Patent Grant
8590002
The present invention relates to confidential data, and more particularly to maintaining the confidentiality of data.
Due to the widespread use of networked computers, data transfer has become easily accessible. For example, electronic mail (e-mail), instant messaging, etc. is widely utilized for transmitting data from one location on a network to another. Often, maintaining a confidentiality of data is desired, for example, within a particular subset of computers (e.g. an organization such as a corporation, etc.). However, it has traditionally been difficult to control the transmission of data based on the confidentiality thereof.
There is thus a need for overcoming these and/or other issues associated with the prior art.
A data processing system, method and computer program product are provided. In use, data on a network is identified. In addition, a policy is identified. Further, the data is processed based on the policy for maintaining a confidentiality of the data.
Coupled to the networks 102 are servers 104 which are capable of communicating over the networks 102. Also coupled to the networks 102 and the servers 104 is a plurality of clients 106. Such servers 104 and/or clients 106 may each include a desktop computer, lap-top computer, hand-held computer, mobile phone, personal digital assistant (PDA), peripheral (e.g. printer, etc.), any component of a computer/device, and/or any other type of logic, for that mater. In order to facilitate communication among the networks 102, at least one gateway 108 is optionally coupled therebetween.
The workstation shown in
The workstation may have resident thereon any desired operating system. It will be appreciated that an embodiment may also be implemented on platforms and operating systems other than those mentioned. One embodiment may be written using JAVA, C, and/or C++ language, or other programming languages, along with an object oriented programming methodology. Object oriented programming (OOP) has become increasingly used to develop complex applications.
Of course, the various embodiments set forth herein may be implemented utilizing hardware, software, or any desired combination thereof. For that matter, any type of logic may be utilized which is capable of implementing the various functionality set forth herein.
As shown in operation 302, data on a network is identified. In one embodiment, the network may include the Internet. In another embodiment, the network may include an intranet. Of course, however, the network may also include any of the networks described above with respect to
In addition, the data may be identified on a device located on the network. In one embodiment, the device may include a server (e.g. mail server, etc.). In another embodiment, the device may include a client. In yet another embodiment, the device may include a security system, such as for example a content manager, an intrusion prevention system (IPS), an intrusion detection system (IDS), a virus scanner, a firewall, etc. It should be noted, however, that the data may be identified on any device located on the network, including, for example, any of the devices described above with respect to
Further, in the context of the present description, the data may include network traffic, an electronic mail (e-mail) message, a file, and/or any other data capable of being located on the network. For example, in some embodiments, the data may include computer code, etc. Moreover, in one optional embodiment, the data may possibly include a tag that identifies a confidentiality status of the data. Just by way of example, the tag may identify the data as confidential. Optionally, the tag may identify a level of confidentiality of the data (e.g. high, medium, low, etc.). Further, the tag may identify a scope of the confidentiality (e.g. time limit, users authorized to access the data, etc.).
Still yet, the data may be identified in any desired manner. For example, the data may optionally be identified by scanning data stored on the network. In various embodiments, the data may be identified by scanning a mail server database, a posts database (e.g. a public folders database, etc.), and/or any other data capable of being stored on the network.
As another example, the data may be identified by intercepting data transmitted via the network. Optionally, intercepting the data may include receiving the data at a device, such as, for example, a server (e.g. e-mail server, etc.), a gateway, etc. In various embodiments, the data may be received utilizing simple mail transfer protocol (SMTP), hypertext transfer protocol (HTTP), file transfer protocol (FTP), etc. Of course, any automatic and/or manual identification is contemplated.
In addition, a policy is identified, as shown in operation 304. The policy may include any rule, logic, guideline, standard, and/or information, etc. capable of being utilized to process the data, the reasons for which will be set forth below. In one embodiment, the policy may be generated by a user. Optionally, the policy may only be generated by an authorized user. Of course, the policy may be identified in any desired manner.
In another embodiment, the policy may include at least one rule. For example, such rule may be associated with an attribute and/or property utilized for maintaining a confidentiality of the data. Of course, in some embodiments, it should be noted that a plurality of policies may also be identified.
In various embodiments, the policy may prohibit attachments in data, redirect data originating from a particular source(s), redirect data designated for a particular destination(s), etc. Of course, it should be noted that the policy may include any rule, etc. capable of being applied to the data. In another embodiment, the policy may optionally include an action to take in response to violation of the policy. Such action may include, for example, preventing transmission of the data to an associated destination, providing a notification to a user (e.g. sender, receiver, administrator, etc.), deleting the data, etc.
In yet another embodiment, the policy may be platform-independent. For example, the policy may be utilized by a plurality of different security systems that process the data (e.g. IPS, content manager, firewall, etc.). Moreover, the plurality of different systems may include different versions (e.g. some up-to-date, some older versions, some without any policies, etc.) and/or may be provided by different entities. Thus, the policy may be generated utilizing a first system that processes the data, and may then be retrieved by any number of different systems for use in processing the data.
Just by way of example, in one optional embodiment, the policy may be configured utilizing a security system associated with an e-mail server (e.g. McAfee®GroupShield® for Microsoft® Exchange, etc.). Thereafter, the policy may be retrieved and used by a content manager (e.g. McAfee® Secure Content Management solutions, etc.). Such policy may be retrieved automatically and/or manually.
