USRE44249E1 - Methods for blocking harmful information online - Google Patents

Methods for blocking harmful information online Download PDF

Info

Publication number
USRE44249E1
USRE44249E1 US12/973,657 US97365710A USRE44249E US RE44249 E1 USRE44249 E1 US RE44249E1 US 97365710 A US97365710 A US 97365710A US RE44249 E USRE44249 E US RE44249E
Authority
US
United States
Prior art keywords
harmful
file
code module
harmful information
client system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime, expires
Application number
US12/973,657
Inventor
Yeon-Sub Jung
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cap Co Ltd
Original Assignee
Cap Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=26636628&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=USRE44249(E1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Cap Co Ltd filed Critical Cap Co Ltd
Priority to US12/973,657 priority Critical patent/USRE44249E1/en
Assigned to CAP CO., LTD. reassignment CAP CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INCA INTERNET CO., LTD.
Application granted granted Critical
Publication of USRE44249E1 publication Critical patent/USRE44249E1/en
Adjusted expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Definitions

  • the present invention relates to computer security systems, and more particularly, to a system and method for diagnosing, remedying and blocking harmful information including computer viruses online over a computer network via which a client is linked to a web server.
  • the Web World Wide Web
  • the number of users on computer networks, and particularly, on the Internet is rapidly expanding.
  • the Internet is no longer a new technology and service field in virtual space, but is getting into the realities of life.
  • the Internet provides convenience to computer users in various ways.
  • concerns about highly possible illegal extraction of personal information or damage caused by a variety of computer viruses through computer networks are also quickly increasing.
  • the damage caused by harmful information such as computer viruses can be serious.
  • the amount of worldwide damage by computer viruses in the first half of 1999 marked a three-fold jump at $ 7 , 6 $7.6 billion over 1998's $2.5 billion.
  • the Chernobyl (CIH) virus which is a high-risk computer virus, corrupted all of the data on a hard disk, and caused tremendous damage in the world including Korea.
  • new harmful information such as the Back Orifice virus, or the School Bus virus which implants a “spy” file capable of remote controlling a computer, into computers along with other computer viruses, to thereby illegally extract personal information from the computers, has been introduced onto the Internet.
  • An existing counterplan for protection against various harmful information is based on the first damage/post-repair policy.
  • This protection counterplan assumes a passive position by taking measures (for example, follow-up development of appropriate antivirus programs) after computer systems have been suffered from unidentified harmful information.
  • Another disadvantage found in the protection policy lies in that a variety of antivirus programs for protecting against harmful information need to be manually installed on individual personal computers, which is an inefficient process overloading computer users with the installation activity. Furthermore, since various harmful information is created and distributed ever quickly through the Internet, it is not easy to consistently equip computers with the latest releases of antivirus programs.
  • the existing counterplan for protecting user computers from harmful information provides no communication channel for effectively reporting occurrences of harmful information or damage caused by the harmful information to the harmful information related service providers, so that statistical data on distribution of harmful information and damage caused by the harmful information, and the systematic data analysis thereof are not available to the harmful information related service providers.
  • a harmful information blocking program which is automatically transmitted and installed in the client system upon accessing to the web server via a computer network, and which inspects in real time file input/output (I/O) or network packet I/O on the client system.
  • An aspect of the first objective of the present invention is achieved by a method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network; (b) the web server transmitting a harmful information blocking code module to the client system; and (c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
  • Step (c) preferably comprises the steps of: (c1) inspecting file input/output (I/O) on the client system; (c2) determining on the client system whether files inspected in step (c1) are harmful or not; and (c3) appropriately treating a file determined to be harmful in step (c2) if it can be treated, and aborting execution of a file determined to be harmful in step (c2) if it cannot be treated.
  • the web server may be provided 30 with information relating to the file determined to be harmful in step (c2).
  • step (c) may comprise the steps of: (c1) inspecting network packet input/output (I/O) on the client system; (c2) determining on the client system whether packets inspected in step (c1) are harmful or not and (c3) if any packet is determined to be harmful, blocking a communication port assigned for the packet I/O.
  • the harmful information blocking code module executed in step (c) preferably displays its running status in a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed. It is preferable that the harmful information blocking code module executed in step (c) continue to run on the client system even when the client system accesses another web server. It is preferable that the harmful information blocking code module transmitted in step (b) is an ActiveXTM or JavaTM program.
  • the present invention provides a method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a first web server, a second web server and a client system are linked to each other, the client system connecting to the second web server over the computer network; (b) the client system connecting to the first web server over the computer network, according to information provided from the second web server to the client system; (c) the first web server transmitting a harmful information blocking code module to the client system; and (d) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
  • the second objective of the present invention is achieved by an online service providing method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a first web server and a client system are linked to each other, constructing a homepage on the first web server for online service; (b) the first web server receiving a connection request from the client system over the computer network; and (c) the first web server transmitting a harmful information blocking code module to the client system, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
  • connection request received by the first web server in step (b) be issued by the client system according to information provided from a second web server after the client system is connected to the second web server separated from the first web server.
  • a system for blocking harmful information including computer viruses comprising: a first web server for providing online services through a computer network; and a client computer linked with the first web server via the computer network, wherein when the client computer is connected to the first web server via the computer network, the first web server transmits a harmful information blocking code module to the client computer, and the harmful information blocking code module is automatically executed on the client computer to block in real time harmful information including computer viruses.
  • the harmful information blocking system further comprise a second web server linked to the client computer through the computer network to provide online services through the computer network, wherein when the client computer is connected to the second web server through the computer network, the second web server provides the client computer with hyperlink information used to access the first web server.
  • the third objective of the present invention is achieved by a computer readable medium having recorded thereon a computer program for blocking harmful information, the computer program transmitted from a web server to a client system through a computer network, and automatically executed on the client system, wherein the blocking of harmful information comprises the step of: (a) inspecting file input/output(I/O) of the client system;(b) determining on the client system whether files inspected in step (a) are harmful or not; (c) appropriately treating a file determined to be harmful in step (b) if it can be treated, and aborting execution of a file determined to be harmful in step (b) if it cannot be treated; and (d) providing the web server with information relating to the file determined to be harmful in step (b).
  • the blocking of harmful information comprises the step of: (a) inspecting file input/output(I/O) of the client system;(b) determining on the client system whether files inspected in step (a) are harmful or not; (c) appropriately treating a file determined to be harmful in step
  • FIGS. 1A and 1B are schematic views of systems applied to implement the present invention.
  • FIGS. 2A and 2B are flowcharts illustrating preferred embodiments of a method for blocking harmful information online according to the present invention
  • FIG. 3 is a schematic view showing the configuration of an example of a harmful information blocking code module adopted in the present invention.
  • FIG. 4 is a flowchart illustrating the operation of the harmful information blocking code module shown in FIG. 3 .
  • a harmful information management server 110 which is a web server, has a homepage, and is linked with a client computer 130 via a computer network, such as the Internet.
  • the harmful information management server 110 provides an online service for providing a harmful information blocking code module, which is capable of blocking in real time harmful information, to the client computer 130 .
  • harmful information collectively refers to an undesirable object or action that adversely effects computer systems and/or computer networks, including computer viruses, undesirable lascivious web sites on the Internet, and the act of illegally extracting personal information.
  • FIG. 2A A first embodiment of a method for blocking harmful information online according to the present invention will be described with reference to FIG. 2A .
  • the method begins with a homepage being constructed for online services on the harmful information management server 110 (step 210 ).
  • a computer user launches a web browser on the client computer (hereinafter, referred to as merely “client”) 130 (step 220 ).
  • client 130 is connected to the harmful information management server 110 (step 240 )
  • the harmful information management server 110 transmits a harmful information blocking code module to the client 130 (step 250 ).
  • the connection between the client 130 and the harmful information management server 110 is accomplished by a HyperText Transfer Protocol formatted request (HTTP request), and the transferring of the harmful information blocking code module from the harmful information management server 110 to the client 130 is performed by a HTTP response.
  • HTTP request is carried out by typing the Universal Resource Locator (URL) of the harmful information management server 110 or clicking a hyperlink associated with the URL on the web browser.
  • URL Universal Resource Locator
  • the harmful information blocking code module is an executable application program which runs on the client 130 .
  • the harmful information blocking code module is an executable application program which runs on the client 130 .
  • an object coded program designed with a high-level language may be linked to a web browser to run.
  • the harmful information blocking code module be executed in connection with a separate window provided for user interface, and a status report for the harmful information blocking code module is displayed in the separate window.
  • a status report for the harmful information blocking code module is displayed in the separate window.
  • the 3 o harmful information management server 110 provides an HTTP response which enables the creation of a separate window, and then provides the harmful information blocking code module as an HTTP response with respect to a HTTP request issued from the client 130 .
  • the window is closed, the execution of the harmful information blocking code module is aborted.
  • the separate window provided for user interface is applicable for various purposes, other than for displaying the running status of the harmful information blocking code module. For example, various kinds of news or banner advertisements may appear in the separate window.
