[go: up one dir, main page]

USRE47628E1 - System for identifying the presence of peer-to-peer network software applications - Google Patents

System for identifying the presence of peer-to-peer network software applications Download PDF

Info

Publication number
USRE47628E1
USRE47628E1 US13/445,343 US201213445343A USRE47628E US RE47628 E1 USRE47628 E1 US RE47628E1 US 201213445343 A US201213445343 A US 201213445343A US RE47628 E USRE47628 E US RE47628E
Authority
US
United States
Prior art keywords
peer
target
network
target computer
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/445,343
Inventor
Samuel P. Hopkins
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kroll Information Assurance LLC
Original Assignee
Kroll Information Assurance LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/103,818 external-priority patent/US9178940B2/en
Priority claimed from US11/599,828 external-priority patent/US7697520B2/en
Application filed by Kroll Information Assurance LLC filed Critical Kroll Information Assurance LLC
Priority to US13/445,343 priority Critical patent/USRE47628E1/en
Assigned to TIVERSA HOLDING CORP. reassignment TIVERSA HOLDING CORP. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: TIVERSA, INC.
Assigned to TIVERSA IP, INC. reassignment TIVERSA IP, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TIVERSA HOLDING CORP.
Assigned to KROLL INFORMATION ASSURANCE, LLC reassignment KROLL INFORMATION ASSURANCE, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TIVERSA IP INC.
Assigned to UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT reassignment UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KROLL INFORMATION ASSURANCE, LLC
Publication of USRE47628E1 publication Critical patent/USRE47628E1/en
Application granted granted Critical
Assigned to KROLL INFORMATION ASSURANCE, LLC reassignment KROLL INFORMATION ASSURANCE, LLC RELEASE OF SECURITY INTEREST IN PATENTS RECORDED AT R/F 045665/0314 Assignors: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT
Assigned to GOLDMAN SACHS LENDING PARTNERS LLC reassignment GOLDMAN SACHS LENDING PARTNERS LLC GRANT OF SECURITY INTEREST IN PATENT RIGHTS (1L) Assignors: KROLL INFORMATION ASSURANCE, LLC
Assigned to GOLDMAN SACHS LENDING PARTNERS LLC reassignment GOLDMAN SACHS LENDING PARTNERS LLC GRANT OF SECURITY INTEREST IN PATENT RIGHTS (2L) Assignors: KROLL INFORMATION ASSURANCE, LLC
Assigned to KROLL INFORMATION ASSURANCE, LLC, KROLL GOVERNMENT SOLUTIONS, LLC (F/K/A VERUS ANALYTICS LLC) reassignment KROLL INFORMATION ASSURANCE, LLC SECOND LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS Assignors: GOLDMAN SACHS LENDER PARTNERS LLC
Assigned to KROLL INFORMATION ASSURANCE, LLC, KROLL GOVERNMENT SOLUTIONS, LLC (F/K/A VERUS ANALYTICS LLC) reassignment KROLL INFORMATION ASSURANCE, LLC FIRST LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS Assignors: GOLDMAN SACHS LENDER PARTNERS LLC
Assigned to ALTER DOMUS (US) LLC, AS COLLATERAL AGENT reassignment ALTER DOMUS (US) LLC, AS COLLATERAL AGENT GRANT OF SECURITY INTEREST IN PATENT RIGHTS Assignors: KROLL INFORMATION ASSURANCE, LLC
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms

Definitions

  • the present invention provides a system for detecting whether or not a computer system is or could participate in a Peer-to-Peer network by searching for specific terms and detecting these terms, or the resulting files.
  • Peer-to-Peer networks comprise multiple nodes, each node typically consisting both of file server and client which can send and receive data or “Communication messages” to or from a node to which such is connected and other nodes on the network.
  • Common Peer-to-Peer networks and software applications are Gnutella, FastTrack, Edonkey, NeoNet, Kazaa, Limewire, Morpheus, Bear Share, Bit Torrent, Shareaza, Emule, and Freenet.
  • each node is connected to other nodes over a communication medium such as the Internet either directly or through some type of proxy. For example, when a search request is issued such originating node sends a search request to all of the nodes to which it is connected. (See FIG. 1 ) These nodes search their list of available files and if a match is found they send a response back with the location.
  • a Peer-to-Peer proxy network typically consists of node A which is connected to a node B and node B is connected to a node C. (See FIG.
  • Node A is not connected to node C such that if node A issues a search request it will be forwarded to node B and Node B will search its available files and if a match is found it will send a response back to node A. Node B will then forward node A's request to node C and Node C will search its available files and if a match is found it will send a response back to node B. Node B will then forward this response to node A.
  • FIG. 3 discloses a nonproxy loop network wherein each node is directly connected to another.
  • Some Peer-to-Peer networks utilize a leaf node/main node proxy topology (see FIG. 4 ) where some nodes are classified as main nodes and the remaining nodes are classified as leaf nodes.
  • Leaf nodes can only connect to main nodes. Only main nodes can connect to other main nodes.
  • a Peer-to-Peer network is used to share files among its users. They are commonly used to share and acquire copy-righted music, movies, ebooks, and software but can be used to share and acquire almost any other type of file.
