Method and apparatus for identifying and characterizing errant electronic files

US 20050228795A1
Filed: 06/03/2005
Published: 10/13/2005
Est. Priority Date: 04/30/1999
Status: Active Grant

First Claim

Patent Images

1-58. -58. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system includes a, server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored file; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.

56 Citations

View as Search Results

88 Claims

1-58. -58. (canceled)

59. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:
- processing a file from a computer storage medium using an algorithm to generate an identification value determined by processing contents of the file using the algorithm;
  
  comparing the identification value to each of a plurality of identification values each associated with one of a plurality of unauthorized files, wherein each of the plurality of unauthorized files is substantially free from infection with a computer virus; and
  
  characterizing the file as an identified unauthorized file if the identification value matches one of the plurality of identification values.
- View Dependent Claims (60, 61, 62, 63, 64, 65, 70, 71, 72, 73)
- - 60. The method of claim 59, further comprising selecting the file from one of a plurality of sequentially-ordered files in a directory of the computer storage medium.
  - 61. The method of claim 59, further comprising selecting the file from a plurality of files stored in the computer storage medium, based on size of the file.
  - 62. The method of claim 61, wherein the selecting step further comprises determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold.
  - 63. The method of claim 59, further comprising selecting the file from a plurality of files stored in the computer storage medium, based on whether content of the file matches a file type indicated by a name of the file.
  - 64. The method of claim 59, further comprising selecting the file from a plurality of files stored in the computer storage medium, based on whether the file comprises data beyond an end of data marker for the file.
  - 65. The method of claim 59, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating a checksum.
  - 70. The method of claim 59, further comprising processing a plurality of known unauthorized files to generate the plurality of identification values.
  - 71. The method of claim 59, further comprising presenting the identified unauthorized file for human review prior to disposing of it.
  - 72. The method of claim 59, further comprising automatically notifying a third party that the file has been identified.
  - 73. The method of claim 59, further comprising deleting the identified unauthorized file from the computer storage medium.

66. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a second portion of said stored file.

67. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a larger portion of said stored file that includes the first portion.

68. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating the checksum for graphics files based on vector graphics analysis.

69. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for dividing a graphical image file into blocks and comparing relationships between the blocks.

74. A computer system, comprising:
- a server having a memory connected, thereto, said server being adapted to be connected to a network to permit remote storage and retrieval of data files from said memory; and
  
  a file identification application operative with said server to identify unauthorized files stored in said memory, said file identification application providing the functions of;
  
  processing a file from the memory using an algorithm to generate an identification value determined by processing contents of the file using the algorithm;
  
  comparing the identification value to each of a plurality of identification values each associated with one of a plurality of unauthorized files, wherein each of the plurality of unauthorized files is substantially free from infection with a computer virus; and
  
  characterizing the file as an identified unauthorized file if the identification value matches one of the plurality of identification values.
- View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
- - 75. The system of claim 74, wherein the application further comprises the function of selecting the file from one of a plurality of sequentially-ordered files in a directory of the computer storage medium.
  - 76. The system of claim 74, wherein the application further comprises the function of selecting the file from a plurality of files stored in the computer storage medium, based on size of the file.
  - 77. The system of claim 74, wherein the application further comprises the function of determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold.
  - 78. The system of claim 74, wherein the application further comprises the function of selecting the file from a plurality of files stored in the computer storage medium, based on whether content of the file matches a file type indicated by a name of the file.
  - 79. The system of claim 74, wherein the application further comprises the function of selecting the file from a plurality of files stored in the computer storage medium, based on whether the file comprises data beyond an end of data marker for the file.
  - 80. The system of claim 74, wherein the processing function comprises using the algorithm, wherein the algorithm is configured for generating a checksum.
  - 81. The system of claim 80, wherein the processing function comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a second portion of said stored file.
  - 82. The system of claim 80, wherein the processing function comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a larger portion of said stored file that includes the first portion.
  - 83. The system of claim 80, wherein the processing function comprises using the algorithm, wherein the algorithm is configured for generating the checksum for graphics files based on vector graphics analysis.
  - 84. The system of claim 80, wherein the processing function comprises using the algorithm, wherein the algorithm is configured for dividing a graphical image file into blocks and comparing relationships between the blocks.
  - 85. The system of claim 74, wherein the application further comprises the function of processing a plurality of known unauthorized files to generate the plurality of identification values.
  - 86. The system of claim 74, wherein the application further comprises the function of presenting the identified unauthorized file for human review prior to disposing of it.
  - 87. The system of claim 74, wherein the application further comprises the function of automatically notifying a third party that the file has been identified.
  - 88. The system of claim 74, wherein the application further comprises the function of deleting the identified unauthorized file from the computer storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Hoshiko LLC (Raoul Management LLC)
Inventors
Shuster, Gary Stephen

Granted Patent

US 7,757,298 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/148   File search processing

G06F 16/285   Clustering or classification

G06F 21/564   by virus signature recognition

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

Method and apparatus for identifying and characterizing errant electronic files

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

88 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for identifying and characterizing errant electronic files

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

88 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others