SYSTEM-ON-CHIP MALICIOUS CODE DETECTION APPARATUS AND APPLICATION-SPECIFIC INTEGRATED CIRCUIT FOR A MOBILE DEVICE

US 20120042375A1
Filed: 03/26/2010
Published: 02/16/2012
Est. Priority Date: 04/09/2009
Status: Active Grant

First Claim

Patent Images

1. A system-on (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in a portable terminal, comprising an SoC,wherein the SoC includes:

a hardware-based firewall configured to perform a packet-filtering operation on a packet received from the outside through a media access control (MAC) unit according to a setting of a firewall setting unit in an SoC memory, and then store the filtered packet in an application memory or transfer the filtered packet to an anti-malware engine;

the hardware-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file transferred from the firewall or a file received through an input/output (I/O) interface unit and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit;

the SoC memory configured to provide the setting of the firewall and support a file-decoding function for file format recognition of the anti-malware engine; and

a hardware-based controller configured to control a switching operation to transfer the file filtered by the firewall directly to the application memory or to the anti-malware engine, and control a malicious code detection cycle of the anti-malware engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System-on-chip (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in portable terminal is provided. Apparatus includes SoC including hardware-based firewall packet-filtering packet received from outside through media access control unit according to setting of firewall setting unit in SoC memory and storing filtered packet in application memory or transferring filtered packet to anti-malware engine, hardware-based anti-malware engine detecting malicious code by performing pattern-matching operation between code pattern in file transferred from firewall or file received through input/output (I/O) interface unit and pattern of malicious code registered in malware signature database (DB) of mobile device application unit, SoC memory providing setting of firewall and support file decoding function for file format recognition of anti-malware engine, and hardware-based controller controlling switching operation to transfer file filtered by firewall directly to application memory or to anti-malware engine and control malicious code detection cycle of anti-malware engine.

Citations

9 Claims

1. A system-on (SoC) and application-specific integrated circuit (ASIC)-based apparatus for detecting malicious code in a portable terminal, comprising an SoC,wherein the SoC includes:
- a hardware-based firewall configured to perform a packet-filtering operation on a packet received from the outside through a media access control (MAC) unit according to a setting of a firewall setting unit in an SoC memory, and then store the filtered packet in an application memory or transfer the filtered packet to an anti-malware engine;
  
  the hardware-based anti-malware engine configured to detect malicious code by performing a pattern-matching operation between a code pattern in a file transferred from the firewall or a file received through an input/output (I/O) interface unit and a pattern of malicious code registered in a malware signature database (DB) of a mobile device application unit;
  
  the SoC memory configured to provide the setting of the firewall and support a file-decoding function for file format recognition of the anti-malware engine; and
  
  a hardware-based controller configured to control a switching operation to transfer the file filtered by the firewall directly to the application memory or to the anti-malware engine, and control a malicious code detection cycle of the anti-malware engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The SoC and ASIC-based apparatus of claim 1, wherein the SoC is an ASIC.
  - 3. The SoC and ASIC-based apparatus of claim 1, wherein the firewall includes:
    - a receiving unit configured to receive packets input through the MAC unit and transfer the packets to a packet identification unit;
      
      the packet identification unit configured to classify the input packets and output the classified packets to a packet filtering unit; and
      
      the packet filtering unit configured to perform a filtering operation including an allowing operation and a dropping operation on the input packets according to the setting of the firewall setting unit in the SoC memory.
  - 4. The SoC and ASIC-based apparatus of claim 1, wherein the SoC memory includes:
    - the firewall setting unit configured to store a setting value for packet filtering of a packet filtering unit in the firewall;
      
      a decoding module configured to perform a decoding operation for the file format recognition of the anti-malware engine; and
      
      an anti-malware module unit configured to perform a function of organizing the malware signature DB in the SoC when a predetermine period of time elapses, a function of processing in parallel or periodically setting malicious code detection, and so on.
  - 5. The SoC and ASIC-based apparatus of claim 4, wherein the firewall setting unit, the decoding module, and the anti-malware module are updated through an over-the-air (OTA) module when firewall code or code of the anti-malware engine is changed or modified via a network.
  - 6. The SoC and ASIC-based apparatus of claim 1, wherein the mobile device application unit is constructed on the application memory.
  - 7. The SoC and ASIC-based apparatus of claim 1, wherein the mobile device application unit includes an application module configured to compare a vaccine version of a server with that of the portable terminal at predetermined periods, and operate an update module to update a vaccine of the portable terminal with the latest version of the server when the vaccine versions of the server and the portable terminal differ.
  - 8. The SoC and ASIC-based apparatus of claim 7, wherein the application module includes a center connection module configured to, when several connection methods are given to a user, prioritize the connection methods and select a connection method according to a network used by the server.
  - 9. The SoC and ASIC-based apparatus of claim 8, wherein the mobile device application unit includes a DB information unit including:
    - a center uniform resource locator (URL) information unit configured to connect the portable terminal with the network of the server through the MAC unit using the selected connection method;
      
      a device information unit configured to maintain pieces of information required by the corresponding device; and
      
      the malware signature DB configured to store and manage a pattern of malicious code for malicious code detection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Original Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Inventors
Yoo, In Seon

Granted Patent

US 8,826,414 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/564   by virus signature recognition

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

SYSTEM-ON-CHIP MALICIOUS CODE DETECTION APPARATUS AND APPLICATION-SPECIFIC INTEGRATED CIRCUIT FOR A MOBILE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM-ON-CHIP MALICIOUS CODE DETECTION APPARATUS AND APPLICATION-SPECIFIC INTEGRATED CIRCUIT FOR A MOBILE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links