US20150229667A1 - Self-destructing content - Google Patents

Self-destructing content Download PDF

Info

Publication number
US20150229667A1
US20150229667A1 US14/695,500 US201514695500A US2015229667A1 US 20150229667 A1 US20150229667 A1 US 20150229667A1 US 201514695500 A US201514695500 A US 201514695500A US 2015229667 A1 US2015229667 A1 US 2015229667A1
Authority
US
United States
Prior art keywords
content item
client
matched
access
indication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/695,500
Inventor
Shreenidhi Ramarao
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EMC Corp
Original Assignee
EMC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EMC Corp filed Critical EMC Corp
Priority to US14/695,500 priority Critical patent/US20150229667A1/en
Assigned to EMC CORPORATION reassignment EMC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RAMARAO, SHREENIDHI
Publication of US20150229667A1 publication Critical patent/US20150229667A1/en
Assigned to THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT reassignment THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT SECURITY AGREEMENT Assignors: ASAP SOFTWARE EXPRESS, INC., AVENTAIL LLC, CREDANT TECHNOLOGIES, INC., DELL INTERNATIONAL L.L.C., DELL MARKETING L.P., DELL PRODUCTS L.P., DELL SOFTWARE INC., DELL SYSTEMS CORPORATION, DELL USA L.P., EMC CORPORATION, EMC IP Holding Company LLC, FORCE10 NETWORKS, INC., MAGINATICS LLC, MOZY, INC., SCALEIO LLC, SPANNING CLOUD APPS LLC, WYSE TECHNOLOGY L.L.C.
Assigned to CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT reassignment CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: ASAP SOFTWARE EXPRESS, INC., AVENTAIL LLC, CREDANT TECHNOLOGIES, INC., DELL INTERNATIONAL L.L.C., DELL MARKETING L.P., DELL PRODUCTS L.P., DELL SOFTWARE INC., DELL SYSTEMS CORPORATION, DELL USA L.P., EMC CORPORATION, EMC IP Holding Company LLC, FORCE10 NETWORKS, INC., MAGINATICS LLC, MOZY, INC., SCALEIO LLC, SPANNING CLOUD APPS LLC, WYSE TECHNOLOGY L.L.C.
Assigned to EMC IP Holding Company LLC reassignment EMC IP Holding Company LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: EMC CORPORATION
Assigned to ASAP SOFTWARE EXPRESS, INC., CREDANT TECHNOLOGIES, INC., DELL INTERNATIONAL, L.L.C., WYSE TECHNOLOGY L.L.C., EMC IP Holding Company LLC, DELL MARKETING L.P., DELL PRODUCTS L.P., FORCE10 NETWORKS, INC., SCALEIO LLC, MOZY, INC., DELL USA L.P., EMC CORPORATION, DELL SOFTWARE INC., DELL SYSTEMS CORPORATION, MAGINATICS LLC, AVENTAIL LLC reassignment ASAP SOFTWARE EXPRESS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH
Assigned to DELL USA L.P., SCALEIO LLC, DELL INTERNATIONAL L.L.C., DELL PRODUCTS L.P., DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC), DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.) reassignment DELL USA L.P. RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001) Assignors: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT
Assigned to DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.), SCALEIO LLC, DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), DELL USA L.P., DELL INTERNATIONAL L.L.C., EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), DELL PRODUCTS L.P., EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC) reassignment DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.) RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001) Assignors: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • IRM Information rights management
  • FIG. 1 is a block diagram illustrating an embodiment of a content management system.
  • FIG. 2 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • FIG. 3 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • FIG. 4 is a block diagram illustrating an embodiment of a system to protect against unauthorized access to sensitive content.
  • FIG. 5 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • the invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium; and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor.
  • these implementations, or any other form that the invention may take, may be referred to as techniques.
  • the order of the steps of disclosed processes may be altered within the scope of the invention.
  • a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task.
  • the term ‘processor’ refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.
  • Self-destruction of business critical documents is disclosed.
