Claims:We Claim:

1. A method for data isolation and prevention of data exfilteration, comprising the steps of:

a) selecting filtered internet mode or unfiltered internet mode through a processor;

b) identifying the filter internet mode or the unfiltered internet mode by an agent server;

c) passing the information to a passive IoT server from the agent server;

d) allowing access to secure folder from the IoT server if user triggers the filtered internet mode;

e) denying access to secure folder from IoT server if user triggers the unfiltered internet mode.

2. The method for data isolation and prevention of data exfiltration as claimed in claim 1, wherein in step (d) all other folders on the IoT server being inaccessible and invisible by the agent server if user being access for secure folder containing data.

3. A method for data isolation for prevention of data exfilteration, configured to operate the steps as claimed in claims 1 - 2.

4. A system for data isolation for prevention of data exfilteration, comprising:
a processor for processing filtered internet mode or unfiltered internet mode;
an agent server for identifying the internet mode processed by the processor;
a IoT server for containing data folder being prevented from exfiltration.

Dated this 18th day of September 2019 , Description:FORM 2
THE PATENTS ACT 1970
(39 of 1970)
&
The Patents Rules, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)

1. TITLE OF THE INVENTION:
“A method for data isolation and prevention of data exfilteration”

2. APPLICANT:

(a) NAME : Synersoft Technologies Pvt Limited
(b) NATIONALITY : Indian
(c) ADDRESS : 5th Floor, Onyx 2,
Near Paldi Bus Terminus,
Beside Navchetan High School,
Paldi, Ahmedabad - 380007

3. PREAMBLE TO THE DESCRIPTION
PROVISIONAL

The following specification describes the invention. þ COMPLETE

The following specification particularly describes the invention and the manner in which it is to be performed.

Field of the invention

The present invention relates generally to an enhanced system for protecting digital assets of enterprise and more particularly it relates to an hardware to prevent users to exfiltrate enterprise digital assets while user is active on internet session.

Background of the invention

Computer systems can become subject to attacks, where an unauthorized party attempts to gain access to data stored by a computer system. An attacker may seek to obtain data to be exfiltrated and used to the attacker's benefit. Attacks may target financial data, such as credit card numbers, or the attacks may be part of an industrial espionage operation, where trade secrets, design documents or specifications may be retrieved. Attacks on computer systems present challenges to operators of computer systems whereby, despite advances in data security, the attacks still occur with alarming frequency. Furthermore, these attacks, even when unsuccessful, have adverse economic impacts on individuals and organizations alike. The attacks can force organizations to suspend their operations for periods of time. In addition, attacks directed towards identity theft or the financial information of an organization's customers may be very costly to the organizations.
It is challenging to protect data stored in a data storage system or other service. Furthermore, it is also challenging to protect that data while ensuring uninterrupted access to the data by parties having an authorization to access the data
Various prior arts have been disclosed describing data isolation for prevention of data exfilteration. The prior art document US 8631244 discloses a system for preventing computer malware from exfiltrating data from a user computer in a network via the internet. A host-based network process monitor intercepts network traffic information from the user computer and transmits a network request including user and application information including the network traffic information. An authorization server cooperates with the host-based network process momtor for verifying whether the user and process in the network request should have network access, and another aspect of the invention is to provide cryptographic keys and authentication data in an environment where they are not lost, stolen, or compromised, there by advantageously avoiding a need to continually reissue and manage new keys and authentication data but cryptographic keys, password are not negligible.

Hence, data isolation for prevention of data exfilteration still leaves some scope for improvement of solutions to secure the data exfiltration while internet session.

Object of the invention

The main object of the present invention is to provide a security from the data leakage. Another object of the present invention is to provide server to prevent users to exfiltrate enterprise digital assets when users are active on internet session.
Still another object of the present invention is to provide an communication control rules by monitoring network ports which are used for digital file transfer through content filter and network routers.
The further object of the present invention is to provide an implementation of blacklisting of potential exfiltration destinations by applying filter on internet source of enterprise, so that the user cannot visit such destination to exfiltrate digital assets.
Yet, the further object of the present invention is to provide a human resource who check internet activity of each users from logs generated at internet source devices and manually detect exfiltration of digital assets done by users and report to enterprise.

Summary of the Invention

The present invention relates to a process for preventing Data Exfiltration while internet session. According to present invention, designated data which is to be protected from being exfiltrated are loaded on IOT server and made available to users over network to all computers on which agent software is installed. The server agent identify whether user using the filtered internet or unfiltered internet. Accordingly, the server agent sends command to IOT server that allows or denies the user to access the secured data. Thus, the data can be prevented from exfiltration while using internet by present invention. The present invention protects digital assets from being exfiltrated by users to comply with regulations, non-disclosure agreements, avoid competitive exploitation and piracy.

