Using mobility tokens to observe malicious mobile code
First Claim
1. A computer implemented method for tracking movement of files within a network, the method comprising the steps of:
- a mobility token manager on a source computer detecting an attempt to write a file to a target computer; and
responsive to the detection, the mobility token manager encrypting a mobility token containing data concerning at least the file and the write operation and writing the mobility token to the target computer.
2 Assignments
0 Petitions
Accused Products
Abstract
One or more mobility token managers (101) track movement of files (105) within a network. A mobility token manager (101) on a source computer (113) detects an attempt to write a file (105) to a target computer (117). Responsive to the detection, the mobility token manager (101) writes a mobility token (103) containing data concerning at least the file (105) and the write operation to the target computer (117). A mobility token manager (101) on the target computer (117) detects that the mobility token (103) is being written to the target computer (117). The mobility token manager (101) on the target computer (117) reads the mobility token (103), and determines relevant information concerning the file (105) associated with the mobility token (103).
-
Citations
20 Claims
-
1. A computer implemented method for tracking movement of files within a network, the method comprising the steps of:
-
a mobility token manager on a source computer detecting an attempt to write a file to a target computer; and responsive to the detection, the mobility token manager encrypting a mobility token containing data concerning at least the file and the write operation and writing the mobility token to the target computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer implemented method for tracking movement of files within a network, the method comprising the steps of:
-
a mobility token manager on a source computer detecting an attempt to write a file to a target computer, wherein the mobility token manager is instantiated as at least one system call wrapper; and responsive to the detection, the mobility token manager writing a mobility token containing data concerning at least the file and the write operation to the target computer.
-
-
14. A computer implemented method for tracking movement of files within a network, the method comprising the steps of:
-
a mobility token manager on a target computer detecting that a mobility token is being written to the target computer; the mobility token manager reading the mobility token; the mobility token manager determining relevant information concerning a file associated with the mobility token; and the mobility token manager merging data from the mobility token into a mobility token data store containing information from at least one other mobility token. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer system for tracking movement of files within a network, the computer system comprising:
-
a software portion configured to detect an attempt to write a file to a target computer; and a software portion configured to write a mobility token containing data concerning at least the file and the write operation to the target computer, responsive to the detection.
-
Specification