Method and system for identifying the content of files in a network

US 20070150948A1
Filed: 12/24/2004
Published: 06/28/2007
Est. Priority Date: 12/24/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for identifying the content of a file in a network environment, said network environment comprising at least one local computing device linked to a remaining part of the network environment including a central infrastructure and, the method comprising calculating a reference value for a new file on one of said at least one local computing devices using a one-way-function, transmitting said calculated reference value o said central infrastructure, comparing said calculated reference value with reference values previously stored within the remaining part of the network environment, after comparing, deciding that the content of the new file is already identified if a match between said calculated reference value and a previously stored reference value is found and retrieving the corresponding content attributes;

or deciding that the content of the new file is not yet identified if no match between said calculated reference value and any of the previously stored reference values is found, followed by sharing the new file on the local computing device to said central infrastructure and said central infrastructure identifying the content of said new file by remotely identifying the content over the network environment, determining content attributes corresponding with the content of the new file and storing a copy of said content attributes, after deciding, triggering an action on said local computing device in accordance with said content attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for performing securing and controlling of a network using content identification of files in a network having a central infrastructure and local computing devices is presented. The method comprises calculating a hash value of a new file created or received on a local computing device, transmitting the hash value to the central infrastructure, comparing the hash value with a previously determined hash value stored in a database on the central infrastructure to determine whether the file is new to the network and if the file is new to the network, checking the file content with a content identifying engine, installed and updated on the central infrastructure. Content attributes are determined for the files which allow to perform appropriate actions on the local computing devices according to policy rules.

112 Citations

19 Claims

1. A method for identifying the content of a file in a network environment, said network environment comprising at least one local computing device linked to a remaining part of the network environment including a central infrastructure and, the method comprising calculating a reference value for a new file on one of said at least one local computing devices using a one-way-function, transmitting said calculated reference value o said central infrastructure, comparing said calculated reference value with reference values previously stored within the remaining part of the network environment, after comparing, deciding that the content of the new file is already identified if a match between said calculated reference value and a previously stored reference value is found and retrieving the corresponding content attributes;
- or deciding that the content of the new file is not yet identified if no match between said calculated reference value and any of the previously stored reference values is found, followed by sharing the new file on the local computing device to said central infrastructure and said central infrastructure identifying the content of said new file by remotely identifying the content over the network environment, determining content attributes corresponding with the content of the new file and storing a copy of said content attributes, after deciding, triggering an action on said local computing device in accordance with said content attributes.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said triggering an action on said local computing device in accordance with said content attributes is performed after transmitting the content attributes corresponding to the new file to the local computing device.
  - 3. A method according to claim 1 wherein said identifying the content of said new file comprises one or more of the group of scanning for viruses, scanning for adult content, scanning for Self Promotional Advertising Messages and scanning for copyrighted information, using a scanning means installed on said central infrastructure.
  - 4. A method according to claim 1, furthermore comprising storing a copy of the new file on the central infrastructure.
  - 5. A method according to claim 1, wherein said triggering an action on said local computing device in accordance with said content attributes may comprise replacement of the new file on the local computing device with another version of said new file restored from the remaining part of the network environment.
  - 6. A computer program product for executing the method of claim 1 when executed on a network.

7. A system for identifying the content of a file in a network environment, said network environment comprising at least one local computing device linked to a remaining part the network environment which includes a central infrastructure and, said remaining part including a stored database, whereby the system comprises:
- means for calculating a reference value for a new file on said local computing device using a one-way-function, means for transmitting said calculated reference value to said central infrastructure, means for comparing said calculated reference value with previously stored reference values from the database, whereby the system further comprises;
  
  means for deciding whether the content of the new file is already identified based on comparison of said calculated reference value and reference values previously stored within the remaining part, means for sharing the new file on the local computing device to said central infrastructure means located on the central infrastructure, for remotely identifying the content of the new file over the network and as to assign content attributes if the new file has not been identified yet and means for storing said content attributes within the remaining part, and means for triggering an action on said local computing device in accordance with content attributes for said new file.
- View Dependent Claims (8)
- - 8. A system according to claim 7 furthermore comprising means for storing a copy of the new file within the remaining part.

9. A method for altering a system for identifying the content of a file in a network environment, said network environment comprising means for calculating a one-way function, at least one local computing device linked to a remaining part of the network environment including a central infrastructure and means for identifying the content and said remaining part including a stored database, the method comprising altering said means for identifying the content or said means for calculating a one-way function scanning the remaining part of the network environment for reference values calculated with a one-way function for each of said reference values, requesting a file that corresponds with said reference value from said network environment identifying the content of said file and determining content attributes corresponding with the content of the file and storing a copy of said content attributes sending the content attributes to every local computing device containing the file after sending;
- triggering an action on said local computing device in accordance with said content attributes.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. A method according to claim 9, wherein said scanning the remaining part of the network environment for reference values calculated with a one-way function comprises scanning the remaining part of the network environment for reference values, calculated with a one-way function, said reference values being generated after a predetermined date.
  - 11. A method according to claim 9, wherein said method furthermore comprises, for each of said reference values, sending the file to means for identifying the content.
  - 12. A method according to claim 9, wherein said method furthermore comprises, for each of said reference values, sharing the file to the means for identifying the content and remotely identifying the content of the file over the network.
  - 13. A method according to claim 9, wherein said sending the content attributes to every local computing device containing the file, may comprise identifying every local computing device containing the file using a stored database sending the content attributes to said identified local computing devices
  - 14. A method according to claim 9 wherein sending the content attributes to said identified local computing devices comprises, for each of said identified local computing devices not connected to said network, creating an entry in a waiting list and sending the content attributes to said identified local computing devices in agreement with said entry on said waiting list when the local computing devices are reconnected to the network.
  - 15. A method according to claim 9 wherein, requesting a file that corresponds with said reference value from said network environment comprises, if no local computing device having said file that corresponds with said reference value is connected to the network, creating an entry in a waiting list and requesting a file that corresponds with said reference value from said local computing device in agreement with said entry when the local computing device is reconnected to said network.
  - 16. A method according to claim 9, wherein said method furthermore comprises identifying whether the content attributes correspond with unwanted content and, if so, identifying the local computing device that first introduced said unwanted content in the network based on data stored in said database.
  - 17. A computer program product for executing the method as claimed in claim 9 when executed on a network.
  - 18. A machine readable data storage device storing the computer program product of claim 17.

19. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
De Spiegeleer, Kristof

Application Number

US10/584,671
Publication Number

US 20070150948A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

G06F 21/563   by source code analysis

G06F 21/565   by checking file integrity

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 63/123   received data contents, e.g...

H04L 63/145   the attack involving the pr...

Method and system for identifying the content of files in a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identifying the content of files in a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links