System and method for providing exploit protection with message tracking

US 20030088792A1
Filed: 12/11/2002
Published: 05/08/2003
Est. Priority Date: 04/13/2001
Status: Active Grant

First Claim

Patent Images

1. A system for providing protection from an exploit to a device connected to a network, comprising:

(a) a content filter that receives a message that is directed to the device;

(b) a message tracker that is coupled to the content filter and is configured to determine whether the message is an unscanned message; and

(c) a scanner component that is coupled to the message tracker and that is configured to receive the unscanned message and to determine whether at least one element of the message includes an exploit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment associated with a message and unencapsulating such encapsulated attachment, and a component that performs at least one decompression of the attachment when the attachment is compressed. If it is determined that the message, including the attachment, is to be scanned, a component is included that determines whether a header, body, and/or attachment of the message includes exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.

Citations

19 Claims

1. A system for providing protection from an exploit to a device connected to a network, comprising:
- (a) a content filter that receives a message that is directed to the device;
  
  (b) a message tracker that is coupled to the content filter and is configured to determine whether the message is an unscanned message; and
  
  (c) a scanner component that is coupled to the message tracker and that is configured to receive the unscanned message and to determine whether at least one element of the message includes an exploit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein an element of the message is at least one of a header, body, and an attachment.
  - 3. The system of claim 1, wherein the message tracker is further configured to:
    - determine a first value associated with the message; and
      
      if the first value approximately matches a second value, to identify the message as a scanned message.
  - 4. The system of claim 3, wherein the second value is stored in at least one of a table, database, and a list.
  - 5. The system of claim 3, wherein the message tracker is further configured to set the second value to a nullity when the scanner component is updated.
  - 6. The system of claim 3, wherein at least one of the first value and the second value further comprises at least one of a hash value, an algorithmic function, checksum, public key certificate, and a digital signature.
  - 7. The system of claim 3, wherein the first value and the second value each further comprises a separate value for the message and a separate value for the attachment.
  - 8. The system of claim 1, wherein the message tracker is further configured to:
    - determine a size associated with the message;
      
      determine a hash associated with the message; and
      
      if the size exceeds a pre-determined size, and the hash is substantially the same as a stored hash associated with the message, to identify the message as a scanned message.
  - 9. The system of claim 1, wherein the system is operable on at least one of a firewall, a router, a switch, a server, and a dedicated platform.

10. A method for providing protection from an exploit to a device connected to a network, comprising:
- (a) receiving a message that is directed to the device; and
  
  (b) if the message is an unscanned message, performing actions, including;
  
  i. determining whether at least one element of the message includes an exploit; and
  
  ii. if at least one element of the message includes the exploit, quarantining the message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein an element of the message is at least on of a header, body, and an attachment.
  - 12. The method of claim 10, further comprising:
    - determining a first value associated with the message; and
      
      if the first value approximately matches a second value, identifying the message as a scanned message.
  - 13. The method of claim 12, wherein the second value is stored in at least one of a table, database, and a list.
  - 14. The method of claim 12, wherein the second value is set to a nullity based on a pre-determined condition.
  - 15. The method of claim 12, wherein at least one of the first value, and the second value further comprises at least one of a hash value, an algorithmic function, checksum, public key certificate, and a digital signature.
  - 16. The method of claim 12, wherein the first value and the second value each further comprises a separate value for the message and a separate value for the attachment.
  - 17. The method of claim 10, further comprising:
    - if a message size exceeds a pre-determined size;
      
      determining whether at least one of the header and the body includes the exploit; and
      
      if at least one of the header, body, and attachment of the message includes the exploit, quarantining the message.
  - 18. The method of claim 10, wherein the method is operable on at least one of a firewall, a router, a switch, a server, and a dedicated platform.

19. A system for providing protection from an exploit to a device connected to a network, comprising:
- (a) means for receiving a message that includes a header and at least one of a body and an attachment;
  
  (b) means for determining whether the message including the attachment, is an unscanned message; and
  
  (c) means for determining whether at least one of the header, attachment, and the body includes an exploit in the unscanned message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia, Inc. (Nokia Corporation)
Original Assignee
Nokia, Inc. (Nokia Corporation)
Inventors
Smith, Gregory J., Card, James

Granted Patent

US 6,941,478 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/234   for tracking messages

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0823   using certificates cryptogr...

H04L 63/145   the attack involving the pr...

H04L 69/04   Protocols for data compress...

System and method for providing exploit protection with message tracking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing exploit protection with message tracking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links