  • self-destruction is triggered based at least in part on security threat pattern matching.
  • an information rights management (IRM) or other service is leveraged to implement and use the disclosed feature. This can prevent documents from falling into the wrong hands based on security threat pattern matching.
  • IRM information rights management
  • Documents protected with this configurable item to be true are protected in various embodiments by a service or other mechanism that results in their self-destruction based on security threat pattern matching.
  • self-destruction may be performed locally, e.g., at a client to which the document or other content has been downloaded, or by operation of a remote service, for example one that renders the document inaccessible at or to a client in response to a security threat pattern being matched.
  • a document is protected with a security restriction to be opened between only certain times in the day, e.g., between LOAM and 11 AM on some given date or day of the week. While the protection was being defined, for example via a content security wizard, the document was marked as “extremely confidential” or some other designation with which self-destruction is associated.
  • a security pattern defined to impose the time/day restriction is determined to be matched, resulting in various embodiments in self-destruction of the document, for example the document is replaced on or as available to the client with content in a format that is not usable at the client.
  • IP Internet protocol
  • a server administrator before self-destructing real time data of who tried to view to document, from which Internet protocol (IP) address, etc. is sent to a server administrator.
  • IP Internet protocol
  • an extracted format of the original document is sent to the IRM server for backup, to protect against loss of the latest version of the document or other content, which once backed up to the server is self-destructed at the client, for example by replacing the document at the client with an unusable format.
  • FIG. 1 is a block diagram illustrating an embodiment of a content management system.
  • a plurality of clients represented in FIG. 1 by clients 102 , 104 , and 106 , access, via network 108 , content associated with a content server 110 and stored in a repository 112 .
  • An IRM server 114 uses IRM data 116 to monitor and control access to and/or use of content made accessible via content server 110 and repository 112 , for example to ensure that content intended to be accessible only to authorized users is only accessed by such users.
  • FIG. 2 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • threat detection criteria are received and stored ( 202 ).
  • an administrative interface is provide to enable an administrator to define the types of security restrictions that users will be provided an opportunity to designate for a document, for example via a security wizard or other interface, in connection with creating and saving the document, such as to a content management system or other repository.
  • a user selects or otherwise specifies a type of protection and, where applicable, associated attributes.
  • a user may select an option to impose a day/time restriction and may enter or otherwise provide values to designate that access is to be provided only at the days and/or times desired, such as weekdays between 9 am and 5 pm.
  • a threat pattern is defined and associated with the document(s) or other content, for example, a rule that is triggered if an attempt is made to access the document at a time or on a day other than as specified.
  • server and/or client side plugins and/or other components may be configured to cause the protected document(s) or other content to self-destruct in the event a threat is detected based on the stored pattern ( 204 ).
  • a client side plugin may be configured to render a copy of the document as stored at the client inaccessible, such as by substituting a document in an unusable format, in response to a threat pattern having been determined to have been matched.
