WO2010030871A2 - Procédés et systèmes pour effectuer des consultations d'empreintes digitales par l'intermédiaire d'agents à distance - Google Patents

Procédés et systèmes pour effectuer des consultations d'empreintes digitales par l'intermédiaire d'agents à distance Download PDF

Info

Publication number
WO2010030871A2
WO2010030871A2 PCT/US2009/056651 US2009056651W WO2010030871A2 WO 2010030871 A2 WO2010030871 A2 WO 2010030871A2 US 2009056651 W US2009056651 W US 2009056651W WO 2010030871 A2 WO2010030871 A2 WO 2010030871A2
Authority
WO
WIPO (PCT)
Prior art keywords
organization
computer implemented
protecting
recited
secure information
Prior art date
Application number
PCT/US2009/056651
Other languages
English (en)
Other versions
WO2010030871A3 (fr
Inventor
Scott More
Ilya Beyer
Daniel Christopher John Sweeting
Original Assignee
Workshare Technology, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/209,096 external-priority patent/US9473512B2/en
Application filed by Workshare Technology, Inc. filed Critical Workshare Technology, Inc.
Publication of WO2010030871A2 publication Critical patent/WO2010030871A2/fr
Publication of WO2010030871A3 publication Critical patent/WO2010030871A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Definitions