In this way, different security systems may synchronize policies associated therewith, such that the security systems may be complementary. Optionally, such synchronization may be configurable (e.g. periodically, etc.). Allowing policies to be utilized by a plurality of different security systems may, in one optional embodiment, eliminate the need to configure policies that have the same parameters for each security system. Of course, some embodiments are contemplated with such policy configuration. Moreover, if one security system has up-to-date policies, then another security system that does not have all of such policies may be automatically updated therewith, therefore allowing all security systems to be up-to-date.
Still yet, the policy may be identified in any desired manner. In one embodiment, the policy may be identified based on the data. Optionally, the policy may be identified as being associated with, applicable to, etc. the data. For example, the policy may be associated with a particular confidentiality status.
Thus, in one embodiment, only policies with a confidentiality status that matches a confidentiality status of the data may be identified. An example of such confidentiality status will be described in more detail below. Additionally, the policy may be stored on any device located on the network. For example, the policy may be stored on a device that intercepts the data, a device that transmits the data, a device that stores the data, etc.
Furthermore, as shown in operation 306, the data is processed based on the policy for maintaining a confidentiality of the data. In one embodiment, the data may optionally be compared to the policy for determining whether the data violates the policy. Thus, the data may be processed based on the comparison.
In another embodiment, the data may be processed according to an action defined in the policy. Thus, as described above, the data may be allowed to be transmitted, for example, if the policy is not violated. As another option, the data may be quarantined, deleted, etc. if the policy is violated.
Furthermore, the data may be processed by any desired device. For example, the data may be processed by a client and/or server on which the data is located. As another example, the data may be processed by a device that intercepts the data. As yet another example, the data may be processed by a gateway (e.g. e-mail server, etc.). Optionally, the device on which the data is processed may also store the policy, as described above. Accordingly, server-based data processing and/or client-based data processing may be utilized.
In this way, policies may be utilized for maintaining a confidentiality of data. In particular, policies may be utilized for ensuring confidential data is not compromised, for example, by preventing transmission outside of a predefined subset of devices, by preventing attachments from being transmitted, etc. Thus, internal and external compromise of data may be prevented.
In one optional embodiment, it may be determined whether the data on the network includes a tag indicating a confidentiality status of the e-mail. The confidentiality status may include levels of confidentiality and/or a scope of such confidentiality (e.g. users authorized to receive the data, etc.). Of course, the confidentiality status may also indicate that associated data is not confidential.
If it is determined that the e-mail does not include such a tag, the data may be analyzed for determining whether any portion of the data is confidential (not shown). Such analysis may be based on predefined rules, heuristics, etc. Further, a tag may be generated based on the determination, and may be applied to the data.
Moreover, a user associated with the data and/or an administrator may be notified of such generated tag and the data associated therewith. In this way, data on a network, including, for example, e-mail messages in a mail server, attachments of such e-mail messages, posts in public folders, etc. that do not have a tag indicating a confidentiality status thereof may be provided with such tag. In one embodiment, a scanning system (e.g. on-demand, periodically, as a background task, etc.) may be utilized for identifying data that does not include a tag, for generating a tag accordingly and/or for processing the data based on a policy.
In another optional embodiment, it may be determined whether the data is associated with a predefined availability time period threshold. The determination may be made periodically (e.g. as a background task, etc,), on-demand, etc. In addition, such determination may optionally be based on a confidentiality status of the data.
For example, the data may be associated with such a threshold for indicating that the data is to be made unavailable beyond the threshold time period (e.g. 2 days after transmittal of the e-mail, etc.). Thus, once the threshold has been met, action may be taken to make the data unavailable. In various embodiments, the data may be made unavailable by deleting the data from the mail server and/or local client, preventing the data from being forwarded, preventing the data from being printed, preventing the data from being copied, etc. Accordingly, it may be ensured that confidential data is only available for a predefined period of time, thus limiting the time period in which such confidential data may be compromised.
More illustrative information will now be set forth regarding various optional architectures and features of different embodiments with which the foregoing method may or may not be implemented, per the desires of the user. It should be strongly noted that the following information is set forth for illustrative purposes and should not be construed as limiting in any manner. Any of the following features may be optionally incorporated with or without the exclusion of other features described.
As shown in operation 402, a user sends an e-mail over a network. The user may send the e-mail by sending, replying, forwarding, etc. the e-mail utilizing any desired e-mail application. For example, the user may send the e-mail utilizing Microsoft® Outlook®, etc. Moreover, the user may send the e-mail utilizing a computer located on the network. Optionally, the user may apply a tag to the e-mail for indicating a confidentiality status of the e-mail (e.g. confidential, not confidential, scope of confidentiality, etc.).
A mail server then receives the e-mail, as shown in operation 404. The mail server may include any computer capable of processing the e-mail. For example, the mail server may include a Microsoft® Exchange server, an IBM® Domino® server, etc. In one embodiment, the mail server may be capable of transmitting the e-mail to a designated destination. In another embodiment, the mail server may also be capable of storing the e-mail for retrieval by a destination computer associated with the e-mail.
Further, the mail server invokes functions/services of a security system, as shown in operation 406. Optionally, the mail server may only invoke such security system if a setting directing the mail server to do so has been set (e.g. by a user, administrator, etc.). In this way, the security system may be utilized as desired.
