Methods for blocking harmful information online

US RE44,249 E1
Filed: 12/20/2010
Issued: 05/28/2013
Est. Priority Date: 12/31/1999
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:

(a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network;

(b) the web server transmitting a harmful information blocking code module to the client system; and

(c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,wherein the step (c) comprises steps of;

(c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines,(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and

(c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting the execution of the file determined to be harmful in the step (c2), if it cannot be treated.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

A system and method are provided for diagnosing, remedying and blocking harmful information including computer viruses online over a computer network via which a web server and a client are linked to each other. The method includes, on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network. Then, the web server transmits a harmful information blocking code module to the client system. Once the transmission of the harmful information blocking code module is completed the harmful information blocking code module automatically runs on the client system to block in real time harmful information including computer viruses. The harmful information blocking code module is automatically transmitted to and installed in the client system only by online connecting to the harmful information management server, so that the harmful information detected on the client system can be actively blocked in real time without requiring a manual installation process.

12 Citations

View as Search Results

54 Claims

1. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
- (a) on a computer network through which a web server and a client system are linked to each other, the web server receiving a connection request from the client system over the computer network;
  
  (b) the web server transmitting a harmful information blocking code module to the client system; and
  
  (c) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,wherein the step (c) comprises steps of;
  
  (c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines,(c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
  
  (c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting the execution of the file determined to be harmful in the step (c2), if it cannot be treated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein in the step (c3), if the file determined to be harmful in the step (c2) cannot be treated, the file is transmitted to the web server.
  - 3. The method of claim 1, wherein the step (c3) comprises requesting the client system user'"'"'s approval for the execution of the step (c3).
  - 4. The method of claim 1, wherein the step (c) further comprises steps of:
    - (c4) inspecting network packet input/output (1/0) on the client system;
      
      (c5) determining whether packets inspected in the step (c4) are harmful or not; and
      
      (c6) if any packet is determined to be harmful, blocking a communication port assigned for the packet I/O.
  - 5. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) checks whether current processes running on the client system are harmful or not.
  - 6. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) displays its running status in a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed.
  - 7. The method of claim 1, wherein the harmful information blocking code module executed in the step (c) continues to run on the client system even when the client system accesses another web server.

8. A method for blocking in real time harmful information in a file to be executed, the method comprising the steps of:
- (a) on a computer network through which a first web server, a second web server and a client system are linked to each other, the client system connecting to the second web server over the computer network;
  
  (b) the client system connecting to the first web server over the computer network, according to information provided from the second web server to the client system;
  
  (c) the first web server transmitting a harmful information blocking code module to the client system; and
  
  (d) once the transmission of the harmful information blocking code module is completed, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,wherein the step (d) comprises steps of;
  
  (d1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
  
  (d2) determining whether the file to be executed corresponding to the inspected file input/output in the step (d1) is harmful or not; and
  
  (d3) treating a file determined to be harmful in the step (d2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (d2), if it cannot be treated.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein the harmful information blocking code module executed in the step (d) continues to run on the client system even when the client system accesses another web server.

10. A method for blocking in a real time harmful information in a file to be executed in real time, the method comprising steps of:
- (a) on a computer network through which a first web server and a client system are linked to each other, the first web server receiving a connection request from the client system over the computer network;
  
  (b) the connection request is issued by the client system according to information provided from a second web server after the client system is connected to the second web server separated from the first web server;
  
  (c) once the first web server transmits a harmful information blocking code module to the client system, the harmful information blocking code module automatically running on the client system to block in real time harmful information including computer viruses,wherein the step (d) comprises steps of;
  
  (c1) inspecting file input/output (I/O) on the client system by hooking up file I/O routines;
  
  (c2) determining whether the file to be executed corresponding to the inspected file input/output in the step (c1) is harmful or not; and
  
  (c3) treating a file determined to be harmful in the step (c2) and executing the file, if it can be treated, and aborting execution of the file determined to be harmful in the step (c2), if it cannot be treated.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein the harmful information blocking code module transmitted in the step (c) continues to run on the client system even when the client system accesses another web server.

