Vous êtes sur la page 1sur 45

US008601537B2

(12) Ulllted States Patent

(10) Patent N0.:

Liu
(54)

(75)

(45) Date of Patent:

SYSTEM AND METHOD FOR DATA MINING


AND SECURITY POLICY MANAGEMENT

Inventor:

We1m1n Llu, Palo Alto, CA (US)

( * ) Notice:

7/1996 Henderson et al.


9/19% Rogers et a1~

5,623,652 A

4/1997 Vora et a1.

5,787,232 A

7/1998 Greiner et al.

5,794,052 A

8/1998 Harding

5,813,009 A

9/1998 Johnson et al.

t l

e son e

11/1999 Franczek et al.

5,995,111 A

11/1999 Morioka et al.

YS-

6,026,411 A

2/2000 Delp

6,073,142 A

6/2000 Geiger et al.

Mar. 19, 2012


.

8/l999 Prager

a .

5,987,610 A

2
.

6t ?1t~a1

15011 e

6,108,697 A

Prior Publication Data

US 2012/0179687 A1

6,122,379 A

8/2000

(Continued)
FOREIGN PATENT DOCUMENTS

Continuation of application No. 12/171,232, ?led on

EP

Jul. 10,

W0

W0 2004/0083)

1/2004

W0

WO 2012/060892

5/2012

110W Pat. NO.

Int. Cl.
G06F 17/00

Raymond et al.

90000 Barbir

Jul. 12,2012

Related US. Application Data

(58)

g?fel

U-S-C- 154( ) Y 0

(65)

(52)

5,943,670 A

(51)

Kirk

7/1998 Haber et a1

patent 1s exltertded gar adjusted under 35


(21) Appl. No.: 13/424,249

(22) Filed:

6/1998

5,781,629 A

Subject to any disclaimer, the term of this


-

Dec. 3, 2013

5,542,090 A
5,557,747 A
5,768,578 A

(73) Asslgnee: McAfee, Inc., Santa Clara, CA (US)

(63)

US 8,601,537 B2

2499806

(200601)

90012

OTHER PUBLICATIONS

US Cl

Walter Allasia and Franesco Gallo, Indexing and Retrieval of Mul

UISPC ......... .... ...... ... ........................................ .. 726/1

timedia Metadata on a Secure DHT, University of Torino, Italy,

Fleld of Classl?catlon Search

Department of Computer Science, Aug. 31, 2008*

USPC

............ .. 726/1;713/165,167,176,180,193;

707/741, B17002, B17014


See application ?le for complete search history.

(Continued)
Primary Examiner * Samson Lemma

(56)

References Cited

(74) Attorney, Agent, or Firm * Patent Capital Group

US. PATENT DOCUMENTS


4,286,255 A

2;

(57)

8/1981 Siy _

ABSTRACT

A system and method to generate and maintain controlled

EEOC etstl'al

5z465j299 A

11/1995 Matsumoto e't a1

5,479,654 A
5,497,489 A

12/1995 Squibb
3/ 1996 Menne

growth DAG are described. The controlled growth DAG con


Veys information about objects captured by a capture system.
17 Claims, 25 Drawing Sheets

Capture System 12121


.
Object

Object
.
,

Assembly ~> malaise


mudmegg 1

m6

Packet

Camera
Module

m2

Network
lnlen'aaze
Module

i239

017531;?
12%

Cagmre

Indexer
1m

US 8,601,537 B2
Page 2
(56)

References Cited
Us, PATENT DOCUMENTS

6,161,102
6,175,867
6,192,472
6,243,091

A
B1
B1
B1

12/2000
1/2001
2/2001
6/2001

6,243,720
6,278,992
6,292,810
6,336,186
6,343,376
6356 885
633633488

B1
B1
B1
B1
B1
B2
B1

6/2001
8/2001
9/2001
1/2002
1/2002
3/2002
3/2002

Y6116g111616 6161.
TaghadOSS
G616y 6161.
B61s11s
M11111616161.
(31111166161.
Richards
Dyks16111611s6 6161.
Saxe et a1
ROSS et a1
Ginter et 31

7,296,232
7,299,277
7,373,500
7,424,744
7,426,181
7,434,058
7,467,202
7,477,780
7,483,916
7,493,659
7,505,463
7,506,055

B1
B1
B2
B1
B1
B2
B2
B2
B2
B1
B2
B2

3/2009 SteWaIt et a1.


3/2009 Saurabh et 31.

