Method and apparatus for identifying and characterizing errant electronic files
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
H04L-029/06
G06F-017/30
G06F-021/56
G06F-021/62
출원번호
US-0997981
(2016-01-18)
등록번호
US-10235442
(2019-03-19)
발명자
/ 주소
Shuster, Gary Stephen
출원인 / 주소
INTELLECTUAL VENTURES I LLC
대리인 / 주소
Knobbe, Martens, Olson & Bear, LLP
인용정보
피인용 횟수 :
0인용 특허 :
37
초록▼
A computer system includes a server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory
A computer system includes a server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored fire; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.
대표청구항▼
1. A computer-implemented method for generating a library of checksum values, the method comprising: under control of one or more configured computer systems: storing, in a computer storage medium, a checksum library for assessing suspect files;identifying a source of known illicit files;accessing a
1. A computer-implemented method for generating a library of checksum values, the method comprising: under control of one or more configured computer systems: storing, in a computer storage medium, a checksum library for assessing suspect files;identifying a source of known illicit files;accessing a candidate file stored by a physical storage device for the source;determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source;generating a candidate checksum for the candidate file stored by the physical storage device for the source, wherein the known illicit files do not include the candidate file;determining that the checksum library does not include the candidate checksum; andadding the candidate checksum to the checksum library stored in the computer storage medium. 2. The computer-implemented method of claim 1, further comprising: receiving a criterion identifying a file characteristic; andidentifying the source of known illicit files using the criterion. 3. The computer-implemented method of claim 2, wherein receiving the criterion comprises receiving at least one of: a minimum file size; anda file type. 4. The computer-implemented method of claim 1, wherein the candidate file comprises a graphics file, and wherein generating the candidate checksum comprises at least one of: generating the candidate checksum for the graphics file based on vector graphics analysis; ordividing the graphics file into blocks and comparing relationships between the blocks. 5. The computer-implemented method of claim 1, wherein adding the candidate checksum to the checksum library comprises: associating a file name of the candidate file with the candidate checksum; andassociating a file length of the candidate file with the candidate checksum. 6. The computer-implemented method of claim 1, wherein: generating the candidate checksum for the candidate file comprises: generating a first checksum of the candidate file using a first number of bytes from a first file location of the candidate file, andgenerating a second checksum of the candidate file using a second number of byes from a second file location of the candidate file; andwherein adding the candidate checksum to the checksum library comprises adding the first checksum and the second checksum to the checksum library. 7. The computer-implemented method of claim 1, wherein accessing the candidate file of the source comprises establishing a network connection with at least one of a web server or a newsgroup server. 8. The computer-implemented method of claim 1, wherein accessing the candidate file of the source comprises: accessing a first directory of the source, the first directory including the candidate file; andwherein determining that the candidate file appears within the proximity of a minimum threshold number of the known illicit files for the source is based on a second directory of the source, the second directory including the known illicit files, wherein the first directory is a different location than the second directory. 9. The computer-implemented method of claim 1, further comprising: obtaining a suspect file from a second file source;generating a checksum for the suspect file;determining the checksum for the suspect file corresponds to the candidate checksum in the checksum library; andcharacterizing the suspect file as an unauthorized file. 10. A computer system, comprising: a computer storage device configured to store a checksum library for assessing suspect files;a server adapted to be connected to a network to permit retrieval of files from a file source; anda file identification application operative with the server to generate the checksum library, the file identification application providing the functions of: identifying the file source as a source of known illicit files;accessing a candidate file stored by a physical storage device for the file source;determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source;generating a candidate checksum for the candidate file from the file source, wherein the known illicit files do not include the candidate file;determining that the checksum library does not include the candidate checksum; andadding the candidate checksum to the checksum library stored in the computer storage device. 11. The computer system of claim 10, wherein the file identification application further provides the functions of: receiving a criterion identifying a file characteristic; andidentifying the source of known illicit files for processing using the criterion. 12. The computer system of claim 11, wherein the file identification application receiving the criterion comprises the file identification application receiving at least one of: a minimum file size; anda file type. 13. The computer system of claim 10, wherein the candidate file comprises a graphics file, and wherein the file identification application generating the candidate checksum comprises the file identification application providing at least one of the functions of: generating the candidate checksum for the graphics file based on vector graphics analysis; ordividing the graphics file into blocks and comparing relationships between the blocks. 14. The computer system of claim 10, wherein the file identification application adding the candidate checksum to the checksum library comprises the file identification application providing the functions of: associating a file name of the candidate file with the candidate checksum; andassociating a file length of the candidate file with the candidate checksum. 15. The computer system of claim 10, wherein: the file identification application generating the candidate checksum comprises the file identification application providing the functions of: generating a first checksum of the candidate file using a first number of bytes from a first file location of the candidate file, andgenerating a second checksum of the candidate file using a second number of byes from a second file location of the candidate file; andwherein adding the candidate checksum to the checksum library comprises adding the first checksum and the second checksum to the checksum library. 16. The computer system of claim 10, wherein the server is adapted to establish a connection via the network with the file source, wherein the file source comprises at least one of a web server or a newsgroup server. 17. The computer system of claim 10, wherein the server is adapted to access the candidate file from the file source by: accessing a first directory of the file source, the first directory including the candidate file; andwherein determining that the candidate file appears within the proximity of a minimum threshold number of the known illicit files for the source is based on a second directory of the file source, the second directory including the known illicit files, wherein the first directory is a different location than the second directory. 18. The computer system of claim 10, wherein the server is further adapted to obtain a suspect file from a second file source, and wherein the file identification application is further adapted for providing the functions of: generating a checksum for the suspect file;determining the checksum for the suspect file corresponds to the candidate checksum in the checksum library; andcharacterizing the suspect file as an unauthorized file. 19. A physical storage device having instructions stored thereon, the instructions comprising: instructions for storing, in a computer storage medium, a checksum library for assessing suspect files;instructions for identifying a source of known illicit files;instructions for accessing a candidate file stored by a physical storage device for the source;instructions for determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source;instructions for generating a candidate checksum for the candidate file stored by the physical storage device for the source, wherein the known illicit files do not include the candidate file;instructions for determining that the checksum library does not include the candidate checksum; andinstructions for adding the candidate checksum to the checksum library stored in the computer storage medium.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (37)
Li David, Analysis of an image of a pattern of discrete objects.
Boulay Jean-Michel Yann,FRX ; Petrillo August T. ; Swimmer Morton Gregory, Automated sample creation of polymorphic and non-polymorphic marcro viruses.
Freivald Matthew P. ; Richards Mark S. ; Noble Alan C., Checksum-comparing change-detection tool indicating degree and location of change of internet documents.
Pond Eugene W. (Garland TX) Rush Jeffrey R. (Richardson TX) Watson John D. (Carrollton TX) Woodall Bruce A. (Plano TX) Goode Walter M. (Dallas TX) Goode George E. (Richardson TX), Cryptographic labeling of electronically stored data.
Farber David A. ; Lachman Ronald D., Data processing system using substantially unique identifiers to identify data items, whereby identical data items hav.
Barney Matthew F., Intelligent agent for identifying intellectual property infringement issues in computer network sites and method of operation thereof.
Rhodes Bradley J. ; Starner Thad E. ; Maes Pattie E. ; Pentland Alex P., Method and apparatus for automated, context-dependent retrieval of information.
Davis, Owen; Jain, Vidyut, Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.