Two-phase hash value matching technique in message protection systems
First Claim
Patent Images
1. A method for filtering out exploits passing through a device, comprising:
- receiving an object directed to the device;
determining a first value associated with the object;
determining a second set of values associated with objects that have previously been scanned;
if the first value matches at least one of the values in the second set, determining a third value associated with the object;
determining a fourth set of values associated with the objects that have previously been scanned; and
if the third value matches at least one of the values in the fourth set, immediately processing the object.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a two-phase hash value matching technique in message protection systems. This invention further improves the performance of message protection systems by avoiding computations associated with sophisticated signature hash value (SSHV) where possible. A message protection system that implements the two-phase hash value matching technique caches rough outline hash values (ROHVs) of previously scanned objects. The system can roughly distinguish one object from another using ROHVs. The system performs an initial check using ROHVs before performing the relatively time-consuming computations associated with SSHVs.
131 Citations
29 Claims
-
1. A method for filtering out exploits passing through a device, comprising:
-
receiving an object directed to the device;
determining a first value associated with the object;
determining a second set of values associated with objects that have previously been scanned;
if the first value matches at least one of the values in the second set, determining a third value associated with the object;
determining a fourth set of values associated with the objects that have previously been scanned; and
if the third value matches at least one of the values in the fourth set, immediately processing the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium encoded with a data-structure, comprising:
-
a first indexing data field having indexing entries, each indexing entry including a first value; and
a second data field including object-related entries, each object-related entry having a second value and being indexed to an indexing entry in the first indexing data field, each object-related entry being uniquely associated with an object that has been previously scanned. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for protecting a device against an exploit, comprising:
-
a message tracker that is configured to determine whether an object has been previously scanned using a two-phase hash value technique; and
a scanner component that is coupled to the message tracker and that is configured to receive an unscanned object and to determine whether the unscanned object includes an exploit. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for protecting a device against an exploit, comprising:
-
means for receiving an object directed to the device;
means for determining whether the object has been previously scanned using a two-phase hash value technique; and
means for immediately processing the object if the object has been previously scanned. - View Dependent Claims (28, 29)
-
Specification