  • the harmful information blocking code module is automatically executed on the client 130 (step 260 ) and blocks in real time harmful information including computer viruses (step 270 ). Since the harmful information blocking code module runs in real time on the client 130 , unless the status displaying window is closed, the harmful information blocking code module continues to run on the client 130 even when the client 130 attempts linking to another web server. Thus, the client 130 can be provided with a harmful information blocking service for security, by a single connection to the harmful information management server 110 .
  • FIG. 1B illustrates the configuration of a system applied for the second embodiment according to the present invention
  • FIG. 2B is a flowchart illustrating the second embodiment of the method for blocking harmful information online according to the present invention.
  • the system further comprises a web server 120 (hereinafter, referred to as “second web server”), other than the harmful information management server 110 , for providing online services on a network.
  • the second web server 120 is a common web sever linked with a client system via a computer network such as the Internet.
  • step 210 and step 220 are carried out in the same way as in the first embodiment described with reference to FIG. 2A .
  • the client 130 primarily accesses the second web server 120 (step 230 ).
  • the second web server 120 provide hyperlink information for use in accessing the harmful information management server 10 as well as information relating to online services to the client 130 (step 235 ). It is preferable that the hyperlink information is not link information for the front homepages of the harmful information management server 10 , but link information that directly enables the client 130 to receive the harmful information blocking code module from the harmful information management server 110 through a separate window.
  • the client 130 performs an HTTP request to the harmful information management server 10 , according to the hyperlink information from the second web server 120 (step 245 ).
  • the harmful information management server 10 transmits the harmful information blocking code module, which is an HTTP response with respect to the HTTP request issued from the client 130 (step 255 ).
  • the harmful information blocking code module is automatically executed on the client 130 (step 260 ), and blocks in real time harmful information such as computer viruses (step 270 ), as in the first embodiment.
  • FIG. 3 shows the configuration of an example of the harmful information blocking code module adopted in the present invention
  • FIG. 4 is a flowchart illustrating the operation of the harmful information blocking code module shown in FIG. 3 .
  • the harmful information blocking code module includes an input/output management unit 310 , a harmful information blocking unit 320 , and an information transferring unit 330 .
  • the harmful information blocking code module is related to a separate window 340 on which its running status is displayed, and execution of the harmful information blocking code module aborts upon the closing of the separate window 340 , as previously described.
  • the input/output management unit 310 inspects file input/output (I/O) on the client 130 .
  • the inspection of the file I/O refers to the action taken to get file information by hooking up file I/O routines.
  • the input/output management unit 310 also inspects network packet I/O on the client 130 so as to block harmful information from the network.
  • a computer virus capable of illegally extracting personal information such as the Back Orifice virus, may be blocked by checking file I/O, or checking processes, which will be described below.
  • the input/output management unit 310 further has a function for monitoring any Internet address that the client 130 attempts accessing, which prevents computer users from accessing undesirable lascivious web sites.
  • the harmful information blocking unit 320 diagnoses whether or not a file or packet is harmful, and takes appropriate remedial action if the file or packet is harmful.
  • the information transferring unit 330 informs the harmful information management server 110 of information on the file or packet determined to be harmful.
  • the harmful information blocking code module In the operation of the harmful information blocking code module, referring to FIG. 4 , first the harmful information blocking code module, which is automatically executed on the client 130 , inspects whether processes currently running on the client 130 are harmful or not (step 410 ). This is because all future processes can be influenced by the current processes in memory. Another reason for this is that the Back Orifice virus capable of illegally extracting personal information from a system, operates in the form of processes, and enables an external computer system to remote control a user computer.
  • a method for checking whether or not processes are harmful involves making a list of the ongoing processes loaded in the memory, and examining whether the files corresponding to each of the processes are harmful or not. If a file is determined to be harmful, the corresponding process is determined to be a harmful process and is then aborted. It is appreciated that an appropriate treatment may also be performed on the corresponding harmful file, Preferably, after the detection of harmful information and before performing appropriate treatment, the harmful information blocking code module informs a user of the presence of the harmful information, and requests the user's approval to take remedial action.
  • the harmful information blocking code module inspects every file I/O on the client 140 (step 420 ).
  • the file I/O inspection is performed by hooking up file I/O routines.
  • VxD which is the I/O routine under the Windows environment, may be hooked up for the inspection.
  • network packet I/O may be inspected along with the file I/O so as to block harmful information infiltrating from a network, which was also previously mentioned.
  • the network packet I/O inspection may be accomplished by hooking up socket I/O routines (such as the so-called “Winsock module” in the Windows environment).
  • any Internet address that the client 130 attempts to access may be further monitored, is which prevents preventing the accessing of undesirable lascivious web sites.
  • This monitoring for preventing undesirable accessing can be accomplished by checking the header of a HTTP request message or a Domain Name Service (DNS) lookup message.
  • DNS Domain Name Service
  • step 420 may involve additional functions for checking for possible occurrences of harmful information on the client 130 .
  • Subsequent operations of the harmful information blocking code module will be described with reference to file I/O inspection, however, file I/O inspection is only an example and should not be contrived as limiting the scope of the invention.
  • step 430 it is determined whether files, which are monitored in step 420 , are harmful or not (step 430 ).
  • This determination can be performed by various methods, according to the type of harmful information or the necessities of applications. For example, a pattern comparison with known harmful information, for example, identified computer viruses, may be performed for the purpose of the determination.
  • a pattern comparison with known harmful information for example, identified computer viruses, may be performed for the purpose of the determination.
  • computer viruses operate in a predetermined pattern, and thus the pattern comparison technique can be a tool for identifying new species of viruses.
  • step 430 it is preferable to make a determination as to whether or not a network packet is harmful, or whether the client 130 attempts to access an undesirable lascivious web site.
  • the harmful information code module performs no specified treatment on the file. Accordingly, a user is allowed to continue his or her task on the client 130 irrespective of the harmful information code blocking module.
  • the monitored information is determined to be harmful, it is further determined whether the monitored information is related to file I/O or packet I/O to provide a proper treatment consistent with the harmful file or packet.
  • file I/O or packet I/O to provide a proper treatment consistent with the harmful file or packet.
  • step 450 it is determined whether the harmful file can be properly treated. If the treatment is possible, the related file is treated (step 454 ). If the treatment is impossible, execution of the corresponding file is merely aborted (step 452 ). In step 454 , it is preferable to notify a user that harmful information was detected, and to request approval for performing treatment on the harmful information.
  • the harmful information management server 110 it is preferable to notify the harmful information management server 110 if information indicative of harmful information is detected from the client 130 online, using the harmful information blocking code module (step 470 ). If the detected information is a new kind of harmful information and thus cannot be treated, it is preferable to transmit the entire file related to the unidentified harmful information to the harmful information management server 110 . Of course, it is preferable to get pre-approval regarding notification of the harmful information detection and/or the transmission of the unidentified harmful information file to the harmful information management server 110 .
  • the present embodiment provides the function of automatically providing the harmful information management server 110 with information on harmful information detected in the client 130 .
  • the harmful information management server 110 is allowed to acquire statistical data on harmful information, and can thus instantaneously counteract the occurrence of an unidentified computer virus, for example, by developing an effective antivirus program.
  • the harmful information management server 110 analyzes the unidentified harmful information from the client 130 to develop a proper treatment program, and provides an appropriate security service for blocking harmful information from attacking the client 130 , with the latest version of the harmful information blocking code module. Therefore,-the present invention can prevent user computers operating in an open network environment from damage caused by various harmful information.
  • a communications channel for use by the harmful information blocking code module in automatically transmitting harmful information to the harmful information management server 110 may be implemented with Internet mail transfer protocol such as Simple Mail Transfer Protocol (SMTP), or File Transfer Protocol (FTP). More preferably, a specified communication channel is provided exclusively for the transmission of the harmful information.
  • SMTP Simple Mail Transfer Protocol
  • FTP File Transfer Protocol
  • step 440 if it is determined in step 440 that harmful information is related with packet I/O, a communication port assigned for the packet I/O is blocked (step 460 ). If internal processes for supporting the network packet I/O via the communication channel is in progress, it is preferable to abort the processes.
  • step 462 a proper treatment is performed on the harmful information infiltrating through the communications port in a similar way as for the harmful information related with file I/O (step 462 ).
  • step 470 the harmful information management server 110 is informed of the detection of the harmful information from the network packet I/O.
  • the present embodiments may be implemented as a computer readable program code.
  • the invention may be embodied in a general purpose digital computer by running a program from a computer readable medium, including but not limited to magnetic storage media (e.g., ROM's, floppy disks, hard disks, etc.), optically readable media (e.g., CD-ROMs, DVDs, etc.) and carrier waves (e.g., transmissions over the Internet).
  • magnetic storage media e.g., ROM's, floppy disks, hard disks, etc.
  • optically readable media e.g., CD-ROMs, DVDs, etc.
  • carrier waves e.g., transmissions over the Internet
  • the harmful information blocking code module is automatically provided to and installed in the client system by only online connecting to the harmful information management server, so that harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.
  • the harmful information blocking code module has a function of informing the harmful information management server of information indicative of an unidentified computer virus detected in the client system. Accordingly, the harmful information management server can acquire useful statistical data relating to harmful information, and keeps up-to-date with the latest releases of the harmful information blocking code module, which ensures latest security service for user computers.
  • the harmful information blocking code module is able to inspect the network packet I/O, which warrants secured electronic commerce through the Internet.
  • the present invention can be effective in actively protecting business information, or confidential information relating to national security from various harmful information.
  • the present invention is effective in terms of both security and efficiency.

