may have a recipient within the security locus and a recipient external to that locus. The policy may indicate that any external transmissions of Powerpoint slide decks must be in PDF™ format. As a result, the system can call on additional modules to create a tandem email message to the external recipient that has the same file in the PDF™ format as the attachment, while the first email message for the internal recipients receive the Powerpoint file itself. Similarly, a security policy can call a module that for any external transmission of a document, inserts a confidentiality notice into the first page or footer of each page of the document automatically.
Other types of security policies for attachments can be established by means of establishing rule logic that can be executed by the user system. In one embodiment, the policy rule can apply to the user themselves: a user may not have permission to transmit a particular document, document file type or document department designation. In the case of a department designation, it may be that certain documents are tagged in the document management system as being associated with the human resources department, or the finance department or the research and development department. The policies may encode rules that prohibit certain users from transmitting certain department designated documents outside the security locus. In addition, a security policy may prohibit attaching any document from with particular department designations, for example, human resources or research and development. The security policy can also encode a rule that causes the system to transmit a message to a particular second user in the event a particular security policy is violated. For example, if a low-level user attempts to attach a sensitive research and development document to an email being transmitted to a recipient outside the security locus, this violation can be logged, including making a copy of the message and delivering the message or notice of such message to personnel responsible for data security. In yet another embodiment, the system can record what the user decides to do and thereby create a log that can be used to create a report. In one case, the log is associated with the user's activity, and in another, the log is associated with the document and reports its disposition.
In one embodiment, the sensitivity level of a document is stored in an XML file. In another embodiment, the sensitivity level may be stored in a data record of a database. Further, the sensitivity level may be stored in any kind of data structure that may be used to obtain information corresponding to the document by use of a reference to the document. The sensitivity of a document may also be determined by examining the content of the document itself. In this case, the rules may have actual text strings, or refer to text strings that are considered an item to filter on. For example, a new project called “Breakthrough”, may result in a rule that any document containing the word “breakthrough” cannot be emailed out of the security locus, unless the sender is of a certain seniority. More typically, if any document contains the word “confidential” in the header or footer, then the document is not transmitted.
An additional security policy rule can be that if a predetermined word or phrase comprised of words is detected, these are automatically redacted, either by deletion of the text (with regard to documents comprised of encoded characters) or by the modification of the actual image of the text in order to obscure the text (for example, but applying a black stripe to the portion of the image that contains the predetermined word or phrase). In this case, the text string is used as a key in the filtering process. A rule can select that the entire sentence containing the word is redacted, or the entire paragraph. Other rules can combine these parameters. For example, an isolated instance of the string may result in the sentence being redacted, but a paragraph containing more than some pre-determined number of instances would then be redacted in its entirety.
In yet another embodiment, the invention deals with what to do with a file that is blocked. In one embodiment, the file can be compressed, for example, in a secure zip file. In another, the file is encrypted. In a third, the file is redacted of the sensitive information and the sent on. In yet another embodiment, the system will upload the file to a secure server location, and then replace the attachment in the email with a hyperlink in the body of the email to that location. In this embodiment, the link can be to a secure portal that prevents the public from accessing the secure server. In addition, the system can associate security attributes to the link, for example, an expiration dates, shareable/non sharable permission code, downloadable or not downloadable permission code, password protected access or an IP address/domain lock. In yet another embodiment, the uploaded document is updated to a new version automatically if the original version is updated. In this case, a document management system will have metadata associated with the blocked document that it may use to determine that a document being saved is subject to a block and that a copy is residing on the secure server. When the document management system authorizes the saving of a new version, it can transmit a message or semaphore to the secure server that causes it to fetch the new version and to place the new version in the place of the older version. Alternatively, the system can transmit the document directly to the secure server. In the absence of a formal document management system, an owner of the updated document can upload the updated version.
In yet another embodiment, a document may be used to create a unique characteristic number by means of processing the encoded characters comprising the document through an algorithm so that the resulting characteristic number is unique to that version of that document. In this case, the characteristic number may be used as a key in a security rule. Alternatively, a code number may be embedded in a document in a manner that is not apparent or easily removed. This may be done using steganography. In this case, the invention may check a document that is attached to an email for this embedded code, or fingerprint, and then based on its value, determine an action to take.
Operating Environment:
The invention may be implemented by means of an algorithmic state machine. The simplest approach uses a two state machine:
00: Wait for a notification of change in the message, then go to State 01.
01: Apply the security rules and return to State 00.
In one embodiment, the state machine may have three states, with three transition conditions:
00: Wait for a notification of change in the message, then go to State 01.
01: Determine what type of security situation is implicated, e.g. recipient, document, or body of the email, then go to State 02.
02: Apply the family of security rules for that type of security situation to the detected change, return to State 00.
In one embodiment of the invention, an administrator can provide a user the privilege of selecting which rules to apply, or simply apply the rule regardless or a combination thereof. In this approach, there is a four state machine:
00: Wait for a notification of change in the message, then go to State 01.
01: Determine what type of security situation is implicated, e.g. recipient, document, or body of the email, display to the user a selection option, then go to State 02.
