System and method for providing exploit protection for networks

US 20020152399A1
Filed: 04/12/2002
Published: 10/17/2002
Est. Priority Date: 04/13/2001
Status: Active Grant

First Claim

Patent Images

1. A system for providing protection from exploits to devices connected to a network, comprising:

(a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment;

(b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed;

(c) a scanner component that is coupled to the decompression component and that determines whether at least one of the header and the body includes an exploit;

(d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and

(e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment and unencapsulating such encapsulated attachments, a component that performs at least one decompression of the attachment when the attachment is compressed, a component that determines whether a header, body, and/or attachment of a message includes an exploit, and a component that holds and optionally cleans messages that include exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.

118 Citations

19 Claims

1. A system for providing protection from exploits to devices connected to a network, comprising:
- (a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment;
  
  (b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed;
  
  (c) a scanner component that is coupled to the decompression component and that determines whether at least one of the header and the body includes an exploit;
  
  (d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and
  
  (e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the header includes a field having a defined size and wherein the scanner determines that the header includes the exploit when a size of data in the field is other than the defined size.
  - 3. The system of claim 1, wherein the scanner component further determines whether the attachment includes an exploit.
  - 4. The system of claim 3, further comprising a client that automatically applies an update to at least one of the content filter, the decompression component, the scanner component, and the quarantine component to enable detection of at least one exploit.
  - 5. The system of claim 4, wherein the client determines when the update is available by polling servers associated with vendors of exploit protection software.
  - 6. The system of claim 5, wherein the client automatically retrieves the available update.
  - 7. The system of claim 4, wherein the scanner component employs at least two separate exploit protection applications to determine whether the attachment includes an exploit.
  - 8. The system of claim 1, wherein the content filter, the decompression component, the scanner component, and the quarantine component are each implemented in software.
  - 9. The system of claim 1, wherein the content filter, the decompression component, the scanner component, and the quarantine component are all included on at least one of a firewall, router, switch, and traffic manager.
  - 10. The system of claim 1, wherein the encapsulation includes at least one of Multipurpose Internet Mail Extensions (MIME), Base 64, and uuencode.
  - 11. The system of claim 1, wherein the quarantine component removes the exploit from the message and forwards the message towards a recipient of the message.
  - 13. The method of claim 12, further comprising:
    - (a) unencapsulating the attachment when the attachment is encapsulated; and
      
      (b) decompressing the attachment at least one time when the attachment is compressed.
  - 14. The method of claim 13, further comprising removing the exploit and forwarding the message towards the at least one of the devices.
  - 15. The method of claim 13, wherein the header includes a field having a defined size and wherein the header includes the exploit when a size of data in the field is other than the defined size.
  - 16. The method of claim 13, further comprising determining whether the attachment includes an exploit.
  - 17. The method of claim 16, wherein exploit protection software from at least two vendors is employed to determine whether the attachment includes an exploit.
  - 18. The method of claim 13, wherein the attachment is encapsulated using at least one of Multipurpose Internet Mail Extensions (MIME), Base 64, and uuencode.

12. A method for providing protection from exploits to devices connected to a network, comprising:
- (a) receiving a message at a node that receives messages that are directed to any of the devices and that causes the message to be scanned for an exploit before forwarding the message toward at least one of the devices, wherein the message includes a header and at least one of a body and an attachment;
  
  (b) determining whether at least one of the header and the body includes the exploit; and
  
  (c) when at least one of the header and the body of the message includes the exploit, quarantining the message.

19. A system for providing protection from exploits to devices connected to a network, comprising:
- (a) means for receiving a message that includes a header and at least one of a body and an attachment;
  
  (b) means for determining whether the attachment is encapsulated and for unencapsulating the attachment when the attachment is encapsulated;
  
  (c) means for decompressing the attachment at least one time when the attachment is compressed;
  
  (d) means for determining whether at least one of the header and the body includes an exploit; and
  
  (e) means for quarantining the message when the message includes the exploit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia, Inc. (Nokia Corporation)
Inventors
Smith, Gregory J.

Granted Patent

US 7,134,142 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0823   using certificates cryptogr...

H04L 63/145   the attack involving the pr...

H04L 69/04   Protocols for data compress...

System and method for providing exploit protection for networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing exploit protection for networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links