Abstract

A system and method are provided for diagnosing, remedying and blocking harmful information including computer viruses online over a computer network via which a web server and a client are linked to each other. The method includes, on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network. Then, the web server transmits a harmful information blocking code module to the client system. Once the transmission of the harmful information blocking code module is completed the harmful information blocking code module automatically runs on the client system to block in real time harmful information including computer viruses. The harmful information blocking code module is automatically transmitted to and installed in the client system only by online connecting to the harmful information management server, so that the harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.

Description

Notice: More than one reissue application has been filed for the reissue of U.S. Pat. No. 7,062,552. The reissue applications are U.S. Reissue application Ser. No. 12/137,871, filed Jun. 12, 2008 and granted Mar. 1, 2011 as U.S. Pat. No. Re. 42,196, and this U.S. Patent Reissue application Ser. No. 12/973,657 (the present application), which was filed Dec. 20, 2010 as a divisional of U.S. Reissue application Ser. No. 12/137,871.
CROSS-REFERENCES TO RELATED APPLICATIONS
This application is a continuation divisional of U.S. Reissue application Ser. No. 12/137,871, filed Jun. 12, 2008 (now U.S. Pat. No. Re. 42,196), which is a reissue of U.S. Pat. No. 7,062,552, granted Jun. 13, 2006, from U.S. patent application Ser. No. 10/188,161, filed Jul. 1, 2002, which is a continuation of International Patent Application No. PCT/KR00/01374, filed Nov. 28, 2000, which was published in the English language on Jul. 12, 2002 under Publication No. WO 01/50344, and the disclosure of which is incorporated herein by reference. International Patent Application No. PCT/KR00/01374 claims priority to Korean Patent Application No. KR 1999-0068606, filed Dec. 31, 1999 and to Korean Patent Application No. KR 2000-0011282, filed Mar. 7, 2000.
This application is also an application for the reissue of U.S. Pat. No. 7,062,552. Thus, this application is a divisional reissue application.
BACKGROUND OF THE INVENTION
The present invention relates to computer security systems, and more particularly, to a system and method for diagnosing, remedying and blocking harmful information including computer viruses online over a computer network via which a client is linked to a web server.
With the development of computer network based technologies, and lo particularly, the World Wide Web (“the Web”) technology, the number of users on computer networks, and particularly, on the Internet, is rapidly expanding. Now, the Internet is no longer a new technology and service field in virtual space, but is getting into the realities of life. An ever-growing number of businesses, for example, shopping, auction, banking and advertising businesses, have established a presence on the Internet. Computer users now routinely employ the Internet to access various information, and conduct a variety of economical activities.
The Internet provides convenience to computer users in various ways. On the other hand, as computer and Internet related technologies have grown, concerns about highly possible illegal extraction of personal information or damage caused by a variety of computer viruses through computer networks are also quickly increasing. The damage caused by harmful information such as computer viruses can be serious. Reportedly, the amount of worldwide damage by computer viruses in the first half of 1999 marked a three-fold jump at $7,6 $7.6 billion over 1998's $2.5 billion.
For example, the Chernobyl (CIH) virus, which is a high-risk computer virus, corrupted all of the data on a hard disk, and caused tremendous damage in the world including Korea. Recently, new harmful information such as the Back Orifice virus, or the School Bus virus which implants a “spy” file capable of remote controlling a computer, into computers along with other computer viruses, to thereby illegally extract personal information from the computers, has been introduced onto the Internet.
An existing counterplan for protection against various harmful information is based on the first damage/post-repair policy. This protection counterplan assumes a passive position by taking measures (for example, follow-up development of appropriate antivirus programs) after computer systems have been suffered from unidentified harmful information. Another disadvantage found in the protection policy lies in that a variety of antivirus programs for protecting against harmful information need to be manually installed on individual personal computers, which is an inefficient process overloading computer users with the installation activity. Furthermore, since various harmful information is created and distributed ever quickly through the Internet, it is not easy to consistently equip computers with the latest releases of antivirus programs.
Thus, if new harmful information, such as new species of computer virus, against which appropriate antivirus programs have not been developed yet, infiltrates a user computer, it is inevitable that the computer system is damaged by the new computer virus, or personal information is illegally drawn out of the computer system. In addition, a user must visit harmful information related service providers, or online communications companies to get the latest version of the antivirus program whenever an unidentified computer virus is discovered. Furthermore, downloading the latest version of the antivirus program is followed by manual installation, which is an unnecessary labor-intensive task.
The existing counterplan for protecting user computers from harmful information provides no communication channel for effectively reporting occurrences of harmful information or damage caused by the harmful information to the harmful information related service providers, so that statistical data on distribution of harmful information and damage caused by the harmful information, and the systematic data analysis thereof are not available to the harmful information related service providers.
BRIEF SUMMARY OF THE INVENTION
To solve the above problems, it is a first objective of the present invention to provide a system and method for blocking harmful information online, which allows a client system to actively block the harmful information, using a harmful information blocking program which is automatically transmitted and installed in the client system upon accessing to the web server via a computer network, and which inspects in real time file input/output (I/O) or network packet I/O on the client system.
It is a second objective of the present invention to provide a method for providing service of blocking harmful information online by a web server on a computer network.
It is a third objective of the present invention to provide a computer readable medium storing the harmful information blocking program.
An aspect of the first objective of the present invention is achieved by a method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network; (b) the web server transmitting a harmful information blocking code module to the client system; and (c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
Step (c) preferably comprises the steps of: (c1) inspecting file input/output (I/O) on the client system; (c2) determining on the client system whether files inspected in step (c1) are harmful or not; and (c3) appropriately treating a file determined to be harmful in step (c2) if it can be treated, and aborting execution of a file determined to be harmful in step (c2) if it cannot be treated. In step (c3), the web server may be provided 30 with information relating to the file determined to be harmful in step (c2).
Alternatively, step (c) may comprise the steps of: (c1) inspecting network packet input/output (I/O) on the client system; (c2) determining on the client system whether packets inspected in step (c1) are harmful or not and (c3) if any packet is determined to be harmful, blocking a communication port assigned for the packet I/O.
The harmful information blocking code module executed in step (c) preferably displays its running status in a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed. It is preferable that the harmful information blocking code module executed in step (c) continue to run on the client system even when the client system accesses another web server. It is preferable that the harmful information blocking code module transmitted in step (b) is an ActiveX™ or Java™ program.
In another embodiment, the present invention provides a method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a first web server, a second web server and a client system are linked to each other, the client system connecting to the second web server over the computer network; (b) the client system connecting to the first web server over the computer network, according to information provided from the second web server to the client system; (c) the first web server transmitting a harmful information blocking code module to the client system; and (d) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
The second objective of the present invention is achieved by an online service providing method for blocking harmful information including computer viruses, the method comprising the steps of: (a) on a computer network through which a first web server and a client system are linked to each other, constructing a homepage on the first web server for online service; (b) the first web server receiving a connection request from the client system over the computer network; and (c) the first web server transmitting a harmful information blocking code module to the client system, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses.
It is preferable that the connection request received by the first web server in step (b) be issued by the client system according to information provided from a second web server after the client system is connected to the second web server separated from the first web server.
Another aspect of the first objective of the present invention is achieved by a system for blocking harmful information including computer viruses, comprising: a first web server for providing online services through a computer network; and a client computer linked with the first web server via the computer network, wherein when the client computer is connected to the first web server via the computer network, the first web server transmits a harmful information blocking code module to the client computer, and the harmful information blocking code module is automatically executed on the client computer to block in real time harmful information including computer viruses.
It is preferable that the harmful information blocking system further comprise a second web server linked to the client computer through the computer network to provide online services through the computer network, wherein when the client computer is connected to the second web server through the computer network, the second web server provides the client computer with hyperlink information used to access the first web server.
The third objective of the present invention is achieved by a computer readable medium having recorded thereon a computer program for blocking harmful information, the computer program transmitted from a web server to a client system through a computer network, and automatically executed on the client system, wherein the blocking of harmful information comprises the step of: (a) inspecting file input/output(I/O) of the client system;(b) determining on the client system whether files inspected in step (a) are harmful or not; (c) appropriately treating a file determined to be harmful in step (b) if it can be treated, and aborting execution of a file determined to be harmful in step (b) if it cannot be treated; and (d) providing the web server with information relating to the file determined to be harmful in step (b).
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
The foregoing summary, as well as the following detailed description of the invention, will be better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there are shown in the drawings embodiments which are presently preferred. It should be understood, however, that the invention is not limited to the precise arrangements and instrumentalities shown.
In the drawings:
FIGS. 1A and 1B are schematic views of systems applied to implement the present invention;
FIGS. 2A and 2B are flowcharts illustrating preferred embodiments of a method for blocking harmful information online according to the present invention;
FIG. 3 is a schematic view showing the configuration of an example of a harmful information blocking code module adopted in the present invention; and
FIG. 4 is a flowchart illustrating the operation of the harmful information blocking code module shown in FIG. 3.
 DETAILED DESCRIPTION OF THE INVENTION
As shown in FIG. 1A, which illustrates a system applicable to implement a preferred embodiment of the invention, a harmful information management server 110, which is a web server, has a homepage, and is linked with a client computer 130 via a computer network, such as the Internet.
The harmful information management server 110 provides an online service for providing a harmful information blocking code module, which is capable of blocking in real time harmful information, to the client computer130. The term “harmful information” collectively refers to an undesirable object or action that adversely effects computer systems and/or computer networks, including computer viruses, undesirable lascivious web sites on the Internet, and the act of illegally extracting personal information.
The operation of the system shown in FIG. 1A is illustrated in FIG. 2A. A first embodiment of a method for blocking harmful information online according to the present invention will be described with reference to FIG. 2A.
The method begins with a homepage being constructed for online services on the harmful information management server 110 (step 210). A computer user launches a web browser on the client computer (hereinafter, referred to as merely “client”) 130 (step 220). When the client 130 is connected to the harmful information management server 110 (step 240), the harmful information management server 110 transmits a harmful information blocking code module to the client 130 (step 250).
For this case, the connection between the client 130 and the harmful information management server 110 is accomplished by a HyperText Transfer Protocol formatted request (HTTP request), and the transferring of the harmful information blocking code module from the harmful information management server 110 to the client 130 is performed by a HTTP response. In general, the HTTP request is carried out by typing the Universal Resource Locator (URL) of the harmful information management server 110 or clicking a hyperlink associated with the URL on the web browser.
Preferably, the harmful information blocking code module is an executable application program which runs on the client 130. For example, there are ActiveX™ controls designed for use in the Windows environment developed by the Microsoft Corporation, and Java™ applets and JavaScript™, which can be executed by web browser. Alternatively, an object coded program designed with a high-level language may be linked to a web browser to run.
It is preferable that the harmful information blocking code module be executed in connection with a separate window provided for user interface, and a status report for the harmful information blocking code module is displayed in the separate window. In this manner, upon the linking of the client 130 to the harmful information management server 110, first the 3o harmful information management server 110 provides an HTTP response which enables the creation of a separate window, and then provides the harmful information blocking code module as an HTTP response with respect to a HTTP request issued from the client 130. When the window is closed, the execution of the harmful information blocking code module is aborted. The separate window provided for user interface is applicable for various purposes, other than for displaying the running status of the harmful information blocking code module. For example, various kinds of news or banner advertisements may appear in the separate window.
When the transfer of the harmful information blocking code module is completed, the harmful information blocking code module is automatically executed on the client 130 (step 260) and blocks in real time harmful information including computer viruses (step 270). Since the harmful information blocking code module runs in real time on the client 130, unless the status displaying window is closed, the harmful information blocking code module continues to run on the client 130 even when the client 130 attempts linking to another web server. Thus, the client 130 can be provided with a harmful information blocking service for security, by a single connection to the harmful information management server 110.
Prior to description of the mechanism of the harmful information blocking code module, a variation (hereinafter, referred to as “second embodiment”) of the embodiment described with reference to FIG. 1A will be described. FIG. 1B illustrates the configuration of a system applied for the second embodiment according to the present invention, and FIG. 2B is a flowchart illustrating the second embodiment of the method for blocking harmful information online according to the present invention.
As shown in FIG. 1B, the system further comprises a web server 120 (hereinafter, referred to as “second web server”), other than the harmful information management server 110, for providing online services on a network. The second web server 120 is a common web sever linked with a client system via a computer network such as the Internet.
In the present embodiment, referring to FIG. 2B, step 210 and step 220 are carried out in the same way as in the first embodiment described with reference to FIG. 2A. Next, the client 130 primarily accesses the second web server 120 (step 230).
Since the second web server 120 provide hyperlink information for use in accessing the harmful information management server 10 as well as information relating to online services to the client 130 (step 235). It is preferable that the hyperlink information is not link information for the front homepages of the harmful information management server 10, but link information that directly enables the client 130 to receive the harmful information blocking code module from the harmful information management server 110 through a separate window.
Next, the client 130 performs an HTTP request to the harmful information management server 10, according to the hyperlink information from the second web server 120 (step 245). The harmful information management server 10 transmits the harmful information blocking code module, which is an HTTP response with respect to the HTTP request issued from the client 130 (step 255).
When the transfer of the harmful information blocking code module is completed, the harmful information blocking code module is automatically executed on the client 130 (step 260), and blocks in real time harmful information such as computer viruses (step 270), as in the first embodiment.
The harmful information blocking code module will now be described in greater detail. FIG. 3 shows the configuration of an example of the harmful information blocking code module adopted in the present invention, and FIG. 4 is a flowchart illustrating the operation of the harmful information blocking code module shown in FIG. 3.
As shown in FIG. 3, the harmful information blocking code module includes an input/output management unit 310, a harmful information blocking unit 320, and an information transferring unit 330. The harmful information blocking code module is related to a separate window 340 on which its running status is displayed, and execution of the harmful information blocking code module aborts upon the closing of the separate window 340, as previously described.
The input/output management unit 310 inspects file input/output (I/O) on the client 130. The inspection of the file I/O refers to the action taken to get file information by hooking up file I/O routines. Preferably, the input/output management unit 310 also inspects network packet I/O on the client 130 so as to block harmful information from the network. A computer virus capable of illegally extracting personal information, such as the Back Orifice virus, may be blocked by checking file I/O, or checking processes, which will be described below. Preferably, the input/output management unit 310 further has a function for monitoring any Internet address that the client 130 attempts accessing, which prevents computer users from accessing undesirable lascivious web sites.
