Detection of signatures in disordered message segments

US 20060227787A1
Filed: 05/18/2005
Published: 10/12/2006
Est. Priority Date: 04/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method of detecting signatures in message segments, comprising:

employing a state machine for the examination of character strings in said message segments, the state machine being organized to execute for each input character a transition determined by a current state of the machine and a current input character;

monitoring the order of arrival of the message segments;

in the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segement after said processed message segment;

(a) storing the current state of said state machine at the end of the said processed segment;

(b) restarting the state machine for the examination of said immediately subsequent message segment; and

(c) storing said immediately subsequent message segment;

and on the arrival of said intermediate message segment;

(d) examining said intermediate segment followed by said stored immediately subsequent segment, beginning from said stored state of the state machine.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of detecting signatures in message segments comprises employing a state machine for the detection of character strings in the message segments. The state machine executes for each input character a transition determined by a current state of the machine and a current input character. The message segments conform to TCP or other ordering transport protocol. The order of arrival of the message segments is monitored. In the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segment, the current state of said state machine at the end of the said processed segment is stored. The machine is restarted from its null or datum state for the examination of the immediately subsequent message segment, which is then temporarily stored. When the missing segment eventually arrives, it and the stored segment are successively examined for signatures by means of the state machine, beginning at the stored state. The invention allows for examination of overlapping signatures without requiring re-assembly of the segments or substantial buffering.

Citations

6 Claims

1. A method of detecting signatures in message segments, comprising:
- employing a state machine for the examination of character strings in said message segments, the state machine being organized to execute for each input character a transition determined by a current state of the machine and a current input character;
  
  monitoring the order of arrival of the message segments;
  
  in the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segement after said processed message segment;
  
  (a) storing the current state of said state machine at the end of the said processed segment;
  
  (b) restarting the state machine for the examination of said immediately subsequent message segment; and
  
  (c) storing said immediately subsequent message segment;
  
  and on the arrival of said intermediate message segment;
  
  (d) examining said intermediate segment followed by said stored immediately subsequent segment, beginning from said stored state of the state machine.
- View Dependent Claims (2, 3)
- - 2. A method as in claim 1 wherein the message segments conform to an ordering transport protocol.
  - 3. A method as in claim 1 and further comprising, on the arrival of said intermediate segment:
    - storing the state of the state machine for subsequent use after the processing of said intermediate segment and said stored immediately subsequent segment.

4. A system for the detection of digital signatures in a flow of message segments, comprising:
- a state machine for the examination of character strings in said message segments, the state machine being organized to execute for each current input character in turn a transition determined by a current state of the machine and the current input character; and
  
  a controller for monitoring the order of arrival of the message segments, the controller being organized;
  
  (a) in the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segment after said processed message segment, to cause storage of the current state of said state machine at the end of said processed segment, to cause restarting of the state machine for the examination of said immediately subsequent message segment, and to cause storage of said immediately subsequent message segment; and
  
  (b) on the eventual arrival of said intermediate message segment, to cause examination by the state machine of said intermediate segment followed by said stored immediately subsequent segment, beginning from said stored state of the state machine.
- View Dependent Claims (5)
- - 5. A system as in claim 4 wherein on the arrival of said intermediate segment, the controller causes the state of the state machine to be stored for subsequent use after the processing of said intermediate segment and said stored immediately subsequent segment.

6. A system for the detection of digital signatures in a flow of message segments, comprising:
- means for decoding the message segments;
  
  a buffer for the storage of at least one message segment;
  
  a state machine for the examination of character strings in said message segments; and
  
  a controller for monitoring the order of arrival of the message segments;
  
  wherein the system, in the event that an intermediate message segment is missing between a processed segment and an immediately subsequent message segment after said processed message segment, is operative to cause storage of the current state of said state machine at the end of the said processed segment, to cause restarting of said state machine for the examination of said immediately subsequent message segment, and to cause storage of said immediately subsequent message segment; and
  
  on the eventual arrival of said intermediate message segment, is operative (a) to cause the state of said state machine to be stored for subsequent use after the processing of the intermediate segment and the stored immediately subsequent segment and (b) to cause examination by said state machine of said intermediate segment followed by said stored immediately subsequent segment, beginning from the previously stored state of said state machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Stack, Eoghan, O'Keeffe, Daniel Martin, Furlong, Peter, Loughran, Kevin

Granted Patent

US 7,957,390 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/394
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/166 at the transport layer

Detection of signatures in disordered message segments

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of signatures in disordered message segments

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links