02: Wait on user input of a selection, then go to State 03.
03: Apply the family of security rules selected by the user the detected change, return to State 00.
Those skilled in the relevant art will appreciate that the invention can be practiced with other communications, data processing, or computer system configurations, including: wireless devices, Internet appliances, hand-held devices (including personal digital assistants (PDAs)), wearable computers, all manner of cellular or mobile phones, multi-processor systems, microprocessor-based or programmable consumer electronics, set-top boxes, network PCs, minicomputers, mainframe computers, and the like. Indeed, the terms “computer,” “server,” and the like are used interchangeably herein, and may refer to any of the above devices and systems. In some instances, especially where the mobile computing device 104 is used to access web content through the network 110 (e.g., when a 3G or an LTE service of the phone 102 is used to connect to the network 110), the network 110 may be any type of cellular, IP-based or converged telecommunications network, including but not limited to Global System for Mobile Communications (GSM), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), Worldwide Interoperability for Microwave Access (WiMAX), Universal Mobile Telecommunications System (UMTS), Evolution-Data Optimized (EVDO), Long Term Evolution (LTE), Ultra Mobile Broadband (UMB), Voice over Internet Protocol (VoIP), Unlicensed Mobile Access (UMA), etc.
The user's computer may be a laptop or desktop type of personal computer. It can also be a cell phone, smart phone or other handheld device, including a tablet. The precise form factor of the user's computer does not limit the claimed invention. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, hand-held, laptop or mobile computer or communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The system and method described herein can be executed using a computer system, generally comprised of a central processing unit (CPU) that is operatively connected to a memory device, data input and output circuitry (I/O) and computer data network communication circuitry. A video display device may be operatively connected through the I/O circuitry to the CPU. Components that are operatively connected to the CPU using the I/O circuitry include microphones, for digitally recording sound, and video camera, for digitally recording images or video. Audio and video may be recorded simultaneously as an audio visual recording. The I/O circuitry can also be operatively connected to an audio loudspeaker in order to render digital audio data into audible sound. Audio and video may be rendered through the loudspeaker and display device separately or in combination. Computer code executed by the CPU can take data received by the data communication circuitry and store it in the memory device. In addition, the CPU can take data from the I/O circuitry and store it in the memory device. Further, the CPU can take data from a memory device and output it through the I/O circuitry or the data communication circuitry. The data stored in memory may be further recalled from the memory device, further processed or modified by the CPU in the manner described herein and restored in the same memory device or a different memory device operatively connected to the CPU including by means of the data network circuitry. The memory device can be any kind of data storage circuit or magnetic storage or optical device, including a hard disk, optical disk or solid state memory.
The computer can display on the display screen operatively connected to the I/O circuitry the appearance of a user interface. Various shapes, text and other graphical forms are displayed on the screen as a result of the computer generating data that causes the pixels comprising the display screen to take on various colors and shades. The user interface also displays a graphical object referred to in the art as a cursor. The object's location on the display indicates to the user a selection of another object on the screen. The cursor may be moved by the user by means of another device connected by I/O circuitry to the computer. This device detects certain physical motions of the user, for example, the position of the hand on a flat surface or the position of a finger on a flat surface. Such devices may be referred to in the art as a mouse or a track pad. In some embodiments, the display screen itself can act as a trackpad by sensing the presence and position of one or more fingers on the surface of the display screen. When the cursor is located over a graphical object that appears to be a button or switch, the user can actuate the button or switch by engaging a physical switch on the mouse or trackpad or computer device or tapping the trackpad or touch sensitive display. When the computer detects that the physical switch has been engaged (or that the tapping of the track pad or touch sensitive screen has occurred), it takes the apparent location of the cursor (or in the case of a touch sensitive screen, the detected position of the finger) on the screen and executes the process associated with that location. As an example, not intended to limit the breadth of the disclosed invention, a graphical object that appears to be a 2 dimensional box with the word “enter” within it may be displayed on the screen. If the computer detects that the switch has been engaged while the cursor location (or finger location for a touch sensitive screen) was within the boundaries of a graphical object, for example, the displayed box, the computer will execute the process associated with the “enter” command. In this way, graphical objects on the screen create a user interface that permits the user to control the processes operating on the computer.
The system may be comprised of a central server that is connected by a data network to a user's computer. The central server may be comprised of one or more computers connected to one or more mass storage devices. The precise architecture of the central server does not limit the claimed invention. In addition, the data network may operate with several levels, such that the user's computer is connected through a fire wall to one server, which routes communications to another server that executes the disclosed methods. The precise details of the data network architecture do not limit the claimed invention.