  • a user installs a Peer-to-Peer network software application that is capable of connecting to and utilizing the Peer-to-Peer network, much the same way that a user installs a web browser, such as Internet Explorer, to access the World Wide Web.
  • Peer-to-Peer network usage by their employees if an employee installs a Peer-to-Peer network software application onto their work PC and utilizes the Peer-to-Peer network to acquire copyrighted works.
  • Peer-to-Peer network usage also consumes a lot of network bandwidth because the commonly transferred files are large software and movie files. This places bandwidth burdens on an organization's computer network. Even though it is normally a violation of corporate policy to have a Peer-to-Peer network software application installed, employees still install these applications.
  • a folder is used to organize files on a computer system, also known as a “directory.” Any files placed into this folder are also made available to other users.
  • This folder is often called the “Shared Folder”. For instance, if user # 1 (on a first network node) places a file named “foofile” in their shared folder, user # 2 (on a second network node) would then be able to access and download the file.
  • the user can also select additional folders to make available to other users of the network.
  • Peer-to-Peer network software application has a software bug that permits the sharing of files and folders that the user never intended to be shared. Unintended (or malicious) sharing of information may be detrimental the user, the organization they work for, or even to national security. It would therefore be advantageous to be able to locate computers with Peer-to-Peer network software applications installed so that such applications can be assessed or removed.
  • Peer-to-Peer network software applications are created or current ones change, detecting the presence of a specific Peer-to-Peer network software application on a computer system or monitoring for Peer-to-Peer network communication on the organization's network becomes increasing challenging.
  • the method of identifying the presence of Peer-to-Peer network software applications on a computer system entails creating a software “blueprint” of each Peer-to-Peer network software application and checking to see if this blueprint exists on a target computer system.
  • Virus scanning software works in the same way, in that a blueprint of the virus is created and then checked against each file on a target computer system.
  • Using a software blueprint to detect Peer-to-Peer network software applications is successful only if the Peer-to-Peer network software application is known and an accurate blueprint has been created.
  • a new Peer-to-Peer network software application a new blueprint must be created and there is an inherent lag in protection during the development of the software blueprint.
  • a Peer-to-Peer network software application blueprint may no longer be valid. This leaves an organization exposed.
  • Inline filters detect Peer-to-Peer network usage by monitoring network communications on the organization's network and comparing the communications to known Peer-to-Peer network protocols. Using a protocol comparison method to detect Peer-to-Peer network software application only works if the Peer-to-Peer network software application's protocol is known. Each time a new Peer-to-Peer network software application is created the inline filter must be upgraded to look for the new protocol or data. Furthermore, when a Peer-to-Peer network software application is upgraded or changed because of new developments, the comparison filter that the inline filter uses may no longer be valid. Inline filters also do not work on Peer-to-Peer networks in which the communications between users is encrypted. This leaves an organization exposed.
  • One aspect of the present invention is directed to a system and method for detecting peer-to-peer network software operating on a target computer.
  • a target file is created, and placed in one or more folders on the target computer.
  • a search is issued on a Peer-to-Peer network for the target file.
  • Peer-to-peer software is detected to be operating on the target computer in accordance with results of the search.
  • the target file may be placed in a plurality of folders on the target computer, and optionally contains data that uniquely identifies the target computer.
  • the data may be encrypted, and can include an IP address of the target computer, a name of the target computer, a name of a user of the target computer, and/or an email address of a user of the target computer.
  • the data may be entered by a network administrator or operator responsible for monitoring the target computer.
  • the method/system may be implemented at least in part using software that executes on the target computer, or alternatively using software that executes on a computer different from the target computer.
  • a firewall, an intrusion detection system, a router, or an application may be automatically notified upon detection of peer-to-peer software on the target computer.
  • the present invention is directed to a system and method for detecting peer-to-peer network participation of a first node.
  • Network data of the first node is monitored.
  • a search is issued for a predetermined term on a peer-to-peer network while monitoring the network data.
  • Peer-to-peer participation of the first node in the peer-to-peer network is detected if the monitoring identifies the predetermined term being transmitted to the first node.
  • an administrator responsible for monitoring the first node is notified if peer-to-peer participation is detected. Blocking of data access to the first node may be automatically implemented if peer-to-peer participation is detected. In addition, peer-to-peer software associated with the first node may be automatically or manually disabled if peer-to-peer participation is detected.
  • FIG. 1 is a simplified schematic of a two node Peer-to-Peer network
  • FIG. 2 is a simplified schematic of a Peer-to-Peer proxy network
  • FIG. 3 is a simplified schematic view of a Peer-to-Peer, nonproxy, loop network
  • FIG. 4 is a simplified schematic of a peer to peer leaf/main node network.
  • FIG. 5 is a simplified flowchart representation of one of embodiment of the present invention where a file is placed onto a target system and is then searched for via the peer-to-peer network;
  • FIG. 6 is a simplified flowchart representation of another embodiment of the present invention where a monitoring agent is placed between a target system and a peer-to-peer network. A search is then initiated on the peer-to-peer network to see if the monitoring agent detects the search coming into the network.
  • nodes on a peer-to-peer network receive searches from the network for items that are being searched for by other users. If a first node receives a search and has a matching item, the first node will respond back to the searcher node.
  • administrators install ( 600 ) a monitoring agent and configure it to detect certain terms heading inbound to a node or group of nodes that they wish to protect.
