US20130276061A1 - System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session - Google Patents

System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session Download PDF

Info

Publication number
US20130276061A1
US20130276061A1 US11/850,432 US85043207A US2013276061A1 US 20130276061 A1 US20130276061 A1 US 20130276061A1 US 85043207 A US85043207 A US 85043207A US 2013276061 A1 US2013276061 A1 US 2013276061A1
Authority
US
United States
Prior art keywords
data
access
remote
access attempt
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/850,432
Inventor
Gopi Krishna Chebiyyam
Prasanna Ganapathi Basavapatna
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
McAfee LLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/850,432 priority Critical patent/US20130276061A1/en
Assigned to MCAFEE, INC. reassignment MCAFEE, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BASAVAPATNA, PRASANNA GANAPATHI, CHEBIYYAM, GOPI KRISHNA
Publication of US20130276061A1 publication Critical patent/US20130276061A1/en
Priority to US14/289,859 priority patent/US10198587B2/en
Priority to US15/862,493 priority patent/US11645404B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Definitions

  • the present invention relates to data loss prevention, and more particularly to preventing data loss by preventing access data.
  • security systems have been developed for preventing data loss.
  • data loss has generally included the unauthorized or otherwise unwanted disclosure of data (e.g. confidential data, etc.).
  • security systems have exhibited various limitations in preventing data loss.
  • security systems have conventionally been deficient in preventing data loss due to remote data sharing.
  • a system, method, and computer program product are provided for preventing access to data associated with a data access attempt.
  • a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.
  • FIG. 1 illustrates a network architecture, in accordance with one embodiment.
  • FIG. 2 shows a representative hardware environment that may be associated with the servers and/or clients of FIG. 1 , in accordance with one embodiment.
  • FIG. 3 shows a method for preventing access to data associated with a data access attempt, in accordance with one embodiment.
  • FIG. 4 shows a method for preventing access to a uniform resource locator (URL) associated with remote desktop sharing, in accordance with another embodiment.
  • URL uniform resource locator
  • FIG. 5 shows a method for preventing access to data based on an application that initiated a data access request, in accordance with yet another embodiment.
  • FIG. 6 shows a method for preventing access to data based on a fingerprint of the data, in accordance with still yet another embodiment.
  • FIG. 1 illustrates a network architecture 100 , in accordance with one embodiment.
  • a plurality of networks 102 is provided.
  • the networks 102 may each take any form including, but not limited to a local area network (LAN), a wireless network, a wide area network (WAN) such as the Internet, peer-to-peer network, etc.
  • LAN local area network
  • WAN wide area network
  • peer-to-peer network etc.
  • servers 104 which are capable of communicating over the networks 102 .
  • clients 106 are also coupled to the networks 102 and the servers 104 .
  • Such servers 104 and/or clients 106 may each include a desktop computer, lap-top computer, hand-held computer, mobile phone, personal digital assistant (PDA), peripheral (e.g. printer, etc.), any component of a computer, and/or any other type of logic.
  • PDA personal digital assistant
  • peripheral e.g. printer, etc.
  • any component of a computer and/or any other type of logic.
  • at least one gateway 108 is optionally coupled therebetween.
  • FIG. 2 shows a representative hardware environment that may be associated with the servers 104 and/or clients 106 of FIG. 1 , in accordance with one embodiment.
  • Such figure illustrates a typical hardware configuration of a workstation in accordance with one embodiment having a central processing unit 210 , such as a microprocessor, and a number of other units interconnected via a system bus 212 .
  • a central processing unit 210 such as a microprocessor
  • the workstation shown in FIG. 2 includes a Random Access Memory (RAM) 214 , Read Only Memory (ROM) 216 , an I/O adapter 218 for connecting peripheral devices such as disk storage units 220 to the bus 212 , a user interface adapter 222 for connecting a keyboard 224 , a mouse 226 , a speaker 228 , a microphone 232 , and/or other user interface devices such as a touch screen (not shown) to the bus 212 , communication adapter 234 for connecting the workstation to a communication network 235 (e.g., a data processing network) and a display adapter 236 for connecting the bus 212 to a display device 238 .
  • a communication network 235 e.g., a data processing network
  • display adapter 236 for connecting the bus 212 to a display device 238 .
  • the workstation may have resident thereon any desired operating system. It will be appreciated that an embodiment may also be implemented on platforms and operating systems other than those mentioned.
  • One embodiment may be written using JAVA, C, and/or C++ language, or other programming languages, along with an object oriented programming methodology.
  • Object oriented programming (OOP) has become increasingly used to develop complex applications.
  • FIG. 3 shows a method 300 for preventing access to data associated with a data access attempt, in accordance with one embodiment.
  • the method 300 may be carried out in the context of the architecture and environment of FIGS. 1 and/or 2 , Of course, however, the method 300 may be carried out in any desired environment.
  • a data access attempt associated with a remote data sharing session is identified.
  • the data may include information, code, and/or anything else capable of being associated with a remote data session.
  • the data may include any number of documents, electronic mail (email) messages, programs, uniform resource locators (URLs), etc.
  • the data may be stored on a client, a server, and/or any other device (e.g. such as any of the devices described above with respect to FIGS. 1 and/or 2 , etc.).
  • the data access attempt may include any attempt associated with a remote data sharing session to access data.
  • the data access attempt may include a request to access the data.
  • the data access attempt may include an attempt to open the data, read the data, write to the data, copy the data, attach the data to other data (e.g. an email), display the data utilizing a liquid crystal display (LCD) projector, etc.
  • LCD liquid crystal display
  • the remote data sharing session may include any session in which the data may be shared remotely, where the term remotely indicates the involvement of any device separate from the device on which the data is stored, etc.
  • the remote data sharing session may, in one embodiment, include a time period in which remote data sharing is enabled.
  • the data may be shared remotely by viewing the data remotely, interacting with the data remotely, etc.
  • such remote data sharing may include any displaying, presenting, etc. of data located at a first location to a remote second location.
  • the remote data sharing may include sharing a desktop display with a remote computer, sharing the data with a projector (e.g. LCD projector, etc.) which projects the data, etc.
  • a projector e.g. LCD projector, etc.
  • the remote data sharing session may be associated with (e.g. facilitated by, etc.) a remote data sharing application.
  • the remote data sharing application may include a remote desktop application (e.g. Microsoft® Office Live Meeting, Citrix® GoToAssist®, etc.).
  • the remote data sharing application may optionally be capable of sharing data remotely from a first device with a second device.
  • the data access attempt may be associated with the remote data sharing session by being initiated via the remote data sharing session (e.g. via a command executed during the remote data sharing session).
  • the data access attempt may include an attempt to access the remote data sharing session, the remote data sharing application associated with such session and/or any other aspect associated with the remote data sharing session.
  • the data access attempt may be initiated manually (e.g. by a user), in one embodiment.
  • the data access attempt may be initiated automatically (e.g. via an application, etc.).
  • the data access attempt may also be initiated via the remote data sharing session.
  • the data access attempt may be identified in any desired manner.
  • the data access attempt may be identified utilizing a client (e.g. on which the data is stored, etc.).
  • the client may identify data access attempts initiated at the client.
  • the data access attempt may be identified utilizing an agent installed on the client, which monitors data access attempts.
  • the data access attempt may be identified utilizing a plug-in, add-in, etc. to an application (e.g. web browser, word processing application, data sharing application, etc.) associated with, installed on, etc. the client.
  • an application e.g. web browser, word processing application, data sharing application, etc.
  • such application may be the source of the data access attempt, an application utilized in accessing the data, an application utilized for sharing the data remotely, etc.
  • each of a plurality of applications associated with the client may be associated with a separate plug-in, etc.
  • the plug-in, etc. may be continuously active when the application is running (e.g. being executed).
  • the data access attempt may be identified utilizing a gateway.
  • the gateway may identify the data access attempt based on network traffic received over a network (e.g. such as any of the networks described above with respect to FIG. 1 ).
  • a network e.g. such as any of the networks described above with respect to FIG. 1 .
  • such gateway may similarly utilize an agent, plug-in, etc. for identifying the data access attempt.
  • access to the data is prevented.
  • the access of operation 304 may include any access associated with (e.g. requested in conjunction with, etc.) the data access attempt.
  • the access may be prevented by blocking the access, disallowing the access, denying a request associated with the data access attempt, disallowing network traffic associated with the data access attempt, etc.
  • the access to the data may be prevented in any desired manner.
  • the access may be prevented, if it is determined that the data matches predetermined data.
  • predetermined data may include known confidential data (e.g. data predetermined to be confidential, etc.).
  • the access may be prevented, if it is determined that a fingerprint (e.g. hash, etc.) of the data matches a predetermined fingerprint, such as a fingerprint of known confidential data, for example.
  • the access may be prevented, if it is determined that a remote data sharing application associated with the remote data sharing session is predetermined to be disallowed from accessing the data.
  • a remote data sharing application associated with the remote data sharing session is predetermined to be disallowed from accessing the data.
  • a user may configure (e.g. predefine, etc.) remote data sharing applications allowed to and/or disallowed from accessing data.
  • remote data sharing applications may be predetermined with respect to each of a plurality of instances of different data, with respect to locations of data capable of being accessed, with respect to categories of data capable of being accessed (e.g. file types, etc.), and/or with respect to any data capable of being accessed.
  • the access may be prevented based on a determination of whether the remote data sharing session is enabled. For example, if the remote data sharing session is enabled, access to the data may be prevented. Of course, however, preventing access to the data may be based on any desired criteria,
  • such access to data may be prevented in any desired manner.
  • such access prevention may eliminate unwanted loss, disclosure, etc. of the data via the remote data sharing session.
  • preventing access to the data may prevent the data from being presented, displayed, etc. to a remote device utilizing remote data sharing techniques associated with the remote data sharing session.
  • data leakage may also be limited by preventing access to data when a data access attempt is associated with a remote data sharing session.
  • FIG. 4 shows method 400 for preventing access to a uniform resource locator (URL) associated with remote desktop sharing, in accordance with another embodiment.
  • the method 400 may be carried out in the context of the architecture and environment of FIGS. 1-3 . Of course, however, the method 400 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • the URL access request may include a request to access content (e.g. web content, etc.) associated with a URL.
  • the URL access request may be issued via a web browser.
  • the URL access request may be issued based on a user selection of a web link on a web page displayed via the web browser, a user entry of the URL into the web browser, etc.
  • the URL access request may be identified utilizing an agent installed on a client via which the URL access request is issued.
  • the URL access request may be identified utilizing a plug-in, add-in, etc. associated with the web browser via which the URL access request is issued.
  • the URL access request may be identified utilizing a plug-in, add-in, etc. associated with an application enabled for remotely sharing data.
  • the URL access request may be identified utilizing an agent, plug-in, etc. installed on a gateway (e.g. via which the URL access request is communicated over a network, etc.).
  • known URLs may include any URLs predetermined to be associated with remote desktop sharing.
  • the known URLs may include a location on a network of a remote desktop sharing application capable of being utilized for remotely sharing a desktop.
  • such known URLs may be predetermined based on a user configuration, based on an automatic configuration (e.g. web crawler, etc.).
  • the known URLs may be stored in a library of known URLs.
  • the known URLs may be stored on the client via which the URL access request is initiated.
  • the known URLs may be stored at a central location (e.g. central server, etc.) capable of being accessed by the client and/or gateway.
  • the URL may be compared to the known URLs by comparing any portion or an entirety of the URL with any respective portion or entirety of the known URLs.
  • a destination e.g. web server, etc.
  • access to the URL is prevented. Note operation 408 .
  • content associated with the URL may be prevented from being presented.
  • the URL access request such as network traffic associated with such URL access request, may be prevented from being communicated to the destination associated with the request.
  • access to the URL may be prevented utilizing the agent, plug-in, etc. used for identifying the URL access request (as described above in operation 402 ).
  • manually allowing access to the URL may include a user selecting (e.g. via a user interface) to allow the access.
  • the user may include any user authorized to manually allow such access.
  • a notification may be communicated to the user. Additionally, such notification may include an option capable of being selected by the user for manually allowing access to the URL.
  • access to the URL may be manually allowed based on a predefined list of URLs to which access is allowed. For example, a user may configure a list of URLs associated with remote desktop sharing to which access is allowed. Thus, if the URL matches a URL in the predefined list of URLs to which access is allowed, access to the URL may be manually allowed.
  • access to the URL is allowed, as shown in operation 412 .
  • access to a URL may be allowed automatically if the URL does not match known URLs associated with remote desktop sharing or manually as desired by a user. Still yet, it may be continuously determined whether access to the URL is manually allowed (e.g. for a predefined time period, etc.). In this way, access to the URL may optionally be allowed at any time after access to the URL is prevented.
  • FIG. 5 shows a method 500 for preventing access to data based on an application that initiated a data access request, in accordance with yet another embodiment.
  • the method 500 may be carried out in the context of the architecture and environment of FIGS. 1-4 .
  • the method 500 may be carried out in any desired environment.
  • the aforementioned definitions may apply during the present description.
  • the data access request may include a request to access a document.
  • the data access request may include a request to open the document.
  • the data access request may include a request to attach the data to an email, a document, etc.
  • the data access request may be issued via an application program interface (API).
  • API application program interface
  • the data access request may be issued manually by a user, for example, by selecting to open the data.
  • the data access request may be issued automatically (e.g. via an application requesting to access the data, etc.).
  • the data access request may be identified utilizing an agent installed on a client via which the data access request is issued.
  • the data access request may be identified utilizing an agent installed on a gateway (e.g. via which the data access request is communicated over a network, etc.).
  • the data access request may be identified in any manner.
  • a plurality of predetermined fingerprints may be stored, in a database.
  • the database may store additional information with respect to the predetermined fingerprints.
  • the database may store identifiers of applications allowed to be utilized for accessing data associated with each of the predetermined fingerprints, disallowed for use in accessing such data, etc.
  • the predetermined fingerprints and associated allowed/disallowed applications may be configured by a user.
  • Table 1 illustrates one example of a database capable of being utilized for storing predetermined fingerprints of data and identifiers of associated applications allowed to be utilized for accessing such data.
  • the database may be utilized for associating each fingerprint with an application, it should be noted that the database is set forth for illustrative purposes only, and thus should not be construed as limiting in any manner.
  • such predetermined fingerprints may include fingerprints of various data that have been predefined.
  • the predetermined fingerprints may indicate data which is at least potentially confidential, (e.g. for which unauthorized disclosure is unwanted, etc.).
  • a fingerprint of the data may be compared with the predetermined fingerprints in the database, such that a match may indicate that the data is fingerprinted.
  • an application that initiated the data access request is identified, as shown in operation 506 .
  • the application may include an application to be utilized for accessing the data.
  • the application may include an application capable of being utilized for displaying the data.
  • identifying the application may include identifying a version of the application, identifying a name of the application, identifying a provider of the application, etc.
  • the application may be identified based on the data access request.
  • the data access request may include an identifier of the application that issued the request (e.g. a source of the request, etc.).
  • the application may be identified in any manner.
  • the predetermined fingerprint matching the fingerprint of the data may be identified in the database.
  • application identifiers stored in the database in association with such identified predetermined fingerprint may be identified. Accordingly, the application that issued the data access request may be compared with the identified application identifiers, such that it may be determined whether any such identified application identifiers match the application that issued the data access request.
  • the application identifiers in the database associated with a fingerprint may indicate applications predetermined to be allowed to access data associated with the fingerprint. To this end, a match may indicate that the data is allowed to be accessed utilizing the identified application that issued the data access request. As another option, the application identifiers in the database associated with a fingerprint may indicate applications predetermined to be disallowed from accessing data associated with the fingerprint. Thus, a match may indicate that the data is not allowed to be accessed utilizing the identified application that issued the data access request.
  • predetermined applications may be determined to be dedicated applications allowed to access any data.
  • such dedicated applications may be predetermined based on a user configuration.
  • the dedicated applications may include the only applications allowed to access fingerprinted data.
  • predetermined applications may be disallowed from being utilized during a remote data sharing session. For example, if it is determined that one of the predetermined applications is running, a remote data sharing session may be prevented from being enabled. As another example, if it is determined that a remote data sharing session is enabled, one of the predetermined applications may be prevented from being initiated.
  • access to the date is allowed. Note operation 510 .
  • Such access may include the access requested by the data access request.
  • the data may be allowed to be presented, displayed, attached, etc.
  • the data access request may be allowed to be sent to a destination (e.g. server, etc.) associated with the request.
  • access to the data may be prevented. Note operation 512 .
  • the data may be prevented from being presented.
  • the data access request such as network traffic associated with such data access request, may be prevented from being communicated to the destination associated with the request.
  • access to the data may be prevented utilizing the agent used for identifying the data access request (as described above in operation 502 ).
  • the data access request may include a request to display the data utilizing a projector, such that data loss may be prevented with respect to a public sharing session associated with an LCD projector, etc.
  • applications may be indicated as being allowed to access the data and/or disallowed from accessing the data.
  • particular data may only be accessible via predefined applications, as desired.
  • predefined applications may allow a single agent installed on a client, gateway, etc. to determine whether any of a plurality of different applications may be utilized for accessing data associated with a data access request.
  • FIG. 6 shows a method 600 for preventing access to data based on a fingerprint of the data, in accordance with still yet another embodiment.
  • the method 600 may be carried out in the context of the architecture and environment of FIGS. 1-4 . Of course, however, the method 600 may be carried out in any desired environment. Again, it should also be noted that the aforementioned definitions may apply during the present description.
  • remote data sharing it is determined whether remote data sharing is enabled. In one embodiment, it may be determined whether the remote data sharing is enabled based on a determination of whether a remote data sharing application, or any associated processes, are executing. For example, an agent installed on a client may determine whether a remote data sharing application is executing on the client.
  • the data access request may be identified utilizing an agent installed on the client via which the data access request is issued.
  • the data access request may be identified utilizing a plug-in, add-in, etc. associated with an application via which the data access request is issued.
  • the data access request may be identified utilizing a plug-in, add-in, etc. associated with a remote data sharing application.
  • a fingerprint of the data is identified, as shown in operation 606 .
  • the fingerprint of the data may be identified by hashing the data, in one embodiment. In another embodiment, the fingerprint of the data may be identified by calculating a value of the data utilizing a predetermined algorithm.
  • the known fingerprint may include any predetermined fingerprint of data.
  • a database may store a plurality of predetermined fingerprints of data.
  • such database may be stored locally (e.g. on a client on which the data access request was issued), but of course may also be stored remotely (e.g. at a location central to a plurality of clients on a network).
  • the predetermined fingerprints may be of known confidential data.
  • determining whether the identified fingerprint matches a known fingerprint may include comparing the identified fingerprint to a plurality of known fingerprints. If it is determined that the fingerprint of the data does not match a known fingerprint (e.g. based on the comparison, etc.), access to the data may be allowed. Note operation 610 .
  • the access may include the access requested by the issued data access request (in operation 604 ). If, however, it is determined that the fingerprint of the data matches a known fingerprint (e.g. based on the comparison, etc.), access to the data may be prevented. Note operation 612 .
  • data may be prevented from being accessed based on a fingerprint of the data when a remote data sharing session is enabled.
  • data may be closed in response to a request to initiate the remote data sharing session.
  • data loss may be prevented based on various access requests, including, for example, a public sharing session where the data is displayed on an LCD projector, etc.

