Query generation for a capture system

US 8,005,863 B2
Filed: 01/20/2010
Issued: 08/23/2011
Est. Priority Date: 05/22/2006
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

a processor;

a memory; and

a query generator configured to issue a query for a selected object included in a plurality of objects that are stored, wherein the objects are identified within packets that are captured at a network interface configured to receive the packets, and wherein the objects are stored with one or more respective tags indicative of characteristics of the objects, and wherein the query includes one or more regular expressions and at least one of the regular expressions are matched to an attribute, and wherein a first object is stored with a first attribute such that identification of the first attribute is used to determine whether the first object is relevant to the query, and wherein the first attribute is a selected one of a group of attributes, the group consisting of;

a) a document type;

b) an Internet protocol (IP) address from which the packets were sent or to where the packets were delivered;

c) an application type that generated the packets;

d) a size of a document associated with the packets; and

e) a time range in which the document associated with the packets was sent or received.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A document accessible over a network can be registered. A registered document, and the content contained therein, is not transmitted undetected over and off of the network. In one embodiment, the invention includes a manager agent to maintain signatures of registered documents and a match agent to detect the unauthorized transmission of the content of registered documents.

Citations

20 Claims

1. An apparatus, comprising:
- a processor;
  
  a memory; and
  
  a query generator configured to issue a query for a selected object included in a plurality of objects that are stored, wherein the objects are identified within packets that are captured at a network interface configured to receive the packets, and wherein the objects are stored with one or more respective tags indicative of characteristics of the objects, and wherein the query includes one or more regular expressions and at least one of the regular expressions are matched to an attribute, and wherein a first object is stored with a first attribute such that identification of the first attribute is used to determine whether the first object is relevant to the query, and wherein the first attribute is a selected one of a group of attributes, the group consisting of;
  
  a) a document type;
  
  b) an Internet protocol (IP) address from which the packets were sent or to where the packets were delivered;
  
  c) an application type that generated the packets;
  
  d) a size of a document associated with the packets; and
  
  e) a time range in which the document associated with the packets was sent or received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The apparatus of claim 1, further comprising:
    - a packet capture module configured to capture the packets, wherein the packets are part of an e-mail or a document sought to be communicated over a network connection.
  - 3. The apparatus of claim 1, wherein the first attribute is used to search a database to eliminate at least some of the objects from being part of a response to the query.
  - 4. The apparatus of claim 3, wherein searching the database includes evaluating an attribute field or an index bit position in the database.
  - 5. The apparatus of claim 1, wherein a response is provided for the query, the response including one or more electronic links to elements that include the selected object.
  - 6. The apparatus of claim 1, wherein the query is provided as a scheduled query being executed periodically.
  - 7. The apparatus of claim 1, wherein the objects that are stored are categorized based on time intervals in which the objects were captured or sent.
  - 8. The apparatus of claim 1, further comprising:
    - a tag generator configured to insert an attribute index into an index field of a selected one of the tags.
  - 9. The apparatus of claim 1, further comprising:
    - an object assembly module configured to reassemble a first object associated with a first captured packet.
  - 10. The apparatus of claim 1, further comprising:
    - an object classification module configured to generate the tags for the objects.
  - 11. The apparatus of claim 1, further comprising:
    - an object store module configured to store the objects and the tags together.
  - 12. The apparatus of claim 11, wherein the object store module further comprises:
    - a tag database configured to store the tags generated for the objects; and
      
      a content store configured to store reassembled objects.
  - 13. The apparatus of claim 1, further comprising:
    - a user interface configured to interact with the query generator and offer a display for inputting the query.
  - 14. The apparatus of claim 1, wherein the query generator is further configured to:
    - decompose the query into search terms;
      
      determine locations to search for the search terms;
      
      generate a list of matches for the locations searched; and
      
      intersect the list of matches to determine a response for the query.
  - 15. The apparatus of claim 1, wherein locations are searched for the selected object, the locations being part of a group of locations, the group consisting of:
    - a look-aside storage;
      
      a metadata database; and
      
      an object storage, wherein the look-aside storage, metadata storage, and object storage are presorted by time.

16. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor operable to perform operations comprising:
- processing a query for a selected object included in a plurality of objects that are stored, wherein the objects are identified within packets that are captured at a network interface configured to receive the packets, and wherein the objects are stored with one or more respective tags indicative of characteristics of the objects, wherein the query includes one or more regular expressions and at least one of the regular expressions are matched to an attribute, and wherein a first object is stored with a first attribute such that identification of the first attribute is used to determine whether the first object is relevant to the query, and wherein the first attribute is a selected one of a group of attributes, the group consisting of;
  
  a) a document type;
  
  b) an Internet protocol (IP) address from which the packets were sent or to where the packets were delivered;
  
  c) an application type that generated the packets;
  
  d) a size of a document associated with the packets; and
  
  e) a time range in which the document associated with the packets was sent or received.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The logic of claim 16, wherein the first attribute is used to search a database to eliminate at least some of the objects from being part of a response to the query.
  - 18. The logic of claim 16, wherein searching the database includes evaluating an attribute field or an index bit position in the database.
  - 19. The logic of claim 16, wherein a response is provided for the query, the response including one or more electronic links to elements that include the selected object.
  - 20. The logic of claim 16, wherein the objects that are stored are categorized based on time intervals in which the objects were captured or sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Deninger, William, de la Iglesia, Erik, Ahuja, Ratinder Paul Singh
Primary Examiner(s)
Woo; Isaac M

Application Number

US12/690,153
Publication Number

US 20100121853A1
Time in Patent Office

580 Days
Field of Search

707600-831
US Class Current

707/791
CPC Class Codes

G06F 21/1078   Logging; Metering

G06F 21/6272   by registering files or doc...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

Query generation for a capture system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Query generation for a capture system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links