The security system may include any security application (e.g. McAfee® GroupShield®, etc.), for example. Of course, however, the security system may also include a content manager, firewall, etc. In one embodiment, the security system may be stored on the mail server. Further, the security system may be integrated with an application of the mail server. In another embodiment, the security system may be stored on a computer remote from the mail server. Thus, the mail server may directly or remotely invoke at least a portion of the security system, based on the location of the security system.
Additionally, as shown in operation 408, the security system applies a policy to the e-mail. The policy may be associated with the security system, for example. Of course, it should be noted that the security system may also apply a plurality of policies to the e-mail. As shown in operation 410, the security system may apply the policy to the e-mail by retrieving the policy (e.g. from a database of policies, etc.).
In one embodiment, the security system may only apply a policy to the e-mail that is associated with such e-mail. Just by way of example, a policy utilized for maintaining a confidentiality of data may only be applied to the e-mail if the e-mail includes a tag indicating that the e-mail is confidential. As another example, a policy associated with a particular confidentiality status that matches a confidentiality status of the e-mail may be applied thereto. Of course, however, the policy may also be applicable to all e-mail messages.
For example, the policy may include a classified content filter that controls the transmission of the e-mail. Such classified content filter may indicate that e-mail of a specific confidentiality status is to be filtered, and therefore prevented from being transmitted to an associated destination. As another example, the policy may indicate that the e-mail is not allowed to be directly transmitted to at least one destination in a predetermined list of destinations (e.g. e-mail addresses, etc.). As yet another example, the policy may indicate that the e-mail is not allowed to be transmitted from the sender based on a predetermined list of origins (e.g. e-mail addresses, etc.). Further, the policy may indicate that the e-mail is not allowed to include an attachment. Of course, it should be noted that the policy may include any rule, standard, etc. capable of being applied to the e-mail.
Optionally, predetermined e-mail messages may be exempt from having the policy applied thereto. For example, a list may identify sources of e-mail messages, recipients of e-mail messages, etc. for which the policy is not to be applied. In this way, e-mail messages may be allowed to be transmitted without any policies being applied thereto (not shown).
As shown, it is determined in decision 412 whether the e-mail violates the policy. Thus, in the context of one embodiment, it may be determined whether the e-mail designates a source and/or destination included in a predetermined list of sources and/or destinations from which the e-mail may not originate and/or to which the e-mail may not be directly sent, for example. In the context of another exemplary embodiment, it may be determined whether the e-mail includes an attachment.
If it is determined that the e-mail does not violate the policy, then transmission of the e-mail may be continued. Note operation 414. Accordingly, the e-mail may be allowed to be transmitted to an associated destination address. If, however, it is determined that the e-mail does violate the policy, then an action may be taken, as shown in operation 416. The action may optionally be designated by the policy. As another option, the action may be taken by the security system.
The action may include, for example, redirecting the e-mail to a predetermined address if the e-mail is not to be directly transmitted to its designated destination and/or if the e-mail originates from a source within a predetermined list of sources, as described above. In this way, the e-mail may optionally be screened prior to being delivered to a destination that may be suspect. The action may also include removing an attachment from the e-mail if the e-mail is not allowed to include an attachment, and only allowing transmittal of the e-mail after removal of such attachment. Optionally, the attachment may be posted to a document portal (e.g. Microsoft® SharePoint, etc.) upon removal thereof.
Of course, in other various embodiments, the action may include rejecting transfer of the e-mail, sending a notification to the user that sent the c-mail, sending a notification to an administrator about the e-mail, quarantining the e-mail for further analysis, logging information associated with the e-mail, and/or any other action capable of being taken with respect to the e-mail. Thus, it may be ensured that confidential e-mails remain confidential based on policies.
As shown in operation 502, a user sends network traffic over a network. The network traffic may include any data (e.g. packets, etc.) capable of being transmitted over a network. The network traffic may also include SMTP, HTTP, FTP, etc.
Just by way of example, the network traffic may include a request made from one computer to another computer. The network traffic may also include a web based e-mail. Still yet, the network traffic may relate to the downloading of a web site.
In addition, a gateway server receives the network traffic, as shown in operation 504. The gateway server may include any computer capable of receiving the network traffic. In one embodiment, the gateway server may include a server that connects a plurality of different networks. Thus, the gateway server may be utilized for transmitting network traffic between such different networks. In the context of the present embodiment, the gateway server may receive the network traffic sent by the user for transmitting such network traffic to another computer located on a different network.
Further, as shown in operation 506, a security system applies a policy to the network traffic. The security system may include a content manager, such as for example the McAfee® Secure Content Manager, but of course may also include any system capable of providing security (e.g. IPS, firewall, etc.). In addition, the security system may optionally be located on the gateway server. In this way, the gateway server may be utilized for applying a security policy to the network traffic.
As shown, the policy may include a classified content filter (note operation 508). For example, such classified content filter may specify rules that network data must comply with. In one embodiment, the classified content filter may specify rules for network data that includes a tag indicating a confidential status. In this way, the policy may only be applicable to confidential network traffic.
For example, such policy may include prohibiting direct communication with predetermined network addresses [e.g. interne protocol (IP) addresses, etc.]. Of course, it should be noted that the policy may include any type of data capable of controlling the transmission of network traffic. In addition, the policy may include an action to take in response to the violation of and/or compliance with the policy by the network traffic. Such action will be described in more detail below.