Abstract

A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Description

    FIELD OF THE INVENTION
  • The present invention relates to data loss prevention, and more particularly to preventing data loss by preventing access data.
    • BACKGROUND
  • In the past, security systems have been developed for preventing data loss. For example, such data loss has generally included the unauthorized or otherwise unwanted disclosure of data (e.g. confidential data, etc.). However, security systems have exhibited various limitations in preventing data loss. For example, security systems have conventionally been deficient in preventing data loss due to remote data sharing.
  • There is thus a need for addressing these and/or other issues associated with the prior art.
    • SUMMARY
  • A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates a network architecture, in accordance with one embodiment.
  • FIG. 2 shows a representative hardware environment that may be associated with the servers and/or clients of FIG. 1, in accordance with one embodiment.
  • FIG. 3 shows a method for preventing access to data associated with a data access attempt, in accordance with one embodiment.
  • FIG. 4 shows a method for preventing access to a uniform resource locator (URL) associated with remote desktop sharing, in accordance with another embodiment.
  • FIG. 5 shows a method for preventing access to data based on an application that initiated a data access request, in accordance with yet another embodiment.
  • FIG. 6 shows a method for preventing access to data based on a fingerprint of the data, in accordance with still yet another embodiment.
    •  DETAILED DESCRIPTION
  • FIG. 1 illustrates a network architecture 100, in accordance with one embodiment. As shown, a plurality of networks 102 is provided. In the context of the present network architecture 100, the networks 102 may each take any form including, but not limited to a local area network (LAN), a wireless network, a wide area network (WAN) such as the Internet, peer-to-peer network, etc.
  • Coupled to the networks 102 are servers 104 which are capable of communicating over the networks 102. Also coupled to the networks 102 and the servers 104 is a plurality of clients 106. Such servers 104 and/or clients 106 may each include a desktop computer, lap-top computer, hand-held computer, mobile phone, personal digital assistant (PDA), peripheral (e.g. printer, etc.), any component of a computer, and/or any other type of logic. In order to facilitate communication among the networks 102, at least one gateway 108 is optionally coupled therebetween.
  • FIG. 2 shows a representative hardware environment that may be associated with the servers 104 and/or clients 106 of FIG. 1, in accordance with one embodiment. Such figure illustrates a typical hardware configuration of a workstation in accordance with one embodiment having a central processing unit 210, such as a microprocessor, and a number of other units interconnected via a system bus 212.
  • The workstation shown in FIG. 2 includes a Random Access Memory (RAM) 214, Read Only Memory (ROM) 216, an I/O adapter 218 for connecting peripheral devices such as disk storage units 220 to the bus 212, a user interface adapter 222 for connecting a keyboard 224, a mouse 226, a speaker 228, a microphone 232, and/or other user interface devices such as a touch screen (not shown) to the bus 212, communication adapter 234 for connecting the workstation to a communication network 235 (e.g., a data processing network) and a display adapter 236 for connecting the bus 212 to a display device 238.
  • The workstation may have resident thereon any desired operating system. It will be appreciated that an embodiment may also be implemented on platforms and operating systems other than those mentioned. One embodiment may be written using JAVA, C, and/or C++ language, or other programming languages, along with an object oriented programming methodology. Object oriented programming (OOP) has become increasingly used to develop complex applications.
  • Of course, the various embodiments set forth herein may be implemented utilizing hardware, software, or any desired combination thereof. For that matter, any type of logic may be utilized which is capable of implementing the various functionality set forth herein.
  • FIG. 3 shows a method 300 for preventing access to data associated with a data access attempt, in accordance with one embodiment. As an option, the method 300 may be carried out in the context of the architecture and environment of FIGS. 1 and/or 2, Of course, however, the method 300 may be carried out in any desired environment.
  • As shown in operation 302, a data access attempt associated with a remote data sharing session is identified. In the context of the present description, the data may include information, code, and/or anything else capable of being associated with a remote data session. In various embodiments, the data may include any number of documents, electronic mail (email) messages, programs, uniform resource locators (URLs), etc. Additionally, the data may be stored on a client, a server, and/or any other device (e.g. such as any of the devices described above with respect to FIGS. 1 and/or 2, etc.).
  • To this end, the data access attempt may include any attempt associated with a remote data sharing session to access data. For example, the data access attempt may include a request to access the data. In other examples, the data access attempt may include an attempt to open the data, read the data, write to the data, copy the data, attach the data to other data (e.g. an email), display the data utilizing a liquid crystal display (LCD) projector, etc.
  • In the context of the present description, the remote data sharing session may include any session in which the data may be shared remotely, where the term remotely indicates the involvement of any device separate from the device on which the data is stored, etc. For example, the remote data sharing session may, in one embodiment, include a time period in which remote data sharing is enabled. As an option, the data may be shared remotely by viewing the data remotely, interacting with the data remotely, etc. In one embodiment, such remote data sharing may include any displaying, presenting, etc. of data located at a first location to a remote second location. Just by way of example, the remote data sharing may include sharing a desktop display with a remote computer, sharing the data with a projector (e.g. LCD projector, etc.) which projects the data, etc.
  • Moreover, the remote data sharing session may be associated with (e.g. facilitated by, etc.) a remote data sharing application. For example, the remote data sharing application may include a remote desktop application (e.g. Microsoft® Office Live Meeting, Citrix® GoToAssist®, etc.). Thus, the remote data sharing application may optionally be capable of sharing data remotely from a first device with a second device. As an option, the data access attempt may be associated with the remote data sharing session by being initiated via the remote data sharing session (e.g. via a command executed during the remote data sharing session). As another option, the data access attempt may include an attempt to access the remote data sharing session, the remote data sharing application associated with such session and/or any other aspect associated with the remote data sharing session.
  • To this end, the data access attempt may be initiated manually (e.g. by a user), in one embodiment. In another embodiment, the data access attempt may be initiated automatically (e.g. via an application, etc.). As described above, the data access attempt may also be initiated via the remote data sharing session.
  • Further, the data access attempt may be identified in any desired manner. In one embodiment, the data access attempt may be identified utilizing a client (e.g. on which the data is stored, etc.). In this way, the client may identify data access attempts initiated at the client. For example, the data access attempt may be identified utilizing an agent installed on the client, which monitors data access attempts.
  • As another example, the data access attempt may be identified utilizing a plug-in, add-in, etc. to an application (e.g. web browser, word processing application, data sharing application, etc.) associated with, installed on, etc. the client. As an option, such application may be the source of the data access attempt, an application utilized in accessing the data, an application utilized for sharing the data remotely, etc. Thus, each of a plurality of applications associated with the client may be associated with a separate plug-in, etc. As another option, the plug-in, etc. may be continuously active when the application is running (e.g. being executed).
  • In another embodiment, the data access attempt may be identified utilizing a gateway. For example, the gateway may identify the data access attempt based on network traffic received over a network (e.g. such as any of the networks described above with respect to FIG. 1). As an option, such gateway may similarly utilize an agent, plug-in, etc. for identifying the data access attempt.
  • As also shown, access to the data is prevented. Note operation 304. In the context of the present description, the access of operation 304 may include any access associated with (e.g. requested in conjunction with, etc.) the data access attempt. In various embodiments, the access may be prevented by blocking the access, disallowing the access, denying a request associated with the data access attempt, disallowing network traffic associated with the data access attempt, etc. Of course, however, the access to the data may be prevented in any desired manner.
  • In one embodiment, the access may be prevented, if it is determined that the data matches predetermined data. Such predetermined data may include known confidential data (e.g. data predetermined to be confidential, etc.). In another embodiment, the access may be prevented, if it is determined that a fingerprint (e.g. hash, etc.) of the data matches a predetermined fingerprint, such as a fingerprint of known confidential data, for example.
  • In yet another embodiment, the access may be prevented, if it is determined that a remote data sharing application associated with the remote data sharing session is predetermined to be disallowed from accessing the data. For example, a user may configure (e.g. predefine, etc.) remote data sharing applications allowed to and/or disallowed from accessing data. As an option, such remote data sharing applications may be predetermined with respect to each of a plurality of instances of different data, with respect to locations of data capable of being accessed, with respect to categories of data capable of being accessed (e.g. file types, etc.), and/or with respect to any data capable of being accessed.
  • In still yet another embodiment, the access may be prevented based on a determination of whether the remote data sharing session is enabled. For example, if the remote data sharing session is enabled, access to the data may be prevented. Of course, however, preventing access to the data may be based on any desired criteria,
  • To this end, such access to data may be prevented in any desired manner. In one embodiment, such access prevention may eliminate unwanted loss, disclosure, etc. of the data via the remote data sharing session. For example, preventing access to the data may prevent the data from being presented, displayed, etc. to a remote device utilizing remote data sharing techniques associated with the remote data sharing session. Accordingly, in addition to optionally educating users on potential data leakage via remote data sharing sessions, such data leakage may also be limited by preventing access to data when a data access attempt is associated with a remote data sharing session.
  • More illustrative information will now be set forth regarding various optional architectures and features with which the foregoing technique may or may not be implemented, per the desires of the user. It should be strongly noted that the following information is set forth for illustrative purposes and should not be construed as limiting in any manner. Any of the following features may be optionally incorporated with or without the exclusion of other features described.
  • FIG. 4 shows method 400 for preventing access to a uniform resource locator (URL) associated with remote desktop sharing, in accordance with another embodiment. As an option, the method 400 may be carried out in the context of the architecture and environment of FIGS. 1-3. Of course, however, the method 400 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • As shown in operation 402, it is determined whether a URL access request has been issued. In the context of the present embodiment, the URL access request may include a request to access content (e.g. web content, etc.) associated with a URL. In one embodiment, the URL access request may be issued via a web browser. For example, the URL access request may be issued based on a user selection of a web link on a web page displayed via the web browser, a user entry of the URL into the web browser, etc.
  • Further, the URL access request may be identified utilizing an agent installed on a client via which the URL access request is issued. In another embodiment, the URL access request may be identified utilizing a plug-in, add-in, etc. associated with the web browser via which the URL access request is issued. In yet another embodiment, the URL access request may be identified utilizing a plug-in, add-in, etc. associated with an application enabled for remotely sharing data. In still yet another embodiment, the URL access request may be identified utilizing an agent, plug-in, etc. installed on a gateway (e.g. via which the URL access request is communicated over a network, etc.).
  • In response to a determination that the URL access request has been issued, the URL is compared to known URLs associated with remote desktop sharing. Note operation 404. Such known URLs may include any URLs predetermined to be associated with remote desktop sharing. For example, the known URLs may include a location on a network of a remote desktop sharing application capable of being utilized for remotely sharing a desktop. Optionally, such known URLs may be predetermined based on a user configuration, based on an automatic configuration (e.g. web crawler, etc.).
  • In one embodiment, the known URLs may be stored in a library of known URLs. In another embodiment, the known URLs may be stored on the client via which the URL access request is initiated. In yet another embodiment, the known URLs may be stored at a central location (e.g. central server, etc.) capable of being accessed by the client and/or gateway. Optionally, the URL may be compared to the known URLs by comparing any portion or an entirety of the URL with any respective portion or entirety of the known URLs.