  • the monitoring agent could be a device on its own, a piece of software, embedded in a router or firewall, or other network device which passes network data or has the potential to monitor network data such as a sniffer.
  • the monitoring agent could have the data (being monitored) pass through it, or it could receive a copy of such data.
  • the administrators then issues ( 601 ) searches on the peer-to-peer network and see ( 602 ) if these terms get sent to any protected nodes. If the term is not detected ( 603 ) by the monitoring agent as being sent to a node that is being protected, then the administrators continue to see ( 602 ) if these terms get sent to any protected nodes. If the term detected ( 604 ) by the monitoring agent as being sent to a node that is being protected, this would signal to the administrators that the node has peer-to-peer software. They would know this because the monitoring agent had detected the search inbound to a node so therefore the node must be part of the peer-to-peer network to receive the search.
  • the monitoring agent Upon detection that a node has peer-to-peer software, the monitoring agent is optionally configured to block ( 605 ) all transmissions to the node until the administrators removed the sofiware. The monitoring agent could also be configured to notify ( 605 ) the administrators upon detection that a node has peer-to-peer software. The monitoring agent could be configured to do either of these functions (i.e., blocking/notification) automatically upon detection that a node has peer-to-peer software.
  • one embodiment of the present invention advantageously utilizes a software program to create a target file and places this target file in the folders of a target computer that is to be monitored for the purpose of detecting whether the target computer contains Peer-to-Peer network application software.
  • the target file is preferably placed in as many folders as possible in the target computer because the “shared folder” on the target computer (to the extent one exists) is not known to the monitoring application. If the target computer has a Peer-to-Peer network software application installed, this target file will be available to be shared with other users of the Peer-to-Peer network, and an appropriate search of the Peer-to-Peer network for the target file will result in detection of the target file by a monitoring application.
  • the target file or its data is detected on a Peer-to-Peer network
  • the target computer is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer.
  • the advantages of this system compound when the monitoring application protects multiple target computers such as you would find on a corporate network. It can also be used to offer home users or consumers protection from inadvertent or malicious installation of a peer-to-peer client application.
  • a software program is executed on the target computer.
  • the software program creates a target file.
  • the target file is placed into the folders of the target computer.
  • the target file is placed in as many folders as possible because the “shared folder” is not known.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), it can be assumed that the target is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application.
  • a software program is executed ( 500 ) on a computer system that has access to one or more target systems' file systems.
  • the sofiware program creates ( 501 ) a target file.
  • the data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer systems being targeted, and optionally one filename is used for ease of searching.
  • the target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer.
  • a search is initiated ( 503 ) on a Peer-to-Peer network (e.g., from a scanner system that connects ( 502 ) to the Peer-to-Peer network) to check ( 504 ) for the presence of the target file. If the target file is located ( 506 ), the file is then acquired ( 507 ) and the data reviewed ( 508 ) to identify or notify ( 509 ) the corresponding target computer.
  • a Peer-to-Peer network e.g., from a scanner system that connects ( 502 ) to the Peer-to-Peer network
  • a software program is executed on the target computer.
  • the software program creates a target file.
  • the data contained within this target file is information that can be used to identify the target computer. This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching.
  • the data that this target file includes is encrypted to protect the contents.
  • the target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer.
  • a software program is executed on a computer system that has access to a target system's file systems.
  • the software program creates a target file.
  • the target file is placed into the folders of the target computer (i.e., the computer that is to be monitored for the purpose of detecting whether the target computer contains Peer-to-Peer network application software).
  • the target file is placed in as many folders as possible because the “shared folder” is not known.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file.
  • the target file is located (e.g., a node searching for the file is able to retrieve it)
  • the target computer is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer.
  • a target file is placed into the folders of the target computer.
  • the target file is placed in as many folders as possible because the “shared folder” is not known.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), it can be assumed that the target is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer.
  • a software program is executed on a computer system that has access to one or more target systems' file systems.
  • the software program creates a target file.
  • the data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer systems being targeted, and optionally one filename is used for ease of searching.
  • the target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired and the data reviewed to identify the corresponding target computer.
  • a software program is executed on a computer system that has access to one or more target systems' file systems.
  • the software program creates a target file.
  • the data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching.
  • the data that this target file includes is encrypted to protect the contents.
  • the target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer.
  • a target file is placed onto a target system and a search is initiated via the peer-to-peer network for the target file. If the file is detected notification occurs. For example, an administrator responsible for monitoring the target computer is sent an electronic communication informing the administrator that the target computer is operating a peer-to-peer network software application.
  • a target file is placed onto a target system.
  • a monitoring agent is placed between the target system and the peer-to-peer network.
  • a search is initiated via the peer-to-peer network for the target file. If the file is detected by the monitoring agent, then notification occurs. For example, an administrator responsible for monitoring the target computer is sent an electronic communication informing the administrator that the target computer is operating a peer-to-peer network software application.
  • the monitoring agent automatically disables access to the node that has peer-to-peer software (i.e., the target system).
  • a monitoring agent is placed between the target system and the peer-to-peer network.
  • a search is initiated for a specific term via the peer-to-peer network.
  • the monitoring agent is configured to monitor data inbound to nodes it is configured to protect (e.g., the target system). If the monitoring agent detects the specific term it will assume that the target system has peer-to-peer software, and automatically disable access to the target system.