As an option, predetermined network traffic may be exempt from having policies applied thereto. As described above with respect to
It is then determined whether the network traffic has violated the policy, as shown in operation 510. Such determination may be based on whether the network traffic violates a rule of the policy. In the context of a policy that prohibits direct communication with predetermined network addresses, the network traffic may violate the policy if the network traffic is destined for one of such predetermined network addresses.
If it is determined that the network traffic does not violate the policy, transmission of the network traffic to an associated destination address is allowed. Note operation 514. If, however, it is determined that the network traffic does violate the policy, then an action is taken. The type of action may be based on the specific policy violated, for example, where the policy specifies the action to be taken.
As described above with respect to
Thus, in one exemplary embodiment, data may be classified as confidential automatically (e.g. by a security system, etc.), by being marked by a user (e.g. author of the data, administrator, etc.) and/or in any other desired manner. Optionally, the data may only be classified by security systems, users, etc. that are authorized to do so. The confidential status of the data may then be identified and utilized by a security system for processing the data. Further, data that does not include a confidentiality status may be marked with such a status by a security system.
In another exemplary embodiment, if there are multiple security systems that are in use by an organization, a policy set by one of the security systems may be retrievable and reusable by the other security systems. Just by way of example, if GroupShield® for Microsoft® Exchange sets a policy to be applied to confidential data, then a Secure Content Manager may retrieve it and use it based on a configuration of the security systems, and vice versa. This may ensure that all security systems work in tandem and complement each other. In addition, time may be saved as well. Moreover, if GroupShield® for Microsoft® Exchange has the latest data leakage prevention policies and a Secure Content Manager has an older set of policies and/or no policies, then the Secure Content Manager may receive a benefit simply by retrieving and using the policy set by GroupShield® for Microsoft® Exchange.
In still yet another embodiment, confidentiality of e-mails and posts that are already in the e-mail database and posts database (e.g. public folders, etc.) may be maintained. Thus, confidentiality may be maintained when an e-mail is being sent/replied/forwarded and for the e-mails/posts that are already in the e-mail database on a, e-mail server. For example, a security system may traverse through the entire e-mail/posts database(s) proactively (e.g. utilizing background scanning in GroupShield® for Microsoft® Exchange etc.) and tag those e-mails/attachments/posts, thus saving time and allowing the users and/or administrators to be alerted beforehand that they are storing confidential e-mails/attachments/posts in their e-mail/posts database(s).
While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5280527 | Gullman et al. | Jan 1994 | A |
| 5572694 | Uchino | Nov 1996 | A |
| 5796948 | Cohen | Aug 1998 | A |
| 5845068 | Winiger | Dec 1998 | A |
| 5941915 | Federle et al. | Aug 1999 | A |
| 5987610 | Franczek et al. | Nov 1999 | A |
| 6073142 | Geiger et al. | Jun 2000 | A |
| 6367019 | Ansell et al. | Apr 2002 | B1 |
| 6460050 | Pace et al. | Oct 2002 | B1 |
| 6658566 | Hazard | Dec 2003 | B1 |
| 6718367 | Ayyadurai | Apr 2004 | B1 |
| 6741851 | Lee et al. | May 2004 | B1 |
| 6820204 | Desai et al. | Nov 2004 | B1 |
| 6934857 | Bartleson et al. | Aug 2005 | B1 |
| 6957330 | Hughes | Oct 2005 | B1 |
| 6961765 | Terry | Nov 2005 | B2 |
| 7023816 | Couillard | Apr 2006 | B2 |
| 7100123 | Todd et al. | Aug 2006 | B1 |
| 7124197 | Ocepek et al. | Oct 2006 | B2 |
| 7149778 | Patel et al. | Dec 2006 | B1 |