7,516,492 B1

4/2009 Nisbet et a1.

5/2002 ()atman et 31,

7,539,683 B1

633893419
6,408,294
6,408,301
6,411,952
6,457,017

5000;
6/2002
6/2002
6/2002
9/2002

7,551,629
7,577,154
7,581,059
7,596,571
7,599,844

Wong et 31
66161111166161.
P6116116161.
B1161616161.
W611<111s 6161.

Burdick et 61.
M616116161.
R?lnelSOIl 6161.
W116161.
Fem; eta1~
Ahu1aeta1~
Savchuk
Boncyketal
Lowe etal
Wu 9191
Schubaet 31.
McClam eta1~

7,506,155 B1
7,509,677 B2

6389 405 B1

B1
B1
B1
B1
B2

11/2007
11/2007
5/2008
9/2008
9/2008
10/2008
12/2008
V2009
V2009
2/2009
3/2009
3/2009

B2
B1
B2
B2
B2

5/2009

6/2009
8/2009
8/2009
9/2009
10/2009

Satoh et a1. ......................... .. 1/1

(3116116161.
Yung eta1~
6912199191
$1_fry
K111891111

6460 050 B1

10/2002 P666 6161.

7,657,104 B2

2/2010 Deninger 9t 91

634933761 B1

@2002 Baker et 31

7,664,083 B1

2/2010 (361111616161.

6,499,105 B1

12/2002 Y6s11111166161.

7,685,254 B2

3/2010 Pandya

6502 091 B1

12/2002 Chundiet 31

7,689,614 B2

3/2010 de la Iglesla et a1. ....... .. 707/713

635153681 B1

2/2003 Knight

7,730,011 B1

6/2010 Deningeretal.

6516 320 B1

2/2003 Odom et a1

7,739,080 B1

6/2010 Becket a1.

6,523,026
635393024
6,556,964
6,556,983
6,571,275
6,584,458

2/2003
3/2003
4/2003
4/2003
5/2003
6/2003

7,760,730
7,760,769
7,774,604
7,814,327
7,818,326
7,844,582

B1
B1
B2
B1
B1
B1

Gillis
Janoska et a1
Hauget 61.
A11s611111616161.
Dong et 31
Millett etal

B2
B1
B2
B2
B2
B1

7/2010
7/2010
8/2010
10/2010
10/2010
11/2010

Goldschmidt et a1.
Lovett et a1.
Low? 9191
141111199191
Denlnger et a1.
Arbillaet a1.

6 598 033 B2

7/2003 ROSS et a1

7,849,065 B2

636293097 B1

9/2003 Keith

7,899,828 B2

12/2010 Kamaniet a1. .............. .. 707/705

3/2011 de la Iglesia et a1.

6,662,176 B2

12/2003 B11111616161.

7,907,608 B2

3/2011 L111 eta1~

6,665,662
6,675,159
6,691,209
6,754,647
6,757,646
6,771,595

12/2003
1/2004
2/2004
6/2004
6/2004

K111666661 6161.
L1116161.
0c61111611
T661611 6161.
Marchisio
g/2004 Gilben et a1

7,921,072
7,930,540
7,949,849
7,958,227
7,962,591
7,984,175

B2
B2
B2
B2
B2
B2

4/2011
4/2011
5/2011
6/2011
6/2011
7/2011

139119911911 9t 91
Ahu1aeta1~
Low; etal.
141111199191
Den1ngeretal.
de la Iglesia et a1.

6,772,214 B1
6,785,815 B1

8/2004 M6c161116161.
8/2004 s61161-Av116 6161.

7,996,373 B1
8,005,863 B2

ZOPPaS 9191
919191819819 eta1~

6,804,627 B1
6,820,082 B1

10/2004 MafOkhOVSky 6161.


11/2004 (36616161.

8,010,689 B2
8,055,601 B2

8/2011
8/2011
8/2011
11/2011
4/2012
5/2012
6/2012

B1
B1
B1
B1
B2
B1

6857011 B2

2/2005 R61111<6

8,166,307 B2

639373257 B1
6,950,864 B1

g/ZOOS Dunlavey
9/2005 Tsuchiya

8,176,049 B2
8,200,026 B2

Denlnger 9t 91
Pandya
Ahu1aeta1~

Deninger et a1.
Deninger et a1.