  • the present invention relates to information security and more specifically it relates to systems and methods for detecting and preventing unauthorized disclosure of secure information. Furthermore, the present invention pertains to implementing fingerprint lookups across remote agents connected to a network.
  • One solution to this challenge is to generate fingerprints from all of the digital information that the organization seeks to protect. These fingerprints tersely and securely represent the organization's secure data, and can be maintained in a database for later verification against the information that a user desires to disclose.
  • fingerprints are generated for the user's information, and these fingerprints are compared against the fingerprints stored in the fingerprint database. If the fingerprints of the user's information matches with fingerprints contained in the fingerprint server, suitable security actions are performed.
  • the user has at his disposal myriad options to disclose the information outside of the organization's protected environment.
  • the user could copy the digital information from his computer to a removable storage medium (e.g., a floppy drive, a USB storage device, etc.), or the user could email the information from his computer through the organization's email server, or the user could print out the information by sending a print request through the organization's print server, etc. Therefore, it is imperative to monitor the user's activity through each of these egress points.
  • a removable storage medium e.g., a floppy drive, a USB storage device, etc.
  • the information that is transmitted through any of the organization's egress points needs to be converted to fingerprints and compared against the fingerprints contained in the organization's fingerprint database.
  • One way of achieving this would be by replicating and maintaining a plurality of fingerprint database at the locations containing egress points (e.g., at the print server, at the email server, at the user's desktop computer, etc.). This can be achieved by means of database replication, agent polling, diff sync pushes from a central fingerprint server, etc.
  • the fingerprints in the fingerprint database may also contain additional metadata (e.g., to indicate the location of the fingerprint within a document, to indicate the origin information of the document, etc.), further increasing the size of the individual fingerprint databases, thus further exacerbating the cost and difficulties associated with maintaining a plethora of individual fingerprint databases.
  • the present invention provides methods and systems to implement a protect agent across various egress points of an organization's computing environment.
  • egress points include a printer or a removable storage device (e.g., a USB flash memory drive, CD drive, etc.) connected to a user's desktop computer through which the user could potentially transmit secure information outside of the organization's protected environment.
  • the protect agents monitor activity across all egress points, and receive any information that a user intends to disclose through the egress points.
  • the protect agents generate fingerprints from the received user information and transmit that information to a fingerprint server to do fingerprint lookups.
  • the fingerprint server contains at least one copy of a registered fingerprint database.
  • the registered fingerprint database comprises registered fingerprints generated from all of the organization's secure information.
  • the fingerprint server and the protect agents communicate through a network to which they are connected.
  • the network could either be a local network specific to the organization or could be the public internet.
  • the network could also be a combination of the local network and the public internet.
  • the fingerprint server receives client fingerprints transmitted by the protect agents.
  • the fingerprint server does a lookup of the client fingerprints by comparing the client fingerprints against the registered fingerprints contained in the registered fingerprint database.
  • the fingerprint server reports the results of the lookup by communicating the results of the comparison back to the protect agent that transmitted the client fingerprints.
  • the protect agent then initiates one or more security actions based on the results of the lookup.
  • An important feature of the present invention is that the registered fingerprints are maintained at a remote location (e.g., at the fingerprint servers connected to the network). This obviates the need to maintain numerous redundant copies of the registered fingerprints locally at the location of every protect agent. Maintaining remote central copies of the registered fingerprints also allows the registered fingerprint database to be updated and version controlled more efficiently.
  • FIG. 1 illustrates an overall embodiment of a remote agent fingerprint lookup system
  • FIG. 2 is a flowchart depicting one embodiment of a method to achieve fingerprinting across remote agents
  • FIG. 3 is a flowchart illustrating a method to use remote agent lookups for the purpose of taking appropriate security actions
  • FIG. 4 is a flowchart depicting an embodiment of a combined remote agent lookup method, where a combination of a local network and the public internet is utilized for remote lookups.
  • Fig. 1 shows one example of an overall setup to implement remote agent lookups.
  • One of the means by which a user can disclose digital information outside of the organization's perimeter is by disclosing the information through his computer system 110.
  • Examples of such a computer system include a desktop computer, a laptop, a PDA or any such device that allows a user to access the organization's information, hi one embodiment, the computing system 110 is connected to a network 125.