  • a monitoring agent is placed between the target computer and the peer-to-peer network.
  • This monitoring agent could be a device on its own, embedded in a router or firewall, or other network device which passes network data.
  • a software program is executed on the target computer. The software program creates a target file. The target file is placed into the folders of the target computer. For example, the target file is placed in as many folders as possible because the “shared folder” is not known.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the monitoring agent detects the search string for the file the monitoring agent automatically blocks traffic to and from the target computer to prevent network access.
  • a monitoring agent is placed between the target computer and the peer-to-peer network.
  • This monitoring agent could be a device on its own, embedded in a router or firewall, or other network device which passes network data.
  • a software program is executed on one or more target computers. The software program creates a target file. The data contained within this target file is information that can be used to identify the target computer. This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching. The data that this target file includes is encrypted to protect the contents.
  • the target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” is not known.
  • the data contained within this target file is optionally varied for each target computer.
  • a search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer. The searching system then notifies the monitoring agent which automatically blocks traffic to and from the identified target computer(s) to prevent network access.
  • a corporate network is protected by placing a target file in the folders of the computers located on the network, optionally changing the name of each file, or optionally encrypting the data contained within it.
  • the file(s) are searched for on a Peer-to-Peer network, and if the file is detected it is optionally downloaded. Administrators or the user could then be notified.
  • the invention is implemented in a computer system that contains a processor unit, main memory, and an interconnect bus.
  • the processor unit may contain a single microprocessor, or may contain a plurality of microprocessors for configuring the computer as a multi-processor system.
  • the main memory stores, in part, instructions and data for execution by the processor unit. If the ability of the inventive system is wholly or partially implemented in software, the main memory may be used to store the executable code when in operation.
  • the main memory may include banks of dynamic random access memory as well as high speed memory.
  • the computer system may further include a mass storage device, peripheral devices, portable storage medium drives, input control device, a graphics subsystem, and an output display.
  • the computer system may be connected through one or more data transport means.
  • the processor unit and the main memory may be connected via a local microprocessor bus
  • the mass storage device, peripheral devices, portable storage medium drives, graphics subsystem may be connected via one or more input/output (I/O) busses.
  • the mass storage device which may be implemented with a magnetic disk drive or an optical disk drive, is nonvolatile storage device for storing data and instructions for use by the processor unit. In a software embodiment, the mass storage device stores the software for loading to the main memory.
  • the input control device(s) provide a portion of the user interface for a user of the computer system.
  • the input control devices may include an alpha numeric keypad for inputting alphanumeric and other key information, a cursor control device, such as a mouse, a trackball, a stylus, or cursor direction keys.
  • the computer system contains the graphics subsystem and the output display.
  • the output display may include a cathode ray tube display or a liquid crystal display.
  • the graphics subsystem receives textual and graphical information and processes the information for output to the output display.
  • the components contained in the computer system are those typically found in general purpose computer systems, and in fact, these components are intended to represent a broad category of such computer components that are well known in the art.
  • the system may be implemented in either hardware or software.
  • the software includes a plurality of computer executable instructions for implementation on a general purpose computer system.
  • the system Prior to loading into a general purpose computer system, the system may reside as encoded information on a computer readable medium, such as a magnetic floppy disc, magnetic tape compact disc read only memory (CD-ROM).
  • the system may comprise a dedicated processor including processor instructions for performing the functions described herein. Circuits may also be developed to perform the functions described herein.
  • This example illustrates a system for detecting Peer-to-Peer software applications by creating a specific target file, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
  • a user has installed a Peer-to-Peer software application onto computer system # 1 .
  • a network administrator wishes to identify if this computer system has a Peer-to-Peer software application installed.
  • the network administrator executes the detection software.
  • the detection software creates a file named, “123456.txt” and places this file in every folder of computer system # 1 .
  • the network administrator then issues a search on a Peer-to-Peer network for “123456.txt.”
  • the network administrator locates a file named, “123456.txt.”
  • the network administrator now knows that computer system # 1 has a Peer-to-Peer network software application installed.
  • This example illustrates a system for a detecting Peer-to-Peer software application by creating a specific target file with specific data, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
  • a user has installed a Peer-to-Peer software application onto computer system # 1 which has an IP address of 192.168.0.1.
  • a network administrator wishes to identify if this computer system has a Peer-to-Peer software application installed thereon.
  • the network administrator executes the detection software.
  • the detection software creates a file named, “123456.txt.” with the contents of this file being the IP address of computer system # 1 .
  • the detection software places this file in every folder of computer system # 1 .
  • the network administrator then issues a search on a Peer-to-Peer network for “123456.txt.”
  • the network administrator locates a file named, “123456.txt.”
  • the network administrator acquires the file and reviews the data.
  • the IP address within the file is “192.168.0.1.”
  • the network administrator now knows that computer system # 1 has a Peer-to-Peer network software application installed thereon.
  • This example illustrates a system for detecting a Peer-to-Peer software application on multiple computer systems by creating a specific target file with specific data, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
  • the network administrator wishes to identify if any of these computer systems have a Peer-to-Peer network software application installed thereon.
  • One or more users have installed a Peer-to-Peer software application onto computer system # 1 and computer system # 3 .
  • the network administrator executes the detection software on each computer system.