  • FIG. 3 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • documents or other content that has been designated as “business critical” or some other designation associated with a self-destruction protection as disclosed herein is monitored to determine whether associated threat detection criteria (patterns) have been matched ( 302 ). For example, if a day/time of access restriction has been applied, attempts to access the content are monitored and the day/time of any attempt to access is checked against the criteria to determine whether a threat pattern (i.e., attempt to access outside of approved day/time) has been matched.
  • a threat pattern i.e., attempt to access outside of approved day/time
  • the business critical document or in some embodiments all business critical content on that client, if any, is rendered inaccessible at and/or to the client ( 306 ).
  • the protected content may be replaced by content in an unusable format, or a security data (e.g., key or associated data) required to access the content as stored at the client may be rendered inaccessible, unusable, and/or otherwise unavailable at the client.
  • Monitoring of content including by comparing actual access attempts to threat detection patterns, continues unless/until done ( 308 ), for example the system is shut down for maintenance.
  • an unauthorized user who has learned the secret credential of an authorized user may be foiled by techniques disclosed herein. For example, if the unauthorized user were to attempt to use the authorized user's credential to gain access to protected content, for example at a prohibited time or from a prohibited system or location, the unauthorized user, being unaware of the protections disclosed herein, would cause a corresponding threat pattern to be determined to have been matched, resulting in the content being rendered, inaccessible and/or otherwise auto-destructed, to the unauthorized user or others attempting to use the stolen credential.
  • FIG. 4 is a block diagram illustrating an embodiment of a system to protect against unauthorized access to sensitive content.
  • client system 102 includes a communication interface 404 , e.g., a network interface card or other interface, which provides network connectivity via a physical, wireless, or other connection 406 .
  • a client side content application 408 such as a content authoring application running on a content management or other application framework, communicates via the communication interface 404 and connection 406 with a remote content server (not shown in FIG. 4 ) to provide access to content stored in a remote repository with which the content server is associated.
  • a critical content protection plugin (or other software) 410 provides content protection as disclosed herein, including in various embodiments by keeping track of which content at the client, for examples stored in memory, disk, or other storage device 412 , such as by application 408 , has been designated as “critical content”; monitoring to determine whether a threat pattern has been matched (e.g., access attempt outside authorized time of day); and causing self-destruction of critical content upon determining that a threat pattern has been matched (e.g., replacing critical content as stored on storage device 412 with an unusable format.
  • FIG. 5 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • the process of FIG. 5 is implemented by a client side plugin and/or other client side component, such as critical content protection plugin 410 of FIG. 4 .
  • the current content i.e., most recently updated and/or saved locally at the client
  • a remote server e.g., an IRM server, content server, or other server
  • Data associated with the access attempt that trigger the threat pattern match determination is collected and reported, e.g., to the IRM server ( 506 ).
  • the content is rendered inaccessible at the client ( 508 ), e.g., replaced by an unusable format, etc.
  • techniques disclosed herein will ensure, or at least reduce the possibility, that a business critical document or other content, like a new product design, a new drug composition etc., will not fall into the wrong hands, thereby helping companies avoid potentially huge financial and/or other losses.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Protecting sensitive content, such as business critical documents or other computer files, is disclosed. In various embodiments, upon receiving an indication that a threat pattern associated with a content item has been matched, the protected content “self-destructs”, such as y rendering the content item inaccessible, e.g., at a client and or to a particular user or group of users.

