1. Field of the Invention
The present invention relates generally to computer systems, and more particularly but not exclusively to digital asset management.
2. Description of the Background Art
As is well known, computers belonging to or interfacing with a computer network may send data to one another. Such data may be in the form of messages, such as e-mail via the Internet. While e-mail facilitates communication, such data transferring is not conducive to protecting digital assets within an organization. For example, intellectual property can be in the form of an electronic document and may include company trade secret information. If an unauthorized employee, for example, can easily e-mail critical documents out of the company, the trade secret value found within that document is lost. Examples of electronic documents that a company may endeavor to protect include product design information, image or audio/visual files, or company operating information.
Referring now to FIG. 1, a schematic illustration of a conventional message scanning approach to document security is shown and indicated by the general reference character 100. In this “heuristic” approach, a scanning engine is used for scanning outgoing e-mail and scores may be given based on certain keywords within the message. As shown in FIG. 1, Message Sender 102 may have its e-mail scanned by Scanning Engine 104 prior to the message being passed through Domain Border 106 and onto Network 108. A problem with this approach is that it is not 100% accurate. The keywords chosen may be used in a benign fashion in a particular e-mail, for example. Or, the keywords may be avoided with malicious intent in a particular e-mail. Or, a threshold set for the scores associated with the scanning engine result may not properly flag messages of appropriate concern.
Referring now to FIG. 2, a schematic illustration of a conventional secured messaging approach to document security is shown and indicated by the general reference character 200. This approach uses “tokens” or other indicators applied to outgoing messages and parsed from incoming messages to determine if the message is an allowable communication. In FIG. 2, Message Sender 202-A sends/receives messages via Message Security 204-A on side “A” of the communication channel. Domain Border 206-A can separate Network 208 from side “A” of the channel. On side “B,” Message Sender 202-B sends/receives messages via Message Security 204-B and the messages can pass through Domain Border 206-B to/from Network 208. A problem with the approach of FIG. 2 is that a compatible message security system must be found on each side of the communication. So, such secured messages cannot be sent to any computer or network component via Network 208. Rather, only those destinations fitted with a compatible message security system may receive the secured messages.