MULTIPLE-LEVEL DATA PROCESSING SYSTEM

US 20060206939A1
Filed: 06/05/2006
Published: 09/14/2006
Est. Priority Date: 06/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring a data unit of a first file on a first transport connection and a data unit of a second file on a second transport connection, comprising:

selecting first resources to iteratively reverse multiple levels of format conversions on the payload data of said data unit of said first file to generate a first reversed data unit, independently from selecting second resources to iteratively reverse multiple levels of format conversions on the payload data of said data unit of said second file to generate a second reversed data unit; and

inspecting the payload data of said first reversed data unit and said second reversed data unit for suspicious patterns prior to any aggregation of the data units of said first file or said second file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

40 Citations

View as Search Results

20 Claims

1. A method for monitoring a data unit of a first file on a first transport connection and a data unit of a second file on a second transport connection, comprising:
- selecting first resources to iteratively reverse multiple levels of format conversions on the payload data of said data unit of said first file to generate a first reversed data unit, independently from selecting second resources to iteratively reverse multiple levels of format conversions on the payload data of said data unit of said second file to generate a second reversed data unit; and
  
  inspecting the payload data of said first reversed data unit and said second reversed data unit for suspicious patterns prior to any aggregation of the data units of said first file or said second file.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, further comprising:
    - retrieving a first data type from the payload data of said data unit of said first file for each of said multiple levels of said format conversion, independently from retrieving a second data type from the payload data of said data unit of said second file for each of said multiple levels of said format conversion; and
      
      invoking a first reversal operation type from said first resources based on said first data type, independently from invoking a second reversal operation type from said second resources based on said second data type.
  - 3. The method as recited in claim 2, further comprising:
    - independently retrieving said first data type and said second data type for a second level of said multiple levels of said format conversions prior to the completion of reversing a first level of said multiple levels of said format conversions.
  - 4. The method as recited in claim 1, further comprising:
    - mapping said first resources to said first transport connection; and
      
      mapping said second resources to said second transport connection.
  - 5. The method as recited in claim 4, further comprising:
    - maintaining information relating to said first resources, said second resources, and the processing of said first resources and said second resources.
  - 6. The method as recited in claim 3, further comprising:
    - iteratively performing said retrieving step and said invoking step within a threshold number of iterations.

7. A system, comprising:
- a first processing means for identifying a first initial-level data type from a data unit of a first file on a first transport connection and for identifying a second initial-level data type from a data unit of a second file on a second transport connection;
  
  a second processing means for independently selecting first resources and second resources according to said first initial-level data type and said initial-level second data type to initiate reversing multiple levels of format conversions on the payload data of said data unit of said first file and said data unit of said second file to generate a first reversed data unit and a second reversed data unit, respectively; and
  
  a third processing means for inspecting the payload data of said first reversed data unit and said second reversed data unit for suspicious patterns prior to any aggregation of the data units of said first file or said second file.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system as recited in claim 7, wherein said second processing means further comprising:
    - means for independently invoking a first reversal operation type from said first resources based on said first initial-level data type and invoking a second reversal operation type from said second resources based on said second initial-level data type.
  - 9. The system as recited in claim 7, wherein said second processing means further comprising:
    - means for independently determining a first current-level data type based on at least a portion of the results from performing a first preceding-level reversal operation type and determining a second current-level data type based on at least a portion of the results from performing a second preceding-level reversal operation type;
      
      means for independently invoking a first current-level reversal operation type from said first resources based on said first current-level data type and invoking a second current-level reversal operation type from said second resources based on said second current-level data type; and
      
      means for iteratively performing said determining step and said invoking step to reverse said multiple levels of said format conversions.
  - 10. The system as recited in claim 7, wherein said second processing means further maps said first resources and said second resources to said first transport connection and said second transport connection, respectively.
  - 11. The system as recited in claim 10, wherein said second processing means further comprising means for storing information relating to said first resources, said second resources, and the processing of said first resources and said second resources.
  - 12. The system as recited in claim 7, wherein said first processing means further requests to establish a session with said second processing means for each of said first transport connection and said second transport connection.
  - 13. The system as recited in claim 9, wherein said second means iteratively performs said determining step and said invoking step within a threshold number of iterations.

14. A system, comprising:
- a host processor, a content inspection co-processor, and a memory system, coupled to said host processor and said content inspection co-processor, wherein a protocol parser, when executed by said host processor, attempts to identify a first initial-level data type from a data unit of a first file on a first transport connection and attempts to identify a second initial-level data type from a data unit of a second file on a second transport connection;
  
  a data processing system, when executed by said content inspection co-processor, independently selects first resources and second resources according to said first initial-level data type and said initial-level second data type to initiate reversing multiple levels of format conversions on the payload data of said data unit of said first file and said data unit of said second file to generate a first reversed data unit and a second reversed data unit, respectively; and
  
  a content inspection engine, when executed by said content inspection co-processor, inspects the payload data of said first reversed data unit and said second reversed data unit for suspicious patterns prior to any aggregation of the data units of said first file or said second file.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system as recited in claim 14, wherein said data processing system further independently spawns a first process that utilizes said first resources and invokes a first reversal operation type based on said first initial-level data type and spawns a second process that utilizes said second resources and invoking a second reversal operation type based on said second initial-level data type.
  - 16. The system as recited in claim 14, wherein said data processing system further:
    - independently spawns a first process and a second process, wherein said first process determines a first current-level data type based on at least a portion of the results from performing a first preceding-level reversal operation type, and said second process determines a second current-level data type based on at least a portion of the results from performing a second preceding-level reversal operation type;
      
      said first process invokes a first current-level reversal operation type based on said first current-level data type, and said second process invokes a second current-level reversal operation type based on said second current-level data type; and
      
      said first process and said second process iteratively perform said determining step and said invoking step to reverse said multiple levels of said format conversions.
  - 17. The system as recited in claim 16, wherein said data processing system further maps said first resources and said second resources to said first transport connection and said second transport connection, respectively.
  - 18. The system as recited in claim 17, wherein said data processing system further comprising a stable table to store information relating to said first resources, said second resources, and the processing of said first resources and said second resources.
  - 19. The system as recited in claim 14, wherein said protocol parser further requests to establish a session with said data processing system for each of said first transport connection and said second transport connection.
  - 20. The system as recited in claim 16, wherein said first process and said second process iteratively perform said determining step and said invoking step within a threshold number of iterations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lionic Corp.
Original Assignee
Lionic Corp.
Inventors
Chien, Shih-Wei, Chang, Chih-Jen, Zhao, Shi-Ming

Granted Patent

US 7,930,742 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/563   by source code analysis

G06F 21/564   by virus signature recognition

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

MULTIPLE-LEVEL DATA PROCESSING SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTIPLE-LEVEL DATA PROCESSING SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links