A server may be a computer comprised of a central processing unit with a mass storage device and a network connection. In addition a server can include multiple of such computers connected together with a data network or other data transfer connection, or, multiple computers on a network with network accessed storage, in a manner that provides such functionality as a group. Practitioners of ordinary skill will recognize that functions that are accomplished on one server may be partitioned and accomplished on multiple servers that are operatively connected by a computer network by means of appropriate inter process communication. In addition, the access of a website can be by means of an Internet browser accessing a secure or public page or by means of a client program running on a local computer that is connected over a computer network to the server. A data message and data upload or download can be delivered over the Internet using typical protocols, including TCP/IP, HTTP, SMTP, RPC, FTP or other kinds of data communication protocols that permit processes running on two remote computers to exchange information by means of digital network communication. As a result a data message can be a data packet transmitted from or received by a computer containing a destination network address, a destination process or application identifier, and data values that can be parsed at the destination computer located at the destination network address by the destination application in order that the relevant data values are extracted and used by the destination application.
The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices. Practitioners of ordinary skill will recognize that the invention may be executed on one or more computer processors that are linked using a data network, including, for example, the Internet. In another embodiment, different steps of the process can be executed by one or more computers and storage devices geographically separated by connected by a data network in a manner so that they operate together to execute the process steps. In one embodiment, a user's computer can run an application that causes the user's computer to transmit a stream of one or more data packets across a data network to a second computer, referred to here as a server. The server, in turn, may be connected to one or more mass data storage devices where the database is stored. The server can execute a program that receives the transmitted packet and interpret the transmitted data packets in order to extract database query information. The server can then execute the remaining steps of the invention by means of accessing the mass storage devices to derive the desired result of the query. Alternatively, the server can transmit the query information to another computer that is connected to the mass storage devices, and that computer can execute the invention to derive the desired result. The result can then be transmitted back to the user's computer by means of another stream of one or more data packets appropriately addressed to the user's computer.
Computer program logic implementing all or part of the functionality previously described herein may be embodied in various forms, including, but in no way limited to, a source code form, a computer executable form, and various intermediate forms (e.g., forms generated by an assembler, compiler, linker, or locator.) Source code may include a series of computer program instructions implemented in any of various programming languages (e.g., an object code, an assembly language, or a high-level language such as FORTRAN, C, C++, JAVA, or HTML or scripting languages that are executed by Internet web-browsers) for use with various operating systems or operating environments. The source code may define and use various data structures and communication messages. The source code may be in a computer executable form (e.g., via an interpreter), or the source code may be converted (e.g., via a translator, assembler, or compiler) into a computer executable form.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer program and data may be fixed in any form (e.g., source code form, computer executable form, or an intermediate form) either permanently or transitorily in a tangible storage medium, such as a semiconductor memory device (e.g., a RAM, ROM, PROM, EEPROM, or Flash-Programmable RAM), a magnetic memory device (e.g., a diskette or fixed hard disk), an optical memory device (e.g., a CD-ROM or DVD), a PC card (e.g., PCMCIA card), or other memory device. The computer program and data may be fixed in any form in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies, networking technologies, and internetworking technologies. The computer program and data may be distributed in any form as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software or a magnetic tape), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web.) It is appreciated that any of the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques.
The described embodiments of the invention are intended to be exemplary and numerous variations and modifications will be apparent to those skilled in the art. All such variations and modifications are intended to be within the scope of the present invention as defined in the appended claims. Although the present invention has been described and illustrated in detail, it is to be clearly understood that the same is by way of illustration and example only, and is not to be taken by way of limitation. It is appreciated that various features of the invention which are, for clarity, described in the context of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable combination. It is appreciated that the particular embodiment described in the specification is intended only to provide an extremely detailed disclosure of the present invention and is not intended to be limiting.
It should be noted that the flow diagrams are used herein to demonstrate various aspects of the invention, and should not be construed to limit the present invention to any particular logic flow or logic implementation. The described logic may be partitioned into different logic blocks (e.g., programs, modules, functions, or subroutines) without changing the overall results or otherwise departing from the true scope of the invention. Oftentimes, logic elements may be added, modified, omitted, performed in a different order, or implemented using different logic constructs (e.g., logic gates, looping primitives, conditional logic, and other logic constructs) without changing the overall results or otherwise departing from the true scope of the invention.
Also, while processes or blocks are at times shown as being performed in series, these processes or blocks may instead be performed or implemented in parallel, or may be performed at different times.
