Identification of undesirable content in responses sent in reply to a user request for content

US 7,640,434 B2
Filed: 01/11/2002
Issued: 12/29/2009
Est. Priority Date: 05/31/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system for identifying a computer virus in a response received in reply to a user request, the system comprising:

a user input device that generates a user request including a protocol field;

a network component that executes a redirection program, the redirection program including a scan module that receives the user request before the request is processed for transmission to either a target server or to a destination server and is capable of identifying the request as a request for content by scanning the protocol field and identifying a protocol that is only for requesting and retrieving content and the redirection program also including a proxy module that modifies the request by adding a redirection destination header to the request so that it is redirected to a proxy server if the protocol is only for requesting and retrieving content, and wherein the proxy module leaves the user request unaltered if the protocol is not only for requesting and retrieving content, such that no redirection destination header is added and the user request is forwarded for processing by a gateway device and for transmission to the destination server;

a network that routes the request to the proxy server; and

the proxy server that receives user-defined configuration data during a negotiation phase of establishing a connection between the proxy module and proxy server, receives the request, removes the redirection destination header, forwards the request to the target server, and receives a response from the target server, the proxy server having a decoding module for decoding the response a content scanning module to scan a decoded response and a user-defined configuration data scanning module to apply user-defined configuration data to the decoded response and a return address appending module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system identifies undesirable content in responses sent to a user, such as in e-mail or in downloadable files, from an Internet or intranet site. The system utilizes a redirection program that identifies content requests from a user to a target server. The redirection program redirects the request to a proxy server that sends the request to the target server. Upon receipt of the response from the target server, the proxy server scans the response, which includes any attachments, for undesirable content, such as junk e-mails, computer viruses, pornographic material, and/or other undesirable content. The proxy server then acts upon the response, and any undesirable content, in accordance with default or user-defined parameters, such as removal of the undesirable content. The proxy server may then send the response, as modified, or a notification message to the redirection program forwarding to the user.

91 Citations

View as Search Results

23 Claims

1. A system for identifying a computer virus in a response received in reply to a user request, the system comprising:
- a user input device that generates a user request including a protocol field;
  
  a network component that executes a redirection program, the redirection program including a scan module that receives the user request before the request is processed for transmission to either a target server or to a destination server and is capable of identifying the request as a request for content by scanning the protocol field and identifying a protocol that is only for requesting and retrieving content and the redirection program also including a proxy module that modifies the request by adding a redirection destination header to the request so that it is redirected to a proxy server if the protocol is only for requesting and retrieving content, and wherein the proxy module leaves the user request unaltered if the protocol is not only for requesting and retrieving content, such that no redirection destination header is added and the user request is forwarded for processing by a gateway device and for transmission to the destination server;
  
  a network that routes the request to the proxy server; and
  
  the proxy server that receives user-defined configuration data during a negotiation phase of establishing a connection between the proxy module and proxy server, receives the request, removes the redirection destination header, forwards the request to the target server, and receives a response from the target server, the proxy server having a decoding module for decoding the response a content scanning module to scan a decoded response and a user-defined configuration data scanning module to apply user-defined configuration data to the decoded response and a return address appending module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1 wherein the proxy server identifies the computer virus in the response and processes the response according to defined parameters.
  - 3. The system of claim 2, wherein the proxy server sends at least a portion of the response to the user, the portion of the response not including the computer virus.
  - 4. The system of claim 2, wherein the proxy server sends a notification message back to the user, the notification message containing data related to the computer virus.
  - 5. The system of claim 1, further comprising:
    - a user preference module that receives user-defined parameters utilized by the proxy server when processing the response.
  - 6. The system of claim 1, wherein the proxy module redirects the request to the proxy server by modifying the request.
  - 7. The system of claim 6, wherein the proxy module modifies the request by adding a redirection destination header to the request.
  - 8. The system of claim 1, wherein the proxy server further quarantines the computer virus.
  - 9. The system of claim 1, wherein the defined parameters are proxy server default parameters.
  - 10. The system of claim 1, wherein the defined parameters are user-defined parameters.
  - 11. The system of claim 1, wherein the defined parameters are a combination of user-defined parameters and proxy server default parameters.
  - 12. The system of claim 1, wherein the scan module and the proxy module are located in the network gateway device.
  - 13. The system of claim 1, wherein the network gateway device further comprises a firewall and a router.

14. A method for identifying undesirable content in responses received in reply to a user request, the method comprising:
- receiving, at a redirection program executing on a network computing device, input from a user computer including at least one request, the request having a protocol field;
  
  before the request is transmitted on a network, scanning at a scan module in the redirection program the protocol field of the request to determine whether a protocol of the request is only for requesting and retrieving content;
  
  if the protocol of the request is only for requesting and retrieving content, at a proxy module in the redirection program, modifying the request by adding a redirection destination header to the request, thereby redirecting the request to a proxy server from where the user request is transmitted to a target server;
  
  if the protocol of the request is not only for requesting and retrieving content, at the proxy module in the redirection program, passing the request unaltered such that the request bypasses the proxy server and is processed by a gateway network device and is transmitted to a destination server;
  
  receiving the request at the proxy server;
  
  receiving user-defined configuration data at the proxy server during a negotiation phase of establishing a connection between the proxy module and proxy server;
  
  removing the redirection destination header from the request at the proxy server;
  
  sending the request from the proxy server to the target server for generation of a response;
  
  receiving a response from the target server at the proxy server;
  
  decoding the response at the proxy server;
  
  scanning the decoded response for a computer virus, junk e-mail, or pornographic content at the proxy server;
  
  if a computer virus, junk e-mail, or pornographic content is detected, processing the decoded response at the proxy server according to the user-defined configuration data, re-encoding the response and appending a return address so that the response is sent to the user computer; and
  
  if a computer virus, junk e-mail, or pornographic content is not detected, re-encoding the response and appending the return address so that the response is sent to the user computer.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, further comprising:
    - identifying the undesirable content in the response;
      
      modifying the response to remove the undesirable content; and
      
      sending the modified response from the proxy server to the user computer.
  - 16. The method of claim 14, wherein the request is redirected to the proxy server by establishing a session with the proxy server.
  - 17. The method of claim 14, further comprising:
    - receiving input of at least one user-defined parameter at the proxy module which stores the parameter in a database and may forward to the proxy server during negotiation phase of the connection with the proxy server.
  - 18. The method of claim 17, wherein the user-defined parameter is input using a browser application.
  - 19. The method of claim 17, wherein the user-defined parameter is sent to the proxy server by modifying the request.
  - 20. The method of claim 17, wherein the user-defined parameter is sent to the proxy server during a session established with the proxy server.
  - 21. The method of claim 14 further comprising:
    - storing the user-defined configuration data at the proxy module.
  - 22. The method of claim 14 further comprising:
    - storing the user-defined configuration data at the proxy server.
  - 23. The method of claim 14 further comprising:
    - retrieving the previously stored user-defined configuration data at the proxy server when processing the decoded response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Lin, Yi-Jing, Lee, Frank, Chen, Eva, Liang, Jeremy G.
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US10/043,910
Publication Number

US 20020178381A1
Time in Patent Office

2,909 Days
Field of Search

713182-202, 709200-220
US Class Current

713/182
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06Q 10/107   Computer-aided management o...

G06Q 30/02   Marketing; Price estimation...

H04L 51/212   using filtering or selectiv...

H04L 51/214   using selective forwarding

H04L 63/02   for separating internal fro...

H04L 63/145   the attack involving the pr...

H04L 67/563   Data redirection of data ne...

H04L 67/5651   Reducing the amount or size...

Identification of undesirable content in responses sent in reply to a user request for content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Identification of undesirable content in responses sent in reply to a user request for content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links