Description

    CROSS REFERENCE TO OTHER APPLICATIONS
  • This application is a continuation of co-pending U.S. patent application Ser. No. 13/630,887, entitled SELF-DESTRUCTING CONTENT filed Sep. 28, 2012 which is incorporated herein by reference for all purposes.
    • BACKGROUND OF THE INVENTION
  • Security of the business critical documents that are sent or shared over network like a new product design is important. Files falling into the possession of unintended users (internal or external, hackers, competitors, etc.) might result in significant competitive, financial, or other damage or loss to an enterprise. Information rights management (IRM) and other techniques may be used to protect documents, but in typical approaches it may be possible for an unintended user to receive an IRM-protected (or other protected) copy and a malicious user may gain access to the authorized user's credential or may be able to use offline tools to gain unprotected access to the content.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Various embodiments of the invention are disclosed in the following detailed description and the accompanying drawings.
  • FIG. 1 is a block diagram illustrating an embodiment of a content management system.
  • FIG. 2 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • FIG. 3 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
  • FIG. 4 is a block diagram illustrating an embodiment of a system to protect against unauthorized access to sensitive content.
  • FIG. 5 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content.
    •  DETAILED DESCRIPTION
  • The invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium; and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention. Unless stated otherwise, a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task. As used herein, the term ‘processor’ refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.
  • A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.
  • Self-destruction of business critical documents is disclosed. In various embodiments, self-destruction is triggered based at least in part on security threat pattern matching. In some embodiments, an information rights management (IRM) or other service is leveraged to implement and use the disclosed feature. This can prevent documents from falling into the wrong hands based on security threat pattern matching.
  • In some embodiments, there is a configurable field in the protection wizard for a document which if set results in the document being treated as extremely confidential. Documents protected with this configurable item to be true are protected in various embodiments by a service or other mechanism that results in their self-destruction based on security threat pattern matching. In various embodiments, self-destruction may be performed locally, e.g., at a client to which the document or other content has been downloaded, or by operation of a remote service, for example one that renders the document inaccessible at or to a client in response to a security threat pattern being matched.
  • The following are some of the variables that may be considered to develop a security threat pattern (single variable or multiple variables) in various embodiments: time restrictions, network restrictions, permissions, user restrictions, wrong password attempts, etc. By way of example, a document is protected with a security restriction to be opened between only certain times in the day, e.g., between LOAM and 11 AM on some given date or day of the week. While the protection was being defined, for example via a content security wizard, the document was marked as “extremely confidential” or some other designation with which self-destruction is associated. If anyone tries to open this document apart from the authorized time and day, a security pattern defined to impose the time/day restriction is determined to be matched, resulting in various embodiments in self-destruction of the document, for example the document is replaced on or as available to the client with content in a format that is not usable at the client. In some embodiments, before self-destructing real time data of who tried to view to document, from which Internet protocol (IP) address, etc. is sent to a server administrator. In some embodiments, an extracted format of the original document is sent to the IRM server for backup, to protect against loss of the latest version of the document or other content, which once backed up to the server is self-destructed at the client, for example by replacing the document at the client with an unusable format.
  • FIG. 1 is a block diagram illustrating an embodiment of a content management system. In the example shown, a plurality of clients, represented in FIG. 1 by clients 102, 104, and 106, access, via network 108, content associated with a content server 110 and stored in a repository 112. An IRM server 114 uses IRM data 116 to monitor and control access to and/or use of content made accessible via content server 110 and repository 112, for example to ensure that content intended to be accessible only to authorized users is only accessed by such users.
