Method and apparatus for identifying and characterizing errant electronic files

DC CAFC

US 7,757,298 B2
Filed: 06/03/2005
Issued: 07/13/2010
Est. Priority Date: 04/30/1999
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:

under control of one or more configured computer systems;

selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of;

selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold;

selecting the file based on whether content of the file matches a file type indicated by a name of the file;

orselecting the file based on whether the file comprises data beyond an end of data marker for the file;

generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file;

comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and

characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

3 Petitions

Accused Products

Abstract

A computer system includes a, server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored file; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.

53 Citations

View as Search Results

16 Claims

1. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:
- under control of one or more configured computer systems;
  
  selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of;
  
  selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold;
  
  selecting the file based on whether content of the file matches a file type indicated by a name of the file;
  
  orselecting the file based on whether the file comprises data beyond an end of data marker for the file;
  
  generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file;
  
  comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and
  
  characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, further comprising selecting the file from one of a plurality of sequentially-ordered files in a directory of the computer storage medium.
  - 3. The computer-implemented method of claim 1, wherein generating an identification value comprises generating a checksum.
  - 4. The computer-implemented method of claim 3, wherein-generating an identification value comprises generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a second portion of said stored file.
  - 5. The computer-implemented method of claim 3, wherein generating an identification value comprises generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a larger portion of said stored file that includes the first portion.
  - 6. The computer-implemented method of claim 1, further comprising processing a plurality of known unauthorized files to generate the plurality of identification values.
  - 7. The computer-implemented method of claim 1, further comprising presenting the identified unauthorized file for human review prior to disposing of it.
  - 8. The computer-implemented method of claim 1, further comprising automatically notifying a third party that the file has been identified.
  - 9. The computer-implemented method of claim 1, further comprising deleting the identified unauthorized file from the computer storage medium.

10. A computer system, comprising:
- a server having a memory connected, thereto, said server being adapted to be connected to a network to permit remote storage and retrieval of data files from the memory; and
  
  a file identification application operative with the server to identify unauthorized files stored in the memory, the file identification application providing the functions of;
  
  selecting a file from a plurality of files stored in the memory, wherein selecting the file is performed according to at least one of;
  
  selecting the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold;
  
  selecting the file based on whether content of the file matches a file type indicated by a name of the file;
  
  orselecting the file based on whether the file comprises data beyond an end of data marker for the file;
  
  generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file;
  
  comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and
  
  characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the application further comprises the function of selecting the file from one of a plurality of sequentially-ordered files in a directory of the computer storage medium.
  - 12. The system of claim 10, wherein the application further comprises the function of selecting the file from a plurality of files stored in the computer storage medium, based on size of the file.
  - 13. The system of claim 10, wherein generating an identification value comprises generating a checksum.
  - 14. The system of claim 13, wherein generating an identification value comprises generating a checksum corresponding to a first portion of the selected file and a second checksum corresponding to a second portion of the selected file.
  - 15. The system of claim 13, wherein generating an identification value comprises generating a first checksum corresponding to a first portion of the selected file and a second checksum corresponding to a larger portion of the selected file that includes the first portion.

16. A non-transitory computer-readable storage medium having instructions stored thereon that, in response to execution by a computing device, cause the computing device to perform a operations comprising:
- selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of;
  
  selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold;
  
  selecting the file based on whether content of the file matches a file type indicated by a name of the file;
  
  orselecting the file based upon whether the file comprises data beyond an end of data marker for the file;
  
  categorizing the selected file as an unauthorized file based on a comparison of an identification value associated with the selected file with one or more identification values associated with one or more of a plurality of unauthorized files.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Hoshiko LLC (Raoul Management LLC)
Inventors
Shuster, Gary Stephen
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US11/145,125
Publication Number

US 20050228795A1
Time in Patent Office

1,866 Days
Field of Search

726/22, 726/26, 726/30, 713/189, 713/165, 713/188
US Class Current

726/30
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/148   File search processing

G06F 16/285   Clustering or classification

G06F 21/564   by virus signature recognition

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

Method and apparatus for identifying and characterizing errant electronic files

First Claim

3 Assignments

Litigations

3 Petitions

Accused Products

Abstract

53 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for identifying and characterizing errant electronic files

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

3 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links