Inferring document and content sensitivity from public account accessibility

US 7,516,492 B1
Filed: 09/24/2004
Issued: 04/07/2009
Est. Priority Date: 10/28/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

classifying a document as a first class if the document is accessible to a classification agent, and classifying the document as a second class otherwise;

associating content of the document according to the document classification;

subsequent to the classifying, monitoring network traffic;

determining if at least a portion of content of the monitored network traffic corresponds to a portion of the document content, and if so, then classifying a portion of the monitored network traffic according to the classification of the corresponding portion of the document content; and

performing a first action if the portion of the monitored network traffic is classified as the first class, and performing a second action otherwise.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, documents accessible via a designated public account are classified as public. In another embodiment, documents accessible according to a designated public access control list are classified as public. In some embodiments, all documents not classified as public are classified as private. Content in the public documents is linguistically analyzed, resulting in a set of keys for use in subsequent full and partial content matching. The keys and associated file names are stored in a public-content identification repository. Similarly, content in the private documents is linguistically analyzed, and the results are stored in a private-content identification repository. Subsequently, full and partial content matching is performed on monitored content according to information in the public and private repositories. In a related aspect, monitored content found to correspond to private content is selectively flagged during electronic transmission or optionally prevented from distribution according to a set of defined monitoring policies.

Citations

59 Claims

1. A method comprising:
- classifying a document as a first class if the document is accessible to a classification agent, and classifying the document as a second class otherwise;
  
  associating content of the document according to the document classification;
  
  subsequent to the classifying, monitoring network traffic;
  
  determining if at least a portion of content of the monitored network traffic corresponds to a portion of the document content, and if so, then classifying a portion of the monitored network traffic according to the classification of the corresponding portion of the document content; and
  
  performing a first action if the portion of the monitored network traffic is classified as the first class, and performing a second action otherwise.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein:
    - the act of classifying a document comprises the classification agent attempting to access the document via a designated access account.
  - 3. The method of claim 1, wherein:
    - the act of classifying a document comprises the classification agent analyzing accessibility of the document with respect to a designated access control list.
  - 4. The method of claim 1, wherein:
    - the act of associating content of the document comprises linguistically analyzing the document content, and associating results according to the associated document classification.
  - 5. The method of claim 4, wherein:
    - the act of determining comprises linguistically analyzing the monitored network traffic content, and comparing results with those from the act of linguistically analyzing the document content.
  - 6. The method of claim 5, wherein:
    - the act of linguistically analyzing the document content comprises producing a set of document keys corresponding to the document content.
  - 7. The method of claim 6, wherein:
    - the act of linguistically analyzing the monitored network traffic content comprises producing a set of traffic keys corresponding to the monitored network traffic content.
  - 8. The method of claim 7, wherein:
    - the act of comparing results comprises for each traffic key, searching the document keys for a match.
  - 9. The method of claim 8, wherein:
    - each of the acts of linguistically analyzing comprises tokenizing.
  - 10. The method of claim 9, wherein:
    - the act of tokenizing comprisesidentifying significant words, anddiscarding any combination of white space, punctuation, articles, and conjunctions.
  - 11. The method of claim 9, wherein:
    - each of the acts of linguistically analyzing further comprises splitting results of the tokenizing into sections.
  - 12. The method of claim 11, wherein:
    - the act of producing a set of document keys comprises computing a hash function for each overlapping section, and the document keys comprise results of the hash function computation.
  - 13. The method of claim 11, wherein:
    - the sections corresponding to the act of linguistically analyzing the document are overlapping.
  - 14. The method of claim 13, wherein:
    - the overlapping sections are each of a predetermined length of tokens.
  - 15. The method of claim 14, wherein:
    - there is at least one token in each overlapping section of a group of the overlapping sections, and the group comprises a number of overlapping sections at least as great as the number of tokens in any one of the overlapping sections.
  - 16. The method of claim 14, wherein:
    - each token of the overlapping sections is respectively in no more than S minus one of the overlapping sections; and
      
      S is the number of tokens in each of the overlapping sections.
  - 17. The method of claim 11, wherein:
    - the act of producing a set of traffic keys comprises computing a hash function for each non-overlapping section, and the traffic keys comprise results of the hash function computation.
  - 18. The method of claim 11, wherein:
    - the sections corresponding to the act of linguistically analyzing the monitored network traffic are non-overlapping.
  - 19. The method of claim 11, wherein:
    - the sections corresponding to the act of linguistically analyzing the monitored network traffic are overlapping.
  - 20. The method of claim 19, wherein:
    - the overlapping sections are each of a predetermined length of tokens.
  - 21. The method of claim 20, wherein:
    - there is at least one token in each overlapping section of a group of the overlapping sections, and the group comprises a number of overlapping sections at least as great as the number of tokens in any one of the overlapping sections.
  - 22. The method of claim 20, wherein:
    - each token of the overlapping sections is respectively in no more than S minus one of the overlapping sections; and
      
      S is the number of tokens in each of the overlapping sections.
  - 23. The method of claim 2, wherein:
    - the designated access account is a public access account;
      
      the first class is a public class; and
      
      the second class is a private class.
  - 24. The method of claim 23, wherein:
    - the first action is no action; and
      
      the second action comprises a flagging action.
  - 25. The method of claim 24, wherein:
    - the second action further comprises writing information to a log.

26. A method comprising:
- designating a plurality of file hierarchies;
  
  for files in the file hierarchies,classifying each file as a first class if it is accessible to a classification agent, and as a second class otherwise, andassociating content of each file according to the file classification;
  
  subsequent to the classifying, monitoring network traffic;
  
  determining if at least a portion of content of the monitored network traffic corresponds to a portion of the content of the files, and if so, then classifying a portion of the monitored network traffic according to the classification of the corresponding portion of the content of the files; and
  
  performing a first action if the portion of the monitored network traffic is classified as the first class, and performing a second action otherwise.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, further comprising:
    - designating an access account; and
      
      wherein the act of classifying each file comprises the classification agent attempting to access each file via the access account.
  - 28. The method of claim 26, further comprising:
    - designating an access control list; and
      
      wherein the act of classifying each file comprises the classification agent analyzing accessibility of each file with respect to the access control list.
  - 29. The method of claim 26, further comprising:
    - periodically repeating the acts of classifying and associating.

30. A system including:
- a classification computer executing software including functions enablingclassifying a document as a first class if the document is accessible, and classifying the document as a second class otherwise, andassociating content of the document according to the document classification;
  
  a content appliance coupled to the classification computer to receive results from the software; and
  
  wherein the content appliance is adapted to monitor traffic and to determine if at least a portion of content of the monitored traffic corresponds to a portion of the document content, and if so, to classify a portion of the monitored traffic according to the classification of the corresponding portion of the document content, and to perform a first action if the portion of monitored traffic is classified as the first class, and to perform a second action otherwise.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 31. The system of claim 30, wherein:
    - the document is accessible if it may be accessed via a designated access account.
  - 32. The system of claim 30, wherein:
    - the document is accessible if it may be accessed with respect to a designated access control list.
  - 33. The system of claim 30, wherein:
    - the software includes further functions enablinglinguistic analysis of the document according to the document content, and associating the document linguistic analysis results according to the document classification.
  - 34. The system of claim 33, wherein:
    - the content appliance is further adapted to linguistically analyze the monitored traffic according to its content, and to compare the monitored traffic linguistic analysis results with the document linguistic analysis results.
  - 35. The system of claim 33, wherein:
    - the content appliance includes a repository adapted to store the document linguistic analysis results as a set of document keys corresponding to the document content.
  - 36. The system of claim 35, wherein:
    - the linguistically analyzing the monitored traffic includes producing a set of traffic keys corresponding to the monitored traffic content.
  - 37. The system of claim 36, wherein:
    - the determining if at least a portion of content of the monitored traffic corresponds to a portion of the document content includes for each traffic key, searching the repository for matching document keys.
  - 38. The system of claim 37, wherein:
    - the linguistic analysis of the document includes a first tokenizing; and
      