6,976,053 B1

12/2005 Tripp 6161. ................. .. 709/202

82051242 B2

6/2012 L111 eta1~

6,978,297 B1

12/2005 PiefSOl

8,271,794 B2

9/2012 Lowe er a1:

6978 367 B1

12/2005 Hind et a1

8,301,635 B2

7,007,020 B1

2/2006 Chen et a1

8,307,007 B2

11/2012 de la Iglesia et a1.

730202654 B1

300% Najmi

8,307,206 B2

11/2012 A1111j6 6161.

7020 661 B1

3/2006 (3111611666161.

8,463,800 B2

6/2013 Deninger 9t 91

730623572 B1

6/2006 Hampton

8,473,442 B1

6/2013 Deninger et a1.

7,072,967
7,082,443
7,093,288
7,130,587
7158983
7185073
7185192

B1
B1
B1
B2
B2
B1
B1

7:194:48; B1
7,219,131 B2

7/2006
7/2006
g/2006
10/2006
1/2007
2/2007
2/2007

saulpaugh et a1
Ashby
Hydrie et a1
H11<01<l1b0 6161.
Willse et a1
Gai et a1
Kahn

2001/0013024
2001/0032310
2001/0037324
2001/0046230
2002/0032677
2002/0032772
2002/0052896

A1
A1
A1
A1
A1
A1
A1

10/2012 de la Iglesla et a1.

8/2001
10/2001
11/2001
11/2001

Takahashiet 31.
Corella
Agrawal et a1.
R91as
3/2002 Morgenthaler et a1.
3/2002 O1StaC1 6161.
5/2002 s116116161.

3/2007 Mohan et a1
5/2007 B6111s1616161.

2002/0065956 A1
2002/0078355 A1

5/2002 Y6g6w6 6161.


6/2002 Samar

7219134 B2

5/2007 Takeshima et a1

2002/0091579 A1

7/2002 Yeh1aet 31.

732432120 B2

7/2007 Massey

2002/0103876 A1

8/2002 (3116161116161.

7246 236 B2

7/2007 Stirbu

2002/0107843 A1

8/2002 Biebesheimer et a1.

7:254:56;
7,254,632
7,266,845
7,272,724
7,277,957
7,290,048
7,293,067
7,293,238

B2
B2
B2
B2
B2
B1
B1
B1

8/2007
g/2007
9/2007
9/2007
10/2007
10/2007
11/2007
11/2007

Hsu et a1
Zeira et a1,
Hypponen
T61116116116161.
R6w16y 6161.
B61116116161.
M61<16161
Brooket 61.

2002/0116124
2002/0126673
2002/0128903
2002/0129140
2002/0159447
2003/0009718
2003/0028493
2003/0028774

A1
A1
A1
A1
A1
A1
A1
A1

8/2002
9/2002
9/2002
9/2002
10/2002
1/2003
2/2003
2/2003

6611116161.
Dagliet 61.
Kefnahall
Peled 6161.
c616y 6161.
W61fg611g 6161.
T6j11116
Meka

7,296,011 B2

11/2007 (31161161111111 6161. ................. .. 1/1

2003/0046369 A1

3/2003

7,296,070 B2
7,296,088 B1

11/2007 sw66116y 6161.


11/2007 P6d1116116b116116161.

2003/0053420 A1
2003/0055962 A1

3/2003 1311616116161.
3/2003 11161111616161.

s11116161.

US 8,601,537 B2
Page 3
(56)

References Cited

2005/0132197 A1

6/2005 Medlar
6/2005
6/2005
6/2005
6/2005
6/2005
7/2005

2003/0065571 A1
2003/00g4300 A1
mun/0084318 A1

4/2003 Dutta
5/2003 Koike
5/2003 SCheI-tz

2005/0132198
2005/0132297
2005/0138110
2005/0138242
2005/0138279
2005/0149494

2003/0084326 A1

5/2003 Tarquini

2005/0149504 A1

7/2005 Ramaparkhl

2003/0093678 A1

5/2003 Bowe et a1.