  • the computing system 110 comprises the desktop/laptop computer 111 through which the user accesses the organization's secure information. The user would be able to transfer information outside of the organization by transferring the information to any medium connected to the computer.
  • Such points at which information can be transferred outside of the organization's protected environment are called egress points.
  • Examples of transferring data at egress points include copying the information from the computer to a CD disk 112 or any other optical storage medium, copying the information to a floppy drive 113 or any other tape medium, copying the information to a USB key 114 or other flash based storage medium, transferring the information by printing the information using a printer 115, copying information to the clipboard 115a of the local operating system, etc. In such an event, all the information that is transmitted through the computer 111 needs to be monitored to ensure that secure or sensitive information does not get transferred.
  • the various egress points of the computer 111 are monitored to detect any activity that purports to disclose information through the egress points.
  • a software agent called the protect agent 116, is run on the computer 111 to monitor activity at the egress points (112, 113, 114, 115, 115a) associated with the computer 111.
  • each of these computer systems 110, 116, 117, 118
  • the protect agent 116 is a set of computer instructions or a computer implemented program available on a memory location (e.g., on a magnetic tape drive, a flash memory drive, etc.) at the site of the protect agent 116.
  • the protect agents are also installed on other vulnerable egress points across the organization.
  • a vulnerable egress point includes one or more email server systems 118 connected to the network.
  • the email server 119 handles and routes the emails sent out and received by the organization.
  • the protect agent 120 installed on the email server 119 monitors the emails desired to be sent out of the organization through the email server.
  • Another example of a vulnerable egress point could be a print server 121 connected to the organization's network.
  • a protect agent 123 connected to the print server 122 monitors print jobs sent by the users to the printers connected to the network.
  • Additional examples of vulnerable egress points include network appliance systems 126.
  • a protect agent 128 is installed in each network appliance 127 to ensure that information disclosed through a particular network appliance 127 is monitored.
  • Examples of using network appliances 126 to transfer data include sharing of data over a network share medium, data transferred at the socket or TCP layer of the network, etc.
  • the egress points also include other porous environments through which information can be disclosed by the user beyond the secure environment of the organization.
  • the computer systems and all other systems representing egress points are centrally connected to a network 125.
  • the network includes a local network. This includes a network that is managed and maintained locally by the organization.
  • the network could also be the internet.
  • each of the egress point systems could be directly and individually connected to the internet, or could be connected to a local network or a cluster of local networks, with each of the local networks communicating with each other through the internet.
  • Other combinations of the egress point systems within the local network and the internet are possible and such combinations will be apparent to a person of skill in the art.
  • a hosted fingerprint server is similar to the fingerprint server connected to a local network in that it contains at least one copy of the database of registered fingerprints (corresponding to the secure information of an organization). However, the difference is that the hosted fingerprint server is publicly accessible over the internet.
  • One advantage of using a hosted fingerprint server is that an organization does not have to deploy and manage one or more server appliances within its networks. Some small organizations may not even have infrastructure to maintain a network and host a fingerprint server, but may still require their secure information to be protected. In such cases, the support and manageability of the fingerprint server can be done by even a third party provider who provides the service of a hosted fingerprint server.
  • a hosted fingerprint service enables protect agents to behave consistently in mobile environments, with the same fingerprint lookups happening inside and outside of the organization. For example, a laptop user can be blocked from emailing confidential files while using a wireless internet connection in a cafe. In this case, the protect agent can still communicate with the publicly accessible hosted fingerprint service.
  • a provider offering a hosted fingerprint service can also support multi-tenancy services, whereby the provider shares the hosted fingerprint server's resources across different organizations and cutting down on costs. In one embodiment, this would allow fingerprint databases for multiple organizations to reside on the same server.
  • Fig. 1 illustrates a plurality of fingerprint servers (131-135) connected to the network.
  • the protect agent located at each of the egress points collect the information that the user intends to disclose and transmit such information to the fingerprint server domain 140.
  • One embodiment of the fingerprint server domain 140 includes one or more fingerprint servers directly connected to the network (not shown in Fig. 1), such that it directly receives the information transmitted by each protect agent.
  • one or more fingerprint servers (131 - 135) are connected to a fingerprint server router 130, such that more protect agents can be served with improved efficiency and reduced latency.
