Detecting tainted documents by tracking transformed confidential data
US8356357B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 30, 2009 |
| Grant date | Jan 15, 2013 |
| Priority date | — |
| Expiry date | Nov 15, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/3247
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Tainted files suspected to contain confidential data that are inaccessible to Data Loss Prevention (DLP) applications are detected and tracked on computers. An access detection module detects that an application has accessed a file that contains confidential information. A transformation detection module that the application wrote a transformed file that contains content inaccessible to the DLP application, where the transformed file is suspected to contain at least a portion of the confidential information. A signature module generates a signature for the transformed file containing the inaccessible content. The signature is stored in a signature database containing a plurality of signatures of transformed files. A comparison module compares the signature generated to files transmitted via a network, wherein the transmitted files contain content inaccessible to the DLP application. A transformed file detection module detects that matched file is the transformed file in response to a comparison indicating that the signature matches a file transmitted via the network.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.