Document de-registration
First Claim
1. A method to be performed in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
- monitoring security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, and respective signatures are removed from the database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic;
receiving a particular document, in the plurality of the registered digital documents, to be de-registered in response to an expiration of a time interval associated with an initial registration of the particular document;
calculating a set of signatures associated with the received particular document;
identifying, in the signatures stored in the signature database, at least one signature included in the set of calculated signatures; and
removing from the signature database the at least one identified signature included in the set of calculated signatures associated with the particular document, wherein data in the network traffic detected to include a signature of a registered document is intercepted and data in the network traffic determined to not include a signature of a registered document is allowed to propagate unintercepted to its intended destination.
12 Assignments
0 Petitions
Accused Products
Abstract
A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, a plurality of stored signatures are maintained in a signature database, each signature being associated with one of a plurality of registered documents. In one embodiment, the signature database is maintained by de-registering documents by removing the signatures associated with de-registered documents. In one embodiment, the database is maintained by removing redundant and high detection rate signatures. In one embodiment, the signature database is maintained by removing signatures based on the source text used to generate the signature.
375 Citations
32 Claims
-
1. A method to be performed in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
monitoring security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, and respective signatures are removed from the database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; receiving a particular document, in the plurality of the registered digital documents, to be de-registered in response to an expiration of a time interval associated with an initial registration of the particular document; calculating a set of signatures associated with the received particular document; identifying, in the signatures stored in the signature database, at least one signature included in the set of calculated signatures; and removing from the signature database the at least one identified signature included in the set of calculated signatures associated with the particular document, wherein data in the network traffic detected to include a signature of a registered document is intercepted and data in the network traffic determined to not include a signature of a registered document is allowed to propagate unintercepted to its intended destination. - View Dependent Claims (2, 9, 10)
-
-
3. A method to be performed in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
monitoring security of a plurality of registered digital documents in a system using a capture system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, and respective signatures are removed from the database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; receiving a request to de-register an identified document from the plurality of registered digital documents in response to an expiration of a time interval associated with an initial registration of the identified document; and de-registering the identified document by removing all signatures associated with the identified document from the signature database, wherein the capture system that maintains the stored signatures is configured to allow a received document to be forwarded from the capture system to its intended destination at a network node unless a capture rule prohibits forwarding the received document based on the detection of one or more of the signatures of the registered documents included in the received document. - View Dependent Claims (4, 5)
-
-
6. A method to be performed in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
monitoring security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, wherein respective signatures are removed from the database after determining that the respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate, which is designated as a threshold percentage of data objects detected in the network traffic; identifying at least one redundant signature maintained in the signature database, wherein a redundant signature is a signature shared by multiple different digital documents in the plurality of registered digital documents; and removing the at least one redundant signature from the signatures maintained in the signature database; identifying a particular document in the plurality of digital documents that is to be deregistered; and de-registering the particular document by removing all signatures associated with the particular document from the signature database; wherein registered data that is detected as including a signature of at least one of the plurality of registered digital documents is intercepted prior to its intended destination and data that is detected as not including a signature of at least one of the plurality of registered digital documents is allowed to be forwarded to its intended destination at a network node. - View Dependent Claims (7, 8)
-
-
11. A method to be performed in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
providing a database of stored signatures, each signature being associated with one of a plurality of registered documents, wherein a particular signature is removed from the signature database based on identifying that the particular signature was detected within network traffic of a particular network in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; monitoring security of the plurality of registered documents, the monitoring including identifying attempts to forward registered documents to nodes outside of the particular network by identifying data propagating within the particular network that includes one or more signatures maintained in the signature database and associated with the plurality of registered documents; receiving a selected document, included in the plurality of registered documents, that is to be de-registered in response to an expiration of a time interval associated with an initial registration of the selected document; and de-registering the selected document by removing all signatures associated with the selected document from the signature database; wherein data propagating within the particular network that is detected as not including a signature of at least one of the plurality of registered digital documents is allowed to be forwarded outside of the particular network. - View Dependent Claims (12, 13)
-
-
14. A non-transitory machine-readable medium storing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
monitoring security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, and respective signatures are removed from the database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; receiving a particular document, in the plurality of the registered digital documents, to be de-registered in response to an expiration of a time interval associated with an initial registration of the particular document; calculating a set of signatures associated with the received particular document; identifying, in the signatures stored in the signature database, at least one signature included in the set of calculated signatures; and removing from the signature database the at least one identified signature included in the set of calculated signatures associated with the particular document, wherein data in the network traffic detected to include a signature of a registered document is intercepted and data in the network traffic determined to not include a signature of a registered document is allowed to propagate unintercepted to its intended destination. - View Dependent Claims (15, 22, 23)
