NETWORK STREAM SCANNING FACILITY

US 20100083380A1
Filed: 09/29/2008
Published: 04/01/2010
Est. Priority Date: 09/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method of scanning data associated with a network computer facility comprising:

receiving a request for network content from a content requesting computing facility;

performing a source lookup associated with the request for network content,wherein the source lookup is from a networked source lookup database;

retrieving the requested network content;

calculating a checksum of at least a portion of the retrieved network content;

performing a checksum lookup associated with the at least the portion of the retrieved network content, wherein the checksum lookup is from a networked checksum lookup database; and

taking an action based on at least one of the source lookup and checksum lookup,wherein the action is associated with protecting the content requesting computing facility from malware.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments of the present invention improved capabilities are described for providing a scanning of data associated with a network computer facility. In the process, a request may be received for network content from a content requesting computing facility. A source lookup associated with the request for network content may be performed, where the source lookup may be from a networked source lookup database. The requested network content may then be retrieved, where the type of the content may be determined as a further aid in scanning the content. A checksum of at least a portion of the retrieved network content may then be calculated, and a checksum lookup associated with the portion of the retrieved network content be performed, where the checksum lookup may be from a networked checksum lookup database. Finally, an action may be taken based on at least one of the source lookup and checksum lookup, where the action is associated with protecting the content requesting computing facility from malware.

65 Citations

View as Search Results

25 Claims

1. A method of scanning data associated with a network computer facility comprising:
- receiving a request for network content from a content requesting computing facility;
  
  performing a source lookup associated with the request for network content,wherein the source lookup is from a networked source lookup database;
  
  retrieving the requested network content;
  
  calculating a checksum of at least a portion of the retrieved network content;
  
  performing a checksum lookup associated with the at least the portion of the retrieved network content, wherein the checksum lookup is from a networked checksum lookup database; and
  
  taking an action based on at least one of the source lookup and checksum lookup,wherein the action is associated with protecting the content requesting computing facility from malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the action is blocking the requested network content.
  - 3. The method of claim 1, wherein the action is sending the requested network content to the content requesting computing facility.
  - 4. The method of claim 1, wherein the action is providing further scanning of the received network content.
  - 5. The method of claim 1, wherein the action is determined by a policy.
  - 6. The method of claim 1, wherein the action is determined by the type of the requested network content.
  - 7. The method of claim 1, wherein the source lookup database includes previously identified URLs.
  - 8. The method of claim 1, wherein the source lookup database includes a white list.
  - 9. The method of claim 1, wherein the source lookup database includes a black list.
  - 10. The method of claim 1, wherein the result of the source lookup is used in subsequent scanning.
  - 11. The method of claim 1, wherein the checksum lookup database includes checksums from previously identified network content.
  - 12. The method of claim 1, wherein the checksum lookup database includes checksums generated from the same length of data as the portion of the retrieved network content.

13. A system comprising:
- a network device with on-device malware analysis tools;
  
  a network source lookup database;
  
  a network checksum lookup database; and
  
  a content requesting computing facility requesting network content in association with the network device, wherein the network device utilizes lookups from both the source lookup database and the checksum lookup database in conjunction with the on-device malware analysis tools in order to take an action in association with protecting the content requesting computing facility from malware.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The system of claim 13, wherein the action is blocking the requested network content.
  - 15. The system of claim 13, wherein the action is sending the requested network content to the content requesting computing facility.
  - 16. The system of claim 13, wherein the action is providing further scanning of the received network content.
  - 17. The system of claim 13, wherein the action is determined by a policy.
  - 18. The system of claim 13, wherein the action is determined by the type of the requested network content.
  - 19. The system of claim 13, wherein the source lookup database includes previously identified URLs.
  - 20. The system of claim 13, wherein the source lookup database includes a white list.
  - 21. The system of claim 13, wherein the source lookup database includes a black list.
  - 22. The system of claim 13, wherein the result of the source lookup is used in subsequent scanning.
  - 23. The system of claim 13, wherein the checksum lookup database includes checksums from previously identified network content.
  - 24. The system of claim 13, wherein the checksum lookup database includes checksums generated from the same length of data as the portion of the network content.
  - 25. The system of claim 13, wherein the on-device malware analysis tools include a malware scanning facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Thomas, Andrew J., Lyne, James I.G., Harris, Mark D., Magdic, Mario

Granted Patent

US 8,607,347 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/565   by checking file integrity

H04L 63/101   Access control lists [ACL]

H04L 63/123   received data contents, e.g...

NETWORK STREAM SCANNING FACILITY

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK STREAM SCANNING FACILITY

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links