Network managed antivirus appliance

US 8,910,288 B2
Filed: 02/04/2011
Issued: 12/09/2014
Est. Priority Date: 02/05/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

at least one processor;

at least one device port or drive configured to communicatively receive connection of a portable data storage medium to the apparatus;

a network interface; and

at least one memory storing computer readable instructions that, when executed, cause the apparatus to;

receive at least one of operating system software and antivirus software from a device management server over a set of one or more predetermined network ports;

identify a direct attachment of a portable storage medium via the at least one device port or drive;

scan a plurality of files stored on the attached portable storage medium using software installed on the apparatus;

receive, via a user interface on the apparatus, user input specifying a user rights assignment for a first file on the attached portable storage medium;

assign the user rights assignment to the first file by transmitting data identifying the user rights assignment for the first file to the device management server via the network interface, wherein the first file on the attached portable storage medium is not modified, and wherein the first file is not transmitted to the device management server with the data identifying the user rights assignment; and

transmit results of the scan of the plurality of files over the set of predetermined network ports to the device management server,wherein the memory stores an operating system in which communication to and from the apparatus through one or more network ports, other than the set of predetermined network ports used to receive software from the device management server and transmit scan results to the device management server, is disabled or not supported.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data can be scanned using a network managed appliance. The network managed appliance may integrate commercial hardware elements connected through a basic or simplified operating system environment expressly developed for the appliance, thus being more malware resistant and less vulnerable to attacks from the scanned data or other sources. The network managed appliance may be a self-contained apparatus with an integrated chassis, designed and configured as “single-purpose” device. Such appliances may be connected to an appliance management network including central management servers in communication with appliances in remote locations. The central management servers may ensure that scanning software and the definitions lists for each of the appliances are current and match an enterprise-approved configuration.

33 Citations

View as Search Results

19 Claims

1. An apparatus comprising:
- at least one processor;
  
  at least one device port or drive configured to communicatively receive connection of a portable data storage medium to the apparatus;
  
  a network interface; and
  
  at least one memory storing computer readable instructions that, when executed, cause the apparatus to;
  
  receive at least one of operating system software and antivirus software from a device management server over a set of one or more predetermined network ports;
  
  identify a direct attachment of a portable storage medium via the at least one device port or drive;
  
  scan a plurality of files stored on the attached portable storage medium using software installed on the apparatus;
  
  receive, via a user interface on the apparatus, user input specifying a user rights assignment for a first file on the attached portable storage medium;
  
  assign the user rights assignment to the first file by transmitting data identifying the user rights assignment for the first file to the device management server via the network interface, wherein the first file on the attached portable storage medium is not modified, and wherein the first file is not transmitted to the device management server with the data identifying the user rights assignment; and
  
  transmit results of the scan of the plurality of files over the set of predetermined network ports to the device management server,wherein the memory stores an operating system in which communication to and from the apparatus through one or more network ports, other than the set of predetermined network ports used to receive software from the device management server and transmit scan results to the device management server, is disabled or not supported.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, further comprising a biometric scanner, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - receive user data via the biometric scanner;
      
      authenticate a first user based on said user data; and
      
      prior to scanning the attached portable storage medium, determine that the first user is authorized to scan media using the apparatus.
  - 3. The apparatus of claim 1, further comprising a write blocker configured to prevent modification of the portable storage medium when attached to the apparatus.
  - 4. The apparatus of claim 1, further comprising a non-detachable display configured to display the results of the scan on the apparatus.
  - 5. The apparatus of claim 1, wherein the scanning comprises performing a virus scan on the attached portable storage medium using virus scanning software installed on the apparatus, and wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - poll the device management server to determine if one or more updated antivirus definitions are available;
      
      download one or more updated antivirus definitions from the device management server based on a determination that updated antivirus definitions are available;
      
      poll the device management server to determine if updates are available for the operating system of the apparatus;
      
      download an updated operating system image from the device management server via the network interface; and
      
      configure the apparatus to use the updated operating system image and the updated virus definitions.
  - 6. The apparatus of claim 1, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - search the attached portable storage medium for secure files using content searching software installed on the apparatus;
      
      receive updated content searching software from the device management server via the network interface; and
      