  • the detection software on each computer system creates a file named, “12456.txt.” with the contents of this file being the IP address of the corresponding computer system.
  • the detection software places this file in every folder of the corresponding computer system.
  • the network administrator then issues a search on a Peer-to-Peer network for “12456.txt.”
  • the network administrator locates two files named, “12456.txt.”
  • the network administrator acquires these file and reviews the data.
  • IP address within file # 1 is “192.168.0.1” and the IP address within file # 2 is “192.168.0.3.”
  • the network administrator now knows that computer system # 1 and computer system # 3 have a Peer-to-Peer network software application installed thereon.
  • This example illustrates a system for detecting a Peer-to-Peer software application on the computers of a network which share the same IP addresses by creating a specific target file with specific data, placing this file in the folders of a target computer, and searching for this file on a Peer-to-Peer network.
  • Each remote office network has two computer systems. Each computer system has a unique computer name. Each remote office utilizes an IP address scheme that is the same as the other. The resulting IP addresses are:
  • This example illustrates a secure system for detecting a Peer-to-Peer software application on multiple computer systems by creating a specific target file with specific data, encrypting this data, placing this file in the folders of a target computer, and searching for this file on a Peer-to-Peer network.
  • the network administrator wishes to identify in a secure manner if any of these computer systems have a Peer-to-Peer network software application installed thereon.
  • One or more users have installed a Peer-to-Peer software application onto computer system # 1 and computer system # 3 .
  • the network administrator executes the detection software on each computer system.
  • the detection software on each computer system creates a file named, “12456.txt.” with the contents of this file being the IP address of the corresponding computer system.
  • the detection software encrypts the contents of the file.
  • the detection software places this file in every folder of the corresponding computer system.
  • the network administrator then issues a search on a Peer-to-Peer network for “12456.txt.”
  • the network administrator locates two files named, “12456.txt.”
  • the network administrator acquires these files, decrypts the data, and reviews the data.
  • the IP address within file # 1 is “192.168.0.1” and the IP address within file # 2 is “192.168.0.3.”
  • the network administrator now knows that computer system # 1 and computer system # 3 have a Peer-to-Peer network software application installed thereon.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system and method for detecting peer-to-peer network software operating on a target computer. A target file is created, and placed in one or more folders on the target computer. A search is issued on a Peer-to-Peer network for the target file. Peer-to-peer software is detected to be operating on the target computer in accordance with results of the search.

Description

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS
The application claims priority to U.S. Provisional Appl. No. 60/736,794, filed Nov. 15, 2005, entitled “System for Identifying the Presence of Peer-to-Peer Network Software Applications,” and is a continuation in part of U.S. patent application Ser. No. 11/103,818 filed Apr. 12, 2005 entitled System for Detecting Peer-to-Peer Network Software. Both of the above-referenced applications are incorporated by referenced herein in their entirety.
FIELD OF THE INVENTION
The present invention provides a system for detecting whether or not a computer system is or could participate in a Peer-to-Peer network by searching for specific terms and detecting these terms, or the resulting files.
BACKGROUND OF THE INVENTION
Peer-to-Peer networks comprise multiple nodes, each node typically consisting both of file server and client which can send and receive data or “Communication messages” to or from a node to which such is connected and other nodes on the network. Common Peer-to-Peer networks and software applications are Gnutella, FastTrack, Edonkey, NeoNet, Kazaa, Limewire, Morpheus, Bear Share, Bit Torrent, Shareaza, Emule, and Freenet.
In a Peer-to-Peer network, each node is connected to other nodes over a communication medium such as the Internet either directly or through some type of proxy. For example, when a search request is issued such originating node sends a search request to all of the nodes to which it is connected. (See FIG. 1) These nodes search their list of available files and if a match is found they send a response back with the location. However, a Peer-to-Peer proxy network typically consists of node A which is connected to a node B and node B is connected to a node C. (See FIG. 2) Node A is not connected to node C such that if node A issues a search request it will be forwarded to node B and Node B will search its available files and if a match is found it will send a response back to node A. Node B will then forward node A's request to node C and Node C will search its available files and if a match is found it will send a response back to node B. Node B will then forward this response to node A. FIG. 3 discloses a nonproxy loop network wherein each node is directly connected to another.
Some Peer-to-Peer networks utilize a leaf node/main node proxy topology (see FIG. 4) where some nodes are classified as main nodes and the remaining nodes are classified as leaf nodes. Leaf nodes can only connect to main nodes. Only main nodes can connect to other main nodes. When a leaf node issues a search request it sends the request to the main node to which it is connected. The main node then forwards the request to any other leaf nodes that are connected to it and also to any main nodes to which it is connected. These main nodes forward the request to any leaf nodes that are connected to them.
A Peer-to-Peer network is used to share files among its users. They are commonly used to share and acquire copy-righted music, movies, ebooks, and software but can be used to share and acquire almost any other type of file. To access a Peer-to-Peer network, a user installs a Peer-to-Peer network software application that is capable of connecting to and utilizing the Peer-to-Peer network, much the same way that a user installs a web browser, such as Internet Explorer, to access the World Wide Web.