  • the fingerprint server router 130 is connected to the network and serves as the gatekeeper for all the information received from the various protect agents through the network 125.
  • One of the functions of the fingerprint server router 130 is to collect performance and logistics information from each of the fingerprint servers and route any information received from the protect agents to the fingerprint server that is least busy, hi one embodiment, the fingerprint servers could be located at different geographical locations (not shown in Fig. 1) and connect to the fingerprint server router 130 through the network. This distributed model would allow organizations to run protect agents with minimal performance lag across geographically diverse locations, such that information from the protect agents are routed to the most optimal fingerprint server.
  • every fingerprint server contains at least one fingerprint database.
  • the fingerprint data base is a repository of fingerprints representing the secure information that the organization intends to protect.
  • the fingerprint server router 130 is responsible for keeping the redundant fingerprint databases in every fingerprint server up to date. It should be noted that the fingerprint server router is not imperative to maintaining a distributed fingerprint server array. Any other means known in the art through which a distributed network can be achieved can be employed in the place of the fingerprint server router 130. More information on fingerprints and the generation of fingerprints is provided further below.
  • Fig. 2 is a flowchart depicting one embodiment of a method to achieve fingerprinting across remote agents, hi this method, a protect agent is first installed 210 at the location of the various egress points.
  • the protect agent could be installed include a desktop computer, a print server, an email server, etc.
  • the protect agent is a set of instructions or software modules copied to a physical memory on the egress point location. Examples of the physical memory include magnetic tapes, optical disks, flash memory devices, etc.
  • a protect agent installed on a desktop computer would monitor all print jobs sent by the user to a printer directly attached to the desktop computer. In the course of monitoring the activity at egress points, the protect agent receives the information 215 that the user intends to disclose through one of the egress points.
  • the protect agent then transmits the user input information to the fingerprint server connected to the network.
  • the protect agent transmits this information through the network.
  • the mechanism through which the protect agent and the fingerprint server communicate includes web service calls.
  • the web service call standard or a similar standard allows interoperability between different operating systems and computer language environments. These standards also allow the fingerprint lookups to operate as a service that can be published and integrated with third-parties.
  • the network could either be a local network maintained by the organization, or could be the public internet, or a combination of the local network and the public internet.
  • the information transmitted by the protect agent to the fingerprint server could be in several formats.
  • the protect agent directly transmits the digital information 220 that the user intends to disclose.
  • digital information include text files, audio files, video files, etc.
  • These examples also include other forms of data, such as software code, design data (e.g., VLSI or CAD design files), or any other digital form of data that an organization wishes to protect, hi such cases, the protect agent transmits the information as-is, or encrypts the files before transmission to ensure the security of the transmitted information.
  • the encryption can be done with any of the standard encryption algorithms known to people skilled in the art.
  • the protect agent converts the information received from the user to a raw text format 225 before transmission to the fingerprint server.
  • One advantage of converting the files to raw text is that it decreases the size of the file being sent over, thus reducing network congestion and file lookup latency. Additionally, processing the files at the site of the protect agents relieves the fingerprint server of some of the computational burden from handling the user input information received from all protect agents.
  • the protect agents may additionally encrypt the raw text before transmission.
  • the protect agent converts the digital information to fingerprints 230 before transmission to the fingerprint server. Fingerprinting the information helps achieve a file size reduction, thus ensuring the advantages of reducing network congestion and lookup latency.
  • the fingerprint servers are also freed up from the task of generating fingerprints, and therefore are relieved from the computational burden imposed by the several protect agents they communicate with. Additionally, because the fingerprints inherently add security to the information being transmitted, this method obviates the need for additional encryption of the transmitted files.
  • the fingerprint server receives the information transmitted by the protect agent. If the information received is not in the form of fingerprints, the fingerprint server generates the fingerprints after receiving the information from the protect agent. Otherwise, the received fingerprints are used as-is.
  • the fingerprint server contains a database of fingerprints that represent the secure information for a particular organization.
  • the fingerprint server is primarily a computer capable of performing arithmetic and logic operations.
  • the fingerprint server compares the fingerprints associated with the user input information (the client fingerprints) with the fingerprints contained in the fingerprint server 235. Based on the results of the comparison, the fingerprint server generates a comparison analysis and transmits this analysis back to the protect agent 240.