This application claims priority to U.S. Provisional App. No. 61/858,154 filed Jul. 25, 2013 and herein incorporates that application by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4479195 | Herr et al. | Oct 1984 | A |
| 4949300 | Christenson et al. | Aug 1990 | A |
| 5008853 | Bly et al. | Apr 1991 | A |
| 5072412 | Henderson, Jr. et al. | Dec 1991 | A |
| 5220657 | Bly et al. | Jun 1993 | A |
| 5245553 | Tanenbaum | Sep 1993 | A |
| 5247615 | Mori et al. | Sep 1993 | A |
| 5293619 | Dean | Mar 1994 | A |
| 5379374 | Ishizaki et al. | Jan 1995 | A |
| 5446842 | Schaeffer et al. | Aug 1995 | A |
| 5608872 | Schwartz et al. | Mar 1997 | A |
| 5617539 | Ludwig et al. | Apr 1997 | A |
| 5634062 | Shimizu et al. | May 1997 | A |
| 5671428 | Muranaga et al. | Sep 1997 | A |
| 5699427 | Chow et al. | Dec 1997 | A |
| 5787175 | Carter | Jul 1998 | A |
| 5801702 | Dolan et al. | Sep 1998 | A |
| 5806078 | Hug et al. | Sep 1998 | A |
| 5819300 | Kohno et al. | Oct 1998 | A |
| 5832494 | Egger et al. | Nov 1998 | A |
| 5890177 | Moody et al. | Mar 1999 | A |
| 5898836 | Frievald et al. | Apr 1999 | A |
| 6003060 | Aznar et al. | Dec 1999 | A |
| 6012087 | Frievald et al. | Jan 2000 | A |
| 6049804 | Burgess et al. | Apr 2000 | A |
| 6067551 | Brown et al. | May 2000 | A |
| 6088702 | Plantz et al. | Jul 2000 | A |
| 6128635 | Ikeno | Oct 2000 | A |
| 6145084 | Zuili et al. | Nov 2000 | A |
| 6189019 | Blumer et al. | Feb 2001 | B1 |
| 6212534 | Lo et al. | Apr 2001 | B1 |
| 6219818 | Frievald et al. | Apr 2001 | B1 |
| 6243091 | Berstis | Jun 2001 | B1 |
| 6263350 | Wollrath et al. | Jul 2001 | B1 |
| 6263364 | Najork et al. | Jul 2001 | B1 |
| 6269370 | Kirsch | Jul 2001 | B1 |
| 6285999 | Page | Sep 2001 | B1 |
| 6301368 | Bolle et al. | Oct 2001 | B1 |
| 6321265 | Najork et al. | Nov 2001 | B1 |
| 6336123 | Inoue et al. | Jan 2002 | B2 |
| 6351755 | Najork et al. | Feb 2002 | B1 |
| 6377984 | Najork et al. | Apr 2002 | B1 |
| 6404446 | Bates et al. | Jun 2002 | B1 |
| 6418433 | Chakrabarti et al. | Jul 2002 | B1 |
| 6418453 | Kraft et al. | Jul 2002 | B1 |
| 6424966 | Meyerzon et al. | Jul 2002 | B1 |
| 6449624 | Hammack et al. | Sep 2002 | B1 |
| 6513050 | Williams et al. | Jan 2003 | B1 |
| 6547829 | Meyerzon et al. | Apr 2003 | B1 |
| 6556982 | McGaffey et al. | Apr 2003 | B1 |
| 6560620 | Ching | May 2003 | B1 |
| 6584466 | Serbinis et al. | Jun 2003 | B1 |
| 6591289 | Britton | Jul 2003 | B1 |
| 6594662 | Sieffert et al. | Jul 2003 | B1 |
| 6596030 | Ball et al. | Jul 2003 | B2 |
| 6614789 | Yazdani et al. | Sep 2003 | B1 |
| 6658626 | Aiken | Dec 2003 | B1 |
| 6738762 | Chen et al. | May 2004 | B1 |
| 6745024 | DeJaco | Jun 2004 | B1 |
| 6918082 | Gross | Jul 2005 | B1 |
| 7035427 | Rhoads | Apr 2006 | B2 |
| 7085735 | Hall et al. | Aug 2006 | B1 |
| 7107518 | Ramaley et al. | Sep 2006 | B2 |
| 7152019 | Tarantola et al. | Dec 2006 | B2 |
| 7194761 | Champagne | Mar 2007 | B1 |
| 7212955 | Kirshenbaum et al. | May 2007 | B2 |
| 7233686 | Hamid | Jun 2007 | B2 |
| 7240207 | Weare | Jul 2007 | B2 |
| 7299504 | Tiller et al. | Nov 2007 | B1 |
| 7321864 | Gendler | Jan 2008 | B1 |
| 7356704 | Rinkevich et al. | Apr 2008 | B2 |
| 7434164 | Salesin et al. | Oct 2008 | B2 |
| 7454778 | Pearson et al. | Nov 2008 | B2 |
| 7496841 | Hadfield et al. | Feb 2009 | B2 |
| 7564997 | Hamid | Jul 2009 | B2 |
| 7570964 | Maes | Aug 2009 | B2 |
| 7624447 | Horowitz et al. | Nov 2009 | B1 |
| 7627613 | Dulitz et al. | Dec 2009 | B1 |
| 7640308 | Antonoff et al. | Dec 2009 | B2 |
| 7673324 | Tirosh et al. | Mar 2010 | B2 |
| 7680785 | Najork | Mar 2010 | B2 |
| 7685298 | Day | Mar 2010 | B2 |