Organizations are placed at legal risk by Peer-to-Peer network usage by their employees if an employee installs a Peer-to-Peer network software application onto their work PC and utilizes the Peer-to-Peer network to acquire copyrighted works. Peer-to-Peer network usage also consumes a lot of network bandwidth because the commonly transferred files are large software and movie files. This places bandwidth burdens on an organization's computer network. Even though it is normally a violation of corporate policy to have a Peer-to-Peer network software application installed, employees still install these applications.
When installing a Peer-to-Peer network software application, the user must select a folder on their computer system in which to store any downloaded files. For the purposes of clarification, a “folder” is used to organize files on a computer system, also known as a “directory.” Any files placed into this folder are also made available to other users. This folder is often called the “Shared Folder”. For instance, if user #1 (on a first network node) places a file named “foofile” in their shared folder, user #2 (on a second network node) would then be able to access and download the file. Depending on the Peer-to-Peer network software application used, the user can also select additional folders to make available to other users of the network.
For whatever reason, users sometimes select as their shared folder a folder that contains sensitive information or information they do not otherwise wish to share or they may later begin to place sensitive information or information they do not otherwise wish to share into their shared folder by mistake. Usually this action is done by mistake and unknowingly by the user but sometimes it is done by a malicious person or virus. Sometimes the Peer-to-Peer network software application has a software bug that permits the sharing of files and folders that the user never intended to be shared. Unintended (or malicious) sharing of information may be detrimental the user, the organization they work for, or even to national security. It would therefore be advantageous to be able to locate computers with Peer-to-Peer network software applications installed so that such applications can be assessed or removed.
There are hundreds if not thousands of different Peer-to-Peer network software applications with each having its own set of attributes. Current detection methods concentrate on 1) identifying the presence of each of these different Peer-to-Peer network software applications on a computer system or 2) the placement of a hardware/software based inline filter between the computer system and Internet to detect Peer-to-Peer network communications by looking for their protocols, monitoring for downloads, or increased bandwidth usage.
As Peer-to-Peer network software applications are created or current ones change, detecting the presence of a specific Peer-to-Peer network software application on a computer system or monitoring for Peer-to-Peer network communication on the organization's network becomes increasing challenging.
The method of identifying the presence of Peer-to-Peer network software applications on a computer system entails creating a software “blueprint” of each Peer-to-Peer network software application and checking to see if this blueprint exists on a target computer system. Virus scanning software works in the same way, in that a blueprint of the virus is created and then checked against each file on a target computer system. Using a software blueprint to detect Peer-to-Peer network software applications is successful only if the Peer-to-Peer network software application is known and an accurate blueprint has been created. Each time a new Peer-to-Peer network software application is created a new blueprint must be created and there is an inherent lag in protection during the development of the software blueprint. Furthermore, when a Peer-to-Peer network software application is upgraded or changed because of new developments, a Peer-to-Peer network software application blueprint may no longer be valid. This leaves an organization exposed.
Inline filters detect Peer-to-Peer network usage by monitoring network communications on the organization's network and comparing the communications to known Peer-to-Peer network protocols. Using a protocol comparison method to detect Peer-to-Peer network software application only works if the Peer-to-Peer network software application's protocol is known. Each time a new Peer-to-Peer network software application is created the inline filter must be upgraded to look for the new protocol or data. Furthermore, when a Peer-to-Peer network software application is upgraded or changed because of new developments, the comparison filter that the inline filter uses may no longer be valid. Inline filters also do not work on Peer-to-Peer networks in which the communications between users is encrypted. This leaves an organization exposed.
SUMMARY OF THE INVENTION
One aspect of the present invention is directed to a system and method for detecting peer-to-peer network software operating on a target computer. A target file is created, and placed in one or more folders on the target computer. A search is issued on a Peer-to-Peer network for the target file. Peer-to-peer software is detected to be operating on the target computer in accordance with results of the search.
In specific embodiments, the target file may be placed in a plurality of folders on the target computer, and optionally contains data that uniquely identifies the target computer. The data may be encrypted, and can include an IP address of the target computer, a name of the target computer, a name of a user of the target computer, and/or an email address of a user of the target computer. The data may be entered by a network administrator or operator responsible for monitoring the target computer. The method/system may be implemented at least in part using software that executes on the target computer, or alternatively using software that executes on a computer different from the target computer. A firewall, an intrusion detection system, a router, or an application, may be automatically notified upon detection of peer-to-peer software on the target computer.
In accordance with a further aspect, the present invention is directed to a system and method for detecting peer-to-peer network participation of a first node. Network data of the first node is monitored. A search is issued for a predetermined term on a peer-to-peer network while monitoring the network data. Peer-to-peer participation of the first node in the peer-to-peer network is detected if the monitoring identifies the predetermined term being transmitted to the first node.
In specific embodiments, an administrator responsible for monitoring the first node is notified if peer-to-peer participation is detected. Blocking of data access to the first node may be automatically implemented if peer-to-peer participation is detected. In addition, peer-to-peer software associated with the first node may be automatically or manually disabled if peer-to-peer participation is detected.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a simplified schematic of a two node Peer-to-Peer network;
FIG. 2 is a simplified schematic of a Peer-to-Peer proxy network;
FIG. 3 is a simplified schematic view of a Peer-to-Peer, nonproxy, loop network;
FIG. 4 is a simplified schematic of a peer to peer leaf/main node network.
