Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2003-01-16
2004-05-04
Vu, Kim (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06732279
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
An anti-virus protection system for use within a data transmission network to protect against the transfer of viruses from a source(s) or originator(s) to a recipient(s) or subscriber(s) over the data transmission network.
2. Description of the Prior Art
With the advent of data transfer over communication networks, computer viruses, worms and Trojan horses have plagued and compromised the operation of the various computers or nodes. A computer virus is a section of code that is buried or hidden in another program attaching itself to other programs in the system that, in turn, can be copied over to other programs. Such viruses can cause a message to be displayed on the screen or actually destroy programs and data. Worms, on the other hand, are destructive programs that replicate themselves using up computer resources eventually causing the computer system to crash.
The prior art has attempted to reduce the effects of viruses and eliminate the proliferation through virus detection programs. For example, an operator can monitor a computer or system for such basis operating functions such as write, erase or format disk. When such operations occur, the user is prompted to confirm whether the operation is expected. If the particular operation or function is not expected, the user aborts the operation as prompted by a virus program. Another virus detection method, scans program code being copied onto the system searching for recognizable patterns of program code used for viruses. Another method employs check summary on host programs known to be free from viruses. If a virus later attaches itself to a host program, the value will be different and the presence of a virus detected.
Unfortunately, despite these efforts of the prior art suffer from various deficiencies. Therefore, there is a need for a system and method for effectively detecting and eliminating viruses without significantly affecting the performance of the computer. Behavior interception is not successful at detecting all viruses since a virus can be placed at locations where such critical operations are likely to occur for the normal operation of programs. Second, most signature scanning is only performed on new inputs from disk drives. With the advent of the Internet and its increased popularity, there are no prior art methods that have been able to successfully scan connections such as those utilized by a gateway node in communicating with other networks. Third, many of the above methods require a significant amount of computing resources, which in turn degrades the overall performance of system. Thus, operating the virus detection programs on every computer becomes impractical. Therefore, the operation of many such virus detection programs is disabled for improved performance of individual machines.
U.S. Pat. No. 5,623,600 discloses a system for detecting and eliminating viruses on a computer network includes a File Transfer Protocol (FTP) proxy server, for controlling the transfer of files and a Simple Mail Transfer Protocol (SMTP) proxy server for controlling the transfer of mail messages through the system. The FTP proxy server and SMTP proxy server run concurrently with the normal operation of the system and operate in a manner such that viruses transmitted to or from the network in files and messages are detected before transfer into or from the system. The FTP proxy server and SMTP proxy server scan all incoming and outgoing files and messages respectively before transfer for viruses and then transfer the files and messages, only if they do not contain any viruses. The method for processing a file before transmission into or from the network includes the steps of receiving the data transfer command and file name; transferring the file to a system node; performing virus detection on the file; determining whether the file contains any viruses; transferring the file from the system to a recipient node if the file does not contain a virus; and deleting the file if the file contains a virus.
U.S. Pat. No. 6,157,721 and U.S. Pat. No. 6,292,569 describes a system and method using cryptography to protect Secure computation environments from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. The verifying authority tests the load modules or other executables to verify that the corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques allowing one tamper resistance work factor environment to protect against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
U.S. Pat. No. 5,416,842 teaches a first data processing device (node I) coupled to a first private network and to a firewall server (FWA). Firewall server FWA is in turn coupled to a public network such as the Internet. A second data processing device (node J) is coupled to a second private network that is coupled to the Internet through a firewall server (FWB). Node I provides a data packet including IP data and a destination address for the intended receiving node J to the firewall FWA. The firewall FWA is provided with a secret value a, and a public value. The firewall FWB is provided with a secret value and a public value. The firewall FWA obtains a Diffie-Hellman (DH) certificate for the firewall FWB and determines the public value from the DH certificate. Firewall FWA then computes the value and derives a key K. from the value .varies.sup.ab mod p. A transient key K. is randomly generated and is used to encrypt the data packet to be transmitted by firewall FWA to firewall FWB. The encrypted data packet is then encapsulated in a transmission packet by the firewall FWA. The transmission packet includes an unencrypted destination address for the firewall FWB. Firewall FWA then sends the transmission packet to firewall FWB over the Internet. Upon receipt of the transmission packet from firewall FWA, firewall FWB obtains a DH certificate for firewall FWA, and determines the public value of from the DH certificate. Firewall FWB computes the value of .varies.sup.ab mod p, and derives the key K.sub.ab. Firewall B utilizes the key K.sub.ab to decrypt the transient key K. and using the decrypted transient key K. firewall FWB decrypts the encrypted data packet received from FWA, thereby resulting in the recovery of the original data sent by node I in unencrypted form to the firewall FWA. The firewall FWB then transmits the decrypted data packet to the receiving node J over the second private network.
U.S. Pat. No. 5,432,850 shows a method for secure transmission of data having a destination address and a source address on a shared communication network. The method comprise the steps of transmitting a multiplicity of data frames, each containing at least an encrypted data sequence employing the destination address as at least part of a decryption key therefor, receiving the multiplicity of data frames at a receiver on the shared communication network and attempting to decrypt the encrypted data sequence by employing the local address of the receiver as at least part of a decryption key.
U.S. Pat. No. 5,511,122 relates to an internet authentication method to verify a sending host by a receiving host or an intermediate router or gateway. The method comprises the steps of: obtaining a network address and a public key of a receiving host; utilizing the public key from the receiving host in combination with a private key of the originating host to generate a cryptographic signature; transmitting the signature along with data t
Baum Ronald
Hoffman Terry George
Hoffman Terry George
Vu Kim
LandOfFree
Anti-virus protection system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Anti-virus protection system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Anti-virus protection system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3232180