×

Network-based patching machine

  • US 7,343,599 B2
  • Filed: 01/03/2005
  • Issued: 03/11/2008
  • Est. Priority Date: 01/03/2005
  • Status: Active Grant
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
20
Forward Citations
3
Assignments
First Claim
Patent Images

1. A method for protecting a computer system using a universal patching machine rather than protecting a computer system by exclusively applying vendor-provided security patches to the computer system to produce a vendor-patched system, wherein when input data is applied to the vendor-patched computer system, a resulting output and state for the vendor-patched computer system are produced, wherein the input data is data traffic flowing between a communications network and the computer system, wherein the output is the resulting output data traffic produced by the computer system in response to its current state and the input data, and wherein the state is the state of the software in the computer system, the method comprising:

  • attempting to generate a conversion function for the universal patching machine that modifies input data to the computer system by performing a character replacement so that the computer system has an output and state that exactly match the output and state of the vendor-patched computer system in response to the input data before modification;

    if it is not possible to generate the conversion function that modifies the input data so that the output and state of the computer system exactly match the output and state of the vendor-patched computer system, attempting to generate a conversion function that modifies the input data to the computer system by rate limiting the input data so that the computer system has a state that exactly matches the state of the vendor-patched computer in response to the input data before modification and that has an output that approximately matches the output of the vendor-patched computer in response to the input data before modification;

    if it is not possible to generate a conversion function that modifies the input data so that the state of the computer system exactly matches the state of the vendor-patched computer system and so that the output of the computer system approximately matches the output of the vendor-patched computer system, generating a conversion function that modifies input data to the computer system so that the computer system has a state and output that approximately match the state and output of the vendor-patched computer in response to the input data before modification; and

    using the conversion function in the universal patching machine to protect the computer system.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×