System and method for attaching a downloadable security profile to a downloadable

DC CAFC

US 6,154,844 A
Filed: 12/22/1997
Issued: 11/28/2000
Est. Priority Date: 11/08/1996
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method comprising:

receiving by an inspector a Downloadable;

generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and

linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

View all claims

6 Assignments

Timeline View

Assignment View

Litigations

4 Petitions

Reexamination

Accused Products

Abstract

A system comprises an inspector and a protection engine. The inspector includes a content inspection engine that uses a set of rules to generate a Downloadable security profile corresponding to a Downloadable, e.g., Java™ applets, ActiveX™ controls, JavaScript™ scripts, or Visual Basic scripts. The content inspection engine links the Downloadable security profile to the Downloadable. The set of rules may include a list of suspicious operations, or a list of suspicious code patterns. The first content inspection engine may link to the Downloadable a certificate that identifies the content inspection engine which created the Downloadable security profile. Additional content inspection engines may generate and link additional Downloadable security profiles to the Downloadable. Each additional Downloadable security profile may also include a certificate that identifies its creating content inspection engine. Each content inspection engine preferably creates a Downloadable ID that identifies the Downloadable to which the Downloadable security profile corresponds. The protection includes a Downloadable interceptor for receiving a Downloadable, a file reader coupled to the interceptor for determining whether the Downloadable includes a Downloadable security profile, an engine coupled to the file reader for determining whether to trust the Downloadable security profile, and a security policy analysis engine coupled to the verification engine for comparing the Downloadable security profile against a security policy if the engine determines that the Downloadable security profile is trustworthy. A Downloadable ID verification engine retrieves the Downloadable ID that identifies the Downloadable to which the Downloadable security profile corresponds, generates the Downloadable ID for the Downloadable and compares the generated Downloadable to the linked Downloadable. The protection engine further includes a certificate authenticator for authenticating the certificate that identifies a content inspection engine which created the Downloadable security profile as from a trusted source. The certificate authenticator can also authenticate a certificate that identifies a developer that created the Downloadable.

718 Citations

44 Claims

1. A method comprising:
- receiving by an inspector a Downloadable;
  
  generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
  
  linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first Downloadable security profile is linked to the Downloadable via attachment.
  - 3. The method of claim 1, wherein the first Downloadable security profile is linked to the Downloadable via a pointer.
  - 4. The method of claim 1, further comprising the step of linking to the first Downloadable security profile a Downloadable ID that identifies the Downloadable.
  - 5. The method of claim 1, wherein the Downloadable includes a Java™
    - applet.
  - 6. The method of claim 1, wherein the Downloadable includes an ActiveX™
    - control.
  - 7. The method of claim 1, wherein the Downloadable includes a JavaScript™
    - script.
  - 8. The method of claim 1, wherein the Downloadable includes a Visual Basic script.
  - 9. The method of claim 1, further comprising the step of linking to the Downloadable a certificate that identifies the developer which created the Downloadable.
  - 10. The method of claim 1, further comprising the step of linking to the Downloadable a certificate that identifies a first content inspection engine which generated the first Downloadable security profile.
  - 11. The method of claim 1, wherein the first Downloadable security profile includes a list of operations deemed suspicious by the inspector.
  - 12. The method of claim 1, further comprising the steps of generating a second Downloadable security profile, and linking the second Downloadable security profile to the received Downloadable.
  - 13. The method of claim 12, further comprising the steps of linking a first certificate that identifies a first content inspection engine which generated the first Downloadable security profile, and linking an second certificate that identifies a second content inspection engine which generated the second Downloadable security profile.
  - 14. The method of claim 13, wherein each of the first Downloadable security profile and the second Downloadable security profile includes a Downloadable ID identifying the received Downloadable.

15. An inspector system comprising:
- memory storing a first rule set; and
  
  a first content inspection engine for using the first rule set to generate a first Downloadable security profile that identifies suspicious code in a Downloadable, and for linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the first rule set includes a list of suspicious operations.
  - 17. The system of claim 15, wherein the first rule set include a list of suspicious code patterns.
  - 18. The system of claim 15, wherein the first content inspection engine links to the Downloadable a certificate that identifies the first content inspection engine which created the first Downloadable security profile.
  - 19. The system of claim 15, further comprising a second content inspection engine for generating a second Downloadable security profile, and for linking the second Downloadable security profile to the Downloadable.
  - 20. The system of claim 15, wherein the first content inspection engine links to the Downloadable a first certificate that identifies the first content inspection engine which created the first Downloadable security profile, and wherein the second content inspection engine links to the Downloadable a second certificate that identifies the second content inspection engine which created the second Downloadable security profile.
  - 21. The system of claim 15, wherein the first content inspection engine creates a first Downloadable ID that identifies the Downloadable to which the first Downloadable security profile corresponds, and links the Downloadable ID to the Downloadable security profile.

22. A method performed by a network gateway comprising:
- receiving a Downloadable with a linked Downloadable security profile that identifies suspicious code in the Downloadable, the Downloadable security profile being linked to the Downloadable before the web server make the Downloadable available to the web client; and
  
  comparing the Downloadable security profile against a security policy.

