SYSTEM AND METHOD FOR DETERMINING MALICIOUS NETWORK ATTACKS

US 20150281273A1
Filed: 04/01/2014
Published: 10/01/2015
Est. Priority Date: 04/01/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:

executing instructions on at least one of the processors to generate a plurality of random blocks of data;

generating a first XOR result by using an XOR function with the plurality of random blocks of data as the XOR function inputs;

generating a second XOR result by using the XOR function with a designated data file and the first XOR result as the XOR function inputs; and

writing the plurality of random blocks and second XOR result to at least one storage medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for deterring malicious network attacks. The system and method is configured to execute instructions on at least one of the processors to generate a plurality of random blocks of data; generate a first XOR result by using the XOR function with the plurality of random blocks of data as the XOR function inputs; generate a tail value by using the XOR function with the first XOR result and a random encryption key as the XOR function inputs; encrypt a designated file using the random encryption key; write the plurality of random blocks and tail value to at least one storage medium; and write the encrypted designated file to at least one storage medium.

Citations

61 Claims

1. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:
- executing instructions on at least one of the processors to generate a plurality of random blocks of data;
  
  generating a first XOR result by using an XOR function with the plurality of random blocks of data as the XOR function inputs;
  
  generating a second XOR result by using the XOR function with a designated data file and the first XOR result as the XOR function inputs; and
  
  writing the plurality of random blocks and second XOR result to at least one storage medium.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising the step ofrecovering the designated file by using the XOR function with the second XOR result and the plurality of random blocks as the XOR function inputs.

3. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:
- executing instructions on at least one of the processors to generate a plurality of random blocks of data;
  
  generating a first XOR result by using an XOR function with the plurality of random blocks of data as the XOR function inputs;
  
  generating a tail value by using the XOR function with the first XOR result and a random encryption key as the XOR function inputs;
  
  encrypting a designated file using the random encryption key;
  
  writing the plurality of random blocks and the tail value to the at least one storage medium; and
  
  writing the encrypted designated file to the at least one storage medium.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 4. The method of claim 3, further comprising:
    - recovering the random encryption key by using the XOR function with the tail value and the plurality of random blocks as the XOR function inputs; and
      
      decrypting the designated file using the recovered random encryption key.
  - 5. The method of claim 3, wherein the random encryption key uses 256 bit AES security protocol.
  - 6. The method of claim 3, further comprising:
    - encrypting the random encryption key with a public key,wherein the public key has a corresponding private key and the corresponding private key is held by an administrator account.
  - 7. The method of claim 6, wherein access to the private key is based on physical presence at the system.
  - 8. The method of claim 7, wherein physical presence is authenticated by direct console access.
  - 9. The method of claim 7, wherein physical presence is authenticated by a hardware token.
  - 10. The method of claim 7, wherein physical presence is authenticated by a private key stored on portable memory device.
  - 11. The method of claim 3, further comprising:
    - associating at least one random encryption key with a user'"'"'s account.
  - 12. The method of claim 11, wherein the at least one random encryption key corresponds to the last file opened by the user.
  - 13. The method of claim 3, further comprising:
    - resizing the files by;
      
      removing designated blocks from the plurality of random blocks to create a subset of random blocks;
      
      generating a new tail value using the XOR function with the random encryption key and the subset of random blocks as the XOR function inputs;
      
      appending the new tail value to the subset of random blocks; and
      
      reclaiming the storage space represented by the designated blocks.
  - 14. The method of claim 3, further comprising:
    - resizing the file system by;
      
      generating a new random blocks XOR result by using the XOR function with unused random blocks from the plurality of random blocks as the XOR function inputs;
      
      generating a new and existing random blocks XOR result using the XOR function with the new random blocks XOR result and the first XOR result;
      
      generating a new tail value using the XOR function with the new random blocks XOR result and the new and existing random blocks XOR result as the XOR function inputs; and
      
      appending the unused random blocks and the new tail value to the existing random blocks.
  - 15. The method of claim 3, further comprising:
    - splitting the designated file into multiple sections to separately encrypt the sections.

16. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:
- executing instructions on at least one of the processors to generate a pool of a plurality of random blocks; and
  
  computing the XOR result of random blocks in the pool of a plurality of random blocks using the XOR function.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the executing is performed when the system is idle.
  - 18. The method of claim 16, further comprising:
    - executing instructions on at least one of the processors to select a pre-computed XOR result of random blocks;
      
      generating a tail value by using the XOR function with the pre-computed XOR result and a random encryption key as the XOR function inputs;
      
      encrypting the new designated file using the random encryption key; and
      
      appending the tail value and encrypted new designated file to the random blocks relating to the pre-computed XOR result.

19. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:
- writing a plurality of random blocks to different locations on one or more storage media;
  
  wherein each random block contains the location of the next random block to be read.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the one or more storage media is comprised of magnetic drives.

21. A computer system for deterring malicious network attacks, the computer system comprising:
- one or more processors;
  
  one or more interfaces operatively coupled to at least one of the processors; and
  
  one or more computer-readable storage media operatively coupled to at least one of the processors and encoded with instructions that, when executed by at least one of the processors, cause the computer system at least to;
  
  execute instructions on at least one of the processors to generate a plurality of random blocks of data;
  
  generate a first XOR result by using the XOR function with the plurality of random blocks of data as the XOR function inputs;
  
  generate a second XOR result by using the XOR function with a designated data file and the first XOR result as the XOR function inputs; and
  
  write the plurality of random blocks and second XOR result to at least one storage medium.
- View Dependent Claims (22)
- - 22. The computer system of claim 21, further comprising instructions that cause the computer system at least torecover the designated file by using the XOR function with the second XOR result and the plurality of random blocks as the XOR function inputs.

23. A computer system for deterring malicious network attacks, the computer system comprising:
- one or more processors;
  
  one or more interfaces operatively coupled to at least one of the processors; and
  
  one or more computer-readable storage media operatively coupled to at least one of the processors and encoded with instructions that, when executed by at least one of the processors, cause the computer system at least to;
  
  execute instructions on at least one of the processors to generate a plurality of random blocks of data;
  
  generate a first XOR result by using the XOR function with the plurality of random blocks of data as the XOR function inputs;
  
  generate a tail value by using the XOR function with the first XOR result and a random encryption key as the XOR function inputs;
  
  encrypt a designated file using the random encryption key;
  
  write the plurality of random blocks and tail value to at least one storage medium; and
  
  write the encrypted designated file to at least one storage medium.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 24. The computer system of claim 23, further comprising instructions that cause the computer system at least torecover the random encryption key by using the XOR function with the tail value and the plurality of random blocks as the XOR function inputs;
    - anddecrypt the designated file using the recovered random encryption key.
  - 25. The computer system of claim 23, wherein the random encryption key uses 256 bit AES security protocol.
  - 26. The computer system of claim 23, further comprising instructions that cause the computer system at least toencrypt the random encryption key with a public key,wherein the public key has a corresponding private key and the corresponding private key is held by an administrator account.
  - 27. The computer system of claim 26, wherein access to the private key is based on physical presence at the system.
  - 28. The computer system of claim 27, wherein physical presence is authenticated by direct console access.
  - 29. The computer system of claim 27, wherein physical presence is authenticated by a hardware token.
  - 30. The computer system of claim 27, wherein physical presence is authenticated by a portable memory device comprising the private key.
  - 31. The computer system of claim 23, further comprising instructions that cause the computer system at least tostore at least one random encryption key on a user'"'"'s account.
  - 32. The computer system of claim 31, wherein the at least one stored random encryption key corresponds to the last file opened by the user.
  - 33. The computer system of claim 23, further comprising instructions that cause the computer system at least toresize the file system by:
    - removing designated blocks from the plurality of random blocks to create a subset of random blocks;
      
      generating a new tail value using the XOR function with the random encryption key and the subset of random blocks as the XOR function inputs;
      
      appending the new tail value to the subset of random blocks; and
      
      reclaiming the storage space represented by the designated blocks.
  - 34. The computer system of claim 23, further comprising instructions that cause the computer system at least toresize the files by:
    - generating a new random blocks XOR result by using the XOR function with unused random blocks from the plurality of random blocks as the XOR function inputs;
      
      generating a new and existing random blocks XOR result using the XOR function with the new random blocks XOR result and the first XOR result;
      
      generating a new tail value using the XOR function with the new random blocks XOR result and the new and existing random blocks XOR result as the XOR function inputs; and
      
      appending the unused random blocks and the new tail value to the existing random blocks.
  - 35. The computer system of claim 23, further comprising instructions that cause the computer system at least tosplit the designated file into multiple sections to separately encrypt the sections.

36. A computer system for deterring malicious network attacks, the computer system comprising:
- one or more processors;
  
  one or more interfaces operatively coupled to at least one of the processors; and
  
  one or more computer-readable storage media operatively coupled to at least one of the processors and encoded with instructions that, when executed by at least one of the processors, cause the computer system at least to;
  
  execute instructions on at least one of the processors to generate a pool of a plurality of random blocks; and
  
  compute the XOR result of random blocks in the pool of a plurality of random blocks using the XOR function.
- View Dependent Claims (37, 38)
- - 37. The computer system of claim 36, wherein the executing step is performed when the system is idle.
  - 38. The computer system of claim 36, further comprising instructions that cause the computer system at least toexecute instructions on at least one of the processors to select a pre-computed XOR result of random blocks;
    - generate a tail value by using the XOR function with the pre-computed XOR result and a random encryption key as the XOR function inputs;
      
      encrypt the new designated file using the random encryption key; and
      
      append the tail value and encrypted new designated file to the random blocks relating to the pre-computed XOR result.

39. A computer system for deterring malicious network attacks, the computer system comprising:
- one or more processors;
  
  one or more interfaces operatively coupled to at least one of the processors; and
  
  one or more computer-readable storage media operatively coupled to at least one of the processors and encoded with instructions that, when executed by at least one of the processors, cause the computer system at least to;
  
  write a plurality of random blocks to different locations on one or more storage media;
  
  wherein each random block contains the location of the next random block to be read.
- View Dependent Claims (40)
- - 40. The computer system of claim 39, wherein the one or more storage media is comprised of magnetic drives.

41-60. -60. (canceled)

61. A computerized method for deterring malicious network attacks, the method being performed by a computer system that comprises one or more processors and one or more storage media operatively coupled to at least one of the processors, the method comprising:
- generating data structures configured to expand a plurality of files on a stored on the data storage of a plurality of networked computers such that it takes a client a longer time to read data from the system'"'"'s storage media.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Georgetown University
Original Assignee
Georgetown University
Inventors
SHIELDS, Thomas Clay

Granted Patent

US 9,483,640 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1466   Key-lock mechanism

G06F 21/50   Monitoring users, programs ...

G06F 21/552   involving long-term monitor...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2221/034   Test or assess a computer o...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

SYSTEM AND METHOD FOR DETERMINING MALICIOUS NETWORK ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

61 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DETERMINING MALICIOUS NETWORK ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

61 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links