  • the fingerprint server contains a set of instructions or suitable software available in one of its memory locations to perform the comparison analysis. After completing the comparison analysis, the fingerprint server transmits the data to the protect agent utilizing the network.
  • Fig. 3 is a flowchart depicting another embodiment of a method to achieve fingerprinting across remote agents.
  • protect agents are first installed at various egress point locations 310.
  • the protect agents residing at the location of the egress points receive the information a user intends to disclose through those particular egress points 315.
  • the protect agent generates fingerprints from information that the user desires to disclose 315.
  • the protect agent transmits the fingerprints to the fingerprint server, utilizing the network 330.
  • the network as discussed above, could either be a local network 335 or the public internet 340.
  • the fingerprint server is at a location remote from the protect agents. This fingerprint server contains a database of registered fingerprints 325.
  • the registered fingerprints represent the secure digital information of a particular organization.
  • the fingerprint server receives the fingerprints transmitted by the protect agents (the client fingerprints), and compares the received fingerprints with the registered fingerprints 345. The fingerprint server then transmits the results of the comparison back to the protect agent. If the protect agent receives information that one or more client fingerprints match the registered fingerprints, it takes an appropriate security action 350.
  • Some examples of the security action include preventing the information from being transmitted out through the associated egress point, sending out a security alert to a system administrator, revoking the user's access to the particular information, alerting the user of the security violation, etc.
  • the security actions may also include integration with third party software to offer security solutions (e.g., integration with Microsoft Windows® RMS to apply rights management to the information being disclosed). It is understood that these examples of security actions are used for illustrative purposes only, and that other security actions known to people skilled in the art are equally applicable here.
  • Fig. 4 is a flowchart depicting an embodiment of a combined network, where a combination of a local network and the public internet is utilized by the remote protect agents.
  • the protect agents are installed at every egress point at the client side 410.
  • the protect agents monitor activity on the client, and receive information that a user intends to disclose outside of the organization through one of the egress points 415.
  • the protect agents generate fingerprints from the digital information input by the user 420. Redundant copies of the fingerprint database are maintained on several fingerprint serves such that at least one fingerprint server is connected to the local network 455, 450, and at least one fingerprint server is available as a hosted service connected to the internet 430, 435.
  • the protect agent determines whether the client is connected to a local network 425. If the protect agent determines that the client is connected to the local network, it transmits the fingerprints to the fingerprint server connected to the local network. The fingerprint server connected to the local network compares the fingerprints received from the client against the registered fingerprints contained in the fingerprint server 445. On the other hand, if the protect agent determines that the client is not connected to the local network (e.g., when the user uses his laptop computer from a public cafe), the fingerprints corresponding to information he attempts to disclose are transmitted to the hosted fingerprint server connected to the internet. This hosted fingerprint server compares the client fingerprints against the registered fingerprints to determine if there are any matches 445. If a match is detected by either fingerprint server, a suitable security action is taken 460.
  • This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer.
  • a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, each coupled to a computer system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne des procédés et des systèmes pour protéger les informations sécurisées d'un organisme contre une présentation non autorisée. Le présent système utilise des agents de protection installés à divers points de sortie (par exemple, un serveur de courrier électronique, un ordinateur d'utilisateur, etc.) pour surveiller les informations présentées par un utilisateur. Le présent système permet également l'utilisation de serveurs d'empreintes digitales pour maintenir à distance une base de données d'empreintes digitales associée aux données sécurisées de l'organisme. Dans un mode de réalisation, les agents de protection transmettent les empreintes digitales associées aux informations de l'utilisateur à un serveur d'empreintes digitales en utilisant un réseau local ou le réseau Internet public. Les agents de protection reçoivent ensuite une analyse de comparaison des serveurs d'empreintes digitales et exécutent une action de sécurité appropriée sur la base de l'analyse. Dans un mode de réalisation, une combinaison du réseau local et du réseau Internet public est utilisée pour effectuer les consultations d'agents à distance.
PCT/US2009/056651 2008-09-11 2009-09-11 Procédés et systèmes pour effectuer des consultations d'empreintes digitales par l'intermédiaire d'agents à distance WO2010030871A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/209,096 US9473512B2 (en) 2008-07-21 2008-09-11 Methods and systems to implement fingerprint lookups across remote agents
US12/209,096 2008-09-11