  • FIG. 2 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content. In the example shown, threat detection criteria are received and stored (202). For example, in some embodiments, an administrative interface is provide to enable an administrator to define the types of security restrictions that users will be provided an opportunity to designate for a document, for example via a security wizard or other interface, in connection with creating and saving the document, such as to a content management system or other repository. In connection with configuring protection for a particular document, folder, or other content or set of content, a user selects or otherwise specifies a type of protection and, where applicable, associated attributes. For example, in one of the examples mentioned above a user may select an option to impose a day/time restriction and may enter or otherwise provide values to designate that access is to be provided only at the days and/or times desired, such as weekdays between 9 am and 5 pm. In response to the designation, a threat pattern is defined and associated with the document(s) or other content, for example, a rule that is triggered if an attempt is made to access the document at a time or on a day other than as specified. In various embodiments, server and/or client side plugins and/or other components may be configured to cause the protected document(s) or other content to self-destruct in the event a threat is detected based on the stored pattern (204). For example, a client side plugin may be configured to render a copy of the document as stored at the client inaccessible, such as by substituting a document in an unusable format, in response to a threat pattern having been determined to have been matched.
  • FIG. 3 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content. In the example shown, documents or other content that has been designated as “business critical” or some other designation associated with a self-destruction protection as disclosed herein is monitored to determine whether associated threat detection criteria (patterns) have been matched (302). For example, if a day/time of access restriction has been applied, attempts to access the content are monitored and the day/time of any attempt to access is checked against the criteria to determine whether a threat pattern (i.e., attempt to access outside of approved day/time) has been matched. By way of further example, if a document is restricted to being accessed by nodes using an IP or other address, such as one in a statically configured and approved address range, then an attempt to access the document from a client having an IP address not in the approved range would trigger a determination that a threat pattern has been matched. Upon detecting a threat (304), the business critical document, or in some embodiments all business critical content on that client, if any, is rendered inaccessible at and/or to the client (306). For example, the protected content may be replaced by content in an unusable format, or a security data (e.g., key or associated data) required to access the content as stored at the client may be rendered inaccessible, unusable, and/or otherwise unavailable at the client. Monitoring of content, including by comparing actual access attempts to threat detection patterns, continues unless/until done (308), for example the system is shut down for maintenance.
  • Note that in various embodiments even an unauthorized user who has learned the secret credential of an authorized user may be foiled by techniques disclosed herein. For example, if the unauthorized user were to attempt to use the authorized user's credential to gain access to protected content, for example at a prohibited time or from a prohibited system or location, the unauthorized user, being unaware of the protections disclosed herein, would cause a corresponding threat pattern to be determined to have been matched, resulting in the content being rendered, inaccessible and/or otherwise auto-destructed, to the unauthorized user or others attempting to use the stolen credential.
  • FIG. 4 is a block diagram illustrating an embodiment of a system to protect against unauthorized access to sensitive content. In the example shown, client system 102 includes a communication interface 404, e.g., a network interface card or other interface, which provides network connectivity via a physical, wireless, or other connection 406. A client side content application 408, such as a content authoring application running on a content management or other application framework, communicates via the communication interface 404 and connection 406 with a remote content server (not shown in FIG. 4) to provide access to content stored in a remote repository with which the content server is associated. A critical content protection plugin (or other software) 410 provides content protection as disclosed herein, including in various embodiments by keeping track of which content at the client, for examples stored in memory, disk, or other storage device 412, such as by application 408, has been designated as “critical content”; monitoring to determine whether a threat pattern has been matched (e.g., access attempt outside authorized time of day); and causing self-destruction of critical content upon determining that a threat pattern has been matched (e.g., replacing critical content as stored on storage device 412 with an unusable format.
  • FIG. 5 is a flow chart illustrating an embodiment of a process to protect against unauthorized access to sensitive content. In some embodiments, the process of FIG. 5 is implemented by a client side plugin and/or other client side component, such as critical content protection plugin 410 of FIG. 4. In the example shown in FIG. 5, upon detecting a threat at a protected client (502), the current content (i.e., most recently updated and/or saved locally at the client) is extracted and sent to a remote server, e.g., an IRM server, content server, or other server, for backup (504). Data associated with the access attempt that trigger the threat pattern match determination is collected and reported, e.g., to the IRM server (506). The content is rendered inaccessible at the client (508), e.g., replaced by an unusable format, etc.
  • In various embodiments, techniques disclosed herein will ensure, or at least reduce the possibility, that a business critical document or other content, like a new product design, a new drug composition etc., will not fall into the wrong hands, thereby helping companies avoid potentially huge financial and/or other losses.
  • Although the foregoing embodiments have been described in some detail for purposes of clarity of understanding, the invention is not limited to the details provided. There are many alternative ways of implementing the invention. The disclosed embodiments are illustrative and not restrictive.

