Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, scanning by another set of security rules. The server then executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system or blocking transmission.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, scanning by another set of security rules. The server then executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system or blocking transmission.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.

Abstract: A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions.

Abstract: Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.

Abstract: The present invention provides methods and systems to protect an organization's secure image information from unauthorized disclosure. In one embodiment, methods and systems to generate image fingerprints are provided. The fingerprints are generated for each feature point of an image data. Because the fingerprints take into account the neighborhood features around each feature point, the image fingerprints are robust against derivative images where the original image may have been altered. Methods and systems to maintain a fingerprint database for an organization's secure image data is also provided. In one embodiment, client fingerprints are generated for image data that a user intends to transmit outside of the organization. In some embodiments, suitable security actions are initiated if any of the client fingerprints match any of the fingerprints in the fingerprint database.

Abstract: The present invention provides methods and systems to protect an organization's secure image information from unauthorized disclosure. In one embodiment, methods and systems to generate image fingerprints are provided. The fingerprints are generated for each feature point of an image data. Because the fingerprints take into account the neighborhood features around each feature point, the image fingerprints are robust against derivative images where the original image may have been altered. Methods and systems to maintain a fingerprint database for an organization's secure image data is also provided. In one embodiment, client fingerprints are generated for image data that a user intends to transmit outside of the organization. In some embodiments, suitable security actions are initiated if any of the client fingerprints match any of the fingerprints in the fingerprint database.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization's secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided.

Abstract: The present invention provides methods and systems to protect an organization's secure image information from unauthorized disclosure. In one embodiment, methods and systems to generate image fingerprints are provided. The fingerprints are generated for each feature point of an image data. Because the fingerprints take into account the neighborhood features around each feature point, the image fingerprints are robust against derivate images where the original image may have been altered. Methods and systems to maintain a fingerprint database for an organization's secure image data is also provided. In one embodiment, client fingerprints are generated for image data that a user intends to transmit outside of the organization. In some embodiments, suitable security actions are initiated if any of the client fingerprints match any of the fingerprints in the fingerprint database.

Abstract: The present invention provides methods and systems to enable fast, efficient, and scalable means for fingerprinting textual information using word runs. The present system receives textual information and provides algorithms to convert the information into representative fingerprints. In one embodiment, the fingerprints are recorded in a repository to maintain a database of an organization's secure data. In another embodiment, textual information entered by a user is verified against the repository of fingerprints to prevent unauthorized disclosure of secure data. This invention provides approaches to allow derivative works (e.g., different ordering of words, substitution of words with synonyms, etc.) of the original information to be detected at the sentence level or even at the paragraph level. This invention also provides methods and systems for enhancing storage and resource efficiencies by providing approaches to optimize the number of fingerprints generated for the textual information.

Abstract: Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.

Abstract: The present invention provides methods and systems to enable fast, efficient, and scalable means for fingerprinting textual information using word runs. The present system receives textual information and provides algorithms to convert the information into representative fingerprints. In one embodiment, the fingerprints are recorded in a repository to maintain a database of an organization's secure data. In another embodiment, textual information entered by a user is verified against the repository of fingerprints to prevent unauthorized disclosure of secure data. This invention provides approaches to allow derivative works (e.g., different ordering of words, substitution of words with synonyms, etc.) of the original information to be detected at the sentence level or even at the paragraph level. This invention also provides means for enhancing storage and resource efficiencies by providing approaches to optimize the number of fingerprints generated for the textual information.

Abstract: A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions.

Abstract: The present invention provides methods and systems to protect an organization's secure image information from unauthorized disclosure. In one embodiment, methods and systems to generate image fingerprints are provided. The fingerprints are generated for each feature point of an image data. Because the fingerprints take into account the neighborhood features around each feature point, the image fingerprints are robust against derivate images where the original image may have been altered. Methods and systems to maintain a fingerprint database for an organization's secure image data is also provided. In one embodiment, client fingerprints are generated for image data that a user intends to transmit outside of the organization. In some embodiments, suitable security actions are initiated if any of the client fingerprints match any of the fingerprints in the fingerprint database.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of lightweight fingerprint databases (LFD) to maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the LFD is stored locally at the site of each protect agent such that the organization's secure information can be protected even when a protect agent is disconnected from the network. Methods and systems to compress fingerprints to achieve the lightweight fingerprint databases are also provided.