      configure the apparatus to use the updated content searching software.
  - 7. The apparatus of claim 1, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - receive, via a user interface on the apparatus, user input identifying a user rights assignment for a first file on the attached portable media; and
      
      modify the first file to implement the received user rights assignment.
  - 8. The apparatus of claim 1, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - determine that a first scanned file contains malware;
      
      transmit the first scanned file to a secure quarantined environment on the device management server over the set of predetermined network ports; and
      
      generate a notification after transmitting the first scanned file to the secure quarantined environment.
  - 9. The apparatus of claim 1, further comprising a smart card reader, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - receive, via the smart card reader, data corresponding to a private encryption key; and
      
      encrypt the plurality of scanned files with a digital rights management client software application installed on the apparatus, using the private encryption key received via the smart card reader.
  - 10. The apparatus of claim 1, further comprising at least one of a biometric scanner or a smart card reader, wherein the at least one memory stores additional computer readable instructions that, when executed, further cause the apparatus to:
    - authenticate a first user of the apparatus based on input received via the biometric scanner or the smart card reader;
      
      in response to authenticating the first user of the apparatus, retrieve a private encryption key associated with the first user from a secure memory of the apparatus; and
      
      encrypt the plurality of scanned files with a digital rights management client software application installed on the apparatus, using the private encryption key retrieved from the secure memory of the apparatus.
  - 11. The apparatus of claim 1, wherein the operating system is configured to support only a first subset of network ports and protocols for communication to the device management server, and a different subset of network ports and protocols for communication from the device management server.
  - 12. The apparatus of claim 1, wherein the operating system is further configured to restrict communication to and from the apparatus to a predefined set of Internet Protocol (IP) addresses or hardware identifiers.

13. An apparatus comprising:
- at least one processor;
  
  at least one device port or drive configured to receive connection of a portable storage medium to the apparatus;
  
  a network interface; and
  
  at least one memory storing an operating system configured to screen for vulnerabilities to viruses and malware,the at least one memory storing computer readable instructions that, when executed, cause the apparatus to;
  
  receive scanning software from a device management server over a set of one or more predetermined network ports;
  
  receive a plurality of data files via the at least one device port or drive;
  
  scan the plurality of data files using the scanning software;
  
  receive, via a user interface on the apparatus, user input specifying a user rights assignment for a first scanned data file in the plurality of data files;
  
  assign the user rights assignment to the first scanned data file by transmitting data identifying the user rights assignment for the first scanned data file to the device management server over the set of predetermined network ports, wherein the first scanned data file is not modified, and wherein the first scanned data file is not transmitted to the device management server with the data identifying the user rights assignment;
  
  transmit results of the scan of the plurality of files over the set of predetermined network ports to the device management server;
  
  determine, based on the scan, that the first scanned data file includes secure content, and that a second scanned data file does not include secure content;
  
  enforce a requirement that the first scanned data file but not the second scanned data file must be encrypted before it is transferred, based on the determination that the first scanned data file includes secure content and the second scanned data file does not include secure content; and
  
  allow a requested transfer of the first and second scanned data files, only after encryption of the first scanned data file,wherein the memory stores an operating system in which communication to and from the apparatus through one or more network ports, other than the set of predetermined network ports used to receive scanning software from the device management server and transmit scan results to the device management server, is disabled or not supported.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The apparatus of claim 13, wherein scanning the plurality of data files comprises performing a malware scan on the data files using virus scanning software installed on the apparatus.
  - 15. The apparatus of claim 13, further comprising a write blocker configured to prevent modification of the portable storage medium when attached to the apparatus.
  - 16. The apparatus of claim 13, wherein the operating system is configured to support only a first subset of network ports and protocols for communication to the device management server, and a different subset of network ports and protocols for communication from the device management server.
  - 17. The apparatus of claim 13, wherein the operating system is further configured to restrict communication to and from the apparatus to a predefined set of Internet Protocol (IP) addresses or hardware identifiers.