The harmful information blocking unit 320 diagnoses whether or not a file or packet is harmful, and takes appropriate remedial action if the file or packet is harmful. The information transferring unit 330 informs the harmful information management server 110 of information on the file or packet determined to be harmful.
In the operation of the harmful information blocking code module, referring to FIG. 4, first the harmful information blocking code module, which is automatically executed on the client 130, inspects whether processes currently running on the client 130 are harmful or not (step 410). This is because all future processes can be influenced by the current processes in memory. Another reason for this is that the Back Orifice virus capable of illegally extracting personal information from a system, operates in the form of processes, and enables an external computer system to remote control a user computer.
A method for checking whether or not processes are harmful involves making a list of the ongoing processes loaded in the memory, and examining whether the files corresponding to each of the processes are harmful or not. If a file is determined to be harmful, the corresponding process is determined to be a harmful process and is then aborted. It is appreciated that an appropriate treatment may also be performed on the corresponding harmful file, Preferably, after the detection of harmful information and before performing appropriate treatment, the harmful information blocking code module informs a user of the presence of the harmful information, and requests the user's approval to take remedial action.
Next, the harmful information blocking code module inspects every file I/O on the client 140 (step 420). As previously mentioned, the file I/O inspection is performed by hooking up file I/O routines. For example, VxD, which is the I/O routine under the Windows environment, may be hooked up for the inspection.
In step 420, network packet I/O may be inspected along with the file I/O so as to block harmful information infiltrating from a network, which was also previously mentioned. The network packet I/O inspection may be accomplished by hooking up socket I/O routines (such as the so-called “Winsock module” in the Windows environment).
Furthermore, as previously mentioned, in step 420, any Internet address that the client 130 attempts to access, may be further monitored, is which prevents preventing the accessing of undesirable lascivious web sites. This monitoring for preventing undesirable accessing can be accomplished by checking the header of a HTTP request message or a Domain Name Service (DNS) lookup message.
In other words, step 420 may involve additional functions for checking for possible occurrences of harmful information on the client 130. Subsequent operations of the harmful information blocking code module will be described with reference to file I/O inspection, however, file I/O inspection is only an example and should not be contrived as limiting the scope of the invention.
Next, it is determined whether files, which are monitored in step 420, are harmful or not (step 430). This determination can be performed by various methods, according to the type of harmful information or the necessities of applications. For example, a pattern comparison with known harmful information, for example, identified computer viruses, may be performed for the purpose of the determination. In general, computer viruses operate in a predetermined pattern, and thus the pattern comparison technique can be a tool for identifying new species of viruses.
In step 430, it is preferable to make a determination as to whether or not a network packet is harmful, or whether the client 130 attempts to access an undesirable lascivious web site.
If it is determined that the monitored information is safe, the harmful information code module performs no specified treatment on the file. Accordingly, a user is allowed to continue his or her task on the client 130 irrespective of the harmful information code blocking module.
If the monitored information is determined to be harmful, it is further determined whether the monitored information is related to file I/O or packet I/O to provide a proper treatment consistent with the harmful file or packet. Although not shown in FIG. 4, as for blocking access to an desirable lascivious web site, a HTTP request message can be reformulated to guide the client 130 to a desirable web site good for users.
In the case where the monitored information is related to file I/O, it is determined whether the harmful file can be properly treated (step 450). If the treatment is possible, the related file is treated (step 454). If the treatment is impossible, execution of the corresponding file is merely aborted (step 452). In step 454, it is preferable to notify a user that harmful information was detected, and to request approval for performing treatment on the harmful information.
Lastly, it is preferable to notify the harmful information management server 110 if information indicative of harmful information is detected from the client 130 online, using the harmful information blocking code module (step 470). If the detected information is a new kind of harmful information and thus cannot be treated, it is preferable to transmit the entire file related to the unidentified harmful information to the harmful information management server 110. Of course, it is preferable to get pre-approval regarding notification of the harmful information detection and/or the transmission of the unidentified harmful information file to the harmful information management server 110.
In other words, the present embodiment provides the function of automatically providing the harmful information management server 110 with information on harmful information detected in the client 130. Accordingly, the harmful information management server 110 is allowed to acquire statistical data on harmful information, and can thus instantaneously counteract the occurrence of an unidentified computer virus, for example, by developing an effective antivirus program. In this manner, the harmful information management server 110 analyzes the unidentified harmful information from the client 130 to develop a proper treatment program, and provides an appropriate security service for blocking harmful information from attacking the client 130, with the latest version of the harmful information blocking code module. Therefore,-the present invention can prevent user computers operating in an open network environment from damage caused by various harmful information.
In the present embodiment, a communications channel for use by the harmful information blocking code module in automatically transmitting harmful information to the harmful information management server 110 may be implemented with Internet mail transfer protocol such as Simple Mail Transfer Protocol (SMTP), or File Transfer Protocol (FTP). More preferably, a specified communication channel is provided exclusively for the transmission of the harmful information.
Meanwhile, if it is determined in step 440 that harmful information is related with packet I/O, a communication port assigned for the packet I/O is blocked (step 460). If internal processes for supporting the network packet I/O via the communication channel is in progress, it is preferable to abort the processes.
Next, a proper treatment is performed on the harmful information infiltrating through the communications port in a similar way as for the harmful information related with file I/O (step 462). In step 470, the harmful information management server 110 is informed of the detection of the harmful information from the network packet I/O.
The present embodiments may be implemented as a computer readable program code. The invention may be embodied in a general purpose digital computer by running a program from a computer readable medium, including but not limited to magnetic storage media (e.g., ROM's, floppy disks, hard disks, etc.), optically readable media (e.g., CD-ROMs, DVDs, etc.) and carrier waves (e.g., transmissions over the Internet).
While this invention has been particularly shown and described with reference to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made thereto without departing from the spirit and scope of the invention as defined by the appended claims. The embodiments should be construed as being illustrative and not as limiting the scope of the invention. Accordingly, the scope of the present invention is defined by the appended claims rather than the foregoing description.
INDUSTRIAL APPLICABILITY
As previously described, according to the present invention, the harmful information blocking code module is automatically provided to and installed in the client system by only online connecting to the harmful information management server, so that harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.
The harmful information blocking code module has a function of informing the harmful information management server of information indicative of an unidentified computer virus detected in the client system. Accordingly, the harmful information management server can acquire useful statistical data relating to harmful information, and keeps up-to-date with the latest releases of the harmful information blocking code module, which ensures latest security service for user computers.
Furthermore, the harmful information blocking code module is able to inspect the network packet I/O, which warrants secured electronic commerce through the Internet. In particular, for private enterprises or government organizations, the present invention can be effective in actively protecting business information, or confidential information relating to national security from various harmful information. The present invention is effective in terms of both security and efficiency.
It will be appreciated by those skilled in the art that changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention as defined by the appended claims.