  • It is further determined whether the URL matches any of the known URLs, as shown in decision 406. To this end, such determination may be based on the comparison of the URL with the known URLs. If it is determined that the URL does not match any of the known URLs, access to the URL is allowed. Note operation 412. Such access may include the access requested by the URL access request. In one embodiment, content associated with the URL, such as a web page, may be allowed to be presented. In another embodiment, the URL access request may be allowed to be sent to a destination (e.g. web server, etc.) associated with the request.
  • If however, it is determined that the URL matches one of the known URLs, access to the URL is prevented. Note operation 408. In one embodiment, content associated with the URL may be prevented from being presented. In another embodiment, the URL access request, such as network traffic associated with such URL access request, may be prevented from being communicated to the destination associated with the request. As an option, access to the URL may be prevented utilizing the agent, plug-in, etc. used for identifying the URL access request (as described above in operation 402).
  • Moreover, it is determined whether access to the URL is manually allowed, as shown in operation 410. In one embodiment, manually allowing access to the URL may include a user selecting (e.g. via a user interface) to allow the access. The user may include any user authorized to manually allow such access. For example, in response to preventing access to the URL (operation 408), a notification may be communicated to the user. Additionally, such notification may include an option capable of being selected by the user for manually allowing access to the URL.
  • In another embodiment, access to the URL may be manually allowed based on a predefined list of URLs to which access is allowed. For example, a user may configure a list of URLs associated with remote desktop sharing to which access is allowed. Thus, if the URL matches a URL in the predefined list of URLs to which access is allowed, access to the URL may be manually allowed.
  • In response to a determination that access to the URL is manually allowed, access to the URL is allowed, as shown in operation 412. To this end, access to a URL may be allowed automatically if the URL does not match known URLs associated with remote desktop sharing or manually as desired by a user. Still yet, it may be continuously determined whether access to the URL is manually allowed (e.g. for a predefined time period, etc.). In this way, access to the URL may optionally be allowed at any time after access to the URL is prevented.
  • FIG. 5 shows a method 500 for preventing access to data based on an application that initiated a data access request, in accordance with yet another embodiment. As an option, the method 500 may be carried out in the context of the architecture and environment of FIGS. 1-4. Of course, however, the method 500 may be carried out in any desired environment. Again, it should also be noted that the aforementioned definitions may apply during the present description.
  • In decision 502, it is determined whether a data access request has been issued. In one embodiment, the data access request may include a request to access a document. Just by way of example, the data access request may include a request to open the document. As another example, the data access request may include a request to attach the data to an email, a document, etc.
  • In another embodiment, the data access request may be issued via an application program interface (API). In yet another embodiment, the data access request may be issued manually by a user, for example, by selecting to open the data. In still yet another embodiment, the data access request may be issued automatically (e.g. via an application requesting to access the data, etc.).
  • Further, the data access request may be identified utilizing an agent installed on a client via which the data access request is issued. In another embodiment, the data access request may be identified utilizing an agent installed on a gateway (e.g. via which the data access request is communicated over a network, etc.). Of course, however, the data access request may be identified in any manner.
  • In response to a determination that the data access request has been issued, it is determined whether the data is fingerprinted. Note decision 504. For example, a plurality of predetermined fingerprints may be stored, in a database. Further, the database may store additional information with respect to the predetermined fingerprints. For example, the database may store identifiers of applications allowed to be utilized for accessing data associated with each of the predetermined fingerprints, disallowed for use in accessing such data, etc. As an option, the predetermined fingerprints and associated allowed/disallowed applications may be configured by a user.
  • Table 1 illustrates one example of a database capable of being utilized for storing predetermined fingerprints of data and identifiers of associated applications allowed to be utilized for accessing such data. In this way, the database may be utilized for associating each fingerprint with an application, it should be noted that the database is set forth for illustrative purposes only, and thus should not be construed as limiting in any manner.
  • TABLE 1
    DATA FINGERPRINT ALLOWED APPLICATION IDENTIFIER
    FINGERPRINT_01 APPLICATION_01, APPLICATION_02
    FINGERPRINT_02 APPLICATION_02
    FINGERPRINT_03 APPLICATION_01
  • In the context of the present embodiment, such predetermined fingerprints may include fingerprints of various data that have been predefined. As an option, the predetermined fingerprints may indicate data which is at least potentially confidential, (e.g. for which unauthorized disclosure is unwanted, etc.). Thus, a fingerprint of the data may be compared with the predetermined fingerprints in the database, such that a match may indicate that the data is fingerprinted.
  • In response to a determination that the data is fingerprinted, an application that initiated the data access request is identified, as shown in operation 506. Optionally, the application may include an application to be utilized for accessing the data. For example, the application may include an application capable of being utilized for displaying the data. As another option, identifying the application may include identifying a version of the application, identifying a name of the application, identifying a provider of the application, etc.
  • In one embodiment, the application may be identified based on the data access request. For example, the data access request may include an identifier of the application that issued the request (e.g. a source of the request, etc.). Of course, however, the application may be identified in any manner.
  • It is further determined whether the identified application is allowed to access the data, as shown in decision 508. In one embodiment, the predetermined fingerprint matching the fingerprint of the data may be identified in the database. Furthermore, application identifiers stored in the database in association with such identified predetermined fingerprint may be identified. Accordingly, the application that issued the data access request may be compared with the identified application identifiers, such that it may be determined whether any such identified application identifiers match the application that issued the data access request.
  • As an option, the application identifiers in the database associated with a fingerprint may indicate applications predetermined to be allowed to access data associated with the fingerprint. To this end, a match may indicate that the data is allowed to be accessed utilizing the identified application that issued the data access request. As another option, the application identifiers in the database associated with a fingerprint may indicate applications predetermined to be disallowed from accessing data associated with the fingerprint. Thus, a match may indicate that the data is not allowed to be accessed utilizing the identified application that issued the data access request.
  • In another embodiment, predetermined applications may be determined to be dedicated applications allowed to access any data. For example, such dedicated applications may be predetermined based on a user configuration. As an option, the dedicated applications may include the only applications allowed to access fingerprinted data.
  • In yet another embodiment, predetermined applications may be disallowed from being utilized during a remote data sharing session. For example, if it is determined that one of the predetermined applications is running, a remote data sharing session may be prevented from being enabled. As another example, if it is determined that a remote data sharing session is enabled, one of the predetermined applications may be prevented from being initiated.
  • If it is determined that the application that issued the data access request is allowed to access the data, access to the date is allowed. Note operation 510. Such access may include the access requested by the data access request. In one embodiment, the data may be allowed to be presented, displayed, attached, etc. In another embodiment, the data access request may be allowed to be sent to a destination (e.g. server, etc.) associated with the request.
  • If, however, it is determined that the application that issued the data access request is not allowed to access the data, access to the data may be prevented. Note operation 512. In one embodiment, the data may be prevented from being presented. In another embodiment, the data access request, such as network traffic associated with such data access request, may be prevented from being communicated to the destination associated with the request. As an option, access to the data may be prevented utilizing the agent used for identifying the data access request (as described above in operation 502). Just by way of example, in one embodiment, the data access request may include a request to display the data utilizing a projector, such that data loss may be prevented with respect to a public sharing session associated with an LCD projector, etc.
  • In this way, for each of a plurality of different fingerprints of various data, applications may be indicated as being allowed to access the data and/or disallowed from accessing the data. Thus, particular data may only be accessible via predefined applications, as desired. In one embodiment, such predefined applications may allow a single agent installed on a client, gateway, etc. to determine whether any of a plurality of different applications may be utilized for accessing data associated with a data access request.
  • FIG. 6 shows a method 600 for preventing access to data based on a fingerprint of the data, in accordance with still yet another embodiment. As an option, the method 600 may be carried out in the context of the architecture and environment of FIGS. 1-4. Of course, however, the method 600 may be carried out in any desired environment. Again, it should also be noted that the aforementioned definitions may apply during the present description.
  • As shown in decision 602, it is determined whether remote data sharing is enabled. In one embodiment, it may be determined whether the remote data sharing is enabled based on a determination of whether a remote data sharing application, or any associated processes, are executing. For example, an agent installed on a client may determine whether a remote data sharing application is executing on the client.
  • In response to a determination that the remote data sharing is enabled, it is determined whether a data access request has been issued, as shown in decision 604. In one embodiment, the data access request may be identified utilizing an agent installed on the client via which the data access request is issued. In another embodiment, the data access request may be identified utilizing a plug-in, add-in, etc. associated with an application via which the data access request is issued. In yet another embodiment, the data access request may be identified utilizing a plug-in, add-in, etc. associated with a remote data sharing application.
  • If a data access request has been issued, a fingerprint of the data is identified, as shown in operation 606. The fingerprint of the data may be identified by hashing the data, in one embodiment. In another embodiment, the fingerprint of the data may be identified by calculating a value of the data utilizing a predetermined algorithm.
  • Furthermore, as shown in decision 608, it is determined whether the identified fingerprint matches a known fingerprint, in the context of the present embodiment, the known fingerprint may include any predetermined fingerprint of data. For example, a database may store a plurality of predetermined fingerprints of data. Optionally, such database may be stored locally (e.g. on a client on which the data access request was issued), but of course may also be stored remotely (e.g. at a location central to a plurality of clients on a network). Moreover, the predetermined fingerprints may be of known confidential data.
  • To this end, determining whether the identified fingerprint matches a known fingerprint may include comparing the identified fingerprint to a plurality of known fingerprints. If it is determined that the fingerprint of the data does not match a known fingerprint (e.g. based on the comparison, etc.), access to the data may be allowed. Note operation 610. For example, the access may include the access requested by the issued data access request (in operation 604). If, however, it is determined that the fingerprint of the data matches a known fingerprint (e.g. based on the comparison, etc.), access to the data may be prevented. Note operation 612.
  • To this end, data may be prevented from being accessed based on a fingerprint of the data when a remote data sharing session is enabled. In another optional embodiment, if it is determined that the data is already opened prior to enablement of a remote data sharing session, such data may be closed in response to a request to initiate the remote data sharing session. Thus, data loss may be prevented based on various access requests, including, for example, a public sharing session where the data is displayed on an LCD projector, etc.
  • While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.

