Method for speeding up the pass time of an executable through a checkpoint
First Claim
1. A method for speeding up the pass time of an executable through a checkpoint in which the integrity of said executable is being tested, said method comprising:
- receiving and accumulating at least one part of said executable that reaches to said checkpoint;
testing the integrity of said at least one part of said executable;
releasing at least one accumulated part whose integrity has been verified to its destination in an accelerated manner;
releasing and sending at least one accumulated part to its destination in a moderate manner; and
upon indicating the non-integrity of said at least one part, performing an alert procedure.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for speeding up the pass time of an executable (an HTML file, a script file, a web page, an EXE file, an email message, and so forth) through a checkpoint (e.g. a gateway) in which the integrity of said executable is being tested, said method comprising: receiving and accumulating the parts of said executable that reach to said checkpoint; testing the integrity of the accumulated parts; releasing and sending the accumulated parts that have been indicated as harmless to their destination in an accelerated manner; releasing and sending the accumulated parts that have not been indicated as harmless or malicious to their destination in a moderate manner; and upon indicating the maliciousness of said accumulated parts, performing an alert procedure. According to a preferred embodiment of the invention, receiving and/or sending data is carried out at the lower levels of the OSI model, especially at the Network level.
20 Citations
9 Claims
-
1. A method for speeding up the pass time of an executable through a checkpoint in which the integrity of said executable is being tested, said method comprising:
-
receiving and accumulating at least one part of said executable that reaches to said checkpoint;
testing the integrity of said at least one part of said executable;
releasing at least one accumulated part whose integrity has been verified to its destination in an accelerated manner;
releasing and sending at least one accumulated part to its destination in a moderate manner; and
upon indicating the non-integrity of said at least one part, performing an alert procedure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method according to claim 10, wherein said at least one lower level is the Network layer of the OSI model.
Specification
-
- Resources
-
Current AssigneeAladdin Knowledge Systems Limited (Thales SA)
-
Original AssigneeAladdin Knowledge Systems Limited (Thales SA)
-
InventorsGruper, Shimon, Margalit, Yanki, Margalit, Dany
-
Application NumberUS10/751,986Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/153CPC Class CodesG06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/565 by checking file integrityG06F 21/566 Dynamic detection, i.e. det...H04L 63/123 received data contents, e.g...H04L 63/145 the attack involving the pr...H04L 63/1483 service impersonation, e.g....
