Tag data structure for maintaining relational data over captured objects
First Claim
1. Software encoded in one or more non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- receiving a data stream that includes a plurality of packets;
generating a tag for an object represented by the packets, wherein the tag includes;
a source address field indicative of an origination address associated with the object,a destination address field indicative of a destination address associated with the object,a source port field indicative of an origination port associated with the object,a destination port field indicative of a destination port associated with the object,a content field indicative of a content type associated with the object, anda time field indicative of when the object was captured;
generating a cryptographic tag signature over at least a portion of the tag;
generating an object signature over at least a portion of the object, wherein at least one of the object signature and the tag signature is generated using a first key; and
storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, the tag record including a pointer associated with a storage location where the object is stored,wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein at least one key pair is used in a verification operation, the at least one key pair including the first key and a second key.
9 Assignments
0 Petitions
Accused Products
Abstract
Objects captured over a network by a capture system can be indexed to provide enhanced search and content analysis capabilities. In one embodiment the objects can be indexed using a data structure having a source address field to indicate an origination address of the object, a destination address field to indicate a destination address of the object, a source port field to indicate an origination port of the object, a destination port field to indicate a destination port of the object, a content field to indicate a content type from a plurality of content types identifying a type of content contained in the object, and a time field to indicate when the object was captured. The data structure may also store a cryptographic signature of the object to ensure the object is not altered after capture.
358 Citations
17 Claims
-
1. Software encoded in one or more non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving a data stream that includes a plurality of packets; generating a tag for an object represented by the packets, wherein the tag includes; a source address field indicative of an origination address associated with the object, a destination address field indicative of a destination address associated with the object, a source port field indicative of an origination port associated with the object, a destination port field indicative of a destination port associated with the object, a content field indicative of a content type associated with the object, and a time field indicative of when the object was captured; generating a cryptographic tag signature over at least a portion of the tag; generating an object signature over at least a portion of the object, wherein at least one of the object signature and the tag signature is generated using a first key; and storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, the tag record including a pointer associated with a storage location where the object is stored, wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein at least one key pair is used in a verification operation, the at least one key pair including the first key and a second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving a data stream that includes a plurality of packets; generating a tag for an object represented by the packets, wherein the tag includes; a source address field indicative of an origination address associated with the object, a destination address field indicative of a destination address associated with the object, a source port field indicative of an origination port associated with the object, a destination port field indicative of a destination port associated with the object, a content field indicative of a content type associated with the object, and a time field indicative of when the object was captured; generating a cryptographic tag signature over at least a portion of the tag; generating an object signature over at least a portion of the object, wherein at least one of the object signature and the tag signature is generated using a first key; and storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, the tag record including a pointer associated with a storage location where the object is stored, wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein at least one key pair is used in a verification operation, the at least one key pair including the first key and a second key. - View Dependent Claims (10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a processor; and a memory, wherein the processor and the memory cooperate such that the apparatus is configured for; receiving a data stream that includes a plurality of packets; generating a tag for an object represented by the packets, wherein the tag includes; a source address field indicative of an origination address associated with the object, a destination address field indicative of a destination address associated with the object, a source port field indicative of an origination port associated with the object, a destination port field indicative of a destination port associated with the object, a content field indicative of a content type associated with the object, and a time field indicative of when the object was captured; generating a cryptographic tag signature over at least a portion of the tag; generating an object signature over at least a portion of the object, wherein at least one of the object signature and the tag signature is generated using a first key; and storing a tag record in a database in which the tag record indexes the object in a content store and contains information about the object, the tag record including a pointer associated with a storage location where the object is stored, wherein the object is verified by using the tag signature and the object signature before the object is presented, and wherein at least one key pair is used in a verification operation, the at least one key pair including the first key and a second key. - View Dependent Claims (15, 16, 17)
-
Specification