Verifying captured objects before presentation
First Claim
Patent Images
1. A method comprising:
- receiving a request to present a previously captured object to a user, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system;
accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature;
verifying that the object has not been altered since capture using the object signature in the tag associated with the object, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system; and
presenting the object if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised.
13 Assignments
0 Petitions
Accused Products
Abstract
Objects can be extracted from data flows captured by a capture device. Each captured object can then be classified according to content. Meta-data about captured objects can be stored in a tag. In one embodiment, the present invention includes receiving a request to present a previously captured object to a user, accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature, and verifying that the object has not been altered since capture using the object signature before presenting the object to the user.
225 Citations
26 Claims
-
1. A method comprising:
-
receiving a request to present a previously captured object to a user, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system; accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature; verifying that the object has not been altered since capture using the object signature in the tag associated with the object, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system; and presenting the object if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
an interface to receive a request to present a previously captured object to a user; a storage medium having the object and a tag associated with the object stored thereon, the tag containing metadata related to the object, the metadata including an object signature; and a processor to verify the authenticity of the object using the object signature in the tag associated with the object, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system, and wherein the object is presented if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
accessing a content store containing an object captured during transmission over a network; accessing a tag database containing a tag associated with the object, the tag including an object signature over the object and a tag signature over meta-data included in the tag, the meta-data including the object signature, the tag signature being cryptographically signed by a capture device; and verifying the authenticity of the tag and the object using the tag signature and the object signature, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system, and wherein the object is presented if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised. - View Dependent Claims (17)
-
-
18. A machine-readable medium having stored thereon data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving a request to present a previously captured object to a user; accessing a tag associated with the requested object, the tag containing metadata related to the object, the metadata including an object signature; verifying that the object has not been altered since capture using the object signature in the tag associated with the object; and presenting the object to the user, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system, and wherein the object is presented if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A machine-readable medium having stored thereon data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
accessing a content store containing an object captured during transmission over a network; accessing a tag database containing a tag associated with the object, the tag including an object signature over the object and a tag signature over meta-data included in the tag, the meta-data including the object signature, the tag signature being cryptographically signed by a capture device; and verifying the authenticity of the tag and the object using the tag signature and the object signature, wherein the captured object was intercepted by a capture system configured to intercept packets from data streams, reconstruct the data streams, and store network transmitted objects from the data streams according to a capture rule that defines which objects are to be captured by the capture system, wherein the tag is verified using a hash, which is decrypted with a public key of the capture system, and the object is presented if the object and the tag are verified, and wherein the capture rule is part of a default rule set for the capture system configured to monitor network traffic and capture the object, and wherein the capture system is configured to store a document captured by the capture system according to the capture rule, which identifies a particular internet protocol (IP) address from which the document was sent, and wherein if the object is not verified, then an alert is generated to indicate that the object being presented to the user has been compromised. - View Dependent Claims (26)
-
Specification