TAG DATA STRUCTURE FOR MAINTAINING RELATIONAL DATA OVER CAPTURED OBJECTS

US 20110196911A1
Filed: 12/13/2010
Published: 08/11/2011
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1-25. -25. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects captured over a network by a capture system can be indexed to provide enhanced search and content analysis capabilities. In one embodiment the objects can be indexed using a data structure having a source address field to indicate an origination address of the object, a destination address field to indicate a destination address of the object, a source port field to indicate an origination port of the object, a destination port field to indicate a destination port of the object, a content field to indicate a content type from a plurality of content types identifying a type of content contained in the object, and a time field to indicate when the object was captured. The data structure may also store a cryptographic signature of the object to ensure the object is not altered after capture.

151 Citations

45 Claims

1-25. -25. (canceled)

26. Software encoded in one or more non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
- receiving a data stream that includes a plurality of packets; and
  
  generating a tag for an object represented by the packets, wherein the tag includes;
  
  a source address field indicative of an origination address associated with the object,a destination address field indicative of a destination address associated with the object,a source port field indicative of an origination port associated with the object,a destination port field indicative of a destination port associated with the object,a content field indicative of a content type associated with the object, anda time field indicative of when the object was captured.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The software of claim 26, wherein the packets are grouped into individual flows based on Internet Protocol (IP) address information.
  - 28. The software of claim 26, wherein the flows are sorted using port data.
  - 29. The software of claim 26, wherein signature filters are applied to the flows in order to identify a protocol based on the packets.
  - 30. The software of claim 26, wherein objects within the data stream are used in order to identify a content type associated with documents being transmitted in the data stream.
  - 31. The software of claim 26, wherein capture rules are configured in order to determine whether certain types of data streams are to be discarded or stored.
  - 32. The software of claim 26, wherein the operations further comprise:
    - storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object.
  - 33. The software of claim 32, wherein the tag record includes a pointer associated with a storage location in the database where the object is stored.
  - 34. The software of claim 33, wherein an object signature is included in the database, and wherein the object signature is signed with a first key of a capture system.
  - 35. The software of claim 34, wherein a tag signature is included in the tag record, and wherein the tag signature is signed with a second key of the capture system.
  - 36. The software of claim 35, wherein the object is verified by using the tag signature and the object signature before the object is presented at an interface, and wherein the first and second keys are used as a key pair in a verification operation.

37. A method, comprising:
- receiving a data stream that includes a plurality of packets; and
  
  generating a tag for an object represented by the packets, wherein the tag includes;
  
  a source address field indicative of an origination address associated with the object,a destination address field indicative of a destination address associated with the object,a source port field indicative of an origination port associated with the object,a destination port field indicative of a destination port associated with the object,a content field indicative of a content type associated with the object, anda time field indicative of when the object was captured.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The method of claim 37, wherein the flows are sorted using port data, and wherein signature filters are applied to the flows in order to identify a protocol based on the packets.
  - 39. The method of claim 37, wherein objects within the data stream are used in order to identify a content type associated with documents being transmitted in the data stream, and wherein capture rules are configured in order to determine whether certain types of data streams are to be discarded or stored.
  - 40. The method of claim 37, wherein the operations further comprise:
    - storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, wherein the tag record includes a pointer associated with a storage location in the database where the object is stored.
  - 41. The method of claim 40, wherein an object signature is included in the database, and wherein the object signature is signed with a first key of a capture system.
  - 42. The method of claim 41, wherein a tag signature is included in the tag record, and wherein the tag signature is signed with a second key of the capture system, and wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein the first and second keys are used as a key pair in a verification operation.

43. An apparatus, comprising:
- a processor; and
  
  a memory, wherein the processor and the memory cooperate such that the apparatus is configured for;
  
  receiving a data stream that includes a plurality of packets; and
  
  generating a tag for an object represented by the packets, wherein the tag includes;
  
  a source address field indicative of an origination address associated with the object,a destination address field indicative of a destination address associated with the object,a source port field indicative of an origination port associated with the object,a destination port field indicative of a destination port associated with the object,a content field indicative of a content type associated with the object, anda time field indicative of when the object was captured.
- View Dependent Claims (44, 45)
- - 44. The apparatus of claim 43, further comprising:
    - a user interface configured for searching for the object based on the tag.
  - 45. The apparatus of claim 43, wherein the apparatus is further configured for:
    - storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, wherein the tag record includes a pointer associated with a storage location in the database where the object is stored, wherein an object signature is included in the database, and wherein the object signature is signed with a first key of a capture system, wherein a tag signature is included in the tag record, and wherein the tag signature is signed with a second key of the capture system, wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein the first and second keys are used as a key pair in a verification operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
de la Iglesia, Erik, King, Samuel, Khasgiwala, Ashish, Ahuja, Ratinder Paul Singh, Lowe, Rick, Coleman, Shaun

Granted Patent

US 8,301,635 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/201
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

TAG DATA STRUCTURE FOR MAINTAINING RELATIONAL DATA OVER CAPTURED OBJECTS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

151 Citations

45 Claims

Specification

Use Cases

Quick Links

Others

TAG DATA STRUCTURE FOR MAINTAINING RELATIONAL DATA OVER CAPTURED OBJECTS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

45 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others