Brief Description of the Drawings
Fig. 1 is a flow chart showing the main operational steps of a method for data isolation and prevention of data exfilteration.
Fig. 2 is a flow chart showing another operational component according to a method for data isolation and prevention of data exfilteration.

Detailed description of the Invention

The nature of the invention and the manner in which it works is clearly described in the complete specification. The invention has various elements and they are clearly described in the following pages of the complete specification. Before explaining the present invention, it is to be understood that the invention is not limited in its application.

A method for data isolation and prevention of data exfilteration comprises a processor for processing internet mode, an agent server identifying internet mode and a IoT server for containing data folder. Following show the process flow and components of the completely exfiltration of digitial assets the present invention.

According to present invention agent software is installed on user laptop and computer for which prevention of data exfiltration over Internet Session is to be achieved. This software has predefined policy master computer address on which agent registers computer bios name on which agent is installed to prevent data exfiltration over internet Session.

Passive IoT based server is installed in Local Area Network or Wide Area Network. All designated data which is to be protected from being exfiltrated will be loaded on this server and will be made available to users over network to all computers on which agent software is installed. User triggers use of sensitive data from file storage section of IoT server device to read.

On server which acts as policy master, there is a service continuously running on a specific communication port. Administrator, who is responsible to prevent data exfiltration over internet Session, can define secure folders on specially designed server for which prevention of data exfiltration over internet session is to be achieved. User triggers use of filtered internet mode and filtered internet mode demand received by processor.

The policy master service enforces list of folders secure by administrator on respective computer on which agent is installed on a specific communication port. This is how agent will know which folder contains data which is to be prevented from exfiltration over internet session. Data demand received by agent and the activated agent of IoT server on desktop.

When designated data folders marked for protection against exfiltration are available to users, agent will not allow any communication port over Internet. Agent will allow communication over Local Area Network or Wide Area Network. While cutting of communications over internet Communication port, agent will allow access to user session for secure folders designated as containing data which is to be prevented to be exfiltrated. So, in such computing session, while user is using designated folders containing date which is to be prevented of exfiltration, specially designed device with the feed from agent will make data accessible to the user while internet is denied at communication port level by the agent software.

Furthermore, when user requires accessing internet session for work purpose or for any purpose, user is required to trigger a button to be double-clicked loaded while agent was installed. As soon as this button is clicked, user will be able to access the entire internet without any restrictions. The agent will immediately feed the designed server and access to the designated data folders against exfiltration will be denied by the specially designed server. As shown in Fig 1, user accessing sensitive data and access permitted to filtered data on internet distribution system.

As soon as user takes access of internet, agent will disable the access of the folders which are designated as containing data to be prevented of exfiltration during internet session. So if user after connecting internet tries to access designated data to be prevented of exfiltration during internet session, user will not be able to access or see that data. As shown in Fig 2, user triggers use of unfiltered internet mode, unfiltered internet mode demand received by the agent.

At further while button is clicked, agent closes all open windows of data to be prevented of exfiltration during internet session, purges the memory of clip board and cuts of communication on ports which are meant for data exfiltration. In Fig 2, the flow diagram shows that user is accessing sensitive data no access permitted and unfiltered internet mode distribution section.

So, when user wants to access folders containing data to be prevented from exfiltration during internet session, user will have to again click on button to cut off internet. As soon as button to cut off internet is clicked, folder visibility and access will be enabled by agent which contain data to be prevented from exfiltration. While it happens, internet communication ports will be denied and only local area network will be available.

Furthermore, at the next while user is accessing designated folder containing data to be prevented from exfiltration during internet session, all other folders on the computers will be made inaccessible / invisible by agent. This will make sure that user does not copy data from designated folders to other folders which are available over internet session.

And at final content downloaded over internet session while designated folders containing data to be prevented from exfiltration during internet session are inaccessible, will be copied in a download folder. This download folder will be available when Internet stop button is clicked with one way data transfer. Transfer from download folder to designated folders will be allowed, but transfer from designated folders to download folder will not be allowed. Further, present invention can be refined and made more feature rich by allowing limited URL access while folders containing data to be prevented of exfiltration.

An advantage of the application is it prevents data and information from leakage. It secures the sensitive data while user using internet, prevent the data storage, files and documents from leakage on internet from attacker’s.

While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.