Time and space efficient method and system for detecting structured data in free text

US 8,949,371 B1
Filed: 09/29/2011
Issued: 02/03/2015
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

identifying structured data for protection;

creating, by a server computer system, an index of the structured data, the index comprising a set of Bloom filters and a list of token type patterns, wherein the set of Bloom filters comprises a plurality of Bloom filters;

generating a data loss prevention (DLP) policy comprising the index and a DLP response rule; and

distributing the DLP policy comprising the index and the DLP response rule to an endpoint device, wherein the set of Bloom filters and the list of token type patterns in the index are to be used together for detection of structured data in free text data associated with the endpoint device, and the DLP response rule is to trigger an action to protect the structured data responsive to the detection of the structured data in the free text data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server system identifies structured data for protection and creates an index of the structured data, the index comprising a set of Bloom filters. The server system distributes the index to an endpoint device to enable the endpoint device to monitor for structured data occurring in free text data associated with the endpoint device. The endpoint device may load, from the index file, a set of Bloom filters into memory and identify free text data for monitoring. The endpoint device may then determine whether the free text data contains at least a portion of the structured data using the set of Bloom filters.

65 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- identifying structured data for protection;
  
  creating, by a server computer system, an index of the structured data, the index comprising a set of Bloom filters and a list of token type patterns, wherein the set of Bloom filters comprises a plurality of Bloom filters;
  
  generating a data loss prevention (DLP) policy comprising the index and a DLP response rule; and
  
  distributing the DLP policy comprising the index and the DLP response rule to an endpoint device, wherein the set of Bloom filters and the list of token type patterns in the index are to be used together for detection of structured data in free text data associated with the endpoint device, and the DLP response rule is to trigger an action to protect the structured data responsive to the detection of the structured data in the free text data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein creating the index further comprises:
    - adding a set of token data values to a token list, each token data value in the set representing an individual attribute in the structured data; and
      
      passing each token data value in the token list to a first Bloom filter in the set.
  - 3. The method of claim 2, further comprising:
    - sorting the token data values in the token list using one or more specified sorting rules;
      
      appending a plurality of the token data values in the token list to form a concatenated token; and
      
      passing the concatenated token to a second Bloom filter in the set.
  - 4. The method of claim 1, further comprising:
    - generating the list of token type patterns.
  - 5. The method of claim 4, wherein generating the list of token type patterns comprises:
    - generating a Social Security number token type pattern; and
      
      generating a credit card number token type pattern.
  - 6. The method of claim 4, further comprising:
    - serializing the first Bloom filter, the second Bloom filter and the list of token type patterns into an index file.
  - 7. The method of claim 6, further comprising:
    - periodically distributing an updated index file over a secure network.

8. An endpoint device, comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  receive a data loss prevention (DLP) policy comprising an index file pertaining to structured data to be protected and a DLP response rule;
  
  load, from the index file, a set of Bloom filters into memory, wherein the set of Bloom filters comprises a plurality of Bloom filters;
  
  load, from the index file, a list of token type patterns into memory;
  
  identify free text data for monitoring;
  
  determine whether the free text data contains at least a portion of the structured data using the set of Bloom filters and the list of token type patterns; and
  
  perform an action designated by the DLP response rule responsive to detection of the structured data in the free text data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The endpoint device of claim 8, wherein the processing device is further to:
    - identify a set of discrete free text tokens for insertion into a discrete free text token list;
      
      compare the list of discrete free text tokens with a set of tokens associated with the first Bloom filter;
      
      discard, from the list of discrete free text tokens, a subset of free text tokens having no match in the set of tokens associated with the first Bloom filter; and
      
      maintain a surviving list of tokens remaining after discarding the subset of free text tokens having no match in the set of tokens associated with the first Bloom filter.
  - 10. The endpoint device of claim 9, wherein the processing device is further to:
    - compare free text tokens in the surviving list with the list of token type patterns;
      
      discard, from the surviving list, a subset of free text tokens having no match with the list of token type patterns; and
      
      maintain a second surviving list of tokens remaining after discarding the subset of free text tokens having no match with the list of token type patterns.
  - 11. The endpoint device of claim 10, wherein the processing device is further to:
    - sort tokens in the second surviving list by token type pattern; and
      
      append the sorted tokens in the second surviving list to create a concatenated token.
  - 12. The endpoint device of claim 11, wherein the processing device is further to:
    - compare the concatenated token with a list of tokens associated with the second Bloom filter; and
      
      declare structured data found in the concatenated token based at least in part on the comparison of the concatenated token with the list of tokens associated with the second Bloom filter.
  - 13. The endpoint device of claim 12, wherein the action comprises notifying a server of found structured data and an identity of the endpoint device.
  - 14. The endpoint device of claim 12, wherein the action comprises preventing the endpoint device from communicating found structured data over the network.

15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to:
- identify structured data for protection;
  
  create, by the processor, an index of the structured data, the index comprising a set of Bloom filters and a list of token type patterns, wherein the set of Bloom filters comprises a plurality of Bloom filters;
  
  generate a data loss prevention (DLP) policy comprising the index and a DLP response rule; and
  
  distribute the DLP policy comprising the index and the DLP response rule to an endpoint device, wherein the set of Bloom filters and the list of token type patterns in the index are to be used together for detection of structured data in free text data associated with the endpoint device, and the DLP response rule is to trigger an action to protect the structured data responsive to the detection of the structured data in the free text data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, further including instructions that, when executed by the processor, cause the processor to:
    - query a structured data source for a set of token values to be protected;
      
      add the set of token values to a token list, each token value in the set representing one of the individual attributes in the structured data;
      
      sort the set of token values in the list based on one or more sorting rules; and
      
      pass the sorted token values to the first Bloom filter.
  - 17. The non-transitory computer readable storage medium of claim 16, further including instructions that, when executed by the processor, cause the processor to:
    - append one or more token values in the sorted list to form a concatenated token; and
      
      pass the concatenated token to the second Bloom filter.
  - 18. The non-transitory computer readable storage medium of claim 17, further including instructions that, when executed by the processor, cause the processor to:
    - generate the list of token type patterns.
  - 19. The non-transitory computer readable storage medium of claim 18, further including instructions that, when executed by the processor, cause the processor to:
    - serialize the first Bloom filter, the second Bloom filter and the list of token type patterns into an index file.
  - 20. The non-transitory computer readable storage medium of claim 19, further including instructions that, when executed by the processor, cause the processor to:
    - periodically distribute an updated serialized file over a secure network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Shrowty, Vikram
Primary Examiner(s)
Shingles, Kristie
Assistant Examiner(s)
Sowa, Timothy

Application Number

US13/249,108
Time in Patent Office

1,223 Days
Field of Search

709/217
US Class Current

709/217
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Time and space efficient method and system for detecting structured data in free text

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Time and space efficient method and system for detecting structured data in free text

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others