2005/0166066 A1

7/2005 Ahuia er a1~

2003/0099243 A1

5/2003 Oh et a1

2005/0177725 A1*

8/2005

2003/0105716
2003/0105739
2003/0105854
2003/0131116
2003/0135612
2003/0167392

6/2003
6/2003
6/2003
7/2003
7/2003
9/2003

2005/0180341
2005/0182765
2005/0188218
2005/0203940
2005/0204129
2005/0228864

US, PATENT DOCUMENTS

A1
A1
A1
A1
A1
A1

Sutton et a1
Essa? et a1.
Thorsteinsson et a1.
Jain et a1.
Huntington et a1.
Fransdonk

A1
A1
A1
A1
A1
A1

A1
A1
A1
A1
A1
A1

8/2005
8/2005
8/2005
9/2005
9/2005
10/2005

Ahuja et al.
Milic-Frayling et al.
Redlich et al.
Pope et al.
Somasundaram

Lindh et a1._
Lowe et a1. ................. .. 713/176

Nelson et al.
Llddy
Walmsley er a1~
Farr? er a1~
sudla er 31
Robertson

2003/0185220 A1

10/2003 Valenci

2005/0235153 A1

2003/01960g1 A1

10/2003 Savarda et a1

2005/0273614 A1*

12/2005 Ahuja et a1. ................ .. 713/176

2003/0204741
2003/0221101
2003/0225796
2003/0225841
2003/0231632
2003/0233411
2004/0001498
2004/0010484
2004/0015579
2004/0036716
2004/0054779
2004/0059736
2004/0059920
2004/0071164
2004/0111406
2004/011l678
2004/0114518
2004/0117414

10/2003
11/2003
12/2003
12/2003
12/2003
12/2003
1/2004
1/2004
1/2004
2/2004
3/2004
3/2004
3/2004
4/2004
6/2004
6/2004
6/2004
6/2004

2005/0289181
2006/0005247
2006/0021045
2006/0021050
2006/0037072
2006/0041560
2006/0041570
2006/0041760
2006/0047675
2006/0075228
2006/0080130
2006/0083180
2006/0106793
2006/0106866
2006/0150249
2006/0167896
2006/0184532
2006/0235811

12/2005
V2006
V2006
V2006
2/2006
2/2006
2/2006
2/2006
3/2006
4/2006
4/2006
4/2006
5/2006
5/2006
7/2006
7/2006
8/2006
10/2006

A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1

2004/0120325 A1
2004/0122g63
2004/0122936
2004/0139120
2004/0181513
2004/0181690
2004/0193594
2004/0l94141
2004/0196970
2004/0205457

A1
A1
A1
A1
A1
A1
A1
A1
A1

Schoen et a1
Micali
Matsubara
Song et a1.
Haeberlen
Parry et a1
Chen et a1.
Foulger et a1.
Cooper et a1.
Jordahl
Takeshima et a1.
Willse et a1.
Godwin
Baum
Udeshi et a1.
Hara
MacFaden et a1.
Braun et a1

6/2004 Ayres
6/2004
6/2004
7/2004
9/2004
9/2004
9/2004
9/2004
10/2004
10/2004

Sidman
Mizelle et a1
Clark et a1
Henderson et a1.
Rothermel et a1.
NIOOre et a1
Sanders
Cole
Bent et a1.

A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1

10/2005 Iked?
Deninger et a1.
Zhang et a1~
Cook
Cook et 81
R110 er a1~
Forman et a1.
Lowe er 81
Huang
Lowe et 31
Black et al.
Choksl
Baba er a1~
Llang
Green et al.
Gassen et 31
Kapur et a1.
Hamada er 31
Falrweather

2006/0242126 A1

10/2006 Fitzhugh

2006/0242313
2006/0251109
2006/0253445
2006/0271506
2006/0272024
2006/0288216
2007/0006293
2007/0011309
2007/0028039

10/2006
11/2006
11/2006
11/2006
11/2006
12/2006
1/2007
1/2007
2/2007

A1
A1
A1
A1
A1
A1
A1
A1
A1

Le et a1.
Muller et al.
Huang et al.
Bohannon er 31
Huang et a1~
Buhler et al.
Balakrishnan et al.
Brady et al.
Gupta et a1~

2004/02156l2 A1

10/2004 Brody

2007/0036156 A1

2/2007 L1u et al.

2004/0220944
2004/0230572
2004/0249781
2004/0267753
2005/0004911

11/2004
11/2004
12/2004
12/2004
1/2005

2007/0050334
2007/0050381
2007/0050467
2007/0081471
2007/0094394

3/2007
3/2007
3/2007
4/2007
4/2007

A1
A1
A1
A1
A1

Behrens et a1.
omoigui
Anderson
Hoche
Goldberg et a1.

A1
A1
A1
A1
A1

Denlnger er a1~
Hu et al.
Borrett et al.
Talley et al.
Smgh er a1~

2005/0021715 A1

1/2005 Dugatkin et a1

2007/0106660 A1*

5/2007 Stern et a1. ...................... .. 707/5

2005/0021743 A1

1/2005 Fleig et a1.