Claims (22)

1. A method, comprising:
identifying, by a first computer, a data access attempt by a remote device, the data access attempt associated with a remote data sharing session wherein the remote data sharing session comprises sharing a desktop display of the first computer with the remote device; and
automatically preventing access to data associated with the identified data access attempt.
2. The method of claim 1, wherein the data includes a uniform resource locator.
3. The method of claim 1, wherein the data includes a document.
4. (canceled)
5. The method of claim 1, wherein the act of identifying a data access attempt includes utilizing a plug-in to an application that is associated with the data access attempt.
6. The method of claim 1, wherein the act of identifying a data access attempt includes utilizing a plug-in to an application that is used for remote data sharing.
7. The method of claim 1, wherein the remote data sharing session is associated with a remote data sharing application.
8. The method of claim 7, wherein the remote data sharing application is predetermined to be disallowed from accessing the data.
9. The method of claim 8, wherein the remote data sharing application is predetermined to be disallowed from accessing the data, based on a user configuration.
10. The method of claim 1, wherein the act of identifying a data access attempt includes utilizing a client.
11. The method of claim 10, wherein the act of identifying a data access attempt includes utilizing a plug-in to an application installed on the client.
12. The method of claim 1, wherein the act of identifying a data access attempt includes utilizing a gateway.
13. The method of claim 1, further comprising identifying a fingerprint of the data.
14. The method of claim 13, further comprising comparing the fingerprint of the data to a plurality of predetermined fingerprints.
15. The method of claim 14, wherein the plurality of predetermined fingerprints include fingerprints of known confidential data.
16. The method of claim 14, wherein the plurality of predetermined fingerprints are each associated with an application.
17. The method of claim 14, wherein the act of automatically preventing access to the data includes preventing access to the data based on the comparison.
18. The method of claim 1, wherein the act of automatically preventing access to the data includes preventing access to the data if it is determined that a fingerprint of the data matches a predetermined fingerprint.
19. The method of claim 1, wherein the act of automatically preventing access to the data includes preventing access to the data if it is determined that the data matches predetermined data.
20. A computer program product embodied on a non-transitory computer readable medium, comprising:
computer code for identifying a data access attempt by a remote device at a first computer, the data access attempt associated with a remote data sharing session wherein the remote data sharing session comprises sharing a desktop display of the first computer with the remote device; and
computer code for automatically preventing access to data associated with the identified data access attempt.
21. A system, comprising:
a memory; and
a processor operatively coupled to the memory, the processor adapted to execute program code stored in the memory to:
identify a data access attempt by a remote device at a first computer, the data access attempt associated with a remote data sharing session, wherein the remote data sharing session comprises sharing a desktop display of the first computer with the remote device, and automatically prevent access to data associated with the identified data access attempt.
22-24. (canceled)
US11/850,432 2007-09-05 2007-09-05 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session Abandoned US20130276061A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/850,432 US20130276061A1 (en) 2007-09-05 2007-09-05 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US14/289,859 US10198587B2 (en) 2007-09-05 2014-05-29 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US15/862,493 US11645404B2 (en) 2007-09-05 2018-01-04 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/850,432 US20130276061A1 (en) 2007-09-05 2007-09-05 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/289,859 Continuation US10198587B2 (en) 2007-09-05 2014-05-29 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

Publications (1)

Publication Number Publication Date
US20130276061A1 true US20130276061A1 (en) 2013-10-17

Family

ID=49326316

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/850,432 Abandoned US20130276061A1 (en) 2007-09-05 2007-09-05 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US14/289,859 Active 2029-04-28 US10198587B2 (en) 2007-09-05 2014-05-29 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US15/862,493 Active 2028-02-13 US11645404B2 (en) 2007-09-05 2018-01-04 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/289,859 Active 2029-04-28 US10198587B2 (en) 2007-09-05 2014-05-29 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US15/862,493 Active 2028-02-13 US11645404B2 (en) 2007-09-05 2018-01-04 System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session

Country Status (1)

Country Link
US (3) US20130276061A1 (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140222892A1 (en) * 2012-09-07 2014-08-07 Avigilon Corporation Physical security system having multiple server nodes
US8826240B1 (en) 2012-09-29 2014-09-02 Appurify, Inc. Application validation through object level hierarchy analysis
US8856948B1 (en) * 2013-12-23 2014-10-07 Google Inc. Displaying private information on personal devices
US8943158B2 (en) 2007-04-26 2015-01-27 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US9015832B1 (en) * 2012-10-19 2015-04-21 Google Inc. Application auditing through object level code inspection
US9021443B1 (en) 2013-04-12 2015-04-28 Google Inc. Test automation API for host devices
US9077684B1 (en) 2008-08-06 2015-07-07 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9113358B1 (en) 2012-11-19 2015-08-18 Google Inc. Configurable network virtualization
US9170922B1 (en) 2014-01-27 2015-10-27 Google Inc. Remote application debugging
US9215197B2 (en) 2007-08-17 2015-12-15 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US9268670B1 (en) 2013-08-08 2016-02-23 Google Inc. System for module selection in software application testing including generating a test executable based on an availability of root access
US9268668B1 (en) 2012-12-20 2016-02-23 Google Inc. System for testing markup language applications
US9274935B1 (en) 2013-01-15 2016-03-01 Google Inc. Application testing system with application programming interface
US20160162451A1 (en) * 2011-08-19 2016-06-09 Yongyong Xu Online software execution platform
US9367415B1 (en) 2014-01-20 2016-06-14 Google Inc. System for testing markup language applications on a device
US9491229B1 (en) 2014-01-24 2016-11-08 Google Inc. Application experience sharing system
US9497309B2 (en) 2011-02-21 2016-11-15 Google Technology Holdings LLC Wireless devices and methods of operating wireless devices based on the presence of another person
US9832187B2 (en) 2014-01-07 2017-11-28 Google Llc Managing display of private information
US9843564B2 (en) 2008-03-14 2017-12-12 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US9864655B2 (en) 2015-10-30 2018-01-09 Google Llc Methods and apparatus for mobile computing device security in testing facilities
US9959109B2 (en) 2015-04-10 2018-05-01 Avigilon Corporation Upgrading a physical security system having multiple server nodes
US10311249B2 (en) 2017-03-31 2019-06-04 Google Llc Selectively obscuring private information based on contextual information
US20190281059A1 (en) * 2018-03-12 2019-09-12 Microsoft Technology Licensing, Llc Auto disablement of web browser extensions on defined categories of webpages
TWI742432B (en) * 2019-09-19 2021-10-11 英業達股份有限公司 Testing system based on virtualization device and method thereof
US11645404B2 (en) 2007-09-05 2023-05-09 Mcafee, Llc System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US11811774B1 (en) * 2015-05-11 2023-11-07 Google Llc System and method for recursive propagating application access control

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468742A (en) * 2014-11-21 2015-03-25 黄荣丰 Desktop sharing system and method
US10616238B2 (en) * 2015-12-28 2020-04-07 Dropbox, Inc. Sharing files based on recipient-location criteria
US10586071B2 (en) 2017-11-24 2020-03-10 International Business Machines Corporation Safeguarding confidential information during a screen share session

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5195086A (en) * 1990-04-12 1993-03-16 At&T Bell Laboratories Multiple call control method in a multimedia conferencing system
US6081265A (en) * 1996-08-30 2000-06-27 Hitachi, Ltd. System for providing a same user interface and an appropriate graphic user interface for computers having various specifications