12. A system for blocking in real time harmful information in a file to be executed, comprising:
- a first web server for providing online services through a computer network; and
  
  a client computer linked with the first web server via the computer network,wherein when the first web server receives a connection request from the client system, the first web server transmits a harmful information blocking code module to the client computer, and the harmful information blocking code module is automatically executed on the client computer to block in real time harmful information including computer viruses, and wherein the harmful information blocking code module inspect file input/output (I/O) on the client system by hooking up file I/O routines, anddetermines whether the file to be executed corresponding to the inspected file input/output is harmful or not; and
  
  treats a file determined to be harmful and executes the file, if it can be treated, and aborts the execution of the file determined to be harmful, if it cannot be treated.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the harmful information blocking code module displays its running status on a separate window, and the execution of the harmful information blocking code module is aborted when the separate window is closed.
  - 14. The system of claim 12, further comprising a second web server linked to the client computer through the computer network to provide online services through the computer network, andwherein when the client computer is connected to the second web server through the computer network, the second web server provides the client computer with hyperlink information used to access to the first web server.
  - 15. The system of claim 12, wherein the harmful information blocking code module continues to run on the client computer even when the client computer accesses another web server.

16. A method performed by a server system for blocking harmful information at a client system, wherein the server system and the client system are connected by a computer network, the method comprising:
- receiving a request from the client system;
  
  transmitting to the client system, in response to the request, a harmful information blocking code module, wherein the harmful information blocking code module is configured to execute on the client system to block harmful information in response to completion of transmission of the harmful information blocking code module to the client system, the harmful information blocking code module configured to;
  
  inspect file input/output by intercepting at least one file input/output routine on the client system;
  
  determine whether at least one file corresponding to the file input/output routine is harmful or not; and
  
  in response to determining that a file is harmful, abort execution of the file input/output routine if the file cannot be treated.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The method of claim 16, wherein the harmful information blocking code module is further configured to allow execution of the file input/output routine, if the file is determined not to be harmful.
  - 18. The method of claim 16, wherein the harmful information blocking code module is further configured to treat the file determined to be harmful, if it can be treated.
  - 19. The method of claim 16, wherein the harmful information blocking code module is further configured to transmit the file to a web server, if the file determined to be harmful cannot be treated.
  - 20. The method of claim 16, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
  - 21. The method of claim 16, wherein the harmful information blocking code module is further configured to:
    - inspect network packet input/output (I/O) on the client system,determine whether at least one inspected packet is harmful or not; and
      
      abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
  - 22. The method of claim 21, wherein the internal process comprises at least one socket I/O routines.
  - 23. The method of claim 21, wherein at least one packet comprises at least one of a HTTP request message header and a DNS lookup message header.
  - 24. The method of claim 16, wherein the harmful information blocking code module displays its running status in a separate window.
  - 25. The method of claim 16, wherein the harmful information blocking code module is further configured to display advertising contents in a separate window.
  - 26. The method of claim 16, wherein the harmful information blocking code module is an object coded program linked to a web browser.
  - 27. The method of claim 26, wherein the object coded program is one of an ActiveX control, Java applet or Java script.

28. A method for blocking harmful information at a client system, wherein the client system is connected to a server system via a computer network, the method comprising:
- sending a request to download a harmful information blocking code module from the server system;
  
  downloading the harmful information blocking code module;
  
  executing the harmful information blocking code module runs on the client system to block harmful information wherein executing the harmful information blocking code module comprises;
  
  inspecting file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
  
  determining, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not; and
  
  in response to determining that a file is harmful, aborting execution of the file I/O routine if the file cannot be treated.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 29. The method of claim 28, wherein executing the harmful information blocking code module further comprises allowing execution of the file, if the file is determined not to be harmful.
  - 30. The method of claim 28, wherein executing the harmful information blocking code module further comprises treating the file determined to be harmful, if it can be treated.
  - 31. The method of claim 28, wherein executing the harmful information blocking code module further comprises causing display of a separate window to display a running status of the harmful information blocking code module.
  - 32. The method of claim 28, wherein executing the harmful information blocking code module further comprises transmitting the file to another web server, if the file determined to be harmful cannot be treated.
  - 33. The method of claim 28, wherein the harmful information blocking code module automatically runs on the client system when transmission of the harmful information blocking code module to the client system is completed.
  - 34. The method of claim 28, wherein executing the harmful information blocking code module further comprises:
    - inspecting network packet input/output (I/O) on the client system,determining whether at least inspected packet is harmful or not; and
      