2007/0106685 A1

5/2007 Houh er a1~

2005/0022114 A1

1/2005

2005/0027g81 A1

2/2005 Figueira et a1

Shanahan et a1

2007/0106693 A1*

5/2007 Houh et al. .............. .. 707/104.1

2007/0110089 A1

5/2007 Essa? et al.

Zoos/0033726 A1

2/2005 Wu et a1

2007/0112837 A1*

5/2007 Houh et al. ................. .. 707/102

2005/0033747 A1
2005/0033g03 A1

2/2005 Wittkotter
2/2005 Vleet et a1

2007/0112838 A1
2007/0116366 A1

5/2007 Bjarnestam et a1.


5/2007 Deninger et a1.

Zoos/0038788 A1

2/2005 Det?nger et a1

2007/0124384 A1*

5/2007 Howell et a1. ............... .. 709/206

2005/0038809 A1

2/2005 Abajian et a1.

2007/0136599 A1

6/2007 suga

2005/0044289 A1

2/2005 Hendel et a1

2007/0140128 A1

6/2007 Kllnker et al.

2005/0050205 A1

3/2005 Gordy et a1

2007/0143559 A1*

6/2007 Yagawa ...................... .. 711/170

2005/0055327
2005/0055399
2005/0075103
Zoos/0086252
2005/0091443

3/2005
3/2005
4/2005
4/2005
4/2005

2007/0162609
2007/0220607
2007/0226504
2007/0226510
2007/0248029

A1
A1
A1
Al
A1

Agrawal et a1.
Savchuk
Hikokubo et a1
Jones et a1
Hershkovich et a1.

A1
A1
A1
A1
A1

7/2007
9/2007
9/2007
9/2007
10/2007

Pope er a1~
Sprosts et a1.
de la Iglesia et a1.
de la Iglesia et al.
Merliey er a1~

2005/0091532 A1

4/2005 Moghe

2007/0271254 A1*

11/2007 lglesila et a1. .................... .. 707/5

2005/0097441
2005/0108244
2005/0114452
2005/0120006
2005/0127171
2005/0128242

5/2005
5/2005
5/2005
6/2005
6/2005
6/2005

2007/0271371
2007/0271372
2007/0280123
2008/0027971
2008/0028467
2008/0030383

11/2007
11/2007
12/2007
1/2008
1/2008
2/2008

A1
A1
A1
A1
A1
A1

Herbach et a1.
Rjise et a1,
Prakash
Nye
Ahuja et al.
SuZuki

A1
A1
A1
A1
A1
A1

Ahuia er a1~
Deninger et a1.
Atkins et al.
Statchuk
Komrnareddy et al.
Cameron

2005/0131876 A1

6/2005 Ahuja et al.

2008/0082497 A1*

4/2008 Leblang et a1. ................. .. 707/3

2005/0132034 A1
2005/0132046 A1
2005/0132079 A1

6/2005 de la Iglesia et al.


6/2005 de la Iglesia et al.
6/2005 de la Iglesia et al.

2008/0091408 A1
2008/0112411 A1
2008/0115125 A1

4/2008 Roulland et a1.


5/2008 Stafford et al.
5/2008 Stafford et al.

US 8,601,537 B2
Page 4
(56)

References Cited

U.S. Appl. No. 11/254,436, ?led Oct. 19, 2005, entitled Attributes of

Captured Objects in a Capture System, Inventor(s) William


U.S. PATENT DOCUMENTS
2008/0140657
2008/0141117
2008/0159627
2008/0235163
2008/0263019
2008/0270462
2009/0070327
2009/0070328
2009/0070459
2009/0100055
2009/0157659
2009/0178110
2009/0187568
2009/0216752

A1
6/ 2008 Azvine et al.
A1
6/2008 King et al.
A1* 7/2008 Sengamedu ................ .. 382/190
A1
9/2008 Balasubramanian et a1.
A1
10/2008 Harrison et al.
A1
10/2008 Thomsen
A1
3/2009 Loeser et al.
A1
3/2009 Loeser et al.
A1
3/2009 Cho et al.
A1
4/2009 Wang
A1* 6/2009 Satoh et a1. ..................... .. 707/5
A1
7/ 2009 Higuchi
A1
7/ 2009 Morin
A1
8/2009 Terui et al.

2009/0222442 A1*

9/2009

2009/0232391 A1

9/2009 Deninger et a1.