Family Cites Families (200)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4797447A (en) 1985-08-16 1989-01-10 Shell Oil Company Impact resistant blends of thermoplastic polyesters and modified block copolymers
US5280527A (en) 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5572694A (en) 1992-11-25 1996-11-05 Fujitsu Limited Virtual system for detecting access paths belonging to same group from plurality of access paths to reach device designated by command with reference to table
US5345153A (en) 1993-03-15 1994-09-06 Michael Vaught Ornamental closure
US5796948A (en) 1996-11-12 1998-08-18 Cohen; Elliot D. Offensive message interceptor for computers
US5845068A (en) 1996-12-18 1998-12-01 Sun Microsystems, Inc. Multilevel security port methods, apparatuses, and computer program products
US5941915A (en) 1997-02-18 1999-08-24 Cummins Engine Company, Inc. System for providing accurately time stamped vehicle operational messages following a real-time clock reset
FR2760871B1 (en) 1997-03-13 1999-04-16 Bull Cp8 METHOD FOR STORING AND EXPLOITING SENSITIVE INFORMATION IN A SECURITY MODULE, AND RELATED SECURITY MODULE
US6073142A (en) 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US6052685A (en) 1997-08-13 2000-04-18 Mosaix, Inc. Integration of legacy database management systems with ODBC-compliant application programs
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
JP3216607B2 (en) 1998-07-29 2001-10-09 日本電気株式会社 Digital work distribution system and method, digital work reproduction apparatus and method, and recording medium
US6177932B1 (en) 1998-08-21 2001-01-23 Kana Communications, Inc. Method and apparatus for network based customer service
US7689563B1 (en) 1998-10-20 2010-03-30 Jacobson Andrea M Electronic record management system
US6957330B1 (en) 1999-03-01 2005-10-18 Storage Technology Corporation Method and system for secure information handling
US6367019B1 (en) 1999-03-26 2002-04-02 Liquid Audio, Inc. Copy security for portable music players
US6820204B1 (en) 1999-03-31 2004-11-16 Nimesh Desai System and method for selective information exchange
EP1055990A1 (en) 1999-05-28 2000-11-29 Hewlett-Packard Company Event logging in a computing platform
US6718367B1 (en) 1999-06-01 2004-04-06 General Interactive, Inc. Filter for modeling system and method for handling and routing of text-based asynchronous communications
EP1076279A1 (en) 1999-08-13 2001-02-14 Hewlett-Packard Company Computer platforms and their methods of operation
US7424543B2 (en) 1999-09-08 2008-09-09 Rice Iii James L System and method of permissive data flow and application transfer
US7278016B1 (en) 1999-10-26 2007-10-02 International Business Machines Corporation Encryption/decryption of stored data using non-accessible, unique encryption key
US7630986B1 (en) 1999-10-27 2009-12-08 Pinpoint, Incorporated Secure data interchange
KR100636111B1 (en) 1999-10-30 2006-10-18 삼성전자주식회사 Method protecting data stored in lost mobile terminal and recording medium therefor
US6460050B1 (en) 1999-12-22 2002-10-01 Mark Raymond Pace Distributed content identification system
US7298864B2 (en) 2000-02-19 2007-11-20 Digimarc Corporation Digital watermarks as a gateway and control mechanism
US6738760B1 (en) 2000-03-23 2004-05-18 Albert Krachman Method and system for providing electronic discovery on computer databases and archives using artificial intelligence to recover legally relevant data
US6961765B2 (en) 2000-04-06 2005-11-01 Bbx Technologies, Inc. System and method for real time monitoring and control of networked computers
US20050154885A1 (en) 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US20040034794A1 (en) 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7134141B2 (en) 2000-06-12 2006-11-07 Hewlett-Packard Development Company, L.P. System and method for host and network based intrusion detection and response
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US6776011B2 (en) 2000-08-21 2004-08-17 Owens-Brockway Glass Container Inc. Apparatus for conveying gobs of glass to a glass container forming machine
US7149778B1 (en) 2000-08-24 2006-12-12 Yahoo! Inc. Unsolicited electronic mail reduction
JP2002197439A (en) 2000-09-22 2002-07-12 Ricoh Co Ltd Document-fetching device, document-filing system, picture processor, electronic document notarization system and image processing system
US20020083003A1 (en) 2000-09-26 2002-06-27 Halliday David C. Method and apparatus for the accurate metering of software application usage and the reporting of such usage to a remote site on a public network
US20050149364A1 (en) * 2000-10-06 2005-07-07 Ombrellaro Mark P. Multifunction telemedicine software with integrated electronic medical record
US6918113B2 (en) 2000-11-06 2005-07-12 Endeavors Technology, Inc. Client installation and execution system for streamed applications
US7313825B2 (en) 2000-11-13 2007-12-25 Digital Doors, Inc. Data security system and method for portable device
US6934857B1 (en) 2000-11-27 2005-08-23 Networks Associates Technology, Inc. Security system and method for handheld computers
US7346778B1 (en) 2000-11-29 2008-03-18 Palmsource, Inc. Security method and apparatus for controlling the data exchange on handheld computers
US7023816B2 (en) 2000-12-13 2006-04-04 Safenet, Inc. Method and system for time synchronization
US20020099944A1 (en) 2001-01-19 2002-07-25 Bowlin Bradley Allen Method and apparatus which enable a computer user to prevent unauthorized access to files stored on a computer
US6856992B2 (en) 2001-05-15 2005-02-15 Metatomix, Inc. Methods and apparatus for real-time business visibility using persistent schema-less data storage
US20030043039A1 (en) 2001-06-11 2003-03-06 Salemi Robert D. Concealed security tags on bottles
US20040230572A1 (en) 2001-06-22 2004-11-18 Nosa Omoigui System and method for semantic knowledge retrieval, management, capture, sharing, discovery, delivery and presentation
US7383433B2 (en) 2001-07-31 2008-06-03 Sun Microsystems, Inc. Trust spectrum for certificate distribution in distributed peer-to-peer networks
US7284191B2 (en) 2001-08-13 2007-10-16 Xerox Corporation Meta-document management system with document identifiers
US20030043036A1 (en) 2001-09-04 2003-03-06 Acco Brands, Inc. Loss prevention system for portable electronic devices
US6978454B2 (en) 2001-09-05 2005-12-20 Mcafee, Inc. Checking computer program installation
JP3764665B2 (en) 2001-10-03 2006-04-12 株式会社グラフィン A system to prevent leakage of confidential information required for computer-aided education and training
GB0124014D0 (en) 2001-10-05 2001-11-28 Abb Ab Communication of messages in a system
US7526654B2 (en) 2001-10-16 2009-04-28 Marc Charbonneau Method and system for detecting a secure state of a computer system
JP4128348B2 (en) 2001-10-25 2008-07-30 富士通株式会社 Data management system
US7561517B2 (en) 2001-11-02 2009-07-14 Internap Network Services Corporation Passive route control of data networks
CA2467427A1 (en) 2001-11-16 2003-05-22 Ranbaxy Laboratories Limited Process for the preparation of crystalline imipenem
US7137004B2 (en) 2001-11-16 2006-11-14 Microsoft Corporation Manifest-based trusted agent management in a trusted operating system environment
US7370366B2 (en) 2001-11-16 2008-05-06 International Business Machines Corporation Data management system and method
JP4051924B2 (en) 2001-12-05 2008-02-27 株式会社日立製作所 Network system capable of transmission control
US6944772B2 (en) 2001-12-26 2005-09-13 D'mitri Dozortsev System and method of enforcing executable code identity verification over the network
US20030135744A1 (en) 2002-01-11 2003-07-17 International Business Machines Corporation Method and system for programming a non-volatile device in a data processing system
US7100123B1 (en) 2002-01-25 2006-08-29 Microsoft Corporation Electronic content search and delivery based on cursor location
DE60305666T2 (en) 2002-03-08 2007-05-03 Valspar Sourcing, Inc., Minneapolis POLYMERIZATION OF A REACTIVE THINNER IN THE PRESENCE OF AN EPOXY-AMINE MATERIAL AND COATING COMPOSITION MADE THEREOF
US7810091B2 (en) 2002-04-04 2010-10-05 Mcafee, Inc. Mechanism to check the malicious alteration of malware scanner
GB2387678B (en) 2002-04-18 2005-10-12 Hewlett Packard Co Apparatus for remote working
US7725543B2 (en) 2002-06-12 2010-05-25 Sharp Kabushiki Kaisha Network communication device for transmitting/receiving an email message containing a disposition notification request
US7549164B2 (en) 2003-06-11 2009-06-16 Symantec Corporation Intrustion protection system utilizing layers and triggers
US7797744B2 (en) 2002-06-17 2010-09-14 At&T Intellectual Property Ii, L.P. Method and device for detecting computer intrusion
US7823203B2 (en) 2002-06-17 2010-10-26 At&T Intellectual Property Ii, L.P. Method and device for detecting computer network intrusions
US7519984B2 (en) 2002-06-27 2009-04-14 International Business Machines Corporation Method and apparatus for handling files containing confidential or sensitive information
US20040003255A1 (en) 2002-06-28 2004-01-01 Storage Technology Corporation Secure email time stamping
US20040006715A1 (en) 2002-07-05 2004-01-08 Skrepetos Nicholas C. System and method for providing security to a remote computer over a network browser interface
EP1527592A1 (en) 2002-08-07 2005-05-04 British Telecommunications Public Limited Company Server for sending electronics messages
US20040111482A1 (en) 2002-08-13 2004-06-10 Daniela Bourges-Waldegg Electronic device, method for routing an electronic message from an electronic device to an output unit, and computer program element
JP3794491B2 (en) 2002-08-20 2006-07-05 日本電気株式会社 Attack defense system and attack defense method
US7124197B2 (en) 2002-09-11 2006-10-17 Mirage Networks, Inc. Security apparatus and method for local area networks
US7437752B2 (en) 2002-09-23 2008-10-14 Credant Technologies, Inc. Client architecture for portable device with security policies
US7194728B1 (en) 2002-11-18 2007-03-20 Bmc Software, Inc. System and method for packaging updates
US7356616B2 (en) 2002-11-06 2008-04-08 Microsoft Corporation Maintaining structured time data for electronic messages
AU2002953359A0 (en) 2002-11-27 2003-01-09 The University Of Melbourne Microgel composition
US7552445B2 (en) 2002-12-13 2009-06-23 Savvis Communications Corporation Systems and methods for monitoring events from multiple brokers
US20040146006A1 (en) 2003-01-24 2004-07-29 Jackson Daniel H. System and method for internal network data traffic control
US9197668B2 (en) 2003-02-28 2015-11-24 Novell, Inc. Access control to files based on source information
US7222305B2 (en) 2003-03-13 2007-05-22 Oracle International Corp. Method of sharing a desktop with attendees of a real-time collaboration
US8671132B2 (en) 2003-03-14 2014-03-11 International Business Machines Corporation System, method, and apparatus for policy-based data management
US7539725B2 (en) 2003-04-03 2009-05-26 Zix Corporation Auditor system
US7716474B2 (en) 2003-05-12 2010-05-11 Byteblaze, Inc. Anti-piracy software protection system and method
US7272853B2 (en) 2003-06-04 2007-09-18 Microsoft Corporation Origination/destination features and lists for spam prevention
US7313615B2 (en) 2003-06-16 2007-12-25 International Business Machines Corporation Communications management using weights and thresholds
JP4611197B2 (en) 2003-06-20 2011-01-12 富士通株式会社 Device connection method in a network and network system using the same
US7660845B2 (en) 2003-08-01 2010-02-09 Sentillion, Inc. Methods and apparatus for verifying context participants in a context management system in a networked environment
US7433924B2 (en) 2003-08-07 2008-10-07 International Business Machines Corporation Interceptor for non-subscribed bulk electronic messages
US20050060643A1 (en) 2003-08-25 2005-03-17 Miavia, Inc. Document similarity detection and classification system
US7421076B2 (en) 2003-09-17 2008-09-02 Analog Devices, Inc. Advanced encryption standard (AES) engine with real time S-box generation
US7523484B2 (en) 2003-09-24 2009-04-21 Infoexpress, Inc. Systems and methods of controlling network access
CN100458734C (en) 2003-11-21 2009-02-04 深圳市朗科科技股份有限公司 Data management method of mobile storage dovice
DE60319449T2 (en) 2003-11-27 2009-03-12 Advestigo BEGINNING SYSTEM OF MULTIMEDIA DOCUMENTS
US7064587B2 (en) 2003-11-28 2006-06-20 Texas Instruments Incorporated Output Buffer
CA2452251C (en) 2003-12-04 2010-02-09 Timothy R. Jewell Data backup system and method
US7398399B2 (en) 2003-12-12 2008-07-08 International Business Machines Corporation Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network
US7441000B2 (en) 2003-12-22 2008-10-21 International Business Machines Corporation Method for session sharing
US7930540B2 (en) 2004-01-22 2011-04-19 Mcafee, Inc. Cryptographic policy enforcement
