Document de-registration

US 9,374,225 B2
Filed: 09/30/2013
Issued: 06/21/2016
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

monitor security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system;

detect a particular signature of a particular document in the plurality of registered digital documents from the data propagating in the network;

determine, based at least in part on the detecting, that detection of the particular signature exceeds a threshold detection rate for registered digital documents in the system, wherein the threshold detection rate comprises a threshold percentage of digital documents detected in the network traffic over a time period;

remove the particular signature from a signature database based on determining that detection of the particular signature exceeds the threshold detection rate, wherein the signature database includes the signatures of the plurality of registered digital documents; and

perform a security action to protect access to the registered digital documents, wherein the security action is not performed on the particular document based on removal of the particular signature from the signature database.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security of a plurality of registered digital documents in a system are monitored and the monitoring includes determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system. A particular signature of a particular document in the plurality of registered digital documents is detected from the data propagating in the network. It is determined, based at least in part on the detecting, that detection of the particular signature exceeds a threshold detection rate for registered digital documents in the system. The particular signature is removed from a signature database including the signatures of the plurality of registered digital documents.

Citations

21 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- monitor security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system;
  
  detect a particular signature of a particular document in the plurality of registered digital documents from the data propagating in the network;
  
  determine, based at least in part on the detecting, that detection of the particular signature exceeds a threshold detection rate for registered digital documents in the system, wherein the threshold detection rate comprises a threshold percentage of digital documents detected in the network traffic over a time period;
  
  remove the particular signature from a signature database based on determining that detection of the particular signature exceeds the threshold detection rate, wherein the signature database includes the signatures of the plurality of registered digital documents; and
  
  perform a security action to protect access to the registered digital documents, wherein the security action is not performed on the particular document based on removal of the particular signature from the signature database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The storage medium of claim 1, wherein data in the network traffic detected to include a signature of a registered document is to be intercepted and data in the network traffic detected to not include a signature of a registered document is to be allowed to propagate unintercepted to its intended destination.
  - 3. The storage medium of claim 1, wherein detecting the particular signature includes receiving the particular document, calculating the particular signature associated with the particular document, and determining whether the particular signature is included in the signature database.
  - 4. The storage medium of claim 1, wherein removing the particular signature from the signature database de-registers the particular document.
  - 5. The storage medium of claim 4, wherein another document in the plurality of registered digital documents is to be deregistered based on an expiration of a time interval associated with an initial registration of the other document.
  - 6. The storage medium of claim 4, wherein de-registering the particular document includes removing all of a plurality of signatures associated with the particular document from the signature database.
  - 7. The storage medium of claim 1, wherein the threshold detection rate comprises a threshold percentage of all data objects detected in the network traffic.
  - 8. The storage medium of claim 1, wherein the instructions, when executed by on a machine, are further to determine that the particular signature is redundant with signatures associated with at least one other document in the plurality of registered digital documents.
  - 9. The storage medium of claim 8, further comprising removing the particular signature from records of the signature database associated with each of the registered digital documents associated with the particular signature.
  - 10. The storage medium of claim 8, wherein determining that the particular signature is a redundant signature includes identifying that a signature of the other document is identical to at least a portion of the particular signature.
  - 11. The storage medium of claim 1, wherein the threshold detection rate comprises a threshold number of detections of signatures identical to at least a portion of the particular signature.
  - 12. The storage medium of claim 1, wherein the threshold detection rate of the particular signature includes a number of times the particular signature is detected from data objects detected in the network traffic during the time window.

13. A method comprising:
- monitoring, using at least one data processing apparatus, security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system;
  
  detecting, using at least one data processing apparatus, a particular signature of a particular document in the plurality of registered digital documents from the data propagating in the network;
  
  determining, using at least one data processing apparatus, based at least in part on the detecting, that detection of the particular signature exceeds a threshold detection rate for registered digital documents in the system, wherein the threshold detection rate comprises a threshold percentage of digital documents detected in the network traffic over a time period;
  
  removing, using at least one data processing apparatus, the particular signature from a signature database based on determining that detection of the particular signature exceeds the threshold detection rate, wherein the signature database includes the signatures of the plurality of registered digital documents; and
  
  performing, using at least one data processing apparatus, a security action to protect access to the registered digital documents, wherein the security action is not performed on the particular document based on removal of the particular signature from the signature database.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising automatically de-registering the particular document based on determining that detection of the particular signature exceeds the threshold detection rate.
  - 15. The method of claim 13, wherein the threshold detection rate includes a rate of signature appearance per day.
  - 16. The method of claim 13, further comprising intercepting registered documents included in the data propagating in the network based on detection of a corresponding signature for the registered documents.
  - 17. The method of claim 16, wherein data objects that do not have a corresponding signature stored in the signature database are allowed to propagate unintercepted to their respective intended destinations.

18. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a registration module comprising code executable by the at least one processor device to;
  
  monitor security of a plurality of registered digital documents in a system, the monitoring including determining whether signatures associated with the registered digital documents are included in data propagating in network traffic of the system;
  
  detect a particular signature of a particular document in the plurality of registered digital documents from the data propagating in the network;
  
  determine, based at least in part on the detecting, that detection of the particular signature exceeds a threshold detection rate for registered digital documents in the system, wherein the threshold detection rate comprises a threshold percentage of digital documents detected in the network traffic over a time period;
  
  remove the particular signature from a signature database based on determining that detection of the particular signature exceeds the threshold detection rate, wherein the signature database includes the signatures of the plurality of registered digital documents; and
  
  perform a security action to protect access to the registered digital documents, wherein the security action is not performed on the particular document based on removal of the particular signature from the signature database.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, wherein the registration module is further to designate an additional digital document as a registered digital document, wherein designating the additional digital document as a registered digital document comprises generating one or more signatures for the additional digital document and storing the signatures for the additional digital document in the signature database.
  - 20. The system of claim 18, further comprising the signature database.
  - 21. The system of claim 18, wherein the registration module is further to de-register documents in the plurality of registered digital document based on determining that a time interval associated with initial registration of the registered documents has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Deninger, William, Ahuja, Ratinder Paul Singh, Howard, Matthew, Lowe, Rick, de la Iglesia, Erik
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/042,202
Publication Number

US 20140032919A1
Time in Patent Office

995 Days
Field of Search

380255-258, 726 31- 33
US Class Current

1/1
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 9/3247 involving digital signatures

Document de-registration

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Document de-registration

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links