FIG. 5 is a simplified flowchart representation of one of embodiment of the present invention where a file is placed onto a target system and is then searched for via the peer-to-peer network; and
FIG. 6 is a simplified flowchart representation of another embodiment of the present invention where a monitoring agent is placed between a target system and a peer-to-peer network. A search is then initiated on the peer-to-peer network to see if the monitoring agent detects the search coming into the network.
 DESCRIPTION OF PRESENTLY PREFERRED EMBODIMENTS
As part of operating, nodes on a peer-to-peer network receive searches from the network for items that are being searched for by other users. If a first node receives a search and has a matching item, the first node will respond back to the searcher node. Referring to FIG. 6, in one embodiment of the present invention, administrators install (600) a monitoring agent and configure it to detect certain terms heading inbound to a node or group of nodes that they wish to protect. The monitoring agent could be a device on its own, a piece of software, embedded in a router or firewall, or other network device which passes network data or has the potential to monitor network data such as a sniffer. The monitoring agent could have the data (being monitored) pass through it, or it could receive a copy of such data. The administrators then issues (601) searches on the peer-to-peer network and see (602) if these terms get sent to any protected nodes. If the term is not detected (603) by the monitoring agent as being sent to a node that is being protected, then the administrators continue to see (602) if these terms get sent to any protected nodes. If the term detected (604) by the monitoring agent as being sent to a node that is being protected, this would signal to the administrators that the node has peer-to-peer software. They would know this because the monitoring agent had detected the search inbound to a node so therefore the node must be part of the peer-to-peer network to receive the search. Upon detection that a node has peer-to-peer software, the monitoring agent is optionally configured to block (605) all transmissions to the node until the administrators removed the sofiware. The monitoring agent could also be configured to notify (605) the administrators upon detection that a node has peer-to-peer software. The monitoring agent could be configured to do either of these functions (i.e., blocking/notification) automatically upon detection that a node has peer-to-peer software.
Referring to FIG. 5, one embodiment of the present invention advantageously utilizes a software program to create a target file and places this target file in the folders of a target computer that is to be monitored for the purpose of detecting whether the target computer contains Peer-to-Peer network application software. The target file is preferably placed in as many folders as possible in the target computer because the “shared folder” on the target computer (to the extent one exists) is not known to the monitoring application. If the target computer has a Peer-to-Peer network software application installed, this target file will be available to be shared with other users of the Peer-to-Peer network, and an appropriate search of the Peer-to-Peer network for the target file will result in detection of the target file by a monitoring application. Once the target file or its data is detected on a Peer-to-Peer network, it can be assumed that the target computer is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer. The advantages of this system compound when the monitoring application protects multiple target computers such as you would find on a corporate network. It can also be used to offer home users or consumers protection from inadvertent or malicious installation of a peer-to-peer client application.
In another embodiment, a software program is executed on the target computer. The software program creates a target file. The target file is placed into the folders of the target computer. For example, the target file is placed in as many folders as possible because the “shared folder” is not known. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), it can be assumed that the target is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application.
In another embodiment, a software program is executed (500) on a computer system that has access to one or more target systems' file systems. The sofiware program creates (501) a target file. The data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer systems being targeted, and optionally one filename is used for ease of searching. The target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer. A search is initiated (503) on a Peer-to-Peer network (e.g., from a scanner system that connects (502) to the Peer-to-Peer network) to check (504) for the presence of the target file. If the target file is located (506), the file is then acquired (507) and the data reviewed (508) to identify or notify (509) the corresponding target computer.
In another embodiment, a software program is executed on the target computer. The software program creates a target file. The data contained within this target file is information that can be used to identify the target computer. This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching. The data that this target file includes is encrypted to protect the contents. The target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer.
In another embodiment, a software program is executed on a computer system that has access to a target system's file systems. The software program creates a target file. The target file is placed into the folders of the target computer (i.e., the computer that is to be monitored for the purpose of detecting whether the target computer contains Peer-to-Peer network application software). For example, the target file is placed in as many folders as possible because the “shared folder” is not known. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), it can be assumed that the target computer is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer.
In another embodiment, a target file is placed into the folders of the target computer. The target file is placed in as many folders as possible because the “shared folder” is not known. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located (e.g., a node searching for the file is able to retrieve it), it can be assumed that the target is in some way participating in the Peer-to-Peer network and steps can be taken to remove the Peer-to-Peer network software application from the target computer.
In another embodiment, a software program is executed on a computer system that has access to one or more target systems' file systems. The software program creates a target file. The data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer systems being targeted, and optionally one filename is used for ease of searching. The target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired and the data reviewed to identify the corresponding target computer.
In another embodiment, a software program is executed on a computer system that has access to one or more target systems' file systems. The software program creates a target file. The data contained within this target file is information that can be used to identify the target computer(s). This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching. The data that this target file includes is encrypted to protect the contents. The target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” on each target computer is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer.
In yet another embodiment, a target file is placed onto a target system and a search is initiated via the peer-to-peer network for the target file. If the file is detected notification occurs. For example, an administrator responsible for monitoring the target computer is sent an electronic communication informing the administrator that the target computer is operating a peer-to-peer network software application.