US7610377B2 (en) 2004-01-27 2009-10-27 Sun Microsystems, Inc. Overload management in an application-based server
JP2005216027A (en) 2004-01-30 2005-08-11 Matsushita Electric Ind Co Ltd Encryption device, encryption system therewith, decryption device and semiconductor system therewith
GB2411330A (en) 2004-02-17 2005-08-24 William John Bailey A means for document security tracking
US20050204009A1 (en) 2004-03-09 2005-09-15 Devapratim Hazarika System, method and computer program product for prioritizing messages
US7669059B2 (en) 2004-03-23 2010-02-23 Network Equipment Technologies, Inc. Method and apparatus for detection of hostile software
US7287159B2 (en) * 2004-04-01 2007-10-23 Shieldip, Inc. Detection and identification methods for software
US7559080B2 (en) 2004-05-04 2009-07-07 Microsoft Corporation Automatically generating security policies for web services
US20050262208A1 (en) 2004-05-21 2005-11-24 Eyal Haviv System and method for managing emails in an enterprise
US7849142B2 (en) 2004-05-29 2010-12-07 Ironport Systems, Inc. Managing connections, messages, and directory harvest attacks at a server
US7185897B2 (en) 2004-06-01 2007-03-06 Robert Musselman Thin, quick-mount runner for a snowmobile ski and method
US7941491B2 (en) 2004-06-04 2011-05-10 Messagemind, Inc. System and method for dynamic adaptive user-based prioritization and display of electronic messages
US8253951B2 (en) 2004-06-10 2012-08-28 Sharp Laboratories Of America, Inc. Systems and methods for determining when to download a resource to a printing device as part of a print job
US7490354B2 (en) 2004-06-10 2009-02-10 International Business Machines Corporation Virus detection in a network
US7962591B2 (en) 2004-06-23 2011-06-14 Mcafee, Inc. Object classification in a capture system
US20060026593A1 (en) 2004-07-30 2006-02-02 Microsoft Corporation Categorizing, voting and rating community threads
US7484247B2 (en) 2004-08-07 2009-01-27 Allen F Rozman System and method for protecting a computer system from malicious software
US20060039554A1 (en) 2004-08-18 2006-02-23 Roxio, Inc. High security media encryption
US20060070089A1 (en) 2004-08-20 2006-03-30 Shahid Shoaib Method and apparatus for dynamic replacement of device drivers in the operating system (OS) kernel
US20060041930A1 (en) 2004-08-23 2006-02-23 Hafeman Joseph E Accessing personal information
JP4584652B2 (en) 2004-08-26 2010-11-24 株式会社リコー Storage rule management device, information processing device, and storage rule management program
US20060059548A1 (en) 2004-09-01 2006-03-16 Hildre Eric A System and method for policy enforcement and token state monitoring
JP4651096B2 (en) 2004-09-09 2011-03-16 キヤノン株式会社 Encrypted print processing method and apparatus
US7441273B2 (en) 2004-09-27 2008-10-21 Mcafee, Inc. Virus scanner system and method with integrated spyware detection capabilities
US7644126B2 (en) 2004-09-29 2010-01-05 Qualcomm Incoporated Message thread handling
US7661124B2 (en) 2004-10-05 2010-02-09 Microsoft Corporation Rule-driven specification of web service policy
KR20060053251A (en) 2004-10-13 2006-05-19 조배수 System and method for plug and play between host and client by using repeater
WO2006044798A2 (en) 2004-10-15 2006-04-27 Protegrity Corporation Cooperative processing and escalation in a multi-node application-layer security system and method
US7353257B2 (en) 2004-11-19 2008-04-01 Microsoft Corporation System and method for disaster recovery and management of an email system
US20060123413A1 (en) 2004-11-30 2006-06-08 International Business Machines Corporation System and method for installing a software application
US7725934B2 (en) 2004-12-07 2010-05-25 Cisco Technology, Inc. Network and application attack protection based on application layer message inspection
US7512659B2 (en) 2004-12-16 2009-03-31 International Business Machines Corporation Enabling interactive electronic mail and real-time messaging
US7742406B1 (en) 2004-12-20 2010-06-22 Packeteer, Inc. Coordinated environment for classification and control of network traffic
JP2006202269A (en) 2004-12-22 2006-08-03 Canon Inc Information processor, control method of information processor, program thereof, and storage medium
GB2422453A (en) 2005-01-22 2006-07-26 Hewlett Packard Development Co Dynamically allocating resources according to a privacy policy
US7475420B1 (en) 2005-01-31 2009-01-06 Symantec Corporation Detecting network proxies through observation of symmetric relationships
US8011003B2 (en) 2005-02-14 2011-08-30 Symantec Corporation Method and apparatus for handling messages containing pre-selected data
WO2007142615A2 (en) 2005-02-18 2007-12-13 Credant Technologies, Inc. System and method for intelligence based security
WO2006095335A2 (en) 2005-03-07 2006-09-14 Noam Camiel System and method for a dynamic policies enforced file system for a data storage device
US7350074B2 (en) 2005-04-20 2008-03-25 Microsoft Corporation Peer-to-peer authentication and authorization
FI122653B (en) 2005-04-25 2012-05-15 Metso Power Oy Arrangement in a recovery boiler
US20060248252A1 (en) 2005-04-27 2006-11-02 Kharwa Bhupesh D Automatic detection of data storage functionality within a docking station
US8438499B2 (en) * 2005-05-03 2013-05-07 Mcafee, Inc. Indicating website reputations during user interactions
US7490355B2 (en) 2005-06-16 2009-02-10 Chung Shan Institute Of Science And Technology Method of detecting network worms
US7979368B2 (en) 2005-07-01 2011-07-12 Crossbeam Systems, Inc. Systems and methods for processing data flows
US20070064883A1 (en) 2005-07-21 2007-03-22 Lawrence Rosenthal Techniques for suspended delivery of messages
US8204233B2 (en) 2005-07-21 2012-06-19 Symantec Corporation Administration of data encryption in enterprise computer systems
US7730040B2 (en) 2005-07-27 2010-06-01 Microsoft Corporation Feedback-driven malware detector
GB2429308B (en) 2005-07-29 2007-08-01 Hewlett Packard Development Co Data transfer device
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
WO2007020650A2 (en) 2005-08-18 2007-02-22 Abraham Gill System including a portable storage device equipped with a user proximity detector and method of preventing the loss thereof
US7847694B2 (en) 2005-08-19 2010-12-07 Electronics And Telecommunications Research Institute Electronic tag including privacy level information and privacy protection apparatus and method using RFID tag
WO2007034179A1 (en) 2005-09-20 2007-03-29 Mailmapping Limited Systems and methods for analyzing electronic communications
US20070074292A1 (en) 2005-09-28 2007-03-29 Hitachi, Ltd. Management of encrypted storage networks
US8301771B2 (en) 2005-10-26 2012-10-30 Armstrong, Quinton Co. LLC Methods, systems, and computer program products for transmission control of sensitive application-layer data
US20070101419A1 (en) 2005-10-31 2007-05-03 Dawson Colin S Apparatus, system, and method for providing electronically accessible personal information
US7940756B1 (en) 2005-11-23 2011-05-10 Symantec Corporation Dynamic tagging of network data based on service level objectives
US20070136593A1 (en) 2005-12-14 2007-06-14 Richard Plavcan Secure information storage apparatus
CA2633966C (en) 2005-12-15 2014-04-15 Lehman Brothers Inc. System and method for secure remote desktop access
US20070143472A1 (en) 2005-12-21 2007-06-21 International Business Machines Corporation Method for improving the efficiency and effectiveness of instant messaging based on monitoring user activity
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US8112787B2 (en) 2005-12-31 2012-02-07 Broadcom Corporation System and method for securing a credential via user and server verification
US7675638B2 (en) 2006-01-13 2010-03-09 Infoprint Solutions Company, Llc Notification escalation in printing systems using dynamically determined timeout values
US20070174429A1 (en) 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
US7966513B2 (en) 2006-02-03 2011-06-21 Emc Corporation Automatic classification of backup clients
US7890587B1 (en) 2006-02-06 2011-02-15 Mcafee, Inc. System, method and computer program product for correcting a date/time associated with an electronic mail message
US7581004B2 (en) 2006-02-15 2009-08-25 Gabriel Jakobson System and method for alerting on open file-share sessions on a user's electronic device
US7627641B2 (en) 2006-03-09 2009-12-01 Watchguard Technologies, Inc. Method and system for recognizing desired email
US7752676B2 (en) 2006-04-18 2010-07-06 International Business Machines Corporation Encryption of data in storage systems
US8233388B2 (en) 2006-05-30 2012-07-31 Cisco Technology, Inc. System and method for controlling and tracking network content flow
US20080056249A1 (en) * 2006-05-31 2008-03-06 Teneros, Inc. Extracting shared state information from message traffic
US7605933B2 (en) 2006-07-13 2009-10-20 Ricoh Company, Ltd. Approach for securely processing an electronic document
US8038722B2 (en) 2006-08-02 2011-10-18 Applied Minds, Llc Method and apparatus for protecting data in a portable electronic device
US8230235B2 (en) 2006-09-07 2012-07-24 International Business Machines Corporation Selective encryption of data stored on removable media in an automated data storage library
US7877603B2 (en) 2006-09-07 2011-01-25 International Business Machines Corporation Configuring a storage drive to communicate with encryption and key managers
WO2008033552A2 (en) * 2006-09-12 2008-03-20 Iwatchnow Inc. System and method for distributed media streaming and sharing
US8181036B1 (en) 2006-09-29 2012-05-15 Symantec Corporation Extrusion detection of obfuscated content
US20080079730A1 (en) 2006-09-29 2008-04-03 Microsoft Corporation Character-level font linking
US20080083037A1 (en) 2006-10-03 2008-04-03 Rmcl, Inc. Data loss and theft protection method
US8069408B2 (en) 2006-11-16 2011-11-29 Novell, Inc. Representing extensible markup language (XML) as an executable having conditional authentication or policy logic
US8590002B1 (en) 2006-11-29 2013-11-19 Mcafee Inc. System, method and computer program product for maintaining a confidentiality of data on a network
US7991158B2 (en) 2006-12-13 2011-08-02 Tyfone, Inc. Secure messaging
US8424077B2 (en) 2006-12-18 2013-04-16 Irdeto Canada Corporation Simplified management of authentication credentials for unattended applications
US8155444B2 (en) 2007-01-15 2012-04-10 Microsoft Corporation Image text to character information conversion
US7720919B2 (en) 2007-02-27 2010-05-18 Cisco Technology, Inc. Automatic restriction of reply emails
US8621008B2 (en) 2007-04-26 2013-12-31 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US8274678B2 (en) 2007-06-14 2012-09-25 Sharp Laboratories Of America, Inc. Method and system for remote access and customization of internally generated printing node status report
US8199965B1 (en) 2007-08-17 2012-06-12 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US8103727B2 (en) 2007-08-30 2012-01-24 Fortinet, Inc. Use of global intelligence to make local information classification decisions
US20130276061A1 (en) 2007-09-05 2013-10-17 Gopi Krishna Chebiyyam System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US8446607B2 (en) 2007-10-01 2013-05-21 Mcafee, Inc. Method and system for policy based monitoring and blocking of printing activities on local and network printers
US8347359B2 (en) 2007-12-28 2013-01-01 Bruce Backa Encryption sentinel system and method
US8479013B2 (en) 2008-01-18 2013-07-02 Photonic Data Security, Llc Secure portable data transport and storage system
US8893285B2 (en) 2008-03-14 2014-11-18 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US8353053B1 (en) 2008-04-14 2013-01-08 Mcafee, Inc. Computer program product and method for permanently storing data based on whether a device is protected with an encryption mechanism and whether data in a data structure requires encryption
US9077684B1 (en) 2008-08-06 2015-07-07 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
JP5365214B2 (en) 2009-01-22 2013-12-11 日本電気株式会社 Image processing apparatus, biometric authentication apparatus, image processing method, and program
US8111413B2 (en) 2009-02-09 2012-02-07 Ricoh Company, Ltd. Approach for securely printing policy-enabled electronic documents based on print driver and printing device support
US8341207B2 (en) 2010-04-07 2012-12-25 Apple Inc. Apparatus and method for matching users for online sessions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5195086A (en) * 1990-04-12 1993-03-16 At&T Bell Laboratories Multiple call control method in a multimedia conferencing system
US6081265A (en) * 1996-08-30 2000-06-27 Hitachi, Ltd. System for providing a same user interface and an appropriate graphic user interface for computers having various specifications