Claims (24)

What is claimed is:
1. A method of protecting content, comprising:
receiving, at a processor, an indication that a threat pattern associated with a content item has been matched, wherein the threat pattern includes an unauthorized attempt to access the content item; and
in response to receiving the indication that the threat pattern associated with the content item has been matched,
sending, to a remote server, a latest version of the content item as stored at a client, and
auto-destructing the content item in a selected manner that corresponds to the matched threat pattern to render the content item inaccessible at the client.
2. The method of claim 1, wherein the selected manner of auto-destructing the content item includes overwriting the content item as stored at the client.
3. The method of claim 1, wherein the selected manner of auto-destructing the content item includes replacing the content item as stored at the client with an unusable format.
4. The method of claim 1, wherein the selected manner of auto-destructing the content item includes deleting a security data required to access the content item as stored at the client.
5. The method of claim 4, wherein the security data is associated with a key required to decrypt the content item.
6. The method of claim 1, wherein the sending of the latest version of the content item as stored at the client comprises extracting the content item.
7. The method of claim 1, further comprising monitoring attempts to access the content item to determine whether the threat pattern has been matched.
8. The method of claim 1, further comprising configuring the client to monitor the content item as stored at the client to determine whether the threat pattern has been matched.
9. The method of claim 8, wherein configuring the client to monitor the content item as stored at the client includes installing a critical content protection plugin at the client.
10. The method of claim 1, wherein the indication that a threat pattern associated with a content item has been matched comprises an indication that an attempt has been made to access the content item at a time that was not an authorized time.
11. The method of claim 1, wherein the indication that a threat pattern associated with a content item has been matched comprises an indication that an attempt has been made to access the content item using a system that was not an authorized system from which to access the content item.
12. The method of claim 11, wherein the indication comprises at least in part an attempt to access the content item from an IP or other address that is not authorized.
13. The method of claim 1, wherein the indication that a threat pattern associated with a content item has been matched comprises an indication that an attempt has been made to perform with respect to the content item an operation that is not authorized to be performed at the client.
14. The method of claim 13, wherein the operation comprises one or more of the following: a cut operation; a copy operation; a file copy operation; an operation to open the content item using an application or reader that is not authorized; and attaching the content item to an email or other external communication.
15. The method of claim 1, wherein the indication that a threat pattern associated with a content item has been matched comprises an indication that an attempt has been made to access the content item at a location that was not an authorized location.
16. The method of claim 1, wherein before the content item is self-destructed, real time data of a party that attempted to access the content item is sent to one or more of a remote server or an administrator.
17. The method of claim 1, wherein auto-destructing of the content item comprises replacing the content item with content in an unusable format.
18. The method of claim 1, wherein auto-destructing of the content item comprises replacing the security data that is required to access the content item is rendered one or more of inaccessible, unusable, or unavailable at the client.
19. A system, comprising:
a storage device configured to store a content item; and
a processor coupled to the storage device and configured to:
receive an indication that a threat pattern associated with the content item has been matched, wherein the threat pattern includes an unauthorized attempt to access the content item; and
in response to receiving the indication that the threat pattern associated with the content item has been matched,
send, to a remote server, a latest version of the content item as stored at a client, and
auto-destruct the content item in a selected manner that corresponds to the matched threat pattern to render the content item inaccessible.
20. The system of claim 15, wherein the selected manner of auto-destructing the content item includes replacing the content item as stored at the client with an unusable format.
21. The system of claim 15, wherein the selected manner of auto-destructing the content item includes deleting a security data required to access the content item as stored at the client.
22. The system of claim 15, wherein the processor is further configured to extract the content item in connection with sending the latest version of the content item to the remote server.
23. The system of claim 15, wherein the processor is further configured to monitor attempts to access the content item to determine whether the threat pattern has been matched.
24. A computer program product to protect content, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
receiving an indication that a threat pattern associated with a content item has been matched, wherein the threat pattern includes an unauthorized attempt to access the content item; and
in response to receiving the indication that the threat pattern associated with the content item has been matched,
sending, to a remote server, a latest version of the content item as stored at a client, and
auto-destructing the content item in a selected manner that corresponds to the matched threat pattern to render the content item inaccessible at the client.
US14/695,500 2012-09-28 2015-04-24 Self-destructing content Abandoned US20150229667A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/695,500 US20150229667A1 (en) 2012-09-28 2015-04-24 Self-destructing content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/630,887 US9043943B1 (en) 2012-09-28 2012-09-28 Self-destructing content
US14/695,500 US20150229667A1 (en) 2012-09-28 2015-04-24 Self-destructing content

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/630,887 Continuation US9043943B1 (en) 2012-09-28 2012-09-28 Self-destructing content

Publications (1)

Publication Number Publication Date
US20150229667A1 true US20150229667A1 (en) 2015-08-13