| 7694336 | Rinkevich et al. | Apr 2010 | B2 |
| 7707153 | Petito et al. | Apr 2010 | B1 |
| 7720256 | Desprez et al. | May 2010 | B2 |
| 7730175 | Roesch et al. | Jun 2010 | B1 |
| 7788235 | Yeo | Aug 2010 | B1 |
| 7818678 | Massand | Oct 2010 | B2 |
| 7844116 | Monga | Nov 2010 | B2 |
| 7857201 | Silverbrook et al. | Dec 2010 | B2 |
| 7877790 | Vishik et al. | Jan 2011 | B2 |
| 7890752 | Bardsley et al. | Feb 2011 | B2 |
| 7895166 | Foygel et al. | Feb 2011 | B2 |
| 7895276 | Massand | Feb 2011 | B2 |
| 7958101 | Teugels et al. | Jun 2011 | B1 |
| 8005277 | Tulyakov et al. | Aug 2011 | B2 |
| 8042112 | Zhu et al. | Oct 2011 | B1 |
| 8060575 | Massand | Nov 2011 | B2 |
| 8117225 | Zilka | Feb 2012 | B1 |
| 8140513 | Ghods | Mar 2012 | B2 |
| 8181036 | Nachenberg | May 2012 | B1 |
| 8209538 | Craigie | Jun 2012 | B2 |
| 8286171 | More et al. | Oct 2012 | B2 |
| 8316237 | Felsher et al. | Nov 2012 | B1 |
| 8326814 | Ghods | Dec 2012 | B2 |
| 8381104 | Massand | Feb 2013 | B2 |
| 8406456 | More | Mar 2013 | B2 |
| 8471781 | Massand | Jun 2013 | B2 |
| 8473847 | Glover | Jun 2013 | B2 |
| 8478995 | Alculumbre | Jul 2013 | B2 |
| 8555080 | More et al. | Oct 2013 | B2 |
| 8620020 | More | Dec 2013 | B2 |
| 8670600 | More | Mar 2014 | B2 |
| 8732127 | Rotterdam et al. | May 2014 | B1 |
| 8839100 | Donald | Sep 2014 | B1 |
| 8977697 | Massand | Mar 2015 | B2 |
| 9652485 | Bhargava et al. | May 2017 | B1 |
| 20010042073 | Saether et al. | Nov 2001 | A1 |
| 20020010682 | Johnson | Jan 2002 | A1 |
| 20020016959 | Barton et al. | Feb 2002 | A1 |
| 20020019827 | Shiman et al. | Feb 2002 | A1 |
| 20020023158 | Polizzi et al. | Feb 2002 | A1 |
| 20020052928 | Stern et al. | May 2002 | A1 |
| 20020063154 | Hoyos et al. | May 2002 | A1 |
| 20020065827 | Christie et al. | May 2002 | A1 |
| 20020065848 | Walker et al. | May 2002 | A1 |
| 20020073188 | Rawson | Jun 2002 | A1 |
| 20020087515 | Swannack et al. | Jul 2002 | A1 |
| 20020099602 | Moskowitz et al. | Jul 2002 | A1 |
| 20020120648 | Ball et al. | Aug 2002 | A1 |
| 20020129062 | Luparello | Sep 2002 | A1 |
| 20020136222 | Robohm | Sep 2002 | A1 |
| 20020138744 | Schleicher et al. | Sep 2002 | A1 |
| 20020159239 | Amie et al. | Oct 2002 | A1 |
| 20020164058 | Aggarwal et al. | Nov 2002 | A1 |
| 20030009518 | Harrow et al. | Jan 2003 | A1 |
| 20030037010 | Schmelzer | Feb 2003 | A1 |
| 20030051054 | Redlich | Mar 2003 | A1 |
| 20030061260 | Rajkumar | Mar 2003 | A1 |
| 20030078880 | Alley et al. | Apr 2003 | A1 |
| 20030093755 | Ramakrishnan | May 2003 | A1 |
| 20030097454 | Yamakawa et al. | May 2003 | A1 |
| 20030131005 | Berry | Jul 2003 | A1 |
| 20030158839 | Faybishenko et al. | Aug 2003 | A1 |
| 20030191799 | Araujo et al. | Oct 2003 | A1 |
| 20030196087 | Stringer et al. | Oct 2003 | A1 |
| 20030223624 | Hamid | Dec 2003 | A1 |
| 20030237047 | Borson | Dec 2003 | A1 |
| 20040002049 | Beavers et al. | Jan 2004 | A1 |
| 20040031052 | Wannamaker et al. | Feb 2004 | A1 |
| 20040187076 | Ki | Sep 2004 | A1 |
| 20050055306 | Miller et al. | Mar 2005 | A1 |
| 20050055337 | Bebo et al. | Mar 2005 | A1 |
| 20050071755 | Harrington et al. | Mar 2005 | A1 |
| 20050108293 | Lipman et al. | May 2005 | A1 |
| 20050138540 | Baltus et al. | Jun 2005 | A1 |
| 20050204008 | Shinbrood | Sep 2005 | A1 |
| 20050251748 | Gusmorino et al. | Nov 2005 | A1 |
| 20050268327 | Starikov | Dec 2005 | A1 |
| 20060005247 | Zhang et al. | Jan 2006 | A1 |
| 20060021031 | Leahy et al. | Jan 2006 | A1 |
| 20060047765 | Mizoi | Mar 2006 | A1 |
| 20060050937 | Hamid | Mar 2006 | A1 |
| 20060059196 | Sato et al. | Mar 2006 | A1 |