Publications (2)

Publication Number Publication Date
WO2010030871A2 true WO2010030871A2 (fr) 2010-03-18
WO2010030871A3 WO2010030871A3 (fr) 2010-06-17

Family

ID=41800303

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/056651 WO2010030871A2 (fr) 2008-09-11 2009-09-11 Procédés et systèmes pour effectuer des consultations d'empreintes digitales par l'intermédiaire d'agents à distance

Country Status (1)

Country Link
WO (1) WO2010030871A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9473512B2 (en) 2008-07-21 2016-10-18 Workshare Technology, Inc. Methods and systems to implement fingerprint lookups across remote agents

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010078840A (ko) * 2001-04-17 2001-08-22 유성경 컴퓨터저장매체를 통한 정보유출을 감시하는 보안시스템
US20020138744A1 (en) * 2001-03-21 2002-09-26 Schleicher Jorg Gregor Method and system for providing a secure peer-to peer file delivery network
US20020164058A1 (en) * 2001-05-04 2002-11-07 International Business Machines Corporation Remote authentication of fingerprints over an insecure network
KR20060048686A (ko) * 2004-06-30 2006-05-18 마이크로소프트 코포레이션 아웃고잉 통신이 특정 내용을 포함하는 경우를 검출하기위한 방법 및 시스템
US20070025265A1 (en) * 2005-07-22 2007-02-01 Porras Phillip A Method and apparatus for wireless network security
KR20080029602A (ko) * 2006-09-29 2008-04-03 한국전자통신연구원 기밀문서 유출 방지 방법 및 장치

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138744A1 (en) * 2001-03-21 2002-09-26 Schleicher Jorg Gregor Method and system for providing a secure peer-to peer file delivery network
KR20010078840A (ko) * 2001-04-17 2001-08-22 유성경 컴퓨터저장매체를 통한 정보유출을 감시하는 보안시스템
US20020164058A1 (en) * 2001-05-04 2002-11-07 International Business Machines Corporation Remote authentication of fingerprints over an insecure network
KR20060048686A (ko) * 2004-06-30 2006-05-18 마이크로소프트 코포레이션 아웃고잉 통신이 특정 내용을 포함하는 경우를 검출하기위한 방법 및 시스템
US20070025265A1 (en) * 2005-07-22 2007-02-01 Porras Phillip A Method and apparatus for wireless network security
KR20080029602A (ko) * 2006-09-29 2008-04-03 한국전자통신연구원 기밀문서 유출 방지 방법 및 장치

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9473512B2 (en) 2008-07-21 2016-10-18 Workshare Technology, Inc. Methods and systems to implement fingerprint lookups across remote agents

Also Published As

Publication number Publication date
WO2010030871A3 (fr) 2010-06-17

Similar Documents

Publication Publication Date Title
US9614813B2 (en) Methods and systems to implement fingerprint lookups across remote agents
US8555080B2 (en) Methods and systems for protect agents using distributed lightweight fingerprints
US11057355B2 (en) Protecting documents using policies and encryption
US11695547B2 (en) Sharing encrypted documents within and outside an organization
US7882035B2 (en) Pre-performing operations for accessing protected content
US7725716B2 (en) Methods and systems for encrypting, transmitting, and storing electronic information and files
US8141129B2 (en) Centrally accessible policy repository
US8615666B2 (en) Preventing unauthorized access to information on an information processing apparatus
US20070101124A1 (en) Secure provisioning of digital content
JP2007241513A (ja) 機器監視装置
CN101554010A (zh) 使用公钥加密进行文档控制的系统和方法
EP3356978B1 (fr) Application de politiques de gestion des droits à des fichiers protégés
GB2483648A (en) Obfuscation of data elements in a message associated with a detected event of a defined type
US8353053B1 (en) Computer program product and method for permanently storing data based on whether a device is protected with an encryption mechanism and whether data in a data structure requires encryption
US8402278B2 (en) Method and system for protecting data
US9355226B2 (en) Digital rights management system implemented on a scanner
JP2007179202A (ja) 電子帳票サーバ、クライアント、電子帳票システム、情報提供方法、情報利用方法、サービス提供方法、サーバプログラム、クライアントプログラム及び記憶媒体
US20160142381A1 (en) Digital rights management for emails and attachments
JP2005309887A (ja) 不正閲覧監視システム
WO2010030871A2 (fr) Procédés et systèmes pour effectuer des consultations d'empreintes digitales par l'intermédiaire d'agents à distance
US7886147B2 (en) Method, apparatus and computer readable medium for secure conversion of confidential files
Maurya et al. Protection of data stored in transparent database system using encryption
KR20140051479A (ko) 문서배포관리 시스템 및 방법
WO2023069444A1 (fr) Protection de données personnelles
Adeppa Security analysis in cloud computing environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09813666

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09813666

Country of ref document: EP

Kind code of ref document: A2