To use digital fingerprints, a DeviceLock administrator would collect samples of documents and files that the organization wants to protect, and classify them on the DeviceLock Enterprise Server by using classification tasks that take fingerprints of each sample file and its contents. For details, see Fingerprinting Tasks. The files to fingerprint can be stored in the server’s local folder or in a shared network folder. Copying files to the computer running DeviceLock Enterprise Server is not required; however, the server must have sufficient rights to access and read those files in their location.

Then, a DeviceLock administrator would create content groups referencing classifications of fingerprints and configure content-aware rules based on those content groups. For details, see Digital Fingerprints Content Groups. As the fingerprints database is hosted on the server while content-aware rules are processed on client computers, at least one DeviceLock Enterprise Server must be specified in the DeviceLock Service policy settings. For details, see Service Options for Digital Fingerprints. The DeviceLock Service can then employ the rules to check submitted information by matching its fingerprints with the fingerprints stored in the database.

To take an example, suppose the samples of confidential documents and files are several MS Office Word, Excel, and PowerPoint documents, and a number of image files (such as PNG or JPEG). The DeviceLock administrator first creates and runs a task of classification “Confidential” that points to the folder containing those documents and image files. As a result, their fingerprints will have been created and stored in the database of the DeviceLock Enterprise Server. The administrator then creates a Digital Fingerprints content group with the classification level of “Confidential”. When creating the group, it is possible to set the match threshold, i.e. a minimum percentage of fingerprint matching that is required for assigning the given classification level to the content being inspected. Suppose the threshold is set to 50%. Finally, the administrator sets up a content-aware rule based on the Digital Fingerprints group that was created. This rule can be configured, for example, to control access, shadow copying, and/or detection of content.

When applying this rule to a file, the DeviceLock Service checks the file, and the file’s text-based content if it can be extracted, by matching their fingerprints against the fingerprints from the “Confidential” classification held in the database. If the fingerprint match percentage is 50% or more in this example, the rule takes effect and causes the DeviceLock Service to act as specified in the ContentLock or Discovery rule settings (block, allow, shadow, alert, detect, apply remedy, etc.).