| 20060064717 | Shibata et al. | Mar 2006 | A1 |
| 20060067578 | Fuse | Mar 2006 | A1 |
| 20060069740 | Ando | Mar 2006 | A1 |
| 20060098850 | Hamid | May 2006 | A1 |
| 20060112120 | Rohall | May 2006 | A1 |
| 20060129627 | Phillips | Jun 2006 | A1 |
| 20060158676 | Hamada | Jul 2006 | A1 |
| 20060171588 | Chellapilla et al. | Aug 2006 | A1 |
| 20060184505 | Kedem | Aug 2006 | A1 |
| 20060218004 | Dworkin et al. | Sep 2006 | A1 |
| 20060218643 | DeYoung | Sep 2006 | A1 |
| 20060224589 | Rowney | Oct 2006 | A1 |
| 20060236246 | Bono et al. | Oct 2006 | A1 |
| 20060261112 | Gates et al. | Nov 2006 | A1 |
| 20060271947 | Lienhart et al. | Nov 2006 | A1 |
| 20060272024 | Huang et al. | Nov 2006 | A1 |
| 20060294468 | Sareen et al. | Dec 2006 | A1 |
| 20060294469 | Sareen et al. | Dec 2006 | A1 |
| 20070005589 | Gollapudi | Jan 2007 | A1 |
| 20070025265 | Porras et al. | Feb 2007 | A1 |
| 20070094510 | Ross et al. | Apr 2007 | A1 |
| 20070100991 | Daniels | May 2007 | A1 |
| 20070101154 | Bardsley et al. | May 2007 | A1 |
| 20070101413 | Vishik et al. | May 2007 | A1 |
| 20070141641 | Fang | Jun 2007 | A1 |
| 20070150443 | Bergholz et al. | Jun 2007 | A1 |
| 20070179967 | Zhang | Aug 2007 | A1 |
| 20070192728 | Finley et al. | Aug 2007 | A1 |
| 20070220068 | Thompson et al. | Sep 2007 | A1 |
| 20070253608 | Tulyakov et al. | Nov 2007 | A1 |
| 20070261099 | Broussard | Nov 2007 | A1 |
| 20070261112 | Todd et al. | Nov 2007 | A1 |
| 20070294318 | Arora et al. | Dec 2007 | A1 |
| 20070294612 | Drucker et al. | Dec 2007 | A1 |
| 20080033913 | Winburn | Feb 2008 | A1 |
| 20080034282 | Zernik | Feb 2008 | A1 |
| 20080065668 | Spence et al. | Mar 2008 | A1 |
| 20080080515 | Tombroff et al. | Apr 2008 | A1 |
| 20080082529 | Mantena et al. | Apr 2008 | A1 |
| 20080091465 | Fuschino et al. | Apr 2008 | A1 |
| 20080091735 | Fukushima et al. | Apr 2008 | A1 |
| 20080162527 | Pizano | Jul 2008 | A1 |
| 20080177782 | Poston et al. | Jul 2008 | A1 |
| 20080209001 | Boyle et al. | Aug 2008 | A1 |
| 20080219495 | Hulten et al. | Sep 2008 | A1 |
| 20080235760 | Broussard | Sep 2008 | A1 |
| 20080263363 | Jueneman et al. | Oct 2008 | A1 |
| 20080288597 | Christensen | Nov 2008 | A1 |
| 20080306894 | Rajkumar et al. | Dec 2008 | A1 |
| 20080320316 | Waldspurger et al. | Dec 2008 | A1 |
| 20090025087 | Peirson et al. | Jan 2009 | A1 |
| 20090034804 | Cho et al. | Feb 2009 | A1 |
| 20090049132 | Livne Gutovski | Feb 2009 | A1 |
| 20090064326 | Goldstein | Mar 2009 | A1 |
| 20090083073 | Mehta et al. | Mar 2009 | A1 |
| 20090129002 | Wu et al. | May 2009 | A1 |
| 20090164427 | Shields et al. | Jun 2009 | A1 |
| 20090183257 | Prahalad | Jul 2009 | A1 |
| 20090241187 | Troyansky | Sep 2009 | A1 |
| 20090319480 | Saito | Dec 2009 | A1 |
| 20100011428 | Atwood et al. | Jan 2010 | A1 |
| 20100049807 | Thompson | Feb 2010 | A1 |
| 20100058053 | Wood et al. | Mar 2010 | A1 |
| 20100064004 | Ravi et al. | Mar 2010 | A1 |
| 20100064372 | More | Mar 2010 | A1 |
| 20100070448 | Omoigui | Mar 2010 | A1 |
| 20100076985 | Egnor | Mar 2010 | A1 |
| 20100114985 | Chaudhaly et al. | May 2010 | A1 |
| 20100114991 | Chaudhary et al. | May 2010 | A1 |
| 20100124354 | More | May 2010 | A1 |
| 20100131604 | Portilla | May 2010 | A1 |
| 20100146382 | Abe et al. | Jun 2010 | A1 |
| 20100186062 | Banti | Jul 2010 | A1 |
| 20100251104 | Massand | Sep 2010 | A1 |
| 20100257352 | Errico | Oct 2010 | A1 |
| 20100287246 | Klos | Nov 2010 | A1 |
| 20100299727 | More et al. | Nov 2010 | A1 |
| 20100332428 | McHenry et al. | Dec 2010 | A1 |
| 20110029625 | Cheng | Feb 2011 | A1 |
| 20110041165 | Bowen | Feb 2011 | A1 |
| 20110106892 | Nelson | May 2011 | A1 |