Claims (54)

I claim:
1. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
(a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network;
(b) the web server transmitting a harmful information blocking code module to the client system; and
(c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (c) comprises steps of:
(c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines,
(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
(c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting the execution of the file determined to be harmful in the step (c2), if it cannot be treated.
2. The method of claim 1, wherein in the step (c3), if the file determined to be harmful in the step (c2) cannot be treated, the file is transmitted to the web server.
3. The method of claim 1, wherein the step (c3) comprises requesting the client system user's approval for the execution of the step (c3).
4. The method of claim 1, wherein the step (c) further comprises steps of:
(c4) inspecting network packet input/output (1/0) on the client system;
(c5) determining whether packets inspected in the step (c4) are harmful or not; and
(c6) if any packet is determined to be harmful, blocking a communication port assigned for the packet I/O.
5. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) checks whether current processes running on the client system are harmful or not.
6. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) displays its running status in a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed.
7. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) continues to run on the client system even when the client system accesses another web server.
8. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
(a) on a computer network through which a first web server, a second web server and a client system are linked to each other, the client system connecting to the second web server over the computer network;
(b) the client system connecting to the first web server over the computer network, according to information provided from the second web server to the client system;
(c) the first web server transmitting a harmful information blocking code module to the client system; and
(d) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (d) comprises steps of:
(d1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
(d2) determining whether the file to be executed corresponding to the inspected file input/output in the step (d1) is harmful or not; and
(d3) treating a file determined to be harmful in the step (d2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (d2), if it cannot be treated.
9. The method of claim 8, wherein the harmful information blocking code module executed in the step (d) continues to run on the client system even when the client system accesses another web server.
10. A method for blocking in a real time harmful information in a file to be executed in real time, the method comprising steps of:
(a) on a computer network through which a first web server and a client system are linked to each other, the first web server receiving a connection request from the client system over the computer network;
(b) the connection request is issued by the client system according to information provided from a second web server after the client system is connected to the second web server separated from the first web server;
(c) once the first web server transmits a harmful information blocking code module to the client system, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,
wherein the step (d) comprises steps of:
(c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
(c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (c2), if it cannot be treated.
11. The method of claim 10, wherein the harmful information blocking code module transmitted in the step (c) continues to run on the client system even when the client system accesses another web server.
12. A system for blocking in real time harmful information in a file to be executed, comprising:
a first web server for providing online services through a computer network; and
a client computer linked with the first web server via the computer network,
wherein when the first web server receives a connection request from the client system, the first web server transmits a harmful information blocking code module to the client computer, and the harmful information blocking code module is automatically executed on the client computer to block in real time harmful information including computer viruses, and wherein the harmful information blocking code module inspect file input/output (I/O) on the client system by hooking up file I/O routines, and
determines whether the file to be executed corresponding to the inspected file input/output is harmful or not: and
treats a file determined to be harmful and executes the file, if it can be treated, and aborts the execution of the file determined to be harmful, if it cannot be treated.
13. The system of claim 12, wherein the harmful information blocking code module displays its running status on a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed.
14. The system of claim 12, further comprising a second web server linked to the client computer through the computer network to provide online services through the computer network, and
wherein when the client computer is connected to the second web server through the computer network, the second web server provides the client computer with hyperlink information used to access to the first web server.
15. The system of claim 12, wherein the harmful information blocking code module continues to run on the client computer even when the client computer accesses another web server.
16. A method performed by a server system for blocking harmful information at a client system, wherein the server system and the client system are connected by a computer network, the method comprising:
receiving a request from the client system;
transmitting to the client system, in response to the request, a harmful information blocking code module, wherein the harmful information blocking code module is configured to execute on the client system to block harmful information in response to completion of transmission of the harmful information blocking code module to the client system, the harmful information blocking code module configured to:
inspect file input/output by intercepting at least one file input/output routine on the client system;
determine whether at least one file corresponding to the file input/output routine is harmful or not; and
in response to determining that a file is harmful, abort execution of the file input/output routine if the file cannot be treated.
17. The method of claim 16, wherein the harmful information blocking code module is further configured to allow execution of the file input/output routine, if the file is determined not to be harmful.
18. The method of claim 16, wherein the harmful information blocking code module is further configured to treat the file determined to be harmful, if it can be treated.
19. The method of claim 16, wherein the harmful information blocking code module is further configured to transmit the file to a web server, if the file determined to be harmful cannot be treated.
20. The method of claim 16, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
21. The method of claim 16, wherein the harmful information blocking code module is further configured to:
inspect network packet input/output (I/O) on the client system,
determine whether at least one inspected packet is harmful or not; and
abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
22. The method of claim 21, wherein the internal process comprises at least one socket I/O routines.
23. The method of claim 21, wherein at least one packet comprises at least one of a HTTP request message header and a DNS lookup message header.
24. The method of claim 16, wherein the harmful information blocking code module displays its running status in a separate window.
25. The method of claim 16, wherein the harmful information blocking code module is further configured to display advertising contents in a separate window.
26. The method of claim 16, wherein the harmful information blocking code module is an object coded program linked to a web browser.
27. The method of claim 26, wherein the object coded program is one of an ActiveX control, Java applet or Java script.
28. A method for blocking harmful information at a client system, wherein the client system is connected to a server system via a computer network, the method comprising:
sending a request to download a harmful information blocking code module from the server system;
downloading the harmful information blocking code module;
executing the harmful information blocking code module runs on the client system to block harmful information wherein executing the harmful information blocking code module comprises:
inspecting file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
determining, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not; and
in response to determining that a file is harmful, aborting execution of the file I/O routine if the file cannot be treated.
29. The method of claim 28, wherein executing the harmful information blocking code module further comprises allowing execution of the file, if the file is determined not to be harmful.
30. The method of claim 28, wherein executing the harmful information blocking code module further comprises treating the file determined to be harmful, if it can be treated.
31. The method of claim 28, wherein executing the harmful information blocking code module further comprises causing display of a separate window to display a running status of the harmful information blocking code module.
32. The method of claim 28, wherein executing the harmful information blocking code module further comprises transmitting the file to another web server, if the file determined to be harmful cannot be treated.
33. The method of claim 28, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
34. The method of claim 28, wherein executing the harmful information blocking code module further comprises:
inspecting network packet input/output (I/O) on the client system,
determining whether at least inspected packet is harmful or not; and
aborting an internal process supporting the network packet I/O, if any packet is determined to be harmful.
35. The method of claim 34, wherein the internal process comprises at least one of socket I/O routines.
36. The method of claim 34, wherein the network packet comprises at least one of a HTTP request message header and a DNS lookup message header.
37. The method of claim 28, wherein the harmful information blocking code module displays advertising contents in a separate window.
38. The method of claim 28, wherein the harmful information blocking code module is an object coded program linked to a web browser.
39. The method of claim 38, wherein the object coded program is one of an ActiveX control, Java applet or Java script.
40. A client computer comprising:
a connection to a computer network;
a processor, wherein, in response to receipt of a harmful information blocking code module from the computer network, the processor is configured to execute the harmful information blocking code module, which causes the processor to be configured to:
inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
determine, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not;
determine whether the file determined to be harmful can be treated; and
in response to determining that a file is harmful and cannot be treated, abort execution of the file I/O routine.
41. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to allow execution of the file I/O routine, if the file is determined not to be harmful.
42. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
43. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
44. The client computer of claim 40, wherein the processor is configured to execute the harmful information blocking code module automatically when receipt of the harmful information blocking code module at the client system is completed.
45. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
inspect network packet I/O on the client computer,
determine whether at least one inspected packet is harmful or not; and
abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
46. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
display running status of the harmful information blocking code in a separate window.
47. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
display advertising contents in a separate window.
48. A non-transitory computer-readable medium on which are stored instructions for execution by a client computer system connected to a server computer system via a computer network, wherein the instructions are received at the client computer system from the server system in response to a request from the client computer system, and wherein the instructions execute on the client computer system after receipt of the instructions from the server computer system, the instructions comprising:
instructions to inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
instructions to determine, based on the intercepting, whether at least one file corresponding to the file input/output routine is harmful or not; and
instructions to, in response to determining that a file is harmful, abort execution of the file I/O routine if the file cannot be treated.
49. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to allow execution of the file I/O routine, if the file is determined not to be harmful.
50. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
51. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
52. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to inspect network packet I/O on the client computer,
instructions to determine whether at least one inspected packet is harmful or not; and
instructions to abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
53. (The non-transitory computer-readable medium of claim 48, further comprising:
instructions to display running status of the harmful information blocking code in a separate window.
54. The non-transitory computer-readable medium of claim 48, further comprising:
instructions to display advertising contents in a separate window.
US12/973,657 1999-03-07 2010-12-20 Methods for blocking harmful information online Expired - Lifetime USRE44249E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/973,657 USRE44249E1 (en) 1999-03-07 2010-12-20 Methods for blocking harmful information online

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
KR2000-11282 1999-03-07
KR1999-68606 1999-12-31
KR19990068606 1999-12-31
KR1020000011282A KR100684986B1 (en) 1999-12-31 2000-03-07 Online dangerous information screening system and method
PCT/KR2000/001374 WO2001050344A1 (en) 1999-12-31 2000-11-28 System and method for blocking harmful information online, and computer readable medium therefor
US10/188,161 US7062552B2 (en) 1999-12-31 2002-07-01 System and method for blocking harmful information online, and computer readable medium therefor
US12/137,871 USRE42196E1 (en) 1999-03-07 2008-06-12 System and method for blocking harmful information online, and computer readable medium therefor
US12/973,657 USRE44249E1 (en) 1999-03-07 2010-12-20 Methods for blocking harmful information online

