Malicious mobile code runtime monitoring system and methods

US 9,141,786 B2
Filed: 02/11/2015
Issued: 09/22/2015
Est. Priority Date: 11/08/1996
Status: Expired due to Fees

- Alert
- Pin

First Claim

Patent Images

1. A processor-based method, comprising:

receiving at a host server downloadable-information including a combination of non-executable and executable code;

analyzing by a detection engine the downloadable-information to detect the executable code; and

causing by a packaging engine mobile protection code to be communicated to at least one information-destination of the downloadable-information, when the executable code is detected in the downloadable-information,wherein the causing mobile protection code to be communicated comprises forming the packaging engine a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be communicated to the at least one information-destination.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.

329 Citations

30 Claims

1. A processor-based method, comprising:
- receiving at a host server downloadable-information including a combination of non-executable and executable code;
  
  analyzing by a detection engine the downloadable-information to detect the executable code; and
  
  causing by a packaging engine mobile protection code to be communicated to at least one information-destination of the downloadable-information, when the executable code is detected in the downloadable-information,wherein the causing mobile protection code to be communicated comprises forming the packaging engine a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be communicated to the at least one information-destination.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the sandboxed package is formed such that the mobile protection code will be executed by the information-destination before the downloadable- information.
  - 3. The method of claim 2, wherein the sandboxed package further includes protection policies according to which the mobile protection code is operable.
  - 4. The method of claim 3, wherein the sandboxed package is formed for receipt by the information-destination such that the mobile protection code is received before the downloadable-information, and the downloadable information before the protection policies.
  - 5. The method of claim 3, wherein the protection policies correspond with at least one of the information-destination and a user of the information destination.

6. A processor-based method, comprising:
- receiving, at an information re-communicator, downloadable-information, including a combination of non-executable and executable code;
  
  non-passively determining by a detection engine that the downloadable-information includes executable code; and
  
  causing by a packaging engine mobile protection code to be executed by a mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code,wherein the causing is accomplished by forming by the packaging a sandboxed package including the mobile protection code and the downloadable-information, and causing the sandboxed package to be delivered to the downloadable-information destination.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. he method of claim 6, wherein the sandboxed package further includes protection policies according to which the processing by the mobile protection code is conducted.
  - 8. The method of claim 7, wherein the forming comprises generating the mobile protection code, generating the sandboxed package, and linking the mobile protection code, protection policies and downloadable-information.
  - 9. The method of claim 8, wherein the generating of at least one of the mobile protection code and the protection policies is conducted in accordance with one or more destination- characteristics of the destination.
  - 10. The method of claim 9, wherein the destination-characteristics include characteristics corresponding to at least one of a destination user, a destination device and a destination process.
  - 11. The method of claim 6, wherein the causing the sandboxed package to be executed includes communicating the sandboxed package to a communication buffer of the information re-communicator.
  - 12. The method of claim 6, wherein the re-communicator is at least one of a firewall and a network server.
  - 13. The method of claim 6, wherein the sandboxed package has a same file type as the downloadable-information, thereby causing the mobile code executor to be unaware that the protected package is not a normal downloadable.
  - 14. The method of claim 13, wherein the sandboxed package is formed using concatenation of a mobile protection code, a policy, and a downloadable.
  - 15. The method of claim 6, wherein executing the mobile protection code at the destination causes downloadable interfaces to resources at the destination to be modified such that at least one attempted operation of the executable code is diverted to the mobile protection code.

16. A processor-based method, comprising:
- receiving by a server downloadable-information;
  
  analyzing the downloadable-information by a content inspection engine associated with the server to determine whether the downloadable-information includes executable code, wherein determining whether the downloadable-information includes executable code includes analyzing downloadable information for one or more operations to be executed on a computer;
  
  if the downloadable-information is determined to include executable code, generating by a mobile protection code generator associated with the server, mobile protection code such that the one or more operations of the executable code, if attempted, will be processed by the mobile protection code; and
  
  communicating, by a transfer engine associated with the server, the mobile protection code to at least one information-destination of the downloadable-information.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16, further comprising prior to communicating, forming by a packaging engine, a sandboxed package including the mobile protection code and protection policies according to which the processing by the mobile protection code is conducted.
  - 18. The method of claim 17, wherein the forming comprises generating the mobile protection code, generating the sandboxed package, and linking the mobile protection code, protection policies and downloadable-information.
  - 19. The method of claim 18, wherein the generating of at least one of the mobile protection code and the protection policies is conducted in accordance with one or more destination-characteristics of the destination.
  - 20. The method of claim 19, wherein the destination-characteristics include characteristics corresponding to at least one of a destination user, a destination device and a destination process.
  - 21. The method of claim 17, further comprising communicating the sandboxed package to a communication buffer of the server.
  - 22. The method of claim 17, wherein the sandboxed package has a same file type as the downloadable-information, thereby causing a mobile code executor to be unaware that the protected package is not a normal downloadable.
  - 23. The method of claim 22, wherein the sandboxed package is formed using concatenation of a mobile protection code, a policy, and a downloadable.
  - 24. The method of claim 16, wherein executing the mobile protection code at the destination causes downloadable interfaces to resources at the destination to be modified such that at least one attempted operation of the executable code is diverted to the mobile protection code.

25. A processor-based method for protecting one or more network accessible devices from malicious operations effectuated by remotely operable code, comprising:
- receiving by a server downloadable-information destined for a computer, wherein the downloadable-information includes one of a combination of non-executable and executable code or non-executable code;
  
  analyzing by a content inspection engine associated with the server whether the downloadable-information includes executable code, wherein determining whether the downloadable-information includes executable code includes analyzing downloadable-information for one or more operations to be executed on the computer; and
  
  causing by a transfer engine associated with the server mobile protection code to be communicated to the computer, if the downloadable-information is determined to include executable code,wherein the causing mobile protection code to be communicated comprises forming by a packaging engine a sandboxed package including at least the mobile protection code and the downloadable-information, and causing by the transfer engine the sandboxed package to be communicated to the computer.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The method of claim 25, wherein forming the sandbox package comprises generating the mobile protection code and protection policies and linking the mobile protection code and protection policies to the downloadable-information.
  - 27. The method of claim 26, wherein the generating of the mobile protection code and the protection policies is conducted in accordance with one or more of the following characteristics of the computer:
    - use, device and process.
  - 28. The method of claim 25, wherein the causing the sandboxed package to be executed includes communicating the sandboxed package to a communication buffer of the server.
  - 29. The method of claim 25, wherein the sandboxed package has a same file type as the downloadable-information, thereby causing a mobile code executor to be unaware that the sandboxed package is not a normal downloadable.
  - 30. The method of claim 25, wherein the sandboxed package is formed using concatenation of a mobile protection code, a policy, and a downloadable.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan, Inc. (SoftBank Group Corp.)
Inventors
Edery, Yigal Mordechai, Vered, Nimrod Itzhak, Kroll, David R., Touboul, Shlomo
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US14/619,315
Publication Number

US 20150169870A1
Time in Patent Office

223 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 2221/033   Test or assess software

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

Litigations

1 Petition

Accused Products

Abstract

329 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Malicious mobile code runtime monitoring system and methods

First Claim

6 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

329 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others