Browsing support infrastructure with tiered malware support

US 9,509,713 B2
Filed: 09/15/2014
Issued: 11/29/2016
Est. Priority Date: 05/12/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computing device comprising:

network interface circuitry communicatively coupling the computing device to an Internet;

computer memory; and

processing circuitry coupled to the network interface circuitry and the computer memory, wherein the network interface circuitry, the computer memory, and the processing circuitry are configured to run a network browser that is configured to;

allocate a safe portion of the computer memory to the network browser for quarantining malware infected data storage;

receive data from the Internet;

configure the safe portion of the computer memory to implement a level of isolation that varies dynamically over time as the data within the safe portion of the computer memory changes;

scan the data for malware;

determine that a first portion of the data is malware free;

write the first portion of the data to an unprotected portion of the computer memory;

determine that a second portion of the data contains malware;

quarantine the second portion of the data by writing it to the safe portion of the computer memory;

remove the malware from the second portion of the data;

release the second portion of the data from the safe portion of the computer memory; and

combine the first portion of the data with the second portion of the data.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network browser has a Malware detection manager for direct or indirect scanning of files during an upload or download processes for viruses, adware, spyware, etc. The malware detection manager defines and employs a quarantine bin, which is an isolated and secure memory space or directory for temporary placement of file packets during the file transmission while malware detection can commence. The malware detection manager scans for malware code associated with the packet sequence encountered during a file transmission to and from the Internet, during which it quarantines all the scanned packets in the quarantine bin. Quarantined files can be released if there is a human challenge authorizing the release of the file. Exchanging a Malware free signature between server and client via a trusted download center may be done so the client device need not scan the files for malware if content is certified and guaranteed as malware-free.

7 Citations

View as Search Results

20 Claims

1. A computing device comprising:
- network interface circuitry communicatively coupling the computing device to an Internet;
  
  computer memory; and
  
  processing circuitry coupled to the network interface circuitry and the computer memory, wherein the network interface circuitry, the computer memory, and the processing circuitry are configured to run a network browser that is configured to;
  
  allocate a safe portion of the computer memory to the network browser for quarantining malware infected data storage;
  
  receive data from the Internet;
  
  configure the safe portion of the computer memory to implement a level of isolation that varies dynamically over time as the data within the safe portion of the computer memory changes;
  
  scan the data for malware;
  
  determine that a first portion of the data is malware free;
  
  write the first portion of the data to an unprotected portion of the computer memory;
  
  determine that a second portion of the data contains malware;
  
  quarantine the second portion of the data by writing it to the safe portion of the computer memory;
  
  remove the malware from the second portion of the data;
  
  release the second portion of the data from the safe portion of the computer memory; and
  
  combine the first portion of the data with the second portion of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing device of claim 1, wherein varying the level of isolation includes varying which resources have access to the data stored in the quarantine safe portion of the computer memory.
  - 3. The computing device of claim 1 wherein the safe portion of the computer memory is isolated from a portion of operating system functionality.
  - 4. The computing device of claim 1, further comprising the processing circuitry, in a differing operation, continuing the quarantining of the second portion of the data that contains malware for an extended period of time.
  - 5. The computing device of claim 1, further comprising the processing circuitry allowing the second portion of the data to be released from the safe portion of the computer memory when a human user challenges the quarantine and authorizes the release of the second portion of the data from quarantine.
  - 6. The computing device of claim 5, wherein the processing circuitry is configured to use the second portion of the data that was released from the safe portion of the computer memory, but wherein the second portion of the data is subject to special security processing while being used within the computing device.
  - 7. The computing device of claim 1, further comprising the processing circuitry delivering the combined first portion of the data and the second portion of the data for use by the user.
  - 8. The computing device of claim 1, wherein a level of isolation of the safe portion of computer memory varies over time based on a risk associated with the data quarantined in the safe portion of the computer memory.
  - 9. The computing device of claim 1, wherein a level of isolation of the computer memory changes over time based on needs associated with access to the data quarantined in the safe portion of the computer memory.
  - 10. The computing device of claim 1, wherein the data is downloaded from a trusted site that contains a signature associated with the data, wherein the computing device can process the signature to determine that the data is free of malware without having to perform local malware scanning.
  - 11. The computing device of claim 1, wherein the malware is one or more of a Trojan horse, a virus, spyware, or adware, and wherein the malware is found by either scanning the data to detect certain patterns of data within the data or by allowing the data to function within the safe portion of the computer memory.
  - 12. The computing device of claim 1, wherein the scan of the data for malware detection is performed as part of browser operations and also performed on data exchanged between peripheral devices associated with the computing device.

13. A method for processing data to detect and handle the presence of malware, the method comprising:
- allocating quarantine memory space of computer memory of a computer device to a web browser for malware infected data storage;
  
  configuring the quarantine memory space to implement a level of isolation that varies dynamically over time as the data within the quarantine memory space changes;
  
  initiating a data transfer from the computer device through a network interface circuitry during an upload or download operation requested by the web browser resident in memory;
  
  receiving data by the web browser;
  
  scanning the data for malware by the web browser;
  
  determining that a first portion of the data is without malware by the web browser;
  
  writing the first portion of the data to unprotected memory by the web browser;
  
  determining that a second portion of the data includes malware by the web browser;
  
  based on the determining, quarantining the second portion of the data into the quarantine memory space within the computer device by the web browser;
  
  removing the malware from the second portion of the data;
  
  releasing the second portion of the data from the quarantine memory space; and
  
  combining the first portion of the data with the second portion of the data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising:
    - providing a notice through the web browser to a user that malware was found and presenting a status and level of harm indication for the malware detected;
      
      receiving input from the user regarding next steps to be taken in response to the detection of malware; and
      
      either continuing to quarantine, deleting, or providing to the user, the portion of data from the quarantine memory space after malware scanning is complete, wherein one of either continuing to quarantine, deleting, or providing the portion of data to the user is decided by the computing device in response to the input from the user.
  - 15. The method of claim 14, wherein the step of providing a notice to a user involves embedding indicators in the browser content displayed to the user wherein the indicators identify for the user what content within the browser content is associated with malware.
  - 16. The method of claim 13, wherein varying the level of isolation includes varying which resources have access to the data stored in the quarantine memory space.
  - 17. The method of claim 13, wherein the quarantine memory space is isolated from a portion of operating system functionality.
  - 18. The method of claim 13, further comprising continuing the quarantining of the second portion of the data that contains malware for an extended period of time.
  - 19. The method of claim 13, wherein the malware is one or more of a Trojan horse, a virus, spyware, or adware, and wherein the malware is found by either scanning the data to detect certain patterns of data within the data or by allowing the data to function within the safe portion of the computer memory.
  - 20. The method of claim 13, wherein the scan of the data for malware is performed as part of browser operations and also performed on data exchanged between peripheral devices associated with the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
RPX Corporation
Inventors
Bennett, James D.
Primary Examiner(s)
Tran, Tri

Application Number

US14/486,322
Publication Number

US 20150007329A1
Time in Patent Office

806 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/562   Static detection

G06F 21/565   by checking file integrity

G06F 21/568   eliminating virus, restorin...

H04L 63/145   the attack involving the pr...

Browsing support infrastructure with tiered malware support

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Browsing support infrastructure with tiered malware support

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links