| 7194623 | Proudler et al. | Mar 2007 | B1 |
| 7194728 | Sirota et al. | Mar 2007 | B1 |
| 7257707 | England et al. | Aug 2007 | B2 |
| 7278016 | Detrick et al. | Oct 2007 | B1 |
| 7313615 | Fitzpatrick et al. | Dec 2007 | B2 |
| 7346778 | Guiter et al. | Mar 2008 | B1 |
| 7350074 | Gupta et al. | Mar 2008 | B2 |
| 7350084 | Abiko et al. | Mar 2008 | B2 |
| 7437752 | Heard et al. | Oct 2008 | B2 |
| 7461249 | Pearson et al. | Dec 2008 | B1 |
| 7475420 | Hernacki | Jan 2009 | B1 |
| 7484247 | Rozman et al. | Jan 2009 | B2 |
| 7490355 | Wong | Feb 2009 | B2 |
| 7506155 | Stewart et al. | Mar 2009 | B1 |
| 7519984 | Bhogal et al. | Apr 2009 | B2 |
| 7523484 | Lum et al. | Apr 2009 | B2 |
| 7526654 | Charbonneau | Apr 2009 | B2 |
| 7539857 | Bartlett et al. | May 2009 | B2 |
| 7559080 | Bhargavan et al. | Jul 2009 | B2 |
| 7581004 | Jakobson | Aug 2009 | B2 |
| 7630986 | Herz et al. | Dec 2009 | B1 |
| 7653811 | Yagiura | Jan 2010 | B2 |
| 7661124 | Ramanathan et al. | Feb 2010 | B2 |
| 7689563 | Jacobson | Mar 2010 | B1 |
| 7730040 | Reasor et al. | Jun 2010 | B2 |
| 7742406 | Muppala | Jun 2010 | B1 |
| 7847694 | Lee et al. | Dec 2010 | B2 |
| 7877616 | Abiko et al. | Jan 2011 | B2 |
| 7890587 | Chebiyyam | Feb 2011 | B1 |
| 7940756 | Duffy et al. | May 2011 | B1 |
| 8103727 | Lin | Jan 2012 | B2 |
| 8111413 | Nuggehalli et al. | Feb 2012 | B2 |
| 8151363 | Smithson | Apr 2012 | B2 |
| 8181036 | Nachenberg | May 2012 | B1 |
| 8199965 | Basavapatna et al. | Jun 2012 | B1 |
| 8272058 | Brennan | Sep 2012 | B2 |
| 8353053 | Chebiyyam | Jan 2013 | B1 |
| 8446607 | Zucker et al. | May 2013 | B2 |
| 20010046069 | Jones | Nov 2001 | A1 |
| 20020046275 | Crosbie et al. | Apr 2002 | A1 |
| 20020083003 | Halliday et al. | Jun 2002 | A1 |
| 20020099944 | Bowlin | Jul 2002 | A1 |
| 20020157089 | Patel et al. | Oct 2002 | A1 |
| 20030046679 | Singleton | Mar 2003 | A1 |
| 20030065937 | Watanabe et al. | Apr 2003 | A1 |
| 20030097583 | Lacan et al. | May 2003 | A1 |
| 20030105979 | Itoh et al. | Jun 2003 | A1 |
| 20030133443 | Klinker et al. | Jul 2003 | A1 |
| 20030135744 | Almedia | Jul 2003 | A1 |
| 20030177394 | Dozortsev | Sep 2003 | A1 |
| 20030182435 | Redlich et al. | Sep 2003 | A1 |
| 20030192033 | Gartside et al. | Oct 2003 | A1 |
| 20030233421 | Shibata et al. | Dec 2003 | A1 |
| 20040003255 | Apvrille et al. | Jan 2004 | A1 |
| 20040006715 | Skrepetos | Jan 2004 | A1 |
| 20040010686 | Goh et al. | Jan 2004 | A1 |
| 20040027601 | Ito et al. | Feb 2004 | A1 |
| 20040034794 | Mayer et al. | Feb 2004 | A1 |
| 20040054928 | Hall | Mar 2004 | A1 |
| 20040064732 | Hall | Apr 2004 | A1 |
| 20040088433 | Kaler et al. | May 2004 | A1 |
| 20040111482 | Bourges-Waldegg et al. | Jun 2004 | A1 |
| 20040117802 | Green | Jun 2004 | A1 |
| 20040146006 | Jackson | Jul 2004 | A1 |
| 20040172557 | Nakae et al. | Sep 2004 | A1 |
| 20040199555 | Krachman | Oct 2004 | A1 |
| 20040199566 | Carlson et al. | Oct 2004 | A1 |
| 20040199596 | Nutkis | Oct 2004 | A1 |
| 20040230572 | Omigui | Nov 2004 | A1 |
| 20040255138 | Nakae | Dec 2004 | A1 |
| 20050033810 | Malcolm | Feb 2005 | A1 |
| 20050038853 | Blanc et al. | Feb 2005 | A1 |
| 20050044359 | Eriksson et al. | Feb 2005 | A1 |
| 20050060643 | Glass et al. | Mar 2005 | A1 |
| 20050131990 | Jewell | Jun 2005 | A1 |
| 20050132184 | Palliyil et al. | Jun 2005 | A1 |
| 20050166066 | Ahuja et al. | Jul 2005 | A1 |
| 20050172140 | Ide | Aug 2005 | A1 |
| 20050198285 | Petit | Sep 2005 | A1 |
| 20050204009 | Hazarika et al. | Sep 2005 | A1 |
| 20050216749 | Brent | Sep 2005 | A1 |
| 20050262208 | Haviv et al. | Nov 2005 | A1 |
| 20050275861 | Ferlitsch | Dec 2005 | A1 |
| 20050289181 | Deninger et al. | Dec 2005 | A1 |
| 20060005244 | Garbow et al. | Jan 2006 | A1 |
| 20060010209 | Hodgson | Jan 2006 | A1 |
| 20060010217 | Sood | Jan 2006 | A1 |
| 20060021043 | Kaneko et al. | Jan 2006 | A1 |
| 20060026593 | Canning et al. | Feb 2006 | A1 |
| 20060041930 | Hafeman et al. | Feb 2006 | A1 |
| 20060050879 | Iizuka | Mar 2006 | A1 |
| 20060059548 | Hildre et al. | Mar 2006 | A1 |
| 20060070089 | Shoaib et al. | Mar 2006 | A1 |
