MALWARE DETECTION DEVICE

US 20090293126A1
Filed: 05/23/2008
Published: 11/26/2009
Est. Priority Date: 05/23/2008
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a data pathway provided between a first data transfer device and a second data transfer device;

a processor attached to the data pathway; and

a memory accessible by the processor containing at least one malware signature and instructions for controlling the processor to;

passively oversee an interconnection of the first and second data transfer devices;

direct at least a portion of a data transfer across the data pathway to the processor for analysis;

analyze the at least a portion of the data transfer using the malware signature;

identify malware contained in the at least a portion of the data transfer; and

interrupt the data transfer based on the identification of malware.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary malware detection device includes a data pathway provided between a first data transfer device and a second data transfer device and a processor attached to the data pathway. A memory accessible by the processor contains at least one malware signature and instructions for controlling the processor to interconnect the first and second data transfer devices, direct at least a portion of a data transfer across the data pathway to the processor for analysis, independently analyze the portion of the data transfer using the malware signature, identify malware contained in the portion of the data transfer, and interrupt the data transfer based on the identification of malware.

36 Citations

View as Search Results

20 Claims

1. A device, comprising:
- a data pathway provided between a first data transfer device and a second data transfer device;
  
  a processor attached to the data pathway; and
  
  a memory accessible by the processor containing at least one malware signature and instructions for controlling the processor to;
  
  passively oversee an interconnection of the first and second data transfer devices;
  
  direct at least a portion of a data transfer across the data pathway to the processor for analysis;
  
  analyze the at least a portion of the data transfer using the malware signature;
  
  identify malware contained in the at least a portion of the data transfer; and
  
  interrupt the data transfer based on the identification of malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15)
- - 2. The device according to claim 1, wherein the at least one malware signature includes at least one malware heuristic.
  - 3. The device according to claim 1, wherein the data pathway is one of a host-controlled peripheral bus, a peer-to-peer bus, and a point-to-point link without addressability.
  - 4. The device according to claim 1, wherein the first and second data transfer devices are each one of a computing system, a data storage unit, and a mobile communication device.
  - 5. The device according to claim 1, wherein the device is embedded with one of the first data transfer device and the second data transfer device.
  - 6. The device according to claim 1, further comprising instructions for controlling the processor to receive updates to the at least one malware signature.
  - 7. The device according to claim 1, further comprising a buffer memory to store the at least a portion of the data transfer.
  - 8. The device according to claim 1, further comprising a sleeve selectively securing an attachment of the device to at least one of the first data transfer device and the second data transfer device.
  - 9. The device according to claim 8, wherein the sleeve is an elastomeric material configured to be rolled upon itself.
  - 11. The method according to claim 8, further comprising providing an alert to at least one of the first data transfer device and the second data transfer device based on the identifying.
  - 12. The method according to claim 8, further comprising buffering the at least a portion of the data transfer prior to the analyzing.
  - 13. The method according to claim 8, further comprising terminating the data transfer.
  - 14. The device according to claim 8, further comprising including at least one malware heuristic with the malware signature.
  - 15. The method according to claim 8, further comprising comparing the at least a portion of the data transfer to the at least one malware signature on a packet-by-packet basis.

10. A method, comprising:
- monitoring an interconnection of a first data transfer device and a second data transfer device;
  
  directing at least a portion of a data transfer across an isolated data pathway between the first and second data transfer devices to a processor for analysis;
  
  independently analyzing the at least a portion of the data transfer using at least one malware signature;
  
  identifying malware contained in the at least a portion of the data transfer based on the malware signature; and
  
  interrupting the data transfer based on the identifying.

16. A device, comprising:
- a first connection point and a second connection point for physically coupling a first data transfer device to a second data transfer device;
  
  a discrete data pathway between the first and second connection points providing an isolated area to analyze a data transfer for malware;
  
  an independent processor attached to the data pathway; and
  
  a computer readable medium accessible to the processor containing at least one malware signature and instructions for controlling the processor to;
  
  direct at least a portion of the data transfer across the data pathway to the processor for analysis;
  
  independently analyze the at least a portion of the data transfer using the malware signature;
  
  identify malware contained in the at least a portion of the data transfer; and
  
  interrupt the data transfer based on the identification of malware.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The device according to claim 16, wherein the at least one malware signature includes at least one malware heuristic.
  - 18. The device according to claim 16, wherein the data pathway is one of a host-controlled peripheral bus, a peer-to-peer bus, and a point-to-point link without addressability.
  - 19. The device according to claim 16, wherein the device is embedded with one of the first data transfer device and the second data transfer device.
  - 20. The device according to claim 16, further comprising instructions for controlling the processor to interface with at least one of the first or second data transfer devices to receive updates to the at least one malware signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MCI Communications Services Incorporated (Verizon Communications Inc.), Verizon Business Network Services, Inc. (Verizon Communications Inc.), Verizon Corporate Services Group Incorporated (Verizon Communications Inc.)
Inventors
Archer, Steven T., Pate, Kristopher A., Hubner, Paul V., Dias, Francisco A.

Granted Patent

US 8,245,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/562 Static detection

MALWARE DETECTION DEVICE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MALWARE DETECTION DEVICE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links