Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-04-18
2002-11-12
Le, Dieu-Minh (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06480962
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates generally to computer networks, and more particularly to a system and method for protecting clients from hostile Downloadables.
2. Description of the Background Art
The Internet currently interconnects about 100,000 individual computer networks and several million computers. Because it is public, the Internet has become a major source of many system damaging and system fatal application programs, commonly referred to as “viruses.”
In response to the widespread generation and distribution of computer viruses, programmers continue to design and update security systems for blocking these viruses from attacking both individual and network computers. On the most part, these security systems have been relatively successful. However, these security systems are typically not configured to recognize computer viruses which have been attached to or masked as harmless Downloadables (i.e., applets). A Downloadable is a small executable or interpretable application program which is downloaded from a source computer and run on a destination computer. A Downloadable is used in a distributed environment such as in the Java™ distributed environment produced by Sun Microsystems or in the ActiveX™ distributed environment produced by Microsoft Corporation.
Hackers have developed hostile Downloadables designed to penetrate security holes in Downloadable interpreters. In response, Sun Microsystems, Inc. has developed a method of restricting Downloadable access to resources (file system resources, operating system resources, etc.) on the destination computer, which effectively limits Downloadable functionality at the Java™ interpreter. Sun Microsystems, Inc. has also provided access control management for basing Downloadable-accessible resources on Downloadable type. However, the above approaches are difficult for the ordinary web surfer to manage, severely limit Java™ performance and functionality, and insufficiently protect the destination computer.
Other security system designers are currently considering digital signature registration stamp techniques, wherein, before a web browser will execute a Downloadable, the Downloadable must possess a digital signature registration stamp. Although a digital signature registration stamp will diminish the threat of Downloadables being intercepted, exchanged or corrupted, this approach only partially addresses the problem. This method does not stop a hostile Downloadable from being stamped with a digital signature, and a digital signature does not guarantee that a Downloadable is harmless. Therefore, a system and method are needed for protecting clients from hostile Downloadables.
SUMMARY OF THE INVENTION
The present invention provides a system for protecting a client from hostile Downloadables. The system includes security rules defining suspicious actions such as WRITE operations to a system configuration file, overuse of system memory, overuse of system processor time, etc. and security policies defining the appropriate responsive actions to rule violations such as terminating the applet, limiting the memory or processor time available to the applet, etc. The system includes an interface, such as Java™ class extensions and operating system probes, for receiving incoming Downloadable and requests made by the Downloadable. The system still further includes a comparator coupled to the interface for examining the Downloadable, requests made by the Downloadable and runtime events to determine whether a security policy has been violated, and a response engine coupled to the comparator for performing the violation-based responsive action.
The present invention further provides a method for protecting a client from hostile Downloadables. The method includes the steps of recognizing a request made by a Downloadable during runtime, interrupting processing of the request, comparing information pertaining to the Downloadable against a predetermined security policy, recording all rule violations in a log, and performing a predetermined responsive action based on the comparison.
It will be appreciated that the system and method of the present invention use at least three hierarchical levels of security. A first level examines the incoming Downloadables against known suspicious Downloadables. A second level examines runtime events. A third level examines the Downloadables operating system requests against predetermined suspicious actions. Thus, the system and method of the invention are better able to locate hostile operations before client resources are damaged.
REFERENCES:
patent: 5077677 (1991-12-01), Murphy et al.
patent: 5359659 (1994-10-01), Rosenthal
patent: 5361359 (1994-11-01), Tajalli et al.
patent: 5485409 (1996-01-01), Gupta et al.
patent: 5485575 (1996-01-01), Chess et al.
patent: 5572643 (1996-11-01), Judson
patent: 5606668 (1997-02-01), Shwed
patent: 5623600 (1997-04-01), Ji et al.
patent: 5638446 (1997-06-01), Rubin
patent: 5692047 (1997-11-01), McManis
patent: 5692124 (1997-11-01), Holden et al.
patent: 5720033 (1998-02-01), Deo
patent: 5724425 (1998-03-01), Chang et al.
patent: 5740248 (1998-04-01), Fieres et al.
patent: 5761421 (1998-06-01), van Hoff et al.
patent: 5765205 (1998-06-01), Breslau et al.
patent: 5784459 (1998-07-01), Devarakonda et al.
patent: 5796952 (1998-08-01), Davis et al.
patent: 5805829 (1998-09-01), Cohen et al.
patent: 5832208 (1998-11-01), Chen et al.
patent: 5850559 (1998-12-01), Angelo et al.
patent: 5859966 (1999-01-01), Hayman et al.
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5892904 (1999-04-01), Atkinson et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5974549 (1999-10-01), Golan
patent: 5983348 (1999-11-01), Ji
patent: 6092194 (2000-07-01), Touboul
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6167520 (2000-12-01), Touboul
Jim K. Omura, “Novel Applications of Cryptography in Digital Communications”, IEEE Communications Magazine, May, 1990; pp. 21-29.
Okamoto, E. et al., “ID-Based Authentication System For Computer Virus Detection”, IEEE/IEE Electronic Library online, Electronics Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract and pp. 1169-1170. URL:http:/iel.ihs.com:80/cgi-bin/iel-cgi?se . . . 2ehts%26ViewTemplate%3ddocview%5fb%2ehts.
IBM AntiVirus User's Guide Version 2.4, International Business Machines Corporation, Nov. 15, 1995, pp. 6-7.
Norvin Leach et al, “IE 3.0 Applets Will Earn Certification”, PC Week, vol. 13, No. 29, Jul. 22, 1996, 2 pages.
“Finjan Software Releases SurfinBoard, Industry's First JAVA Security Product For the World Wide Web”, Article published on the Internet by Finjan Software Ltd., Jul. 29, 1996, 1 page.
“Powerful PC Security for the New World of JAVA™ and Downloadables, Surfin Shield™” Article published on the Internet by Finjan Software Ltd., 1996, 2 Pages.
Microsoft® Authenticode Technology, “Ensuring Accountability and Authenticity for Software Components on the Internet”, Microsoft Corporation, Oct. 1996, including Abstract, Contents, Introduction and pp. 1-10.
“Finjan Announces a Personal Java™ Firewall For Web Browsers—the SurfinShield™ 1.6 (formerly known as SurfinBoard)”, Press Release of Finjan Releases SurfinShield 1.6, Oct. 21, 1996, 2 pages.
Company Profile “Finjan—Safe Surfing, The Java Security Solutions Provider” Article published on the Internet by Finjan Software Ltd., Oct. 31, 1996, 3 pages.
“Finjan Announces Major Power Boost and New Features for SurfinShield™ 2.0” Las Vegas Convention Center/Pavilion 5 P5551, Nov. 18, 1996, 3 pages.
“Java Security: Issues & Solutions” Article published on the Internet by Finjan Software Ltd., 1996, 8 pages.
“Products” Article published on the Internet, 7 pages.
Mark LaDue, “Online Business Consultant: Java Security: Whose Business Is It?” Article published on the Internet, Home Page Press, Inc. 1996, 4 pages.
Web Page Article “Frequently Asked Questions About Authenticode”, Microsoft Corporation, last updated Feb. 17, 1997, Printed Dec. 23, 1998. URL: h
Finjan Software Ltd.
Le Dieu-Minh
Squire Sanders & Dempsey L.L.P.
LandOfFree
System and method for protecting a client during runtime... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for protecting a client during runtime..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for protecting a client during runtime... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2964674