| 20060075040 | Chimaytelli | Apr 2006 | A1 |
| 20060075502 | Edwards | Apr 2006 | A1 |
| 20060112166 | Pettigrew et al. | May 2006 | A1 |
| 20060120526 | Boucher et al. | Jun 2006 | A1 |
| 20060123413 | Collet et al. | Jun 2006 | A1 |
| 20060123479 | Kumar et al. | Jun 2006 | A1 |
| 20060132824 | Aritomi | Jun 2006 | A1 |
| 20060168026 | Keohane et al. | Jul 2006 | A1 |
| 20060190986 | Mont et al. | Aug 2006 | A1 |
| 20060224589 | Rowney et al. | Oct 2006 | A1 |
| 20060248252 | Kharwa | Nov 2006 | A1 |
| 20070022285 | Groth et al. | Jan 2007 | A1 |
| 20070028112 | Mackelden et al. | Feb 2007 | A1 |
| 20070033283 | Brown | Feb 2007 | A1 |
| 20070064883 | Rosenthal et al. | Mar 2007 | A1 |
| 20070074292 | Mimatsu | Mar 2007 | A1 |
| 20070094394 | Singh et al. | Apr 2007 | A1 |
| 20070101419 | Dawson | May 2007 | A1 |
| 20070110089 | Essafi et al. | May 2007 | A1 |
| 20070118904 | Goodman et al. | May 2007 | A1 |
| 20070136593 | Plavcan et al. | Jun 2007 | A1 |
| 20070143472 | Clark et al. | Jun 2007 | A1 |
| 20070143851 | Nicodemus et al. | Jun 2007 | A1 |
| 20070174909 | Burchett et al. | Jul 2007 | A1 |
| 20070198656 | Mazzaferri et al. | Aug 2007 | A1 |
| 20070214220 | Alsop et al. | Sep 2007 | A1 |
| 20070220319 | Desai et al. | Sep 2007 | A1 |
| 20070245148 | Buer | Oct 2007 | A1 |
| 20070279668 | Czyszczewski et al. | Dec 2007 | A1 |
| 20070280112 | Zheng et al. | Dec 2007 | A1 |
| 20080034224 | Ferren et al. | Feb 2008 | A1 |
| 20080040358 | Deng | Feb 2008 | A1 |
| 20080065882 | Goodman et al. | Mar 2008 | A1 |
| 20080065903 | Goodman et al. | Mar 2008 | A1 |
| 20080079730 | Zhang et al. | Apr 2008 | A1 |
| 20080083037 | Kruse et al. | Apr 2008 | A1 |
| 20080120689 | Morris et al. | May 2008 | A1 |
| 20080170785 | Simmons et al. | Jul 2008 | A1 |
| 20080208988 | Khouri et al. | Aug 2008 | A1 |
| 20080229428 | Camiel | Sep 2008 | A1 |
| 20080279381 | Narendra et al. | Nov 2008 | A1 |
| 20080309967 | Ferlitsch et al. | Dec 2008 | A1 |
| 20090055536 | Jo | Feb 2009 | A1 |
| 20090086252 | Zucker et al. | Apr 2009 | A1 |
| 20090172786 | Backa | Jul 2009 | A1 |
| 20090182931 | Gill et al. | Jul 2009 | A1 |
| 20090232300 | Zucker et al. | Sep 2009 | A1 |
| 20090327743 | Finlayson et al. | Dec 2009 | A1 |
| 20100174784 | Levey et al. | Jul 2010 | A1 |
| 20110167265 | Ahuja et al. | Jul 2011 | A1 |
| 20120011189 | Werner et al. | Jan 2012 | A1 |
| 20120183174 | Basavapatna et al. | Jul 2012 | A1 |
| 20120191792 | Chebiyyam | Jul 2012 | A1 |
| Number | Date | Country |
|---|---|---|
| 2411330 | Aug 2005 | GB |
| WO 02093410 | Nov 2002 | WO |
| WO 2006076536 | Jul 2006 | WO |
| WO 2006076536 | Jul 2006 | WO |
| Entry |
|---|
| Final Office Action in U.S. Appl. No. 11/473,930 mailed on Sep. 14, 2011. |
| Notice of Allowance in U.S. Appl. No. 12/187,207 mailed on Aug. 24, 2011. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 11/473,930, filed Nov. 14, 2011. |
| Response to Non-Final Office Action dated Jul. 20, 2011 in U.S. Appl. No. 11/740,844, filed Oct. 19, 2011. |
| Response to Non-Final Action dated Jul. 21, 2011 in U.S. Appl. No. 11/840,831, filed Oct. 19, 2011. |
| Final Office Action in U.S. Appl. No. 11/905,420 mailed on Nov. 2, 2011. |
| Final Office Action in U.S. Appl. No. 12/076,163 mailed on Oct. 19, 2011. |
| Request for Continued Examination in U.S. Appl. No. 12/187,207, filed Nov. 11, 2011. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 11/840,831, filed Jul. 5, 2011. |
| Response to Non-Final Action dated Mar. 25, 2011 in U.S. Appl. No. 12/187,207, filed Jun. 27, 2011. |
| Response to Non-Final Action dated May 23, 2011 in U.S. Appl. No. 11/905,420, filed Aug. 22, 2011. |
| ClearContext, www.clearcontext.com/user—guide/; [available online at at URL <http://web.archive.org/20061107135010/http://www.clearcontext.com/user—guide/>], Nov. 7, 206 (pp. 1-24). |
| Dabbish, et al., “Understanding Email Use: Predicting Action on a Message,” CHI 2005—Papers: Email and Security, Portland Oregon; available online at URL: <http://www.cs.cmu.edu/{tilde over ( )}kraut/Rkraut.site.files/articles/dabbish05-UnderstandingEmailUse.pdf> Apr. 2-7, 2005 (pp. 691-700). |