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8943158B2 (en) 2007-04-26 2015-01-27 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US10489606B2 (en) 2007-08-17 2019-11-26 Mcafee, Llc System, method, and computer program product for preventing image-related data loss
US9215197B2 (en) 2007-08-17 2015-12-15 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US11645404B2 (en) 2007-09-05 2023-05-09 Mcafee, Llc System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US9843564B2 (en) 2008-03-14 2017-12-12 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US9077684B1 (en) 2008-08-06 2015-07-07 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9531656B2 (en) 2008-08-06 2016-12-27 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9497309B2 (en) 2011-02-21 2016-11-15 Google Technology Holdings LLC Wireless devices and methods of operating wireless devices based on the presence of another person
US20160162451A1 (en) * 2011-08-19 2016-06-09 Yongyong Xu Online software execution platform
US9602582B2 (en) * 2012-09-07 2017-03-21 Avigilon Corporation Physical security system having multiple server nodes
US20140222892A1 (en) * 2012-09-07 2014-08-07 Avigilon Corporation Physical security system having multiple server nodes
US8826240B1 (en) 2012-09-29 2014-09-02 Appurify, Inc. Application validation through object level hierarchy analysis
US9720799B1 (en) 2012-09-29 2017-08-01 Google Inc. Validating applications using object level hierarchy analysis
US9185039B1 (en) 2012-10-19 2015-11-10 Google Inc. Application testing through object level code inspection
US9015832B1 (en) * 2012-10-19 2015-04-21 Google Inc. Application auditing through object level code inspection
US9113358B1 (en) 2012-11-19 2015-08-18 Google Inc. Configurable network virtualization
US9268668B1 (en) 2012-12-20 2016-02-23 Google Inc. System for testing markup language applications
US9274935B1 (en) 2013-01-15 2016-03-01 Google Inc. Application testing system with application programming interface
US9021443B1 (en) 2013-04-12 2015-04-28 Google Inc. Test automation API for host devices
US9268670B1 (en) 2013-08-08 2016-02-23 Google Inc. System for module selection in software application testing including generating a test executable based on an availability of root access
US20150178501A1 (en) * 2013-12-23 2015-06-25 Google Inc. Displaying private information on personal devices
US9372997B2 (en) * 2013-12-23 2016-06-21 Google Inc. Displaying private information on personal devices
US8856948B1 (en) * 2013-12-23 2014-10-07 Google Inc. Displaying private information on personal devices
US9832187B2 (en) 2014-01-07 2017-11-28 Google Llc Managing display of private information
US9367415B1 (en) 2014-01-20 2016-06-14 Google Inc. System for testing markup language applications on a device
US9491229B1 (en) 2014-01-24 2016-11-08 Google Inc. Application experience sharing system
US9830139B2 (en) 2014-01-24 2017-11-28 Google LLP Application experience sharing system
US9170922B1 (en) 2014-01-27 2015-10-27 Google Inc. Remote application debugging
US10474449B2 (en) 2015-04-10 2019-11-12 Avigilon Corporation Upgrading a physical security system having multiple server nodes
US9959109B2 (en) 2015-04-10 2018-05-01 Avigilon Corporation Upgrading a physical security system having multiple server nodes
US11811774B1 (en) * 2015-05-11 2023-11-07 Google Llc System and method for recursive propagating application access control
US9864655B2 (en) 2015-10-30 2018-01-09 Google Llc Methods and apparatus for mobile computing device security in testing facilities
US10311249B2 (en) 2017-03-31 2019-06-04 Google Llc Selectively obscuring private information based on contextual information
US20190281059A1 (en) * 2018-03-12 2019-09-12 Microsoft Technology Licensing, Llc Auto disablement of web browser extensions on defined categories of webpages
US11019062B2 (en) * 2018-03-12 2021-05-25 Microsoft Technology Licensing, Llc Auto disablement of web browser extensions on defined categories of webpages
TWI742432B (en) * 2019-09-19 2021-10-11 英業達股份有限公司 Testing system based on virtualization device and method thereof