-
-
16. A non-transitory machine-readable medium storing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
monitoring security of a plurality of registered digital documents in a system using a capture system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, and respective signatures are removed from the database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; receiving a request to de-register an identified document from the plurality of registered digital documents in response to an expiration of a time interval associated with an initial registration of the identified document; de-registering the identified document by removing all signatures associated with the identified document from the signature database; and allowing an attempt to forward the identified document to a particular network destination subsequent to the de-registering of the identified document, wherein the detection of one or more of the signatures of the registered documents in particular data propagating in network traffic prompts interception of the particular data. - View Dependent Claims (17, 18)
-
-
19. A non-transitory machine-readable medium storing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
monitoring security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system, wherein the signatures of the registered documents are maintained in a signature database, each signature being associated with at least one of the plurality of registered digital documents, wherein respective signatures are removed from the database after determining that the respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate, which is designated as a threshold percentage of data objects detected in the network traffic; identifying at least one redundant signature maintained in the signature database, wherein a redundant signature is a signature shared by multiple different digital documents in the plurality of registered digital documents; and removing the at least one redundant signature from the signatures maintained in the signature database; identifying a particular document in the plurality of digital documents that is to be deregistered; and de-registering the particular document by removing all signatures associated with the particular document from the signature database; wherein registered data that is detected as including a signature of at least one of the plurality of registered digital documents is intercepted prior to its intended destination and data that is detected as not including a signature of at least one of the plurality of registered digital documents is allowed to be forwarded to its intended destination at a network node. - View Dependent Claims (20, 21)
-
-
24. A non-transitory machine-readable medium storing data representing instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
providing a database of stored signatures, each signature being associated with one of a plurality of registered documents, wherein a particular signature is removed from the signature database based on identifying that the particular signature was detected within network traffic of a particular network in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; monitoring security of the plurality of registered documents, the monitoring including identifying attempts to forward registered documents to nodes outside of the particular network by identifying data propagating within the particular network that includes one or more signatures maintained in the signature database and associated with the plurality of registered documents; receiving a selected document, included in the plurality of registered documents, that is to be de-registered in response to an expiration of a time interval associated with an initial registration of the selected document; and de-registering the selected document by removing all signatures associated with the selected document from the signature database; wherein data propagating within the particular network that is detected as not including a signature of at least one of the plurality of registered digital documents is allowed to be forwarded outside of the particular network. - View Dependent Claims (25, 26)
-
-
27. An apparatus to be used in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
a network interface module to connect the apparatus to a network; a storage medium including a signature database storing a plurality of signatures, each signature being associated with one of a plurality of registered digital documents, wherein a particular signature is removed from the signature database based on identifying that a detection rate, which reflects how often the particular signature is detected in particular captured objects propagating in network traffic, exceeds and over inclusive signatures are removed from the signature database upon determining that respective signatures are detected within the network traffic at a rate in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; a user interface to receive a particular digital document to be de-registered in response to an expiration of a time interval associated with an initial registration of the particular document; and a registration module comprising; a registration engine to generate a set of signatures associated with the received particular document, and a search engine to identify signatures in the signature database matching any of the signatures in the set of signatures associated with the received particular document, wherein the registration module is configured to remove the signatures matching any of the signatures in the set of signatures associated with the received particular document form the signature database; wherein data in the network traffic detected to include at least one of the plurality of signatures associated with at least one registered document is intercepted and data in the network traffic determined to not include at least one of the plurality of signatures is allowed to propagate unintercepted to its intended destination. - View Dependent Claims (28, 29)
-
-
30. An apparatus to be used in an electronic environment in which network communications occur involving packets and at least one processor and a memory element, comprising:
-
a storage medium including a signature database to store a plurality of signatures, each signature being associated with one of a plurality of registered documents, wherein a particular signature is removed from the signature database based on identifying that the particular signature was detected within network traffic of a particular network in excess of a threshold detection rate designated as a threshold percentage of all data objects detected in the network traffic; a security monitor to monitor security of the plurality of registered documents, the monitoring including identifying attempts to forward registered documents to nodes outside of the particular network by identifying data propagating within the particular network that includes one or more signatures maintained in the signature database and associated with the plurality of registered documents; and a registration module to maintain the signature database by removing a set of signatures from the database based on identification of a selected document to be de-registered in response to an expiration of a time interval associated with an initial registration of the selected document, and wherein data propagating within the particular network that is detected as not including a signature of at least one of the plurality of registered digital documents is allowed to be forwarded outside of the particular network. - View Dependent Claims (31, 32)
-
Specification