18. A system, comprising:
- an antivirus appliance management server, comprising;
  
  at least one processor;
  
  at least one memory device; and
  
  at least one network interface,wherein the antivirus appliance management server is configured to receive and analyze a plurality of file lists from managed antivirus appliances, each said file list including a set of file properties and virus scan results for a plurality of files scanned by a managed antivirus appliance, anda plurality of managed antivirus appliances, each managed antivirus appliance comprising;
  
  at least one processor;
  
  at least one device port or drive configured to communicatively receive connection of a portable data storage medium to the managed antivirus appliance;
  
  a network interface; and
  
  at least one memory storing an operating system configured to screen for vulnerabilities to viruses and malware, the at least one memory storing computer readable instructions that, when executed, cause the managed antivirus appliance to;
  
  receive at least one of operating system software and antivirus software from the antivirus appliance management server over a set of one or more predetermined network ports;
  
  identify a direct attachment of a portable storage medium via the at least one device port or drive;
  
  scan a plurality of files stored on the attached portable storage medium using software installed on the managed antivirus appliance;
  
  create a list corresponding to the plurality of scanned files, the list including results of the scan and one or more file properties for each of the plurality of scanned files; and
  
  transmit the list corresponding to the plurality of scanned files over the set of predetermined network ports to the antivirus appliance management server,receive, via a user interface on the managed antivirus appliance, user input specifying a user rights assignment for a first scanned data file in the plurality of scanned files; and
  
  assign the user rights assignment to the first scanned data file by transmitting data identifying the user rights assignment for the first scanned data file to the antivirus appliance management server over the set of predetermined network ports, wherein the first scanned data file is not modified, and wherein the first scanned data file is not transmitted to the antivirus appliance management server with the data identifying the user rights assignment; and
  
  transmit results of the scan of the plurality of files over the set of predetermined network ports to the antivirus appliance management server;
  
  wherein the operating system of each managed antivirus appliance is configured to disable or not support communication to and from the managed antivirus appliance though one or more network ports, other than the set of predetermined network ports used to receive software from the antivirus appliance management server and transmit scan results to the antivirus appliance management server.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the antivirus appliance management server is further configured to:
    - communicate with each of the plurality of managed antivirus appliances using the set of predetermined network ports and a set of predetermined network protocols;
      
      transmit updated operating system images and updated virus definition files to each of the plurality of managed antivirus appliances; and
      
      transmit updated content searching software to each of the plurality of managed antivirus appliances, andwherein each of the plurality of managed antivirus appliances further comprises;
      
      a biometric scanner;
      
      a write blocker configured to prevent modification of the portable storage medium when attached to the managed antivirus appliance; and
      
      a non-detachable display configured to display the results of the scan on the managed antivirus appliance,wherein the operating system of each said managed antivirus appliance resides on a removable media, andwherein the at least one memory of each of the managed antivirus appliances stores further computer readable instructions that, when executed, cause the managed antivirus appliance to;
      
      poll the antivirus appliance management server, using the set of predetermined network ports and the set of predetermined network protocols, to determine if one or more updated antivirus definitions are available;
      
      download one or more updated antivirus definitions from the antivirus appliance management server, using the set of predetermined network ports and the set of predetermined network protocols, based on a determination that updated antivirus definitions are available;
      
      poll the antivirus appliance management server, using the set of predetermined network ports and the set of predetermined network protocols, to determine if updates are available for the operating system;
      
      download an updated operating system image from the antivirus appliance management server via the network interface, using the set of predetermined network ports and the set of predetermined network protocols;
      
      configure the managed antivirus appliance to use the updated operating system image and the updated virus definitions;
      
      receive updated content searching software, using the set of predetermined network ports and the set of predetermined network protocols, from the antivirus appliance management server;
      
      perform a virus scan of the plurality of files using the updated operating system image and the updated virus definition files, said scan also using virtualization software to run virus scanning software;
      
      determine that a first scanned file in the plurality of files contains malware; and
      
      transmit the first scanned file to a secure quarantined environment on the antivirus appliance management server, using the set of predetermined network ports and the set of predetermined network protocols.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos, Inc. (Leidos Holdings, Inc.)
Original Assignee
Leidos, Inc. (Leidos Holdings, Inc.)
Inventors
Young, Alan G., Bartruff, Paul L., Brown, Eric E., Miley, Michael P.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Kusyk, Janusz

Application Number

US13/020,900
Publication Number

US 20110197280A1
Time in Patent Office

1,404 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/567   using dedicated hardware

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0861   using biometrical features,...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Network managed antivirus appliance

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Network managed antivirus appliance

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links