Family

ID=53176534

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/630,887 Active 2032-09-29 US9043943B1 (en) 2012-09-28 2012-09-28 Self-destructing content
US14/695,500 Abandoned US20150229667A1 (en) 2012-09-28 2015-04-24 Self-destructing content

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/630,887 Active 2032-09-29 US9043943B1 (en) 2012-09-28 2012-09-28 Self-destructing content

Country Status (1)

Country Link
US (2) US9043943B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023164221A1 (en) * 2022-02-28 2023-08-31 Docusign, Inc. Querying agreement document models in a document management system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9645757B2 (en) 2015-03-23 2017-05-09 International Business Machines Corporation Computer memory data security

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129152A1 (en) * 2001-03-08 2002-09-12 International Business Machines Corporation Protecting contents of computer data files from suspected intruders by programmed file destruction
US20060020829A1 (en) * 1999-04-16 2006-01-26 Tomoyuki Asano Copy protection using detailed copy control information
US20080147595A1 (en) * 2006-12-15 2008-06-19 International Business Machines Corporation Self-protecting database tables
US20090151005A1 (en) * 2007-12-05 2009-06-11 International Business Machines Corporation Method for identity theft protection with self-destructing information
US20100031093A1 (en) * 2008-01-29 2010-02-04 Inventec Corporation Internal tracing method for network attack detection
US7830399B2 (en) * 2000-10-04 2010-11-09 Shutterfly, Inc. System and method for manipulating digital images
US20120278579A1 (en) * 2011-04-29 2012-11-01 Seagate Technology Llc Self-Initiated Secure Erasure Responsive to an Unauthorized Power Down Event
US8516590B1 (en) * 2009-04-25 2013-08-20 Dasient, Inc. Malicious advertisement detection and remediation
US8812875B1 (en) * 2010-04-12 2014-08-19 Stephen Melvin Virtual self-destruction of stored information

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1202148A1 (en) * 2000-10-31 2002-05-02 Hewlett-Packard Company, A Delaware Corporation Virus check on altered data
US8370644B2 (en) * 2008-05-30 2013-02-05 Spansion Llc Instant hardware erase for content reset and pseudo-random number generation

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060020829A1 (en) * 1999-04-16 2006-01-26 Tomoyuki Asano Copy protection using detailed copy control information
US7830399B2 (en) * 2000-10-04 2010-11-09 Shutterfly, Inc. System and method for manipulating digital images
US20020129152A1 (en) * 2001-03-08 2002-09-12 International Business Machines Corporation Protecting contents of computer data files from suspected intruders by programmed file destruction
US20080147595A1 (en) * 2006-12-15 2008-06-19 International Business Machines Corporation Self-protecting database tables
US20090151005A1 (en) * 2007-12-05 2009-06-11 International Business Machines Corporation Method for identity theft protection with self-destructing information
US20100031093A1 (en) * 2008-01-29 2010-02-04 Inventec Corporation Internal tracing method for network attack detection
US8516590B1 (en) * 2009-04-25 2013-08-20 Dasient, Inc. Malicious advertisement detection and remediation
US8812875B1 (en) * 2010-04-12 2014-08-19 Stephen Melvin Virtual self-destruction of stored information
US20120278579A1 (en) * 2011-04-29 2012-11-01 Seagate Technology Llc Self-Initiated Secure Erasure Responsive to an Unauthorized Power Down Event

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023164221A1 (en) * 2022-02-28 2023-08-31 Docusign, Inc. Querying agreement document models in a document management system

