Computer network virus protection system and method

US 7,913,078 B1
Filed: 01/09/2007
Issued: 03/22/2011
Est. Priority Date: 06/22/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting against a potentially virus-infected message, the method comprising:

receiving an original message comprising an executable code in a gatekeeper server;

forwarding the original message from the gatekeeper server to a sacrificial server;

creating from the original message a non-executable format message by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message; and

forwarding the non-executable format message to an intended recipient of the original message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network is protected from viruses through the use of a sacrificial server, which may be physical or virtual. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted.

41 Citations

View as Search Results

64 Claims

1. A method for protecting against a potentially virus-infected message, the method comprising:
- receiving an original message comprising an executable code in a gatekeeper server;
  
  forwarding the original message from the gatekeeper server to a sacrificial server;
  
  creating from the original message a non-executable format message by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message; and
  
  forwarding the non-executable format message to an intended recipient of the original message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the executable code is contained in a body of the original message.
  - 3. The method of claim 2, wherein the executable code comprises a hypertext link, and wherein the creating comprises deactivating the hypertext link.
  - 4. The method of claim 1, wherein the executable code is contained in an attachment of the original message.
  - 5. The method of claim 4, wherein a plurality of sacrificial servers are in communication with the gatekeeper server, the attachment from the gatekeeper server is forwarded to one of the plurality of sacrificial servers, and the creating is carried out on the sacrificial server to which the attachment has been forwarded.
  - 6. The method of claim 5, wherein the plurality of sacrificial servers are physically separate from the gatekeeper server.
  - 7. The method of claim 5, wherein the plurality of sacrificial servers are logically separate from the gatekeeper server, with separation being provided by emulated or partitioned execution space that is distinct for each sacrificial server and the gatekeeper server.
  - 8. The method of claim 4, wherein the creating comprises:
    - maintaining a list of approved attachment file types and extensions;
      
      determining whether the attachment is of a type or extension which is in the list of approved attachment file types and extensions; and
      
      if the attachment is not of a type or extension which is in the list of approved attachment file types and extensions, informing the recipient that a message containing a non-approved attachment has been received.
  - 9. The method of claim 1, further comprising examining the sacrificial server for virus activity.
  - 10. The method of claim 9, further comprising rebooting the sacrificial server from a safe copy of an operating system obtained from a read-only device.
  - 11. The method of claim 1, further comprising authenticating communication between the gatekeeper server and the sacrificial server using a challenge-and-response technique.
  - 12. The method of claim 1, wherein the creating comprises:
    - maintaining a list of approved executable code;
      
      determining whether the executable code is in the list of approved executable code; and
      
      deactivating the executable code if the executable code is not in the list of approved executable code.
  - 13. The method of claim 12, wherein the list of approved executable code includes information for determining whether the approved executable code has been altered, and the creating further comprises:
    - determining whether the executable code has been altered; and
      
      deactivating the executable code if the executable code has been altered.
  - 14. The method of claim 13, wherein the determining whether the executable code has been altered is performed through an algorithmic technique.
  - 15. The method of claim 14, wherein the algorithmic technique is a check-summing technique.
  - 16. The method of claim 14, wherein the algorithmic technique is a hashing technique.
  - 17. The method of claim 14, wherein the algorithmic technique is a Boolean exclusive-or technique.
  - 18. The method of claim 14, wherein the algorithmic technique is a digital-subtraction technique.
  - 19. The method of claim 1, wherein the creating comprises:
    - forming a first copy and a second copy of at least a portion of the original message containing the executable code;
      
      executing the executable code in the first copy but not the second copy; and
      
      if the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
  - 20. The method of claim 1, wherein the gatekeeper server and the sacrificial server are implemented as virtual machines.

21. A system for protecting against a potentially virus-infected message, the system comprising:
- a workstation computer on a network associated with an intended recipient of an original message comprising an executable code;
  
  a gatekeeper server, in communication with the workstation computer, for receiving the original message; and
  
  a sacrificial server on the network for creating from the original message a non-executable format message by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message and forwarding the non-executable format message to the workstation computer.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 22. The system of claim 21, wherein the gatekeeper server is an emulated or partitioned execution space on a host computer.
  - 23. The system of claim 21, wherein the sacrificial server is an emulated or partitioned execution space on a host computer.
  - 24. The system of claim 21, wherein the gatekeeper server and the sacrificial server are emulated or partitioned execution spaces on a host computer, and wherein the gatekeeper server and the sacrificial server communicate via shared memory, hardware backplane, internal communications protocol, operating system level networking protocols, or interprocess communications between emulated or partitioned execution spaces on the host computer.
  - 25. The system of claim 21, wherein the executable code is contained in a body of the original message.
  - 26. The system of claim 25, wherein the executable code comprises a hypertext link, and wherein the creating comprises deactivating the hypertext link.
  - 27. The system of claim 21, wherein the executable code is contained in an attachment of the original message.
  - 28. The system of claim 21, wherein the sacrificial server is one of a plurality of sacrificial servers which are in communication with the gatekeeper server.
  - 29. The system of claim 28, wherein the plurality of sacrificial servers are physically separate from the gatekeeper server.
  - 30. The system of claim 28, wherein the plurality of sacrificial servers are logically separate from the gatekeeper server and execute in emulated or partitioned execution spaces.
  - 31. The system of claim 28, wherein the plurality of sacrificial servers are examined for virus activity.
  - 32. The system of claim 31, wherein the network further comprises a read-only device, and wherein the sacrificial servers are rebooted from a safe copy of an operating system obtained from the read-only device.
  - 33. The system of claim 28, wherein communications between the gatekeeper server and the sacrificial servers are authenticated using a challenge-and-response technique.
  - 34. The system of claim 21, wherein the network maintains a list of approved attachment file types and extensions, determines whether the attachment is of a file type or extension which is in the list of approved attachment file types and extensions, and, if the attachment is not of a file type or extension which is in the list of approved attachment file types and extensions, informs the recipient that a message containing a non-approved attachment has been received.
  - 35. The system of claim 21, wherein the network maintains a list of approved executable code, determines whether the executable code is in the list of approved executable code, and deactivates the executable code if the executable code is not in the list of approved executable code.
  - 36. The system of claim 35, wherein the list of approved executable code includes information for determining whether the approved executable code has been altered, the network determines whether the executable code has been altered, and the executable code is deactivated if the executable code has been altered.
  - 37. The system of claim 36, wherein the system determines whether the executable code has been altered through an algorithmic technique.
  - 38. The system of claim 37, wherein the algorithmic technique is a check-summing technique.
  - 39. The system of claim 37, wherein the algorithmic technique is a hashing technique.
  - 40. The system of claim 37, wherein the algorithmic technique is a Boolean exclusive-or technique.
  - 41. The system of claim 37, wherein the algorithmic technique is a digital-subtraction technique.
  - 42. The system of claim 21, wherein the sacrificial server creates the non-executable format message by:
    - forming a first copy and a second copy of at least a portion of the original message containing the executable code;
      
      executing the executable code in the first copy but not the second copy; and
      
      if the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
  - 43. The system of claim 21, wherein the gatekeeper server and the sacrificial server are implemented as virtual machines.

44. A sacrificial server for protecting against a potentially virus infected message, the sacrificial server comprising:
- communication means for receiving an original message attachment from a network; and
  
  processing means for creating from the original message attachment a non-executable format message attachment by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message and for returning the non-executable format message attachment to the network.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 45. The sacrificial server of claim 44, wherein the processing means creates the non-executable format message attachment by:
    - forming a first copy and a second copy of at least a portion of the original message attachment containing an executable code;
      
      executing the executable code in the first copy but not the second copy; and
      
      if the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
  - 46. The sacrificial server of claim 44, wherein the sacrificial server is examined for virus activity.
  - 47. The sacrificial server of claim 46, wherein the sacrificial server determines whether the original message attachment has been altered through the use of an algorithmic technique.
  - 48. The sacrificial server of claim 47, wherein the algorithmic technique is a check-summing technique.
  - 49. The sacrificial server of claim 47, wherein the algorithmic technique is a hashing technique.
  - 50. The sacrificial server of claim 47, wherein the algorithmic technique is a Boolean exclusive-or technique.
  - 51. The sacrificial server of claim 47, wherein the algorithmic technique is a digital-subtraction technique.
  - 52. The sacrificial server of claim 46, wherein the sacrificial server further comprises a read-only device and is rebooted from a safe copy of an operating system obtained from the read-only device.
  - 53. The sacrificial server of claim 44, wherein communications between the network and the sacrificial server are authenticated using a challenge-and-response technique.
  - 54. The sacrificial server of claim 44, wherein the sacrificial server stores a list of approved attachment file types and extensions, determines whether the attachment is of a file type or extension which is in the list of approved attachment file types and extensions, and, if the attachment is not of a file type or extension which is in the list of approved attachment file types and extensions, and informs the network that a message containing a non-approved attachment has been received.
  - 55. The sacrificial server of claim 44, wherein the sacrificial server maintains a list of approved executable code, determines whether the attachment contains executable code and whether the executable code is in the list of approved executable code, and deactivates the executable code if the executable code is not in the list of approved executable code.
  - 56. The sacrificial server of claim 55, wherein the list of approved executable code includes information for determining whether the approved executable code has been altered, if the executable code is in the list of approved executable code, the sacrificial server determines whether the executable code has been altered, and the executable code is deactivated if the executable code has been altered.
  - 57. The sacrificial server of claim 44, wherein the sacrificial server is an emulated or partitioned execution space on a host computer.

58. An article of manufacture including a non-transitory computer-readable medium having instructions stored thereon, execution of which by a computing device causes the computing device to perform operations comprising:
- receiving an original message comprising an executable code in a gatekeeper server;
  
  forwarding the original message from the gatekeeper server to a sacrificial server;
  
  creating from the original message a non-executable format message by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message; and
  
  forwarding the non-executable format message to an intended recipient of the original message.
- View Dependent Claims (59, 60, 61)
- - 59. The article of manufacture of claim 58, wherein the creating comprises:
    - maintaining a list of approved attachment file types and extensions;
      
      determining whether the attachment is of a type or extension which is in the list of approved attachment file types and extensions; and
      
      if the attachment is not of a type or extension which is in the list of approved attachment file types and extensions, informing the recipient that a message containing a non-approved attachment has been received.
  - 60. The computer readable medium article of manufacture of claim 58, wherein the creating comprises:
    - maintaining a list of approved executable code;
      
      determining whether the executable code is in the list of approved executable code; and
      
      deactivating the executable code if the executable code is not in the list of approved executable code.
  - 61. The article of manufacture of claim 58, wherein the gatekeeper server and the sacrificial server are implemented as virtual machines.

62. An apparatus for protecting against a potentially virus infected message, the apparatus comprising:
- a gatekeeper device configured to;
  
  receive an original message attachment from a network, andforward the original message to a sacrificial server, wherein the sacrificial server is configured to create from the original message attachment a non-executable format message attachment by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message and for returning the non-executable format message attachment to the network.
- View Dependent Claims (63)
- - 63. The apparatus of claim 62, wherein the gatekeeper device and the sacrificial server are implemented as virtual machines.

64. A system comprising:
- a gatekeeper device configured to receive an original message comprising an executable code; and
  
  a sacrificial processor configured to;
  
  receive the original message from the gatekeeper device,create from the original message a non-executable format message by using one of a plurality of application-level conversion processes selected in accordance with a type of the message, the non-executable format retaining an appearance, human readability and semantic content of the original message, andforward the non-executable format message to an intended recipient of the original message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Hook, Robert G., Carrera, Marcelo, Stewart, Walter Mason, Rust, Ronald, Shotton, Charles
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US11/650,561
Time in Patent Office

1,533 Days
Field of Search

None
US Class Current

713/152
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/567   using dedicated hardware

H04L 51/066   Format adaptation, e.g. for...

H04L 51/212   using filtering or selectiv...

H04L 63/145   the attack involving the pr...

Computer network virus protection system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

64 Claims

Specification

Use Cases

Quick Links

Others

Computer network virus protection system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

64 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others