2009/0235150 A1*

2009/0254532
2009/0288164
2009/0300709
2009/0326925
2010/0011016
2010/0011410
2010/0037324
2010/0088317
2010/0100551
2010/0121853
2010/0174528
2010/0185622
2010/0191732
2010/0195909
2010/0268959
2010/0332502
2011/0004599
2011/0040552
2011/0131199
2011/0149959
2011/0167212
2011/0167265
2011/0196911
2011/0197284
2011/0208861
2011/0219237
2011/0258197
2011/0276575
2011/0276709
2012/0114119
2012/0180137
2012/0191722

A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1
A1

9/2009

Houh et a1. ..................... .. 707/5


Berry .......................... .. 715/205

10/2009 Yang et al.


11/2009
12/2009
12/2009
1/2010
1/2010
2/ 2010
4/2010
4/ 2010

Adelstein et al.
Chen et al.
Crider et a1.
Greene
Liu
Grant et al.
Bone et al.
Knauft et al.

5/2010 de la Iglesia et al.


7/2010 Oya et al.
7/ 2010 Deninger et a1.
7/2010 Lowe et a1.
8/ 2010 Wasson et al.
10/2010 Lowe et a1.

12/2010
1/2011
2/2011
6/2011
6/2011

Carmel et a1.
Deninger et a1.
Van Guilder et al.
Simon et a1.
Liu et al.

Deninger et al.

US. Appl. No. 11/900,964, ?led Sep. 14, 2007, entitled System and
Method for Indexing a Capture System, Inventor(s) Ashok Dod
dapaneni et al.

US. Appl. No. 12/190,536, ?led Aug. 12, 2008, entitled Con?gu
ration Management for a Capture/Registration System, Inventor(s)
Jitendra B. Gaitonde et al.

US. Appl. No. 12/352,720, ?led Jan. 13, 2009, entitledSystem and
Method for Concept Building, Inventor(s) Ratinder Paul Singh
Ahuja et al.
US. Appl. No. 12/354,688, ?led Jan. 15,2009, entitledSystem and
Method for Intelligent Term Grouping, Inventor(s) Ratinder Paul
Ahuja et al.
US. Appl. No. 12/358,399, ?led Jan. 23, 2009, entitledSystem and
Method for Intelligent State Management, Inventor(s) William
Deninger et al.
US. Appl. No. 12/410,875, ?led Mar. 25, 2009, entitled System and
Method for Data Mining and Security Policy Management, Inven
tor(s) Ratinder Paul Singh Ahuja et al.
US. Appl. No. 12/410,905, ?led Mar. 25, 2009, entitled System and
Method for Managing Data and Policies, Inventor(s) Ratinder Paul
Singh Ahuja et al.
US. Appl. No. 12/690,153, ?led Jan. 20, 2010, entitled Query
Generation for a Capture System, Inventor(s) Erik de la Iglesia, et al.
US. Appl. No. 12/751,876, ?led Mar. 31, 2010, entitled Attributes
of Captured Objects in a Capture System, Inventor(s) William
Deninger, et al.
Mao et a1. MOT: Memory Online Tracing of Web Information
System, Proceedings of the Second International Conference on

Web Information Systems Engineering (Wise 01); pp. 271-277,

(IEEEO-0/7695-1393-X/02) Aug. 7, 2002 (7 pages).


U.S. Appl. No. 13/422,791, ?led on Mar. 16, 2012, entitled System

and Method for Data Mining and Security Policy Management,

5/2012 Ahujaet al.

Inventor, Weimin Liu.


U.S. Appl. No. 13/431,678, ?led on Mar. 27, 2012, entitled
Attributes of Captured Objects in a Capture System, Inventors
William Deninger, et al.
US. Appl. No. 13/436,275, ?led on Mar. 30, 2012, entitled System
and Method for Intelligent State Management, Inventors William
Deninger, et al.
Han, OLAP Mining: An Integration of OLAP with Data Mining, Oct.
1997, pp. 1-18.
International Search Report and Written Opinion and Declaration of
Non-Establishment of International Search Report for International

7/2012 Liu
7/2012 Deninger et a1.

pages).

7/2011 Lowe et a1.

7/2011 Ahujaet al.


8/2011 de la Iglesia et al.

8/2011 Ahujaet al.


8/2011 Deninger et a1.

9/2011 Ahujaet al.


10/2011 de la Iglesia et al.
11/2011 de la Iglesia et al.
11/2011 Deninger et a1.

