SERVER BASED MALWARE SCREENING
First Claim
1. A server device that is adapted to be coupled to a network, the server device comprising:
- network interface circuitry adapted to couple the server device to a network;
computer memory; and
processing circuitry coupled to the network interface circuitry and to the computer memory wherein the network interface circuitry, the computer memory, and the processing circuitry are operable to;
register a client device with the server device, the server device being identified as a malware-scanning device for the client device;
receive data packets destined for the client device;
scan the data packets destined for the client device for the presence of malware using the resources of the server device;
provide the data packets from the server device to the client device over the network when the data packets are determined to be malware-free; and
perform corrective measures on data packets that are found to contain malware before providing the data packets to the client device for full use.
8 Assignments
0 Petitions
Accused Products
Abstract
An Internet infrastructure is provided to transfer a packet of data between a client device and source device. The infrastructure consists of a support server that screens the packet for malware codes on behalf of a registered client. In order to scan for malware, the support server contains hardware and/or software modules to perform malware detection and quarantine functions. The modules identify malware bit sequence in the packet(s), malware bit sequences or entire contaminated code is quarantined or repaired as appropriate. After identification of malware code (if any), the support server sends warning messages to affected parties, providing information regarding the malware codes that were detected.
-
Citations
25 Claims
-
1. A server device that is adapted to be coupled to a network, the server device comprising:
-
network interface circuitry adapted to couple the server device to a network; computer memory; and processing circuitry coupled to the network interface circuitry and to the computer memory wherein the network interface circuitry, the computer memory, and the processing circuitry are operable to; register a client device with the server device, the server device being identified as a malware-scanning device for the client device; receive data packets destined for the client device; scan the data packets destined for the client device for the presence of malware using the resources of the server device; provide the data packets from the server device to the client device over the network when the data packets are determined to be malware-free; and perform corrective measures on data packets that are found to contain malware before providing the data packets to the client device for full use. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A support server that is adapted to communicate with a client device to malware certify data provided from a source device, the support server comprising:
-
transmission circuitry for receiving the data in at least one data packet after the client device requests a transfer of the data between the source device and the client device; malware identification module for scanning the data for the presence of malware; a digital signature detection module within local memory for receiving and processing signatures associated with the data, wherein a receipt and authentication of a signature may allow the support server to simplify or eliminate certain malware detection processes; at least one malware detection module within local memory for maintaining malware information to help the malware identification module detect malware within the data; a quarantine memory space within the local memory for containing the data while malware processing is performed; a permanent quarantine area as part of the local memory for permanently quarantining data that has been contaminated with malware and has not been rendered malware-free; and a communication module as part of the local memory for communicating between at least one of either the client device and the source device a malware status of data.
-
-
20. A method for detecting malware within data by using a support server to scan the data for malware for the benefit of at least one client device, the method comprising the steps of:
-
registering the at least one client device with the support server, whereby the support server is notified that the support server is to process malware on behalf of the at least one client device; receiving, at the support server, a request from the client device for a download of data; passing on the request to download the data to a source device from the support server; receiving, within the support server, the data from a download from the source device; performing malware analysis on the data what was downloaded within the support server; identifying and detecting malware codes, if any, within the data while the data is resident within the support server; and sending the data from the support server to the client device for use by the client device if malware codes are not detected or can be removed effectively from the data by the support server. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification