METHODS FOR DOCUMENT-TO-TEMPLATE MATCHING FOR DATA-LEAK PREVENTION

US 20100254615A1
Filed: 04/02/2009
Published: 10/07/2010
Est. Priority Date: 04/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method for document-to-template matching for data-leak prevention (DLP), the method comprising the steps of.(a) providing a document as a stream of characters;

(b) splitting said stream into a plurality of serialized data lines;

(c) calculating a hash value for each said serialized data line;

(d) checking for each said hash value in a hash map of a template set;

(e) determining a similarity match to a particular template based on a predefined threshold of template hash values, of said template set, being found in said stream; and

(f) based on said similarity match, executing a DLP security policy for said document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses methods for document-to-template matching for data-leak prevention (DLP), the methods including the steps of: providing a document as a stream of characters; splitting the stream into a plurality of serialized data lines; calculating a hash value for each serialized data line; checking for each hash value in a hash map of a template set; determining a similarity match to a particular template based on a predefined threshold of template hash values, of the template set, being found in the stream; and based on the similarity match, executing a DLP security policy for the document. Preferably, the template set is extracted from documents manually prepared by a security administrator. Preferably, each template in the template set is deduced automatically from a plurality of documents.

50 Citations

View as Search Results

14 Claims

1. A method for document-to-template matching for data-leak prevention (DLP), the method comprising the steps of.(a) providing a document as a stream of characters;
- (b) splitting said stream into a plurality of serialized data lines;
  
  (c) calculating a hash value for each said serialized data line;
  
  (d) checking for each said hash value in a hash map of a template set;
  
  (e) determining a similarity match to a particular template based on a predefined threshold of template hash values, of said template set, being found in said stream; and
  
  (f) based on said similarity match, executing a DLP security policy for said document.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said DLP security policy includes at least one of the enforcement actions selected from the group consisting of:
    - quarantining said document, blocking said document from being transmitted, releasing said document for transmission only upon administrator approval, notifying an intended recipient of a document status of said document, requesting additional user credentials in order to allow transmission of said document, and applying an encryption protocol for securely transmitting said document.
  - 3. The method of claim 1, wherein said template set is extracted from documents manually prepared by a security administrator.
  - 4. The method of claim 1, wherein each template in said template set is deduced automatically from a plurality of documents.

5. A method for document-to-template matching by designating multiple documents for use as a template for data-leak prevention (DLP), the method comprising the steps of:
- (a) providing a plurality of documents as a stream of characters;
  
  (b) splitting said stream into a plurality of serialized data lines;
  
  (c) inserting said plurality of serialized data lines into a list;
  
  (d) grouping duplicate serialized data lines in said list with an indication of a frequency of occurrence for each said serialized data line in said stream;
  
  (e) eliminating serialized data lines having a threshold frequency below a predefined threshold from said list;
  
  (f) grouping remaining serialized data lines to represent the template;
  
  (g) calculating a hash value for each said serialized data line in the template;
  
  (h) inserting each said hash value into a hash map of a template set;
  
  (i) checking for hash values of a new document in said hash map;
  
  (j) determining a similarity match to a particular template based on a predefined threshold of template hash values, of said template set, being found in said new document; and
  
  (k) based on said similarity match, executing a DLP security policy for said new document.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein said DLP security policy includes at least one of the enforcement actions selected from the group consisting of:
    - quarantining said new document, blocking said new document from being transmitted, releasing said new document for transmission only upon administrator approval, notifying an intended recipient of a document status of said new document, requesting additional user credentials in order to allow transmission of said new document, and applying an encryption protocol for securely transmitting said new document.
  - 7. The method of claim 5, wherein said template set is extracted from documents manually prepared by a security administrator.

8. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for providing a document as a stream of characters;
  
  (b) program code for splitting said stream into a plurality of serialized data lines;
  
  (c) program code for calculating a hash value for each said serialized data line;
  
  (d) program code for checking for each said hash value in a hash map of a template set;
  
  (e) program code for determining a similarity match to a particular template based on a predefined threshold of template hash values, of said template set, being found in said stream; and
  
  (f) program code for, based on said similarity match, executing a security policy for said document.
- View Dependent Claims (9, 10, 11)
- - 9. The storage medium of claim 8, wherein said security policy includes at least one of the enforcement actions selected from the group consisting of:
    - quarantining said document, blocking said document from being transmitted, releasing said document for transmission only upon administrator approval, notifying an intended recipient of a document status of said document, requesting additional user credentials in order to allow transmission of said document, and applying an encryption protocol for securely transmitting said document.
  - 10. The storage medium of claim 8, wherein said template set is extracted from documents manually prepared by a security administrator.
  - 11. The storage medium of claim 8, wherein each template in said template set is deduced automatically from a plurality of documents.

12. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for providing a plurality of documents as a stream of characters;
  
  (b) program code for splitting said stream into a plurality of serialized data lines;
  
  (c) program code for inserting said plurality of serialized data lines into a list;
  
  (d) program code for grouping duplicate serialized data lines in said list with an indication of a frequency of occurrence for each said serialized data line in said stream;
  
  (e) program code for eliminating serialized data lines having a threshold frequency below a predefined threshold from said list;
  
  (f) program code for grouping remaining serialized data lines to represent the template;
  
  (g) program code for calculating a hash value for each said serialized data line in the template;
  
  (h) program code for inserting each said hash value into a hash map of a template set;
  
  (i) program code for checking for hash values of a new document in said hash map;
  
  (j) program code for determining a similarity match to a particular template based on a predefined threshold of template hash values, of said template set, being found in said new document; and
  
  (k) program code for, based on said similarity match, executing a security policy for said new document.
- View Dependent Claims (13, 14)
- - 13. The storage medium of claim 12, wherein said security policy includes at least one of the enforcement actions selected from the group consisting of:
    - quarantining said new document, blocking said new document from being transmitted, releasing said new document for transmission only upon administrator approval, notifying an intended recipient of a document status of said new document, requesting additional user credentials in order to allow transmission of said new document, and applying an encryption protocol for securely transmitting said new document.
  - 14. The storage medium of claim 12, wherein said template set is extracted from documents manually prepared by a security administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
KIRSCH, YOAV, BIALIK, URI, ANTEBI, LIRAN, KANTOR, ALON

Granted Patent

US 8,254,698 B2
Time in Patent Office

Days
Field of Search
US Class Current

382/218
CPC Class Codes

G06F 18/22 Matching criteria, e.g. pro...

METHODS FOR DOCUMENT-TO-TEMPLATE MATCHING FOR DATA-LEAK PREVENTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS FOR DOCUMENT-TO-TEMPLATE MATCHING FOR DATA-LEAK PREVENTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links