OTHER PUBLICATIONS

U.S. Appl. No. 13/337,737, ?led Dec. 27, 2011, entitled System and
Method for Providing Data Protection Work?ows in a Network Envi

ronment, Inventor(s) Ratinder Paul Singh Ahuja, et al.


US. Appl. No. 13/338,060, ?led Dec. 27, 2011, entitled System and
Method for Providing Data Protection Work?ows in a Network Envi

ronment, Inventor(s) Ratinder Paul Singh Ahuja, et al.


US. Appl. No. 13/338,159, ?led Dec. 27, 2011, entitled System and
Method for Providing Data Protection Work?ows in a Network Envi

ronment, Inventor(s) Ratinder Paul Singh Ahuja, et al.


US. Appl. No. 13/338,195, ?led Dec. 27, 2011, entitled System and
Method for Providing Data Protection Work?ows in a Network Envi

ronment, Inventor(s) Ratinder Paul Singh Ahuja, et al.

Chapter 1. Introduction, Computer Program product for analyzing


network traf?c, Ethereal. Computer program product for analyzing
network traf?c, pp.
17-26, http://web.archive.org/web/
200303150451 17/www.etherea1.com/distribution/docs/user-guide,
approximated copyright 2004-2005, printed Mar. 12, 2009.
Microsoft Outlook, Outlook, copyright 1995-2000, 2 pages.
Preneel, Bart, Cryptographic Hash Functions, Proceedings of the
3 Symposium on State and Progress of Research in Cryptography,
1993, pp. 161-171.

Application No. PCT/US2011/024902 mailed Aug. 1, 2011 (8


Niemi, Constructing OLAP Cubes Based on Queries, Nov. 2001, pp.
1-7.

Schultz, Data Mining for Detection of New Malicious Executables,


May 2001, pp. 1-13.
U.S. Appl. No. 12/829,220, ?led Jul. 1, 2010, entitled Verifying

Captured Objects Before Presentation, Inventor(s) Rick Lowe, et al.


US. Appl. No. 12/873,061, ?led Aug. 31,2010, entitled Document
Registration, Inventor(s) Ratinder Paul Singh Ahuja, et al.
US. Appl. No. 12/873,860, ?led Sep. 1, 2010, entitled A System and
Method for Word Indexing in a Capture System and Querying
Thereof, Inventor(s) William Deninger, et al.
US. Appl. No. 12/939,340, ?led Nov. 3, 2010, entitled System and

Method for Protecting Speci?ed Data Combinations, Inventor(s)


Ratinder Paul Singh Ahuja, et al.
US. Appl. No. 12/967,013, ?led Dec. 13, 2010, entitled Tag Data
Structure for Maintaining Relational Data Over Captured Objects,
Inventor(s) Erik de la Iglesia, et al.
US. Appl. No. 13/024,923, ?led Feb. 10, 2011, entitled High Speed
Packet Capture, Inventor(s) Weimin Liu, et al.
US. Appl. No. 13/047,068, ?led Mar. 14, 2011, entitled Crypto

graphic Policy Enforcement, Inventor(s) Ratinder Paul Singh Ahuj a,


et al.

US. Appl. No. 13/049,533, ?led Mar. 16, 2011,entitledFile System


for a Capture System, Inventor(s) Rick Lowe, et al.

US 8,601,537 B2
Page 5
(56)

References Cited

Werth, T. et al., Chapter liDAG Mining in Procedural Abstrac

OTHER PUBLICATIONS

tion, Programming Systems Group; Computer Science Department,


University of Erlangen-Nuremberg, Germany.

U.S. Appl. No. 13/089,158, ?ledApr. 18, 201 1, entitled Attributes of


Captured Objects in a Capture System, Inventor(s) Ratinder Paul
Singh Ahuj a, et al.
US. Appl. No. 13/099,516, ?led May 3,2011, entitled Object Clas
si?cation in a Capture System, Inventor(s) William Deninger, et al.
US. Appl. No. 13/168,739, ?led Jun. 24, 2011, entitled Method and

Apparatus for Data Capture and Analysis System, Inventor(s) Erik


de la Iglesia, et al.

US. Appl. No. 13/187,421, ?led Jul. 20, 2011, entitled Query Gen
eration for a Capture System, Inventor(s) Erik de la Iglesia, et al.
US. Appl. No. 13/188,441, ?led Jul. 21, 2011, entitled Locational
Tagging in a Capture System, Inventor(s) William Deninger et al.
Webopedia, de?nition of ?lter, 2002, p. 1.

