In transit detection of computer virus with safeguard

US 5,319,776 A
Filed: 09/29/1992
Issued: 06/07/1994
Est. Priority Date: 04/19/1990
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. In a system for transferring digital data for storage in a computer storage medium, a method of screening the data as it is being transferred and automatically inhibiting the storage of screened data containing at least one predefined sequence, comprising the steps of:

causing a quantity of digital data resident on a source storage medium to be transferred to a computer system having a destination storage medium;

receiving and screening the transferred digital data prior to storage on the destination storage medium to determine if at least one of a plurality of predefined sequences are present in the digital data received; and

in response to said screening step;

(a) automatically causing the screened digital data to be stored on said destination storage medium if none of the plurality of predefined sequences are present, and(b) automatically inhibiting the screened digital data from being stored on said destination storage medium if at least one predefined sequence is present.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Data is tested in transit between a source medium and a destination medium, such as between two computer communicating over a telecommunications link or network. Each character of the incoming data stream is tested using a finite state machine which is capable of testing against multiple search strings representing the signatures of multiple known computer viruses. When a virus is detected the incoming data is prevented from remaining on the destination storage medium. Both hardware and software implementations are envisioned.

Citations

20 Claims

1. In a system for transferring digital data for storage in a computer storage medium, a method of screening the data as it is being transferred and automatically inhibiting the storage of screened data containing at least one predefined sequence, comprising the steps of:
- causing a quantity of digital data resident on a source storage medium to be transferred to a computer system having a destination storage medium;
  
  receiving and screening the transferred digital data prior to storage on the destination storage medium to determine if at least one of a plurality of predefined sequences are present in the digital data received; and
  
  in response to said screening step;
  
  (a) automatically causing the screened digital data to be stored on said destination storage medium if none of the plurality of predefined sequences are present, and(b) automatically inhibiting the screened digital data from being stored on said destination storage medium if at least one predefined sequence is present.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein at least one predefined sequence is based upon a computer virus signature.
  - 3. The method of claim 1 wherein said screening step is performed using at least one finite state table.
  - 4. The method of claim 1 wherein said screening step includes decompressing the digital data received.
  - 5. The method of claim 1 wherein said screening step includes decompressing the digital data received and determining if at least one predefined sequence is present in the decompressed digital data using at least one finite state table.
  - 6. The method of claim 1 wherein said screening step includes simultaneously testing to determine if at least one of at least two predefined sequences are present in the digital data received.
  - 7. The method of claim 1 further comprising loading a prebuilt finite state table in a computer and using said prebuilt finite state table to perform said screening step.
  - 8. The method of claim 1 wherein said destination storage medium has an associated file handling mechanism whereby stored data is selectively marked to be retained and to be discarded by overwriting and wherein said inhibiting step comprises utilizing the file handling mechanism to mark data stored on said destination storage medium as a result of said transmission to be discarded.
  - 9. The method of claim 8 wherein said inhibiting step further comprises overwriting at least a portion of the data marked to be discarded.
  - 10. The method of claim 1 wherein said screening step is performed by buffering said digital data while determining if at least one predefined sequence is present in the digital data received and in response to said screening:
    - (a) causing the buffered digital data to be stored on said destination storage medium if none of the predefined sequences are present, and(b) discarding the buffered digital data if at least one predefined sequence is present.
  - 11. The method of claim 1 further comprising p1 performing an error check on the digital data received to determine if an error occurred during the data transfer and causing at least a portion of the data transfer to be repeated in the event an error occurred.
  - 12. The method of claim 1 wherein said source storage medium and said destination storage medium are different parts of the same storage medium.
  - 13. The method of claim 1 wherein said known destination storage medium is a nonvolatile storage medium.
  - 14. The method of claim 1 wherein said source storage medium is in the domain of a first central processing unit and the destination storage medium is in the domain of a second central processing unit.
  - 15. The method of claim 1 wherein said source storage medium is a removable medium adapted to be read by said computer system.
  - 16. The method of claim 14 wherein said first and second central processing units communicate over a telecommunications link and wherein said digital data is sent over said link.
  - 17. The method of claim 1 further comprising:
    - causing a second quantity of digital data to be transferred to said computer system which at least partly overlaps in time with said data transfer from said source storage medium;
      
      receiving and substantially simultaneously processing the second quantity of digital data to determine if at least one of said predefined sequences is present in the second quantity of digital data.

18. A method of preventing the spread of computer viruses to a computer having a storage medium, comprising the steps of:
- simultaneously searching for a plurality of virus signatures, each of which comprising an identifiable digital sequence, while said computer is receiving a stream of digital data for storage on said storage medium;
  
  providing an indication of the detection of a virus from said searching step; and
  
  automatically inhibiting the storage of said digital stream on said storage medium if any of said virus signatures have been detected.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein said searching step includes the step of loading at least one prebuilt finite state table into a random access memory of said computer against which the digital stream is compared as the digital stream is received.
  - 20. The method according to claim 19, wherein said digital stream is a file received as a serialized bitstream over a telecommunications link.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Hilgraeve Corporation
Inventors
Wakelin, Donald L., Hile, John K., Gray, Matthew H.
Primary Examiner(s)
Atkinson, Charles E.
Assistant Examiner(s)
HUA, LY

Application Number

US07/954,784
Time in Patent Office

616 Days
Field of Search

364/200, 380/4, 380/25, 380/24, 371/67.1, 395/575
US Class Current

726/24
CPC Class Codes

G06F 11/0763   by bit configuration check,...

G06F 21/564   by virus signature recognition

H04L 63/145   the attack involving the pr...

In transit detection of computer virus with safeguard

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

In transit detection of computer virus with safeguard

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links