      aborting an internal process supporting the network packet I/O, if any packet is determined to be harmful.
  - 35. The method of claim 34, wherein the internal process comprises at least one of socket I/O routines.
  - 36. The method of claim 34, wherein the network packet comprises at least one of a HTTP request message header and a DNS lookup message header.
  - 37. The method of claim 28, wherein the harmful information blocking code module displays advertising contents in a separate window.
  - 38. The method of claim 28, wherein the harmful information blocking code module is an object coded program linked to a web browser.
  - 39. The method of claim 38, wherein the object coded program is one of an ActiveX control, Java applet or Java script.

40. A client computer comprising:
- a connection to a computer network;
  
  a processor, wherein, in response to receipt of a harmful information blocking code module from the computer network, the processor is configured to execute the harmful information blocking code module, which causes the processor to be configured to;
  
  inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
  
  determine, based on the intercepting, whether at least one file corresponding to the file I/O routine is harmful or not;
  
  determine whether the file determined to be harmful can be treated; and
  
  in response to determining that a file is harmful and cannot be treated, abort execution of the file I/O routine.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
- - 41. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to allow execution of the file I/O routine, if the file is determined not to be harmful.
  - 42. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
    - treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
  - 43. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
    - transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
  - 44. The client computer of claim 40, wherein the processor is configured to execute the harmful information blocking code module automatically when receipt of the harmful information blocking code module at the client system is completed.
  - 45. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
    - inspect network packet I/O on the client computer,determine whether at least one inspected packet is harmful or not; and
      
      abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
  - 46. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
    - display running status of the harmful information blocking code in a separate window.
  - 47. The client computer of claim 40, wherein execution of the harmful information blocking code module by the processor further configures the processor to:
    - display advertising contents in a separate window.

48. A non-transitory computer-readable medium on which are stored instructions for execution by a client computer system connected to a server computer system via a computer network, wherein the instructions are received at the client computer system from the server system in response to a request from the client computer system, and wherein the instructions execute on the client computer system after receipt of the instructions from the server computer system, the instructions comprising:
- instructions to inspect file input/output (I/O) by intercepting I/O data of at least one file I/O routine on the client system;
  
  instructions to determine, based on the intercepting, whether at least one file corresponding to the file input/output routine is harmful or not; and
  
  instructions to, in response to determining that a file is harmful, abort execution of the file I/O routine if the file cannot be treated.
- View Dependent Claims (49, 50, 51, 52, 53, 54)
- - 49. The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to allow execution of the file I/O routine, if the file is determined not to be harmful.
  - 50. The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to treat the file determined to be harmful, in response to determining that the file determined to be harmful can be treated.
  - 51. The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to transmit the file determined to be harmful to a web server, in response to determining that the file determined to be harmful cannot be treated.
  - 52. The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to inspect network packet I/O on the client computer,instructions to determine whether at least one inspected packet is harmful or not; and
      
      instructions to abort an internal process supporting the network packet I/O if any packet is determined to be harmful.
  - 53. (The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to display running status of the harmful information blocking code in a separate window.
  - 54. The non-transitory computer-readable medium of claim 48, further comprising:
    - instructions to display advertising contents in a separate window.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
CAP Company Limited
Original Assignee
CAP Company Limited
Inventors
Jung, Yeon-Sub
Primary Examiner(s)
ENG, DAVID Y

Application Number

US12/973,657
Time in Patent Office

890 Days
Field of Search

709/224, 709/227, 709/237, 709/246, 713/188, 726/24
US Class Current

709/224
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/566 Dynamic detection, i.e. det...

Methods for blocking harmful information online

First Claim

1 Assignment

Litigations

2 Petitions

Accused Products

Abstract

12 Citations

54 Claims

Specification

Use Cases

Quick Links

Others

Methods for blocking harmful information online

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

54 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others