U.S. Appl. No. 12/360,537, ?led Jan. 27, 2009, entitled Database for
a Capture System, Inventor(s) Rick Lowe et al.
International Preliminary Report on Patentability Written Opinion of

the International Searching Authority for International Application


No. PCT/US2011/024902 dated May 7, 2013 (5 pages).
U.S. Appl. No. 13/896210, ?led May 16, 2013, entitled System and
Method for Data Mining and Security Policy Management Inven
tor(s) Ratinder Paul Singh Ahuja et al.
* cited by examiner

US. Patent

Dec. 3, 2013

Sheet 1 0f 25

US 8,601,537 B2

nmuoxzwm

82am
3w.

23 8w

US. Patent

Dec. 3, 2013

Sheet 2 0f 25

US 8,601,537 B2

2Em:?3a8m wow
wEmEN
wmaoxiwm

52m
wowa

US. Patent

Dec. 3, 2013

Sheet 3 0f 25

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 4 0f 25

US 8,601,537 B2

m
Am
game

igmsE@f3a0g52a

rivl

8%Emau: r@co.nm3$2Euw80?m

9m59.
W

w3mm m

US. Patent

Dec. 3, 2013

Sheet 7 0f 25

US 8,601,537 B2

Gamma Object 802

i
Cac>uate Obiect Signatures 504
Campare Object Signatures t0 Signaturas m Registered
Sacuments 696
No

y Matches
3G8
YES

Hair Deiivary of Captured Gbjsct 810

&
identify Registered Denumem 1mm Matching Signaturas 812

l
iden?fy User Who Registered t?a Bowman! 814
&
Alert the User vi the intamep?on of the Captured Obiect 818

Raquest Permissian ta Dalivar FFagatnu'ela? (Eject to ?estinaticn


818

emission Granted
820

Route Capturad Object Tuwards Qestinatian 822

Figure 8

US. Patent

Dec. 3, 2013

Sheet 8 0f 25

Extract
?ecode
Suntan!
Q10

Normalize
Text
920

l
Toksnize
930

Generam

Signatures
From
Takens
94G

Figure 9

'

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 9 0f 25

Seect First
W M Takens

1019

Select N

Speciai
Tokens
Fram the M
Takens
1820

Qenerate
Hash of N

Spaciai
Tokens
1830

Skip Ahead
P Yokans
Fram First of
M Tqkens
1040

N6

Figure 10

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 10 0f 25

US 8,601,537 B2

fmm userinterfa'ce

1
fmm aapmra maduWDocument

Registration Engine 1186


Signature

Nomatiz

Generator

6.

Q3

1104

Tokenize
Ta Search EnQne

wwszgnawras

1 106

To Signature Database

Figure 11

Exam)?
meander a:

1193

US. Patent

Dec. 3, 2013

guano E E 3%.,

?a

Sheet 11 0125

a
g
w
y
m
x
w
?

g
R

E
a
8
i
6
w
2
x
ULfbll*1

36 @23 mam

Ewe amwing

gmg6 gam a Q?

11

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 12 0f 25

CAPTURE PACKET STREAM


1301

ANALYZE PACKET STREkM


3303

'

CGPYMOVE OBJECY DATA


TO STORAGE UEViCE
$305

CREAYE gEYWQRD
iNQ?Xi?SNEMTRiEQ FUR
CAPTURED SCNTEN?
130?

CREATE METADATA

MQEXeIESiENTRIES BASED
ON CAPTURED CONTENT
$389

QUERY ONE OR MGRE OF


CREATED iNElEXES
131 1

FIG. 13

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 13 0f 25

US 8,601,537 B2

US. Patent

Dec. 3, 2013

Sheet 14 0f 25

QUERY QNE GR MORE KEYWGRQ moexex

FOR KEYwQRms)

ii}:

i
QUERY ONE OR MORE METADATA
iNDEXES FOR METADATA

l
iNYERSECY REESU LTS OF KEYWGRD AND
MEYADATA QUERRES

l
RETRiEVE iNTERSECYED DGCUMENTS
F|.E SNFQMRAITON

15%.

FIGURE 15

US 8,601,537 B2

US. Patent

Dec. 3, 2013

LEVEL

Sheet 15 0f 25

US 8,601,537 B2

CHILD
LEVEL

GRANDCHiLD
LEVEL

GREAL
GRANDGHlLD
LEVEL

f PROP.

CONE
160? ]

160? 3

M/

\NWM/

FIG. 18(8)