| 20110197121 | Kletter | Aug 2011 | A1 |
| 20110225646 | Crawford | Sep 2011 | A1 |
| 20110252098 | Kumar | Oct 2011 | A1 |
| 20110252310 | Rahaman et al. | Oct 2011 | A1 |
| 20110264907 | Betz et al. | Oct 2011 | A1 |
| 20110276658 | Massand | Nov 2011 | A1 |
| 20110314384 | Lindgren | Dec 2011 | A1 |
| 20120016867 | Clemm et al. | Jan 2012 | A1 |
| 20120079267 | Lee | Mar 2012 | A1 |
| 20120079596 | Thomas | Mar 2012 | A1 |
| 20120117644 | Soeder | May 2012 | A1 |
| 20120133989 | Glover | May 2012 | A1 |
| 20120136951 | Mulder | May 2012 | A1 |
| 20120136952 | Mulder | May 2012 | A1 |
| 20120260188 | Park et al. | Oct 2012 | A1 |
| 20120317414 | Glover | Dec 2012 | A1 |
| 20120324369 | Safa | Dec 2012 | A1 |
| 20130074195 | Johnston | Mar 2013 | A1 |
| 20130074198 | More | Mar 2013 | A1 |
| 20130097421 | Lim | Apr 2013 | A1 |
| 20130227043 | Murakami | Aug 2013 | A1 |
| 20130246901 | Massand | Sep 2013 | A1 |
| 20130254536 | Glover | Sep 2013 | A1 |
| 20130290867 | Massand | Oct 2013 | A1 |
| 20140115066 | Massand | Apr 2014 | A1 |
| 20140115436 | Beaver et al. | Apr 2014 | A1 |
| 20140181223 | Homsany | Jun 2014 | A1 |
| 20140281872 | Glover | Sep 2014 | A1 |
| 20150026464 | Hanner, Sr. | Jan 2015 | A1 |
| 20150172058 | Follis | Jun 2015 | A1 |
| 20160350270 | Nakazawa | Dec 2016 | A1 |
| Number | Date | Country |
|---|---|---|
| 10177650 | Jun 1998 | JP |
| 2004265267 | Sep 2004 | JP |
| 2007299364 | Nov 2007 | JP |
| 20010078840 | Aug 2001 | KR |
| 20040047413 | Jun 2004 | KR |
| 20060048686 | May 2006 | KR |
| 20070049518 | May 2007 | KR |
| 1020080029602 | Apr 2008 | KR |
| 0060504 | Oct 2000 | WO |
| Entry |
|---|
| Chen et al., Online Dectection and Prevention of Phishing Attacks, © 2006, IEEE, 7 pages. |
| Bobba et al., Attribute-Based Messaging: Access Control and Confidentiality, © 2010, ACM, 35 pages. |
| Karnouskos etal., Active Electronic Mail, © 2002, ACM, 6 pages. |
| Bettenburg et al., An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Processing Mailing List Data, @ 2009, IEEE, 4 pages. |
| Bindu et al., Sapm War: Battling Ham against Spam, © 2011, IEEE, 6 pages. |
| Kaushik et al., Email Feedback: A Policy-based Approach to Overcoming False Positives, © 2005, 10 pages. |
| Stolfo et al., AMT/MET: Systems for Modeling and Decting Errant Email. © 2003, IEEE, 6 pages. |
| Non-Final Office Action dated Aug. 1, 2012 in Co-Pending U.S. Appl. No. 12/621,429, filed Nov. 18, 2009. |
| Final Office Action dated Feb. 1, 2013 in Co-Pending U.S. Appl. No. 12/621,429, by More, S., filed Nov. 18, 2009. |
| Final Office Action dated May 10, 2012 in Co-Pending U.S. Appl. No. 12/209,082, filed Sep. 11, 2008. |
| Notice of Allowance dated Jul. 8, 2013 in Co-Pending U.S. Appl. No. 12/209,082, by S. More et al. filed Sep. 11, 2008. |
| Final Office Action dated Apr. 16, 2012 in Co-Pending U.S. Appl. No. 12/177,043, filed Jul. 21, 2008. |
| Final Office Action dated Aug. 12, 2011 for U.S. Appl. No. 12/209,096, filed Sep. 11, 2008. |
| Non-Final Office Action dated Dec. 22, 2011 in Co-Pending U.S. Appl. No. 12/209,082. |
| Non-Final Office Action dated Jan. 9, 2012 in Co-Pending U.S. Appl. No. 12/177,043, filed Jul. 21, 2008. |
| Non-Final Office Action dated Mar. 11, 2011, in Co-pending U.S. Appl. No. 12/209,096, filed Sep. 11, 2008. |
| Non-Final Office Action dated Sep. 19, 2011 for U.S. Appl. No. 12/177,043, filed Jul. 21, 2008. |
| International Search Report of PCT Application No. PCT/US2009/056651, dated Apr. 21, 2010, pp. 1-3. |
| Written Opinion PCT Application No. PCT/US2009/056651, dated Apr. 21, 2010, pp. 1-5. |
