Malicious mobile code runtime monitoring system and methods

DC CAFC

US 8,677,494 B2
Filed: 11/07/2011
Issued: 03/18/2014
Est. Priority Date: 01/29/1997
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer-based method, comprising the steps of:

receiving an incoming Downloadable;

deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable; and

storing the Downloadable security profile data in a database.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

8 Petitions

Accused Products

Abstract

Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.

Citations

18 Claims

1. A computer-based method, comprising the steps of:
- receiving an incoming Downloadable;
  
  deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable; and
  
  storing the Downloadable security profile data in a database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-based method of claim 1 further comprising storing a date &
    - time when the Downloadable security profile data was derived, in the database.
  - 3. The computer-based method of claim 1 wherein the Downloadable includes an applet.
  - 4. The computer-based method of claim 1 wherein the Downloadable includes an active control.
  - 5. The computer-based method of claim 1 wherein the Downloadable includes program script.
  - 6. The computer-based method of claim 1 wherein suspicious computer operations include calls made to an operating system, a file system, a network system, and to memory.
  - 7. The computer-based method of claim 1 wherein the Downloadable security profile data includes a URL from where the Downloadable originated.
  - 8. The computer-based method of claim 1 wherein the Downloadable security profile data includes a digital certificate.
  - 9. The computer-based method of claim 1 wherein said deriving Downloadable security profile data comprises disassembling the incoming Downloadable.

10. A system for managing Downloadables, comprising:
- a receiver for receiving an incoming Downloadable;
  
  a Downloadable scanner coupled with said receiver, for deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable; and
  
  a database manager coupled with said Downloadable scanner, for storing the Downloadable security profile data in a database.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein said database manager also stores a date &
    - time when the Downloadable security profile data was derived by said Downloadable scanner, in the database.
  - 12. The system of claim 10 wherein the Downloadable includes an applet.
  - 13. The system of claim 10 wherein the Downloadable includes an active control.
  - 14. The system of claim 10 wherein the Downloadable includes program script.
  - 15. The system of claim 10 wherein suspicious computer operations include calls made to an operating system, a file system, a network system, and to memory.
  - 16. The system of claim 10 wherein the Downloadable security profile data includes a URL from where the Downloadable originated.
  - 17. The system of claim 10 wherein the Downloadable security profile data includes a digital certificate.
  - 18. The system of claim 10 wherein said Downloadable scanner comprises a disassembler for disassembling the incoming Downloadable.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Finjan Holdings, Inc. (Government of ABU Dhabi)
Original Assignee
Finjan, Inc. (Government of ABU Dhabi)
Inventors
Edery, Yigal Mordechai, Kroll, David R., Touboul, Shlomo, Vered, Nirmrod Itzhak
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/290,708
Publication Number

US 20120117651A1
Time in Patent Office

862 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

Litigations

8 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

Subscription Required

Subscription Required

Litigations

8 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links