Network content search system and method
First Claim
1. A computer-implemented method, comprising:
- intercepting, at a network firewall, a network stream between a client device and an external network;
processing the network stream into a set of tokens that are present in the network stream, the set of tokens separated by one or more delimiters;
producing a set of values by applying a transformation to a first subset of tokens of the set of tokens, where the transformation, when applied to a token of the set of tokens, produces a representative value;
obtaining a search request, the search request including a search term and a request for user information;
applying the transformation to the search term to produce a set of search values;
generating a determination that the network stream satisfies the search request based at least in part on a result of comparing the set of search values to the set of values; and
providing the determination and user information associated with the network stream to an administrative console.
1 Assignment
0 Petitions
Accused Products
Abstract
A network traffic monitoring service provides a way to search network traffic intercepted by a network firewall while protecting the privacy of non-matching network traffic that traverses the firewall. Network traffic is parsed and processed into a set of tokens. In various implementations, the tokens may be words, HTML tags, data values, or other searchable units of information. The tokens are converted into a set of hashes, and the set of hashes is provided to the traffic monitoring service. A search authority submits a search request to the traffic monitoring service. Search terms of the search request are converted to a set of hashes to produce a hashed search request. The traffic monitoring service processes the hashed search request against the set of hashes provided by the network firewall to determine whether the network traffic represented by the set of hashes matches the search request.
24 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
intercepting, at a network firewall, a network stream between a client device and an external network; processing the network stream into a set of tokens that are present in the network stream, the set of tokens separated by one or more delimiters; producing a set of values by applying a transformation to a first subset of tokens of the set of tokens, where the transformation, when applied to a token of the set of tokens, produces a representative value; obtaining a search request, the search request including a search term and a request for user information; applying the transformation to the search term to produce a set of search values; generating a determination that the network stream satisfies the search request based at least in part on a result of comparing the set of search values to the set of values; and providing the determination and user information associated with the network stream to an administrative console. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more processors; and memory retaining computer-executable instructions that, if executed, cause the system to; convert a token in a set of token sets to a corresponding hash value to produce a set of hashed token sets that represent a set of data streams; store information associating individual hashed token sets in the set of hashed token sets with a data stream in the set of data streams; obtain a set of hashed search terms and an associated set of search logic; identify, from the set of data streams, a data stream that includes at least one hashed search term of the set of hashed search terms in accordance with the associated set of search logic by at least comparing a first portion of the set of hashed search terms to a second portion of the set of hashed token sets; receive, from an entity, a request to identify a user associated with the data stream that includes the at least one hashed search term in accordance with the associated set of search logic; determine that the entity is authorized to perform a search; and as a result of having determined that the entity is authorized, identify a user associated with the data stream. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
obtain a search request from a requester, the search request containing at least one search term, where the requester is authorized to perform the search request; determine a cryptographic hash of the search term; obtain a set of hashes that represent a data stream, individual hashes in the set of hashes being a cryptographic hash of a different portion of the data stream; determine that a portion of the data stream matches the search term by at least determining that at least one hash in the set of hashes matches the cryptographic hash of the search term obtain, from an administrator console, an identification request associated with the data stream; and provide identifying information associated with the data stream to the administrator console. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification