System and method for monitoring unauthorized transport of digital content

US 7,681,032 B2
Filed: 12/06/2001
Issued: 03/16/2010
Est. Priority Date: 03/12/2001
Status: Active Grant

First Claim

Patent Images

1. A system for network content monitoring, comprising:

at least one processor and an electronically readable medium,a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point,a description extractor, associated with said transport data monitor, for extracting descriptions of said data being transported,a database of at least one preobtained description of content whose movements it is desired to monitor,a comparator for determining whether said extracted description corresponds to any of said at least one preobtained descriptions, thereby to determine whether said data being transported comprises any of said content whose movements it is desired to monitor, andcertification recognition functionality to recognize data sources as being trustworthy and to allow data transport originating from said trustworthy data sources to pass through without monitoring.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.

168 Citations

124 Claims

1. A system for network content monitoring, comprising:
- at least one processor and an electronically readable medium,a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point,a description extractor, associated with said transport data monitor, for extracting descriptions of said data being transported,a database of at least one preobtained description of content whose movements it is desired to monitor,a comparator for determining whether said extracted description corresponds to any of said at least one preobtained descriptions, thereby to determine whether said data being transported comprises any of said content whose movements it is desired to monitor, andcertification recognition functionality to recognize data sources as being trustworthy and to allow data transport originating from said trustworthy data sources to pass through without monitoring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124)
- - 2. The system of claim 1 further configured such thatsaid determination further includes a confidence level, said confidence level being incremented each time a correspondence is found, and to decide, using said determination including said confidence level, whether said data being transported comprises any of said content whose movements it is desired to monitor, the system being configured such as to take no action for a low level of confidence, to allow transport with a reduced bandwidth for a medium level of confidence and to completely stop said transport for a high level of confidence.
  - 3. A system according to claim 1, wherein said description extractor is operable to extract a pattern identifiably descriptive of said data being transported.
  - 4. A system according to claim 1, wherein said description extractor is operable to extract a signature of said data being transported.
  - 5. A system according to claim 1, wherein said description extractor is operable to extract characteristics of said data being transported.
  - 6. A system according to claim 1, wherein said description extractor is operable to extract encapsulated meta information of said data being transported.
  - 7. A system according to claim 1, wherein said description extractor is operable to extract multi-level descriptions of said data being transported.
  - 8. A system according to claim 7, wherein said multi-level description comprises of a pattern identifiably descriptive of said data being transported.
  - 9. A system according to claim 7, wherein said multi-level description comprises a signature of said data being transported.
  - 10. A system according to claim 7, wherein said multi-level description comprises characteristics of said data being transported.
  - 11. A system according to claim 7, wherein said multi-level description comprises encapsulated meta-information of said data being transported.
  - 12. A system according to claim 1, wherein said description extractor is a signature extractor, for extracting a derivation of said data, said derivation being a signature indicative of content of said data being transported, and wherein said at least one preobtained description is a preobtained signature.
  - 13. A system according to claim 1, said network being a packet-switched network and said data being transported comprising passing packets.
  - 14. A system according to claim 1, said network being a packet-switched network, said data being transported comprising passing packets and said transport data monitor being operable to monitor header content of said passing packets.
  - 15. A system according to claim 1, said network being a packet-switched network, said data being transported comprising passing packets, and said transport data extractor being operable to monitor header content and data content of said passing packets.
  - 16. A system according to claim 1, wherein said transport data monitor is a software agent, operable to place itself on a predetermined node of said network.
  - 17. A system according to claim 1, comprising a plurality of transport data monitors distributed over a plurality of points on said network.
  - 18. A system according to claim 1, said transport data monitor further comprising a multimedia filter for determining whether passing content comprises multimedia data and restricting said signature extraction to said multimedia data.
  - 19. A system according to claim 1, said data being transported comprising a plurality of protocol layers, the system further comprising a layer analyzer connected between said transport data monitor and said signature extractor, said layer analyzer comprising analyzer modules for at least two of said layers.
  - 20. A system according to claim 19, said layer analyzer comprising separate analyzer modules for respective layers.
  - 21. A system according to claim 19, further comprising a traffic associator, connected to said analyzer modules, for using output from said analyzer modules to associate transport data from different sources as a single communication.
  - 22. A system according to claim 21, wherein said sources are at least one of a group comprising:
    - data packets, communication channels, data monitors, and pre correlated data.
  - 23. A system according to claim 19, comprising a traffic state associator connected to receive output from said layer analyzer modules, and to associate together output, of different layer analyzer modules, which belongs to a single communication.
  - 24. A system according to claim 19, wherein at least one of said analyzer modules comprises a multimedia filter for determining whether passing content comprises multimedia data and restricting said signature extraction to said multimedia data.
  - 25. A system according to claim 19, wherein at least one of said analyzer modules comprises a compression detector for determining whether said extracted transport data is compressed.
  - 26. A system according to claim 25, further comprising a decompressor, associated with said compression detector, for decompressing said data if it is determined that said data is compressed.
  - 27. A system according to claim 25, further comprising a description extractor for extracting a description directly from said compressed data.
  - 28. A system according to claim 19, wherein at least one of said analyzer modules comprises an encryption detector for determining whether said transport data is encrypted.
  - 29. A system according to claim 28, wherein said encryption detector comprises an entropy measurement unit for measuring entropy of said monitored transport data.
  - 30. A system according to claim 29, wherein said encryption detector is set to recognize a high entropy as an indication that encrypted data is present.
  - 31. A system according to claim 30, wherein said encryption detector is set to use a height of said measured entropy as a confidence level of said encrypted data indication.
  - 32. A system according to claim 19, further comprising a format detector for determining a format of said monitored transport data.
  - 33. A system according to claim 32, further comprising a media player, associated with said format detector, for rendering and playing said monitored transport data as media according to said detected format, thereby to place said monitored transport data in condition for extraction of a signature which is independent of a transportation format.
  - 34. A system according to claim 32, further comprising a parser, associated with said format detector, for parsing said monitored transport media, thereby to place said monitored transport data in condition for extraction of a signature which is independent of a transportation format.
  - 35. A system according to claim 1, comprising a payload extractor located between said transport monitor and said signature extractor for extracting content carrying data for signature extraction.
  - 36. A system according to claim 1, wherein said signature extractor comprises a binary function for applying to said monitored transport data.
  - 37. A system according to claim 1, wherein said network is a packet network, and wherein a buffer is associated with said signature extractor to enable said signature extractor to extract a signature from a buffered batch of packets.
  - 38. A system according to claim 36, wherein said binary function comprises at least one hash function.
  - 39. A system according to claim 38, wherein said binary function comprises a first, fast, hash function to identify an offset in said monitored transport data and a second, full, hash function for application to said monitored transport data using said offset.
  - 40. A system according to claim 12, wherein said signature extractor comprises an audio signature extractor for extracting a signature from an audio part of said monitored data being transported.
  - 41. A system according to claim 12, wherein said signature extractor comprises a video signature extractor for extracting a signature from a video part of said monitored data being transported.
  - 42. A system according to claim 12, said signature extractor comprising a pre-processor for pre-processing said monitored data being transported to improve signature extraction.
  - 43. A system according to claim 42, said preprocessor operable to carry out at least one of a group of pre-processing operations comprising:
    - removing erroneous data, removing redundancy, and canonizing properties of said monitored data being transported.
  - 44. A system according to claim 12, wherein said signal extractor comprises a binary signal extractor for initial signature extraction and an audio signature extractor for extracting an audio signature in the event said initial signature extraction fails to yield an identification.
  - 45. A system according to claim 12, wherein said signal extractor comprises a binary signal extractor for initial signature extraction and a text signature extractor for extracting a text signature in the event said initial signature extraction fails to yield an identification.
  - 46. A system according to claim 12, wherein said signal extractor comprises a binary signal extractor for initial signature extraction and a code signature extractor for extracting a code signature in the event said initial signature extraction fails to yield an identification.
  - 47. A system according to claim 12, wherein said signal extractor comprises a binary signal extractor for initial signature extraction and a data content signature extractor for extracting a data content signature in the event said initial signature extraction fails to yield an identification.
  - 48. A system according to claim 12, wherein said signature extractor is operable to use a plurality of signature extraction approaches.
  - 49. A system according to claim 48, further comprising a combiner for producing a combination of extracted signatures of each of said approaches.
  - 50. A system according to claim 48, wherein said comparator is operable to compare using signatures of each of said approaches and to use as a comparison output a highest result of each of said approaches.
  - 51. A system according to claim 12, wherein said signal extractor comprises a binary signal extractor for initial signature extraction and a video signature extractor for extracting a video signature in the event said initial signature extraction fails to yield an identification.
  - 52. A system according to claim 12, wherein there is a plurality of preobtained signatures and wherein said comparator is operable to compare said extracted signature with each one of said preobtained signatures, thereby to determine whether said monitored transport data belongs to a content source which is the same as any of said signatures.
  - 53. A system according to claim 52, said comparator being operable to obtain a cumulated number of matches of said extracted signature.
  - 54. A system according to claim 52, wherein said comparator is operable to calculate a likelihood of compatibility with each of said preobtained signatures and to output a highest one of said probabilities to an unauthorized content presence determinator connected subsequently to said comparator.
  - 55. A system according to claim 53, said comparator being operable to calculate a likelihood of compatibility with each of said preobtained signatures and to output an accumulated total of matches which exceed a threshold probability level.
  - 56. A system according to claim 53, said comparator being operable to calculate the likelihood of compatibility with each of said preobtained signatures and to output an accumulated likelihood of matches which exceed a threshold probability level.
  - 57. A system according to claim 52, comprising a sequential decision unit associated with said comparator, being operable to use a sequential decision test to update a likelihood of the presence of given content, based on at least one of the following:
    - successive matches made by said comparator, context related parameters, other content related parameters and outside parameters.
  - 58. A system according to claim 54, wherein said unauthorized content presence determinator is operable to use the output of said comparator to determine whether unauthorized content is present in said transport and to output a positive decision of said presence to a subsequently connected policy determinator.
  - 59. A system according to claim 52, wherein an unauthorized content presence determinator is connected subsequently to said comparator and is operable to use an output of said comparator to determine whether unauthorized content is present in said data being transported, a positive decision of said presence being output to a subsequently connected policy determinator.
  - 60. A system according to claim 59, wherein said policy determinator comprises a rule-based decision making unit for producing an enforcement decision based on output of at least said unauthorized content presence determinator.
  - 61. A system according to claim 1, wherein said policy determinator is operable to use said rule-based decision making unit to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, stopping said transport, preventing printing, preventing photocopying, reducing quality of the content, removing sensitive parts, altering the content, adding a message to the said content, and preventing of saving on a portable medium.
  - 62. A system according to claim 61, wherein said rule-based decision making unit is operable to use a likelihood level of a signature identification as an input in order to make said selection.
  - 63. A system according to claim 62, further comprising a bandwidth management unit connected to said policy determinator for managing network bandwidth assignment in accordance with output decisions of said policy determinator.
  - 64. A system according to claim 1, further comprising an audit unit for preparing and storing audit reports of transportation of data identified as corresponding to content it is desired to monitor.
  - 65. A system according to claim 1, comprising a transcript output unit for producing transcripts of content identified by said comparison.
  - 66. A system according to claim 28, further comprising a policy determinator connected to receive outcomes of said encryption determinator and to apply rule-based decision making to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, and stopping said transport.
  - 67. A system according to claim 66, wherein said rule-based decision-making comprises rules based on confidence levels of said outcomes.
  - 68. A system according to claim 66, wherein said policy determinator is operable to use an input of an amount of encrypted transport from a given user as a factor in said rule based decision making.
  - 69. A system according to claim 31, further comprising a policy determinator connected to receive positive outcomes of said encryption determinator and to apply rule-based decision making to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, and stopping said transport, said policy determinator operable to use;
      
      an input of an amount of encrypted transport from a given user, andsaid confidence level, as factors in said rule based decision making.
  - 70. The system of claim 1,wherein said description extractor comprises a signature extractor, associated with said transport data monitor, for extracting a derivation of payload of said monitored data, said derivation being indicative of content of said data,a database of preobtained signatures of known content whose movements it is desired to monitor, said content being internally generated in the network in advance of said extracting, said preobtained signatures being obtained in advance of said extracting said derivation of said payload,said determining further including a level of confidence, said confidence level being incremented each time a correspondence with one of said preobtained signatures is found,a decision-making unit for producing an enforcement decision, using the output of said comparator including said confidence level, anda bandwidth management unit connected to said decision-making unit for managing network bandwidth assignment in accordance with output decisions of said decision making unit, thereby to control content distribution over said network by assigning bandwidth in accordance with said confidence level.
  - 71. A system according to claim 70, wherein said decision-making unit is a rule-based decision-making unit.
  - 72. A system according to claim 71, wherein said transport data monitor is a software agent, operable to place itself on a predetermined node of said network.
  - 73. A system according to claim 71, comprising a plurality of transport data monitors distributed over a plurality of points on said network.
  - 74. A system according to claim 71, said transport data monitor further comprising a multimedia filter for determining whether passing content comprises multimedia data and restricting said signature extraction to said multimedia data.
  - 75. A system according to claim 71, said transport data comprising a plurality of protocol layers, the system further comprising a layer analyzer connected between said transport data monitor and said signature extractor, said layer analyzer comprising analyzer modules for at least two of said layers.
  - 76. A system according to claim 75, comprising a traffic state associator connected to receive output from said layer analyzer modules, and to associate together output of different layer analyzer modules which belongs to a single communication.
  - 77. A system according to claim 75, one of said analyzer modules comprising a multimedia filter for determining whether passing content comprises multimedia data and restricting said data extraction to said multimedia data.
  - 78. A system according to claim 75, one of said analyzer modules comprising a compression detector for determining whether said monitored transport data is compressed.
  - 79. A system according to claim 78, further comprising a decompressor, associated with said compression detector, for decompressing said data if it is determined that said data is compressed.
  - 80. A system according to claim 75, one of said analyzer modules comprising an encryption detector for determining whether said monitored transport data is encrypted.
  - 81. A system according to claim 80, wherein said encryption detector comprises an entropy measurement unit for measuring entropy of said monitored transport data.
  - 82. A system according to claim 81, said encryption detector being set to recognize a high entropy as an indication that encrypted data is present.
  - 83. A system according to claim 82, said encryption detector being set to use a height of said measured entropy as a confidence level of said encrypted data indication.
  - 84. A system according to claim 75, further comprising a format detector for determining a format of said monitored transport data.
  - 85. A system according to claim 84, further comprising a media player, associated with said format detector, for rendering and playing said monitored transport data as media according to said detected format, thereby to place said extracted transport data in condition for extraction of a signature which is independent of a transportation format.
  - 86. A system according to claim 84, further comprising a parser, associated with said format detector, for parsing said monitored transport media, thereby to place said extracted transport data in condition for extraction of a signature which is independent of a transportation format.
  - 87. A system according to claim 71, wherein said signature extractor comprises a binary function for applying to said extracted transport data.
  - 88. A system according to claim 87, wherein said binary function comprises at least one hash function.
  - 89. A system according to claim 88, wherein said binary function comprises a first, fast, hash function to identify an offset in said extracted transport data and a second, full, hash function for application to said extracted transport data using said offset.
  - 90. A system according to claim 71, wherein said signature extractor comprises an audio signature extractor for extracting a signature from an audio part of said extracted transport data.
  - 91. A system according to claim 71, wherein said signature extractor comprises a video signature extractor for extracting a signature from a video part of said extracted transport data.
  - 92. A system according to claim 71, wherein said comparator is operable to compare said extracted signature with each one of said preobtained signatures, thereby to determine whether said monitored transport data belongs to a content source which is the same as any of said signatures.
  - 93. A system according to claim 92, wherein said comparator is operable to calculate a likelihood of compatibility with each of said preobtained signatures and to output a highest one of said probabilities to an unauthorized content presence determinator connected subsequently to said comparator.
  - 94. A system according to claim 93, wherein said unauthorized content presence determinator is operable to use the output of said comparator to determine whether unauthorized content is present in said transport and to output a positive decision of said presence to a subsequently connected policy determinator.
  - 95. A system according to claim 92, wherein an unauthorized content presence determinator is connected subsequently to said comparator and is operable to use an output of said comparator to determine whether unauthorized content is present in said transport, a positive decision of said presence being output to a subsequently connected policy determinator.
  - 96. A system according to claim 95, wherein said policy determinator comprises said rule-based decision making unit for producing an enforcement decision based on output of at least said unauthorized content presence determinator.
  - 97. A system according to claim 71, wherein said policy determinator is operable to use said rule-based decision making unit to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, stopping said transport, not allowing printing of said content, not allowing photocopying of said content and not allow saving of said content on portable media.
  - 98. A system according to claim 97, said rule-based decision making unit is operable to use a likelihood of a signature identification as an input in order to make said selection.
  - 99. A system according to claim 71, further comprising an audit unit for preparing and storing audit reports of transportation of data identified as corresponding to content it is desired to monitor.
  - 100. A system according to claim 80, further comprising a policy determinator connected to receive positive outcomes of said encryption determinator and to apply rule-based decision of said rule-based decision making unit to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, stopping said transport, reducing quality of the content, removing sensitive parts, altering the content, adding a message to said content, not allowing printing of said content, not allowing photocopying of said content and not allow saving of said content on portable media.
  - 101. A system according to claim 100, said policy determinator being operable to use an input of an amount of encrypted transport from a given user as a factor in said rule based decision making.
  - 102. A system according to claim 83, further comprising a policy determinator connected to receive positive outcomes of said encryption determinator and to apply rule-based decision making of said rule-based decision-making unit to select between a set of outputs including at least some of:
    - taking no action, performing auditing, outputting a transcript of said content, reducing bandwidth assigned to said transport, using an active bitstream interference technique, stopping said transport, reducing quality of the content, removing sensitive parts, altering the content, adding a message to said content, not allowing printing of said content, not allowing photocopying of said content, and not allowing saving of said content on portable media.
  - 103. A system according to claim 102, said policy determinator being operable to use:
    - an input of an amount of encrypted transport from a given user, andsaid confidence level,as factors in said rule based decision making.
  - 104. A system according to claim 70, comprised within a firewall.
  - 105. A system according to claim 104, said transport data monitor being operable to inspect incoming and outgoing data transport crossing said firewall.
  - 106. A system according to claim 70, operable to define a restricted network zone within said network by inspecting data transport outgoing from said zone.
  - 107. A system according to claim 70, comprising certification recognition functionality to recognize data sources as being trustworthy and to allow data transport originating from said trustworthy data sources to pass through with monitoring modified on the basis of said data source recognition.
  - 108. A system according to claim 70, comprising certification recognition functionality to recognize data sources as being trustworthy and to allow data transport originating from said trustworthy data sources to pass through with said decision making being modified on the basis of said data source recognition.
  - 109. A system according to claim 2, wherein said transport data monitor comprises functionality to remove steganograms, said steganograms for removal being steganograms comprising information hidden within said data being monitored by said transport data monitor.
  - 110. A system according to claim 109, wherein said functionality to remove steganograms is independent of at least one of a group comprising:
    - a content of said steganogram hidden within said data being monitored,a content of said information hidden within said data being monitored, andof a method of hiding of said steganogram within said data being monitored.
  - 111. A system according to claim 70, wherein said functionality to remove steganograms comprises at least one of the following:
    - adding noise to said data being monitored by said transport data monitor;
      
      distorting said data being monitored by said transport data monitor; and
      
      embedding at least one steganogram within said data being monitored by said transport data monitor.
  - 112. A system according to claim 70, wherein said transport data monitor comprises functionality to remove steganograms, said steganograms for removal being steganograms comprising information hidden within said data being monitored by said transport data monitor.
  - 113. A system according to claim 112, wherein said functionality to remove steganograms is independent of at least one of a group comprising:
    - a content of said steganogram hidden within said data being monitored,a content of said information hidden within said data being monitored, andof a method of hiding of said steganogram within said data being monitored.
  - 114. A system according to claim 112, wherein said functionality to remove steganograms comprises at least one of the following:
    - adding noise to said data being monitored by said transport data monitor;
      
      distorting said data being monitored by said transport data monitor; and
      
      embedding at least one steganogram within said data being monitored by said transport data monitor.
  - 115. The system of claim 1,wherein said preobtained description being obtained from said content stored in said content database in advance of said extracting descriptions, andsaid determining including assigning a confidence level, said confidence level being incremented each time a correspondence with one of said preobtained descriptions is found,said comparator further being configured to decide using said confidence level, whether said data being transported comprises any of said content whose availability around said network it is desired to monitor according to said determining, thereby to manage data transport according to said determining, said managing comprising taking no action for a low level of confidence, allowing transport with a reduced bandwidth for a medium level of confidence and completely stopping said transport for a high level of confidence.
  - 116. The system of claim 1,wherein said content it is desired to monitor is should never sent out of the network, said content being internally generated in the network in advance of said extracting, said preobtained description being obtained in advance of said extracting descriptions, andsaid determining comprising including assigning a confidence level, said confidence level being incremented each time a correspondence with one of said preobtained descriptions is found, thereby to allow said system to use said confidence level to determine whether said data being transported comprises any of said content whose availability around said network it is desired to monitor according to said determining and to manage transport of said data by taking no action for a low level of confidence, allowing transport with a reduced bandwidth for a medium level of confidence and completely stopping said transport for a high level of confidence.
  - 117. The system of claim 1,further comprisinga local monitor and control device for detecting and reporting events carried out at a local endpoint device in respect of said content and reporting of said event, thereby to allow an action to be taken,wherein said content for which descriptions are extracted comprises content internally generated in the network in advance of said extracting, andwherein said comparator is configured to determine whether said extracted description corresponds to any of said at least one preobtained descriptions, by incrementing a confidence level each time a match is found, and to decide, whether said data being transported comprises any of said content whose movements it is desired to monitor according to said determining, based on said confidence level, thereby to allow said system to use said confidence levels to manage transport of said data, said managing comprising taking no action for a low level of confidence, allowing transport with a reduced bandwidth for a medium level of confidence and completely stopping said transport for a high level of confidence.
  - 118. A system according to claim 1, further comprisinga policy determinator connected to said comparator and configured to apply rule-based decision of a rule-based decision making unit to select between a set of outputs including:
    - removing sensitive parts, altering the content, adding a message to said content, not allowing printing of said content, not allowing photocopying of said content and not allow saving of said content on portable media.
  - 119. The system of claim 1,wherein said data being transported comprising a plurality of protocol layers, the system further comprising a layer analyzer connected between said transport data monitor and said signature extractor, said layer analyzer comprising analyzer modules for at least two of said layers wherein at least one of said analyzer modules comprises an encryption detector for determining whether said transport data is encrypted, wherein said encryption detector comprises an entropy measurement unit for measuring entropy of said monitored transport data.
  - 120. A system according to claim 119, wherein said encryption detector is set to recognize a high entropy as an indication that encrypted data is present.
  - 121. The system of claim 1,wherein said point is associated with a networked photocopier and wherein optical character recognition is used in association with said point to obtain data for said description extractor, said system being further configured to control an output of said photocopier in accordance with said determination.
  - 122. The system of claim 1, further comprising a policy determinator operable to use a rule-based decision making unit to remove parts of said data deemed by said comparator to be sensitive.
  - 123. The system of claim 1, being configured to use said determination to prevent copying onto portable media or printing of said content whose movements it is desired to monitor.
  - 124. The system of claim 1, wherein said description extractor is configured to extract said descriptors using only partial basic decoding of said data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
PortAuthority Technologies, Inc. (Forcepoint LLC)
Inventors
Troyansky, Lidror, Carny, Ofir, Peled, Ariel, Tirosh, Oren, Gutman, Gallt, Roglit, Guy
Primary Examiner(s)
Brown; Christopher J

Application Number

US10/003,269
Publication Number

US 20020129140A1
Time in Patent Office

3,022 Days
Field of Search

713/154, 713/13, 726/13
US Class Current

713/154
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/123   received data contents, e.g...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

System and method for monitoring unauthorized transport of digital content

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

124 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for monitoring unauthorized transport of digital content

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

124 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links