| Non-Final Office Action in U.S. Appl. No. 11/740,844 mailed on Jul. 20, 2011. |
| Non-Final Office Action in U.S. Appl. No. 11/840,831 mailed on Jul. 21, 2011. |
| Response to Non-Final Office Action dated Apr. 28, 2011 in U.S. Appl. No. 12/076,163, filed Jul. 28, 2011. |
| Fumera, G. et al., “Spam Filtering Based on the Analysis of Text Information Embedded into Images,” Journal of Machine Learning Research, Dec. 2006. |
| U.S. Appl. No. 11/349,479, filed Feb. 6, 2006. |
| Non-Final Rejection in U.S. Appl. No. 11/349,479 mailed on Dec. 8, 2008. |
| Response to Non-Final Action dated Dec. 8, 2008 in U.S. Appl. No. 11/349,479 filed Mar. 9, 2009. |
| Final Rejection in U.S. Appl. No. 11/349,479 mailed on Jun. 10, 2009. |
| Notice of Appeal in U.S. Appl. No. 11/349,479, filed Dec. 10, 2009. |
| Appeal Brief filed in U.S. Appl. No. 11/349,479, filed Dec. 10, 2009. |
| Examiner Interview Summary in U.S. Appl. No. 11/349,479 mailed on Feb. 5, 2010. |
| Non-Final Rejection in U.S. Appl. No. 11/349,479 mailed on Mar. 22, 2010. |
| Response to Non-Final Action dated Mar. 22, 2010 in U.S. Appl. No. 11/349,479 filed Jul. 22, 2010. |
| Notice of Allowance in U.S. Appl. No. 11/349,479 mailed on Nov. 8, 2010. |
| U.S. Appl. No. 11/473,930, filed Jun. 23, 2006. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Aug. 17, 2009. |
| Response to Non-Final Office Action dated Aug. 17, 2009 in U.S. Appl. No. 11/473,930, filed Nov. 17, 2009. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Jan. 26, 2010. |
| Response to Non-Final Office Action dated Jan. 26, 2010 in U.S. Appl. No. 11/473,930, filed Apr. 26, 2010. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Jul. 16, 2010. |
| Response to Non-Final Office Action dated Jul. 16, 2010 in U.S. Appl. No. 11/473,930, filed Dec. 16, 2010. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Mar. 10, 2011. |
| Response to Non-Final Action dated Mar. 10, 2011 in U.S. Appl. No. 11/473,930, filed Jun. 10, 2011. |
| U.S. Appl. No. 11/740,844, filed Apr. 26, 2007. |
| Non-Final Office Action in U.S. Appl. No. 11/740,844 mailed on May 14, 2009. |
| Response to Non-Final Office Action dated May 14, 2009 in U.S. Appl. No. 11/740,844, filed Oct. 14, 2009. |
| Final Office Action in U.S. Appl. No. 11/740,844 mailed on Jan. 11, 2010. |
| Response to Final Office Action dated Jan. 11, 2010 in U.S. Appl. No. 11/740,844, filed Mar. 11, 2010. |
| Advisory Action in U.S. Appl. No. 11/740,844 mailed on Mar. 25, 2010. |
| Request for Continued Examination and Amendment filed in U.S. Appl. No. 11/740,844, filed Mar. 29, 2010. |
| Non-Final Office Action in U.S. Appl. No. 11/740,844 mailed on Jun. 24, 2010. |
| Response to Non-Final Office Action dated Jun. 24, 2010 in U.S. Appl. No. 11/740,844, filed Nov. 24, 2010. |
| Final Office Action in U.S. Appl. No. 11/740,844 mailed on Feb. 18, 2011. |
| Response to Final Office Action dated Feb. 18, 2011 in U.S. Appl. No. 11/740,844, filed Apr. 18, 2011. |
| Advisory Action in U.S. Appl. No. 11/740,844 mailed on Apr. 27, 2011. |
| Request for Continued Examination and Amendment filed in U.S. Appl. No. 11/740,844, filed May 18, 2011. |
| U.S. Appl. No. 11/840,831, filed Aug. 17, 2007. |
| Non-Final Office Action in U.S. Appl. No. 11/840,831 mailed on Oct. 12, 2010. |
| Response to Non-Final Action dated Oct. 12, 2010 in U.S. Appl. No. 11/840,831, filed Feb. 14, 2011. |
| Final Office Action in U.S. Appl. No. 11/840,831 mailed on May 5, 2011. |
| Non-Final Office Action in U.S. Appl. No. 11/905,420 mailed on May 23, 2011. |
| Non-Final Office Action in U.S. Appl. No. 12/076,163 mailed on Apr. 28, 2011. |
| Non-Final Office Action in U.S. Appl. No. 12/187,207 mailed on Mar. 25, 2011. |
| U.S. Appl. No. 11/850,432, filed Sep. 5, 2007. |
| U.S. Appl. No. 12/123,370, filed May 19, 2008. |
| U.S. Appl. No. 12/102,526, filed Apr. 14, 2008. |
| U.S. Appl. No. 11/210,321, filed Aug. 23, 2005. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Mar. 1, 2012. |
| Final Office Action in U.S. Appl. No. 11/740,844 mailed on Feb. 16, 2012. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 11/740,844, filed Apr. 16, 2012. |