Also Published As

Publication number Publication date
US11645404B2 (en) 2023-05-09
US20140283145A1 (en) 2014-09-18
US20180129818A1 (en) 2018-05-10
US10198587B2 (en) 2019-02-05

Similar Documents

Publication Publication Date Title
US11645404B2 (en) System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US9900346B2 (en) Identification of and countermeasures against forged websites
US10652748B2 (en) Method, system and application programmable interface within a mobile device for indicating a confidence level of the integrity of sources of information
US9716724B1 (en) Cloud data loss prevention system
US9607147B2 (en) Method and device for detecting software-tampering
US7870294B2 (en) Method and apparatus for providing policy-based document control
US10264016B2 (en) Methods, systems and application programmable interface for verifying the security level of universal resource identifiers embedded within a mobile application
US20160259947A1 (en) Method and apparatus for managing access to electronic content
US9641535B2 (en) Apparatus and data processing systems for accessing an object
US20110119361A1 (en) System and method for managing redacted electronic documents using callback triggers
US20150347773A1 (en) Method and system for implementing data security policies using database classification
CN106790172B (en) File sharing method, server and client
EP1794662B1 (en) A method and apparatus for assigning access control levels in providing access to networked content files
US20190019154A1 (en) Intelligent, context-based delivery of sensitive email content to mobile devices
US20130247208A1 (en) System, method, and computer program product for preventing data leakage utilizing a map of data
US8897451B1 (en) Storing secure information using hash techniques
US20190334938A1 (en) System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data
US8776252B2 (en) System, method, and computer program product for securing data on a server based on a heuristic analysis
US20210133301A1 (en) System and Method for Enhancing IT System Access Security with Smart Cloud Service
WO2020215905A1 (en) Data delivery method, apparatus, and device, and computer-readable storage medium
US20150113655A1 (en) System, Method and Computer Program Product for Using Opinions Relating to Trustworthiness to Block or Allow Access
CN112733104A (en) Account registration request processing method and device
US11128645B2 (en) Method and system for detecting fraudulent access to web resource
US11949679B1 (en) Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page
US20220256006A1 (en) Methods for controlling tracking elements of a web page and related electronic devices

Legal Events

Date Code Title Description
AS Assignment

Owner name: MCAFEE, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEBIYYAM, GOPI KRISHNA;BASAVAPATNA, PRASANNA GANAPATHI;SIGNING DATES FROM 20070902 TO 20070903;REEL/FRAME:019787/0732

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION