Resisting the spread of unwanted code and data

US 8,185,954 B2
Filed: 06/09/2006
Issued: 05/22/2012
Est. Priority Date: 06/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for resisting spread of unwanted code and data without scanning incoming electronic files for unwanted code and data, the method comprising the steps, performed by a computer system, of:

(a) receiving an incoming electronic file containing content data in a predetermined file type corresponding to a set of rules;

(b) determining a purported predetermined file type of the incoming electronic file;

(c) parsing the content data in accordance with a predetermined data format comprising a set of rules corresponding to the determined purported predetermined file type; and

(d) if the content data does conform to the predetermined data format, regenerating the conforming parsed content data to create a substitute regenerated electronic file in the purported file type, said substitute regenerated electronic file containing the regenerated content datawherein step (c) includes determining conforming data in the content data that conform to the predetermined data format and determining nonconforming data in the content data that does not conform to the predetermined data format, andthe method further comprises;

passing the nonconforming data to a threat filter,maintaining data indicating authorized data sources and for each data source, data types acceptable from the data source;

determining, by the threat filter, that the nonconforming data is not a threat, if (i) a source of the content data is one of the authorized data sources and (ii) a data type of the nonconforming data is one of the data types acceptable from the source; and

adding the nonconforming data to said substitute regenerated electronic file, if the threat filter determines that the nonconforming data is not a threat.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.

89 Citations

View as Search Results

21 Claims

1. A method for resisting spread of unwanted code and data without scanning incoming electronic files for unwanted code and data, the method comprising the steps, performed by a computer system, of:
- (a) receiving an incoming electronic file containing content data in a predetermined file type corresponding to a set of rules;
  
  (b) determining a purported predetermined file type of the incoming electronic file;
  
  (c) parsing the content data in accordance with a predetermined data format comprising a set of rules corresponding to the determined purported predetermined file type; and
  
  (d) if the content data does conform to the predetermined data format, regenerating the conforming parsed content data to create a substitute regenerated electronic file in the purported file type, said substitute regenerated electronic file containing the regenerated content datawherein step (c) includes determining conforming data in the content data that conform to the predetermined data format and determining nonconforming data in the content data that does not conform to the predetermined data format, andthe method further comprises;
  
  passing the nonconforming data to a threat filter,maintaining data indicating authorized data sources and for each data source, data types acceptable from the data source;
  
  determining, by the threat filter, that the nonconforming data is not a threat, if (i) a source of the content data is one of the authorized data sources and (ii) a data type of the nonconforming data is one of the data types acceptable from the source; and
  
  adding the nonconforming data to said substitute regenerated electronic file, if the threat filter determines that the nonconforming data is not a threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A method according to claim 1 in which the data format corresponds to a subset of the predetermined set of rules for each file type.
  - 3. A method according to claim 1 comprising determining whether the content data conforms to prior known examples of acceptable data.
  - 4. A method according to claim 3 in which the data format only includes allowable control characters.
  - 5. A method according to claim 3 in which the data format contains a plurality of data items, each with an associated predetermined size limit.
  - 6. A method according to claim 5 wherein the predetermined size limit is the size of a line in an image file.
  - 7. A method according to claim 1 further comprising storing the incoming electronic file in a scrambled format in memory.
  - 8. A method according to claim 7, wherein each byte of data is stored in a bit reversed order.
  - 9. A method according to claim 7, wherein the data is stored such that each pair of data bytes received is placed in a reversed memory order.
  - 10. A method according to claim 1, further comprising forwarding the substitute regenerated electronic file only if all of the content data from within the electronic file conforms to the predetermined data format.
  - 11. A method according to claim 10 further comprising forwarding the incoming electronic file if a portion, part or whole of the content data does not conform only when the intended recipient of the electronic file has pre-approved the predetermined file type when associated with the sender of the electronic file.
  - 12. A method according to claim 1, further comprising replacing any content data that does not conform to the predetermined format with warning text.
  - 13. A method according to claim 1, wherein the incoming electronic file is an e-mail and the method further comprises forwarding the regenerated e-mail to the intended recipient if the content data conforms to the predetermined data format.
  - 14. A method according to claim 13, wherein the substitute regenerated e-mail is forwarded from an e-mail client to a hard disk drive.
  - 15. A method according to claim 13, wherein the substitute regenerated e-mail is forwarded from an Internet server provider server to an e-mail client server.
  - 16. A method according to claim 1, further comprising receiving the incoming electronic file from a removable memory device, and forwarding the substitute regenerated electronic file to a computing device.
  - 17. A non-transitory computer readable medium comprising a computer program adapted to perform the method of claim 1.
  - 18. A semiconductor device comprising a memory means including instructions for performing the method of claim 1.
  - 19. A semiconductor device according to claim 18, wherein the semiconductor device is a semi-permanent or permanent memory device.
  - 20. A network card comprising the semiconductor device of claim 18.
  - 21. The method according to claim 1, whereinstep (c) includes determining data in the content data that conform to the predetermined data format and deeming the conforming data to be free of viral and otherwise unwanted code and data and suitable for regeneration in step (d).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Glasswall (Ip) Limited
Original Assignee
Glasswall (Ip) Limited
Inventors
Scales, Nicholas John
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US11/915,125
Publication Number

US 20090138972A1
Time in Patent Office

2,174 Days
Field of Search

726/22, 726/1, 713/154, 713/165, 713/188
US Class Current

726/22
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/568   eliminating virus, restorin...

G06F 2221/034   Test or assess a computer o...

H04L 51/04   Real-time or near real-time...

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Resisting the spread of unwanted code and data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Resisting the spread of unwanted code and data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links