| Final Office Action in U.S. Appl. No. 11/840,831 mailed on Dec. 21, 2011. |
| Request for Continued Examination and Response in U.S. Appl. No. 11/840,831, filed Feb. 21, 2012. |
| Notice of Allowance in U.S. Appl. No. 11/840,831 mailed on Mar. 16, 2012. |
| Request for Continued Examination in U.S. Appl. No. 11/840,831, filed Mar. 22, 2012. |
| Notice of Allowance in U.S. Appl. No. 11/840,831 mailed on Apr. 3, 2012. |
| U.S. Appl. No. 13/429,363 entitled “System, Method, and Computer Program Product for Preventing Image-Related Data Loss”, filed Mar. 24, 2012. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 11/905,420, filed Jan. 3, 2012. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 12/076,163, filed Jan. 19, 2012. |
| U.S. Appl. No. 13/434,777, filed Mar. 29, 2012, entitled “System, Method, and Computer Program Product for Determining Whether an Electronic Mail Message is Compliant with an Etiquette Policy”, Inventor Gopi Krishna Chebiyyam. |
| Layland, Robin, “Data Leak Prevention: Coming Soon to a Business Near You,” Business Communications Review, May 2007 (pp. 44-49). |
| Heikkila, Faith M., “Encryption: Security Considerations for Portable Media Devices,” IEEE Computer Society, IEEE Security & Privacy, Jul./Aug. 2007 (pp. 22-27). |
| Response to Non-Final Office Action dated Mar. 1, 2012 in U.S. Appl. No. 11/473,930, filed May 29, 2012. |
| Final Office Action in U.S. Appl. No. 11/473,930 mailed on Aug. 8, 2012. |
| Final Office Action in U.S. Appl. No. 11/740,844 mailed on Aug. 15, 2012. |
| Response to Non-Final Office Action dated Jul. 23, 2012 in U.S. Appl. No. 11/905,420, filed Oct. 23, 2012. |
| Non-Final Office Action in U.S. Appl. No. 12/076,163 mailed on Sep. 4, 2012. |
| Notice of Allowance in U.S. Appl. No. 12/187,207 mailed on Sep. 11, 2012. |
| Non-Final Office Action in U.S. Appl. No. 13/434,777 mailed on Aug. 20, 2012. |
| Request for Continued Examination and Amendment to in U.S. Appl. No. 11/473,930, filed Nov. 7, 2012. |
| Non-Final Office Action in U.S. Appl. No. 11/473,930 mailed on Feb. 4, 2013. |
| Request for Continued Examination and Amendment in U.S. Appl. No. 11/740,844, filed Nov. 15, 2012. |
| Non-Final Office Action in U.S. Appl. No. 11/740,844 mailed on May 3, 2013. |
| Notice of Allowance in U.S. Appl. No. 11/905,420 mailed on Dec. 6, 2012. |
| Response to Non-Final Office Action dated Sep. 4, 2012 in U.S. Appl. No. 12/076,163, filed Dec. 4, 2012. |
| Final Office Action in U.S. Appl. No. 12/076,163 mailed on Mar. 25, 2013. |
| Request for Continued Examination in U.S. Appl. No. 12/187,207, filed Dec. 11, 2012. |
| Response to Non-Final Office Action dated Aug. 20, 2012 in U.S. Appl. No. 13/434,777, filed Nov. 20, 2012. |
| Final Office Action in U.S. Appl. No. 13/434,777 mailed on Feb. 12, 2013. |
| Request for Continued Examination in U.S. Appl. No. 13/434,777, filed Apr. 15, 2013. |
| Non-Final Office Action in U.S. Appl. No. 13/434,777 mailed on May 23, 2013. |
| Non-Final Office Action in U.S. Appl. No. 12/102,526 mailed on Nov. 24, 2010. |
| Response to Non-Final Office Action dated Nov. 24, 2010 in U.S. Appl. No. 12/102,526, filed Mar. 9, 2011. |
| Final Office Action in U.S. Appl. No. 12/102,526 mailed on May 25, 2011. |
| After Final Response to Final Office Action dated May 25, 2011 in U.S. Appl. No. 12/105,526, filed Jul. 13, 2011. |
| Advisory Action in U.S. Appl. No. 12/105,526 mailed on Aug. 1, 2011. |
| Request for Continued Examination in U.S. Appl. No. 12/105,526, filed Aug. 25, 2011. |
| Notice of Allowance in U.S. Appl. No. 12/105,526 mailed on Sep. 21, 2013. |
| Non-Final Office Action in U.S. Appl. No. 11/740,844 mailed on May 10, 2012. |
| Response to Non-Final Office Action dated May 10, 2012 in U.S. Appl. No. 11/740,844, filed Jul. 10, 2012. |
| Request for Continued Examination in U.S. Appl. No. 11/840,831, filed Apr. 27, 2012. |
| Notice of Allowance in U.S. Appl. No. 11/840,831 mailed on May 9, 2012. |
| Non-Final Office Action in U.S. Appl. No. 11/905,420 mailed on Jul. 23, 2011. |
