System and method for monitoring unauthorized transport of digital content
First Claim
1. A system for network content monitoring, comprising:
- at least one computer processor and a non-transitory electronically readable medium,a transport data monitor, connectable to a point in a network, and configured to monitor data being transported past said point,an encryption detector configured to determine whether said transport data is encrypted, said encryption detector comprises comprising a transport entropy measurement unit configured to measure entropy of said monitored transport data; and
a policy determinator configured to use a rule-based decision making unit to select between a set of outputs including at least one of;
removing sensitive parts of content, altering the content, and adding a message to the content, wherein said policy determinator is configured to use;
an input of an amount of encrypted transport from a given user, and a confidence level based on said measured entropy of said monitored transport data, as factors in said rule based decision making.
17 Assignments
0 Petitions
Accused Products
Abstract
A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.
-
Citations
7 Claims
-
1. A system for network content monitoring, comprising:
-
at least one computer processor and a non-transitory electronically readable medium, a transport data monitor, connectable to a point in a network, and configured to monitor data being transported past said point, an encryption detector configured to determine whether said transport data is encrypted, said encryption detector comprises comprising a transport entropy measurement unit configured to measure entropy of said monitored transport data; and a policy determinator configured to use a rule-based decision making unit to select between a set of outputs including at least one of;
removing sensitive parts of content, altering the content, and adding a message to the content, wherein said policy determinator is configured to use;
an input of an amount of encrypted transport from a given user, and a confidence level based on said measured entropy of said monitored transport data, as factors in said rule based decision making. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeForcepoint LLC (Francisco Partners Management LLC)
-
Original AssigneePortAuthority Technologies, Inc. (Francisco Partners Management LLC)
-
InventorsPeled, Ariel, Carny, Ofir, Troyansky, Lidror, Tirosh, Oren, Roglit, Guy, Gutman, Galit
-
Primary Examiner(s)BROWN, CHRISTOPHER J
-
Application NumberUS13/590,291Publication NumberTime in Patent Office763 DaysField of Search726/11, 726/12, 726/13US Class Current726/11CPC Class CodesH04L 63/0245 Filtering by information in...H04L 63/123 received data contents, e.g...H04L 63/1416 Event detection, e.g. attac...H04L 63/20 for managing network securi...