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/188,161 Reissue US7062552B2 (en) 1999-03-07 2002-07-01 System and method for blocking harmful information online, and computer readable medium therefor

Publications (1)

Publication Number Publication Date
USRE44249E1 true USRE44249E1 (en) 2013-05-28

Family

ID=26636628

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/188,161 Ceased US7062552B2 (en) 1999-03-07 2002-07-01 System and method for blocking harmful information online, and computer readable medium therefor
US12/137,871 Expired - Lifetime USRE42196E1 (en) 1999-03-07 2008-06-12 System and method for blocking harmful information online, and computer readable medium therefor
US12/973,657 Expired - Lifetime USRE44249E1 (en) 1999-03-07 2010-12-20 Methods for blocking harmful information online

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US10/188,161 Ceased US7062552B2 (en) 1999-03-07 2002-07-01 System and method for blocking harmful information online, and computer readable medium therefor
US12/137,871 Expired - Lifetime USRE42196E1 (en) 1999-03-07 2008-06-12 System and method for blocking harmful information online, and computer readable medium therefor

Country Status (7)

Country Link
US (3) US7062552B2 (en)
EP (3) EP1203324A4 (en)
JP (5) JP2004520636A (en)
KR (1) KR100684986B1 (en)
CN (1) CN100369037C (en)
AU (1) AU1899801A (en)
WO (1) WO2001050344A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120124666A1 (en) * 2009-07-23 2012-05-17 Ahnlab, Inc. Method for detecting and preventing a ddos attack using cloud computing, and server

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100794136B1 (en) * 2000-06-30 2008-01-10 주식회사 케이티 Remote virus check service method
KR20010112041A (en) * 2000-11-30 2001-12-20 주식회사 엔써티 The building management system of SYSTEM/SECURITY TECHNICAL HUB SITE
DE10109441A1 (en) * 2001-02-27 2002-09-12 Mayah Comm Gmbh Method for recognizing audio-visual data in transmission networks, in particular the Internet
KR20030038939A (en) * 2001-11-09 2003-05-17 주식회사 시온미디어 Security function offer method of cyber cash card
KR100441409B1 (en) * 2001-11-12 2004-07-23 주식회사 안철수연구소 Intrusion detection system with virus detection engine
GB2391964B (en) * 2002-08-14 2006-05-03 Messagelabs Ltd Method of and system for scanning electronic documents which contain links to external objects
GB2400931B (en) 2003-04-25 2006-09-27 Messagelabs Ltd A method of, and system for, replacing external links in electronic documents
US7591017B2 (en) * 2003-06-24 2009-09-15 Nokia Inc. Apparatus, and method for implementing remote client integrity verification
CN100395985C (en) * 2003-12-09 2008-06-18 趋势株式会社 Method of forced setup of anti-virus software, its network system and storage medium
KR100522138B1 (en) 2003-12-31 2005-10-18 주식회사 잉카인터넷 Flexible network security system and method to permit trustful process
US7523494B2 (en) * 2004-02-05 2009-04-21 International Business Machines Corporation Determining blocking measures for processing communication traffic anomalies
US7594263B2 (en) * 2004-02-05 2009-09-22 International Business Machines Corporation Operating a communication network through use of blocking measures for responding to communication traffic anomalies
US7814543B2 (en) * 2004-02-13 2010-10-12 Microsoft Corporation System and method for securing a computer system connected to a network from attacks
KR100609839B1 (en) * 2004-06-08 2006-08-08 (주)파인핸즈 Method for Monitoring Download of Harmful Information on Internet
US7526810B2 (en) * 2004-06-21 2009-04-28 Ebay Inc. Method and system to verify data received, at a server system, for access and/or publication via the server system
US8353028B2 (en) 2004-06-21 2013-01-08 Ebay Inc. Render engine, and method of using the same, to verify data for access and/or publication via a computer system
US7971245B2 (en) * 2004-06-21 2011-06-28 Ebay Inc. Method and system to detect externally-referenced malicious data for access and/or publication via a computer system
US7424745B2 (en) * 2005-02-14 2008-09-09 Lenovo (Singapore) Pte. Ltd. Anti-virus fix for intermittently connected client computers
US7640587B2 (en) * 2005-03-29 2009-12-29 International Business Machines Corporation Source code repair method for malicious code detection
US7725735B2 (en) * 2005-03-29 2010-05-25 International Business Machines Corporation Source code management method for malicious code detection
KR100821614B1 (en) * 2006-03-10 2008-04-16 한국전자통신연구원 Method for finding and proving vulnerability in activex control and apparatus and method for identifying activex control
US8826411B2 (en) * 2006-03-15 2014-09-02 Blue Coat Systems, Inc. Client-side extensions for use in connection with HTTP proxy policy enforcement
KR100882339B1 (en) * 2007-01-19 2009-02-17 주식회사 플랜티넷 System and method for blocking the connection to the harmful information in a internet service provider network
WO2008094453A1 (en) * 2007-01-26 2008-08-07 Verdasys, Inc. Ensuring trusted transactions with compromised customer machines
US8196206B1 (en) 2007-04-30 2012-06-05 Mcafee, Inc. Network browser system, method, and computer program product for scanning data for unwanted content and associated unwanted sites
US8601067B2 (en) 2007-04-30 2013-12-03 Mcafee, Inc. Electronic message manager system, method, and computer scanning an electronic message for unwanted content and associated unwanted sites
KR100914771B1 (en) * 2007-05-09 2009-09-01 주식회사 웰비아닷컴 System and method for security using one-time execution code
US8918864B2 (en) 2007-06-05 2014-12-23 Mcafee, Inc. System, method, and computer program product for making a scan decision during communication of data over a network
CN101520826B (en) * 2008-02-27 2011-11-30 华硕电脑股份有限公司 Anti-virus protection method and electronic device with anti-virus protection
KR100870714B1 (en) * 2008-06-19 2008-11-27 (주)휴모션 Method for blocking harmful internet sites in real-time by approaching engine to object property
US9547839B2 (en) * 2009-02-23 2017-01-17 Newegg Inc. Method and system utilizing user-state-monitoring objects and relevant data to monitor and provide customer service online
KR101138746B1 (en) * 2010-03-05 2012-04-24 주식회사 안철수연구소 Apparatus and method for preventing malicious codes using executive files
US20120059851A1 (en) * 2010-03-05 2012-03-08 Hans Lercher Function-Oriented Mapping of Technological Concepts
KR101234592B1 (en) * 2010-11-17 2013-02-19 주식회사 인프라웨어테크놀러지 Method of driving vaccine program of web browser in cell phone having Android operating system
US8613094B1 (en) * 2012-12-17 2013-12-17 Google Inc. Using a honeypot workflow for software review
KR101523709B1 (en) * 2013-11-29 2015-05-28 나이스평가정보 주식회사 The system which manages a selective blocking process about a web-site
JP6438011B2 (en) * 2014-04-25 2018-12-12 株式会社セキュアブレイン Fraud detection network system and fraud detection method
EP3179402A4 (en) 2014-08-04 2018-03-28 Fumio Negoro Definition structure of program for autonomously disabling invading virus, program equipped with structure, recording medium installed with program, and method/device for autonomously solving virus problem
RU2708352C1 (en) * 2019-02-07 2019-12-05 Акционерное общество "Лаборатория Касперского" Method of blocking advertisement on computing devices

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0805397A2 (en) 1996-05-01 1997-11-05 Sun Microsystems, Inc. Method for implementing a non-volatile caching product for networks and cd-roms
JPH10240828A (en) * 1997-02-28 1998-09-11 Net Biretsuji Kk Advertisement distribution service system
JPH10320336A (en) * 1997-04-14 1998-12-04 Adletts Internatl Llc Method and device for inserting advertisement, etc., in data stream of client performed network connection to internet to display during free time
JPH1125176A (en) 1997-07-03 1999-01-29 Fujitsu Ltd Device for preparing and transmitting notice information
WO1999026161A1 (en) 1997-11-17 1999-05-27 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US5960170A (en) * 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
US6014698A (en) * 1997-05-19 2000-01-11 Matchlogic, Inc. System using first banner request that can not be blocked from reaching a server for accurately counting displays of banners on network terminals
US6075863A (en) * 1996-02-28 2000-06-13 Encanto Networks Intelligent communication device
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US6125352A (en) * 1996-06-28 2000-09-26 Microsoft Corporation System and method for conducting commerce over a distributed network
US6672775B1 (en) * 1997-08-01 2004-01-06 International Business Machines Corporation Cross-machine web page download and storage
US6742047B1 (en) * 1997-03-27 2004-05-25 Intel Corporation Method and apparatus for dynamically filtering network content
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US7058822B2 (en) * 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US7496960B1 (en) * 2000-10-30 2009-02-24 Trend Micro, Inc. Tracking and reporting of computer virus information

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5367682A (en) * 1991-04-29 1994-11-22 Steven Chang Data processing virus protection circuitry including a permanent memory for storing a redundant partition table
US5706507A (en) * 1995-07-05 1998-01-06 International Business Machines Corporation System and method for controlling access to data located on a content server
US5808751A (en) * 1996-01-19 1998-09-15 Novell, Inc. Method and apparatus for messaging of binary files
US5790753A (en) * 1996-01-22 1998-08-04 Digital Equipment Corporation System for downloading computer software programs
EP0893769A4 (en) * 1996-03-22 2005-06-29 Hitachi Ltd Method and device for managing computer network
JPH1040097A (en) * 1996-07-18 1998-02-13 Toshiba Corp Computer with virus checking function
US6006034A (en) * 1996-09-05 1999-12-21 Open Software Associates, Ltd. Systems and methods for automatic application version upgrading and maintenance
GB2319431B (en) * 1996-11-12 2001-05-02 Ibm Voice mail system
US5987611A (en) * 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US5995756A (en) * 1997-02-14 1999-11-30 Inprise Corporation System for internet-based delivery of computer applications
US6049892C1 (en) * 1997-02-24 2002-06-04 Ethos Software Corp Process and apparatus for downloading data from a server computer to a client computer
KR100242973B1 (en) 1997-08-16 2000-02-01 윤종용 Program version-up system by remote networking
US6052531A (en) * 1998-03-25 2000-04-18 Symantec Corporation Multi-tiered incremental software updating
CA2332413A1 (en) * 1998-05-15 1999-11-25 Rick W. Landsman A technique for implementing browser-initiated network-distributed advertising and for interstitially displaying an advertisement
KR19990073343A (en) 1999-07-05 1999-10-05 김병진 Method of advertising in the internet
JP3914757B2 (en) * 2001-11-30 2007-05-16 デュアキシズ株式会社 Apparatus, method and system for virus inspection

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6075863A (en) * 1996-02-28 2000-06-13 Encanto Networks Intelligent communication device
EP0805397A2 (en) 1996-05-01 1997-11-05 Sun Microsystems, Inc. Method for implementing a non-volatile caching product for networks and cd-roms
US6125352A (en) * 1996-06-28 2000-09-26 Microsoft Corporation System and method for conducting commerce over a distributed network
JPH10240828A (en) * 1997-02-28 1998-09-11 Net Biretsuji Kk Advertisement distribution service system
US5960170A (en) * 1997-03-18 1999-09-28 Trend Micro, Inc. Event triggered iterative virus detection
US6742047B1 (en) * 1997-03-27 2004-05-25 Intel Corporation Method and apparatus for dynamically filtering network content
JPH10320336A (en) * 1997-04-14 1998-12-04 Adletts Internatl Llc Method and device for inserting advertisement, etc., in data stream of client performed network connection to internet to display during free time
US6014698A (en) * 1997-05-19 2000-01-11 Matchlogic, Inc. System using first banner request that can not be blocked from reaching a server for accurately counting displays of banners on network terminals
JPH1125176A (en) 1997-07-03 1999-01-29 Fujitsu Ltd Device for preparing and transmitting notice information
US6672775B1 (en) * 1997-08-01 2004-01-06 International Business Machines Corporation Cross-machine web page download and storage
WO1999026161A1 (en) 1997-11-17 1999-05-27 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US6119165A (en) * 1997-11-17 2000-09-12 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US7058822B2 (en) * 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US7496960B1 (en) * 2000-10-30 2009-02-24 Trend Micro, Inc. Tracking and reporting of computer virus information

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
BNN Co., "Complex security of intranet & internet (Windows NT Powers)", Aug. 1, 1998, pp. 148-163.
IDG Communications Inc., "Antivirus software that strengthens internet function-virus buster 2000", Jan. 11, 1999, pp. 284-285.
Nikkei Byte, "Protecting body from virus that destroy credit or data, Third Order of Network Security", Dec. 22, 1998, pp. 168-172.
Public Press Co., Ltd, "Bit extra issue-information security", Dec. 24, 1999, pp. 150-161.
Softbank Publishing Inc., "Immediately effective prescription for virus (DOS/V magazine)", Aug. 1, 1999, pp. 220-225.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120124666A1 (en) * 2009-07-23 2012-05-17 Ahnlab, Inc. Method for detecting and preventing a ddos attack using cloud computing, and server
US9386036B2 (en) * 2009-07-23 2016-07-05 Ahnlab, Inc. Method for detecting and preventing a DDoS attack using cloud computing, and server

Also Published As

Publication number Publication date
JP2009020895A (en) 2009-01-29
KR20000030563A (en) 2000-06-05
JP2012069143A (en) 2012-04-05
EP1203324A4 (en) 2007-03-14
USRE42196E1 (en) 2011-03-01
EP1203324A1 (en) 2002-05-08
JP5748836B2 (en) 2015-07-15
EP2015220A2 (en) 2009-01-14
KR100684986B1 (en) 2007-02-22
EP2015219A2 (en) 2009-01-14
JP2012234579A (en) 2012-11-29
US7062552B2 (en) 2006-06-13
JP2004520636A (en) 2004-07-08
EP2015220A3 (en) 2009-01-21
US20030023708A1 (en) 2003-01-30
CN100369037C (en) 2008-02-13
CN1415099A (en) 2003-04-30
EP2015219A3 (en) 2009-02-11
JP2014059917A (en) 2014-04-03
AU1899801A (en) 2001-07-16
WO2001050344A1 (en) 2001-07-12

Similar Documents

Publication Publication Date Title
USRE44249E1 (en) Methods for blocking harmful information online
US10757120B1 (en) Malicious network content detection
US9531752B2 (en) Detection of spyware threats within virtual machines
US7509679B2 (en) Method, system and computer program product for security in a global computer network transaction
USRE45326E1 (en) Systems and methods for securing computers
JP4405248B2 (en) Communication relay device, communication relay method, and program
US9092823B2 (en) Internet fraud prevention
US7810159B2 (en) Methods, computer networks and computer program products for reducing the vulnerability of user devices
WO2006052714A2 (en) Apparatus and method for protection of communications systems
KR101308703B1 (en) Security system for electronic commerce and method thereof
KR100379915B1 (en) Method and apparatus for analyzing a client computer
KR100684987B1 (en) A Method for screening harmful information and hacking attempt in an E-commerce system using internet
KR20220037803A (en) How to block hacking in an E-commerce system using the Internet
KR20030021859A (en) System and Method for mailing warning message against the worm virus and anti-virus vaccine automatically against it via wireless networks
Mjømen Assessing countermeasures against spyware

Legal Events

Date Code Title Description
AS Assignment

Owner name: CAP CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INCA INTERNET CO., LTD.;REEL/FRAME:029572/0831

Effective date: 20121207

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

IPR Aia trial proceeding filed before the patent and appeal board: inter partes review

Free format text: TRIAL NO: IPR2016-00214

Opponent name: MCAFEE, INC. (NOW KNOWN AS INTEL SECURITY)

Effective date: 20151118

Free format text: TRIAL NO: IPR2016-00211

Opponent name: MCAFEE, INC. (NOW KNOWN AS INTEL SECURITY)

Effective date: 20151118

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2553)

Year of fee payment: 12

IPRC Trial and appeal board: inter partes review certificate

Kind code of ref document: K1

Free format text: INTER PARTES REVIEW CERTIFICATE; TRIAL NO. IPR2016-00211, NOV. 18, 2015; TRIAL NO. IPR2016-00214, NOV. 18, 2015INTER PARTES REVIEW CERTIFICATE FOR PATENT RE44,249, ISSUED MAY 28, 2013, APPL. NO. 12/973,657, DEC. 20, 2010INTER PARTES REVIEW CERTIFICATE ISSUED FEB. 21, 2018

Effective date: 20180221