23. A method performed by a network gateway comprising:
- receiving a Downloadable with a linked first Downloadable security profile that identifies suspicious code in the Downloadable, the Downloadable security profile being linked to the Downloadable before the web server make the Downloadable available to the web client;
  
  determining whether to trust the first Downloadable security profile; and
  
  comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The method of claim 23, wherein the step of determining includes determining whether the first Downloadable security profile corresponds to the Downloadable.
  - 25. The method of claim 24, wherein a Downloadable ID that identifies the Downloadable to which the Downloadable security profile corresponds is linked to the Downloadable security profile, and wherein the step of determining includes retrieving the linked Downloadable ID.
  - 26. The method of claim 25, further comprising the steps of generating the Downloadable ID for the Downloadable, and comparing the generated Downloadable to the linked Downloadable.
  - 27. The method of claim 23, further comprising the step of generating a Downloadable security profile for the Downloadable if the first Downloadable security profile is not trustworthy.
  - 28. The method of claim 23, wherein a certificate that identifies a content inspection engine which created the Downloadable security profile is linked to the Downloadable security profile, and wherein the step of determining includes retrieving the certificate.
  - 29. The method of claim 28, wherein the step of determining further includes authenticating the certificate as from a trusted source.
  - 30. The method of claim 23, wherein a certificate that identifies a developer that created the Downloadable is linked to the Downloadable, and wherein the step of determining includes retrieving the certificate.
  - 31. The method of claim 30, wherein the step of determining further includes authenticating the certificate as from a trusted developer.

32. A network gateway system comprising:
- a Downloadable interceptor for receiving a Downloadable;
  
  a file reader coupled to the interceptor for determining whether the Downloadable includes a linked Downloadable security profile that identifies suspicious code in the Downloadable, wherein if the Downloadable includes a linked Downloadable security profile, the Downloadable was linked before the web server makes the Downloadable available to the web client;
  
  an engine coupled to the file reader for determining whether to trust the Downloadable security profile; and
  
  a security policy analysis engine coupled to a verification engine for comparing the Downloadable security profile against a security policy if the engine determines that the Downloadable security profile is trustworthy.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
- - 33. The system of claim 32, wherein the engine determines whether the first Downloadable security profile corresponds to the Downloadable.
  - 34. The system of claim 33, wherein a Downloadable ID that identifies the Downloadable to which the Downloadable security profile corresponds is linked to the Downloadable security profile, and wherein the engine includes a Downloadable ID verification engine for retrieving the linked Downloadable ID.
  - 35. The system of claim 34, wherein the Downloadable ID verification engine generates the Downloadable ID for the Downloadable and compares the generated Downloadable to the linked Downloadable.
  - 36. The system of claim 32, further comprising a content inspection engine coupled to the engine for generating a Downloadable security profile for the Downloadable if the first Downloadable security profile is not trustworthy.
  - 37. The system of claim 32, wherein a certificate that identifies a content inspection engine which created the Downloadable security profile is linked to the Downloadable security profile, and wherein the engine retrieves the certificate.
  - 38. The system of claim 37, wherein the engine includes a certificate authenticator for authenticating the certificate as from a trusted source.
  - 39. The system of claim 32, wherein a certificate that identifies a developer that created the Downloadable is linked to the Downloadable, and wherein the engine retrieves the certificate.
  - 40. The system of claim 39, wherein the engine includes a certificate authenticator for authenticating the certificate as from a trusted developer.

41. A computer-readable storage medium storing program code for causing a data processing system on an inspector to perform the steps of:
- receiving a Downloadable;
  
  generating a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
  
  linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

42. A computer-readable storage medium storing program code for causing a data processing system on a network gateway to perform the steps of:
- receiving a Downloadable with a linked first Downloadable security profile that identifies suspicious code in the Downloadable, the Downloadable security profile being linked to the Downloadable before the web server make the Downloadable available to the web client;
  
  determining whether to trust the first Downloadable security profile; and
  
  comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy.

43. An inspector system comprising:
- means for receiving a Downloadable;
  
  means for generating a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
  
  means for linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

44. A network gateway system comprising:
- means for receiving a Downloadable with a linked first Downloadable security profile that identifies suspicious code in the Downloadable, the Downloadable security profile being linked to the Downloadable before the web server make the Downloadable available to the web client;
  
  means for determining whether to trust the first Downloadable security profile; and
  
  means for comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan Software Limited (SoftBank Group Corp.)
Inventors
Gal, Nachshon, Touboul, Shlomo
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Revak, Christopher A.

Application Number

US08/995,648
Time in Patent Office

1,072 Days
Field of Search

713/201, 713/200, 713/202, 713/164, 713/165, 713/166, 713/167, 713/176, 714/38, 714/704, 714/207, 714/33, 709/229, 380/4, 380/25, 380/24, 705/51, 705/54, 705/55
US Class Current

726/24
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 2211/009   Trust

G06F 2221/033   Test or assess software

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

H04L 9/40   Network security protocols

System and method for attaching a downloadable security profile to a downloadable

First Claim

6 Assignments

Litigations

4 Petitions

Reexamination

Accused Products

Abstract

718 Citations

44 Claims

Specification

30 Family Members

Thank you for your feedback