      the linguistically analyzing the monitored traffic includes a second tokenizing.
  - 39. The system of claim 38, wherein:
    - the first and the second tokenizing includeidentifying significant words, anddiscarding any combination of white space, punctuation, articles, and conjunctions.
  - 40. The system of claim 38, wherein:
    - the linguistic analysis of the document further includes splitting results of the first tokenizing into a first set of sections; and
      
      the linguistically analyzing the monitored traffic further includes splitting results of the second tokenizing into a second set of sections.
  - 41. The system of claim 40, wherein:
    - the elements of the first set of sections are overlapping.
  - 42. The system of claim 41, wherein:
    - the linguistic analysis of the document further includes computing a hash function for each of the first set of sections, and the document keys include results of the hash function computation.
  - 43. The system of claim 40, wherein:
    - the elements of the second set of sections are non-overlapping.
  - 44. The system of claim 43, wherein:
    - linguistically analyzing the monitored traffic includes computing a hash function for each of the second set of sections, and the traffic keys include results of the hash function computation.
  - 45. The system of claim 31, wherein:
    - the designated access account is a public access account;
      
      the first class is a public class; and
      
      the second class is a private class.
  - 46. The system of claim 45, wherein:
    - the first action is no action and the second action comprises a flagging action.
  - 47. The system of claim 46, wherein:
    - the second action further comprises writing information to a log.
  - 48. The system of claim 30, wherein:
    - the software includes further functions enablingcrawling a plurality of designated file hierarchies to discover files to classify.
  - 49. The system of claim 48, wherein:
    - the software includes further functions enablingperiodically repeating the crawling.

50. A system including:
- a software execution vehicle executing software including functions enablingcataloging index information as a first type if the index information is readable, and as a second type otherwise, andcorrelating meaning of the index information according to the index information type;
  
  an information analysis unit coupled to the software execution vehicle to receive results from the software, and adapted to collect information, the information analysis unit cataloging a portion of the collected information according to the type of a corresponding portion, if any, of the index information meaning; and
  
  wherein a first action is performed if the portion of collected information is of the first type, and a second action is performed otherwise.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 51. The system of claim 50, wherein:
    - the index information is accessible if it may be accessed via a designated indexing account.
  - 52. The system of claim 50, wherein:
    - the index information is accessible if it may be accessed with respect to a designated indexing access control list.
  - 53. The system of claim 50, wherein:
    - the software includes further functions enablinglanguage-based analysis of the index information according to the index information meaning, and associating the index information language-based analysis results according to the index information type.
  - 54. The system of claim 53, wherein:
    - the information analysis unit is further adapted to perform a language-based analysis of the collected information according to meaning of the collected information, and to compare the collected information language-based analysis results with the index information language-based analysis results.
  - 55. The system of claim 54, wherein:
    - the language-based analysis of the index information includes a first parsing operation; and
      
      the language-based analysis of the collected information includes a second parsing operation.
  - 56. The system of claim 55, wherein:
    - the first and the second parsing operations includeidentifying significant words, anddiscarding any combination of white space, punctuation, articles, and conjunctions.
  - 57. The system of claim 55, wherein:
    - the language-based analysis of the index information further includes splitting results of the first parsing operation into a first set of segments; and
      
      the language-based analysis of the collected information further includes splitting results of the second parsing operation into a second set of segments.
  - 58. The system of claim 57, wherein:
    - the language-based analysis of the index information further includes hashing tokens of each of the first set of segments to produce a corresponding set of index information identifiers; and
      
      the language-based analysis of the collected information further includes hashing tokens of each of the second set of segments to produce a corresponding set of collected information identifiers.
  - 59. The system of claim 58, wherein:
    - the information analysis unit determines the corresponding portion, if any, in part by searching the index information identifiers for matches with the collected information identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Reizes, David Alexander, Wiese, James Christopher, Nisbet, James Donald, Hoyt, Stephen Crosby
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US10/949,539
Time in Patent Office

1,656 Days
Field of Search

726/27, 713/153
US Class Current

726/27
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

Inferring document and content sensitivity from public account accessibility

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

Inferring document and content sensitivity from public account accessibility

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links