| Weiss et al., Lightweight document matching for help-desk applications, In; Intelligent Systems and their Applications, IEEE, Vo. 15, Issue:2, pp. 57-61, ISSN 1094-7167, 2000. |
| International Search Report of PCT Application No. PCT/US2009/065019 dated Jun. 4, 2010, pp. 1-6. |
| Written Opinion PCT Application No. PCT/US2009/065019 dated Jun. 4, 2010, pp. 1-5. |
| International Search Report of PCT Application No. PCT/US2009/056668 dated Apr. 16, 2010, pp. 1-9. |
| Written Opinion PCT Application No. PCT/US2009/056668 dated Apr. 16, 2010, pp. 1-4. |
| International Search Report of PCT Application No. PCT/US2009/051313, Mar. 3, 2010, 3 pages. |
| Written Opinion of PCT Application No. PCT/US2009/051313, Mar. 3, 2010, 4 pages. |
| “3BClean” http://www.web.archive.org/web/20060216022833/http://www.3bview.com. |
| “ezClean—Metadata removal utility for Microsoft Office”. http://web.archive.org/web/20040804113214/www.kklsoftware.com/products/ezClean/details.asp. |
| “MIMEsweeper Solutions” https://web.archive.org/web2002020211234/http://www.minesweeper.com/products/default.asp. |
| “CS MAILsweeper™4.3 for SMTP” by Clearswift LTD (©2002) www.mimesweeper.com. |
| “ezClean—New Features—version 3.3” http://web.archive.org/web/20040803203232/http://www.kklsoftware.com/products/ezClean/newfeatures.asp. |
| “ezClean 3.2—New Features” http://web.archive.org/web/20040804034917/http://www.kklsoftware.com/products/ezClean. |
| “ezClean FAQ” http://web.archive.org/web/20040803202332/http://www.kklsoftware.com/products/ezClean/faq.asp. |
| “How do I make sure that there is no embarrassing Metadata in any documents that I attach to e-mails? ezClean makes it easy!” http://web.archive.org/web/20040727132558/http:/www.kklsoftware.com. |
| “Lotus Announces cc:Mail For The World Wide Web; Provides EasyAccess to E-Mail Via The Web” http://www.thefreelibrary.com/print/printarticle.aspx?id=17465051. |
| “Middleboxes: Taxonomy and Issues,” Internet Engineering TaskForce (IETF), RFC 3234 (Feb. 2002). |
| “MIME (Multipurpose Internet Mail Extensions): Mechanisms forSpecifying and Describing the Format of Internet Message Bodies,” Internet Engineering Task Force (IETF), RFC 1341 (Jun. 1992). |
| “Think Your Deletions are Gone Forever? Think Again! ezClean Makes Metadata Removal Easy!” http://web.archive.org/web/20040727132558/http:/www.kklsoftware.com. |
| 3B Clean: What is the Problem? 3B is the solution http ://web.archive.org/web/20051201012525/http://www.3bview.com/pages/index.php. |
| 3B Transform from 2005 http:/web.archive.org/web/20051216102451/http://www.3bview.com/pages/3bclean.php. |
| 3BOpen Doc Making StarOffice and OpenOffice.org a viable option http://web.archive.org/web/2OO6O823O82918Ihttp:llwww.3bview.com/3bopendoc.html. |
| 3BOpenDoc—Convert documents to and from OSF http:!!web archive .org!web!2006062320 11 04!http:!!www.3 bview.com!3bopendoc_converLODF.html. |
| Bitform Extract SDK 2005.1 http://web.archive.org/web/20050830 121 253Ihttp:Ilbitform .net/products/securesdk/. |
| eZclean version 3.3 Installation Guide and Admin Manual http://web.archive.org/web/20050201003914/http://www.kklsoftware.com/documentation/ezClean-AdminManual.pdf. |
| ezClean version 3.3 Integration Guide for use with CS MailSweeper for SMTP. |
| Silver, Michael A.; MacDonald, Neil. Plan to Deal with Metadata Issues with Windows Vista. Gartner, Inc.. Dec. 21, 2005.ID No. G00136321. |
| Simple Mail Transfer Protocol, Internet Engineering Task Force(IETF), RFC 821 (Aug. 1982). |
| Number | Date | Country | |
|---|---|---|---|
| 20150033283 A1 | Jan 2015 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61858154 | Jul 2013 | US |