Also Published As

Publication number Publication date
US9043943B1 (en) 2015-05-26

Similar Documents

Publication Publication Date Title
Chen et al. Uncovering the face of android ransomware: Characterization and real-time detection
Seemma et al. Overview of cyber security
US10264104B2 (en) Systems and methods for malicious code detection accuracy assurance
CN112217835B (en) Message data processing method and device, server and terminal equipment
Viega Building security requirements with CLASP
KR101373542B1 (en) System for Privacy Protection which uses Logical Network Division Method based on Virtualization
EP3465519B1 (en) System and method for bridging cyber-security threat intelligence into a protected system using secure media
CN102799539A (en) Safe USB flash disk and data active protection method thereof
Ibarra et al. Ransomware impact to SCADA systems and its scope to critical infrastructure
Patel et al. A malicious activity monitoring mechanism to detect and prevent ransomware
Patil Madhubala Survey on security concerns in Cloud computing
US20150229667A1 (en) Self-destructing content
Data Georgia
Diwan An experimental analysis of security vulnerabilities in industrial internet of things services
Zeybek et al. A study on security awareness in mobile devices
Jarvis et al. Inside a targeted point-of-sale data breach
Sharma et al. Smartphone security and forensic analysis
Kang et al. A study on the needs for enhancement of personal information protection in cloud computing security certification system
Wang et al. MobileGuardian: A security policy enforcement framework for mobile devices
Egerton et al. Applying zero trust security principles to defence mechanisms against data exfiltration attacks
US20190347384A1 (en) Systems and methods for securing and controlling access to electronic data, electronic systems, and digital accounts
CN112651023A (en) Method for detecting and preventing malicious Lego software attacks
JP2005227866A (en) Operation management apparatus, operation content judgment method, operation managing program, operation management system, and client terminal
Novakovic et al. Detection of URL-based Phishing Attacks Using Neural Networks
Syambas et al. Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics.

Legal Events

Date Code Title Description
AS Assignment

Owner name: EMC CORPORATION, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RAMARAO, SHREENIDHI;REEL/FRAME:035519/0646

Effective date: 20120927

AS Assignment

Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040136/0001

Effective date: 20160907

Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040134/0001

Effective date: 20160907

Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLAT

Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040134/0001

Effective date: 20160907

Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., A

Free format text: SECURITY AGREEMENT;ASSIGNORS:ASAP SOFTWARE EXPRESS, INC.;AVENTAIL LLC;CREDANT TECHNOLOGIES, INC.;AND OTHERS;REEL/FRAME:040136/0001

Effective date: 20160907

AS Assignment

Owner name: EMC IP HOLDING COMPANY LLC, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EMC CORPORATION;REEL/FRAME:040203/0001

Effective date: 20160906

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION

AS Assignment

Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: SCALEIO LLC, MASSACHUSETTS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: MOZY, INC., WASHINGTON

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: MAGINATICS LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: FORCE10 NETWORKS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: EMC IP HOLDING COMPANY LLC, TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: EMC CORPORATION, MASSACHUSETTS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL SYSTEMS CORPORATION, TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL SOFTWARE INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL PRODUCTS L.P., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL MARKETING L.P., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL INTERNATIONAL, L.L.C., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: DELL USA L.P., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: CREDANT TECHNOLOGIES, INC., TEXAS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: AVENTAIL LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

Owner name: ASAP SOFTWARE EXPRESS, INC., ILLINOIS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058216/0001

Effective date: 20211101

AS Assignment

Owner name: SCALEIO LLC, MASSACHUSETTS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC), MASSACHUSETTS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL PRODUCTS L.P., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL INTERNATIONAL L.L.C., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL USA L.P., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040136/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061324/0001

Effective date: 20220329

AS Assignment

Owner name: SCALEIO LLC, MASSACHUSETTS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: EMC IP HOLDING COMPANY LLC (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MOZY, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: EMC CORPORATION (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO MAGINATICS LLC), MASSACHUSETTS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO FORCE10 NETWORKS, INC. AND WYSE TECHNOLOGY L.L.C.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL PRODUCTS L.P., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL INTERNATIONAL L.L.C., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL USA L.P., TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL MARKETING L.P. (ON BEHALF OF ITSELF AND AS SUCCESSOR-IN-INTEREST TO CREDANT TECHNOLOGIES, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329

Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO ASAP SOFTWARE EXPRESS, INC.), TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (045455/0001);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:061753/0001

Effective date: 20220329