System and methods for policy-based active data loss prevention
US10454933B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 21, 2016 |
| Grant date | Oct 22, 2019 |
| Priority date | — |
| Expiry date | Dec 6, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/062
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and method for policy-based active Data Loss Prevention (DLP) using a two-step process to first determine if an attempt to access a data object is governed by DLP policy, and if so, then applying the DLP policy to either allow or deny access. Attempts by an agent to access, create, modify, or distribute a data object are trapped by a policy execution point. A first query determines if DLP policies govern that access request. If they do, then the metadata is decrypted to form a second query to a policy decision point to adjudicate the access request. If the access request is allowed, then a second key is provided to decrypt the data object for further processing. The system further provides for the encryption of unencrypted data objects to protect them for all future access queries.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.