In yet another embodiment, a target file is placed onto a target system. A monitoring agent is placed between the target system and the peer-to-peer network. A search is initiated via the peer-to-peer network for the target file. If the file is detected by the monitoring agent, then notification occurs. For example, an administrator responsible for monitoring the target computer is sent an electronic communication informing the administrator that the target computer is operating a peer-to-peer network software application. Optionally the monitoring agent automatically disables access to the node that has peer-to-peer software (i.e., the target system).
In yet another embodiment, a monitoring agent is placed between the target system and the peer-to-peer network. A search is initiated for a specific term via the peer-to-peer network. The monitoring agent is configured to monitor data inbound to nodes it is configured to protect (e.g., the target system). If the monitoring agent detects the specific term it will assume that the target system has peer-to-peer software, and automatically disable access to the target system.
In yet another embodiment, a monitoring agent is placed between the target computer and the peer-to-peer network. This monitoring agent could be a device on its own, embedded in a router or firewall, or other network device which passes network data. A software program is executed on the target computer. The software program creates a target file. The target file is placed into the folders of the target computer. For example, the target file is placed in as many folders as possible because the “shared folder” is not known. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the monitoring agent detects the search string for the file the monitoring agent automatically blocks traffic to and from the target computer to prevent network access.
In yet another embodiment, a monitoring agent is placed between the target computer and the peer-to-peer network. This monitoring agent could be a device on its own, embedded in a router or firewall, or other network device which passes network data. A software program is executed on one or more target computers. The software program creates a target file. The data contained within this target file is information that can be used to identify the target computer. This is useful when there are more than one computer system being targeted, and optionally one filename is used for ease of searching. The data that this target file includes is encrypted to protect the contents. The target file is placed into the folders of the target computer(s). For example, the target file is placed in as many folders as possible because the “shared folder” is not known. Where there is more than one computer system being targeted, the data contained within this target file is optionally varied for each target computer. A search is initiated on a Peer-to-Peer network to check for the presence of the target file. If the target file is located, the file is then acquired. Once the file is acquired, the data contained within it is decrypted and reviewed to identify the corresponding target computer. The searching system then notifies the monitoring agent which automatically blocks traffic to and from the identified target computer(s) to prevent network access.
In yet another embodiment, a corporate network is protected by placing a target file in the folders of the computers located on the network, optionally changing the name of each file, or optionally encrypting the data contained within it. The file(s) are searched for on a Peer-to-Peer network, and if the file is detected it is optionally downloaded. Administrators or the user could then be notified.
In one embodiment, the invention is implemented in a computer system that contains a processor unit, main memory, and an interconnect bus. The processor unit may contain a single microprocessor, or may contain a plurality of microprocessors for configuring the computer as a multi-processor system. The main memory stores, in part, instructions and data for execution by the processor unit. If the ability of the inventive system is wholly or partially implemented in software, the main memory may be used to store the executable code when in operation. The main memory may include banks of dynamic random access memory as well as high speed memory.
The computer system may further include a mass storage device, peripheral devices, portable storage medium drives, input control device, a graphics subsystem, and an output display. The computer system may be connected through one or more data transport means. For example, the processor unit and the main memory may be connected via a local microprocessor bus, and the mass storage device, peripheral devices, portable storage medium drives, graphics subsystem may be connected via one or more input/output (I/O) busses. The mass storage device, which may be implemented with a magnetic disk drive or an optical disk drive, is nonvolatile storage device for storing data and instructions for use by the processor unit. In a software embodiment, the mass storage device stores the software for loading to the main memory.
The input control device(s) provide a portion of the user interface for a user of the computer system. The input control devices may include an alpha numeric keypad for inputting alphanumeric and other key information, a cursor control device, such as a mouse, a trackball, a stylus, or cursor direction keys. In order to display textual and graphical information, the computer system contains the graphics subsystem and the output display. The output display may include a cathode ray tube display or a liquid crystal display. The graphics subsystem receives textual and graphical information and processes the information for output to the output display.
The components contained in the computer system are those typically found in general purpose computer systems, and in fact, these components are intended to represent a broad category of such computer components that are well known in the art.
The system may be implemented in either hardware or software. For some software embodiments, the software includes a plurality of computer executable instructions for implementation on a general purpose computer system. Prior to loading into a general purpose computer system, the system may reside as encoded information on a computer readable medium, such as a magnetic floppy disc, magnetic tape compact disc read only memory (CD-ROM). In one hardware embodiment, the system may comprise a dedicated processor including processor instructions for performing the functions described herein. Circuits may also be developed to perform the functions described herein.
EXAMPLES
The following Examples illustrate various embodiments of systems according to the present Invention.
Example 1
This example illustrates a system for detecting Peer-to-Peer software applications by creating a specific target file, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
In this example, a user has installed a Peer-to-Peer software application onto computer system # 1. A network administrator wishes to identify if this computer system has a Peer-to-Peer software application installed. The network administrator executes the detection software. The detection software creates a file named, “123456.txt” and places this file in every folder of computer system # 1. The network administrator then issues a search on a Peer-to-Peer network for “123456.txt.” The network administrator locates a file named, “123456.txt.” The network administrator now knows that computer system # 1 has a Peer-to-Peer network software application installed.
Example 2
This example illustrates a system for a detecting Peer-to-Peer software application by creating a specific target file with specific data, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
In this example, a user has installed a Peer-to-Peer software application onto computer system # 1 which has an IP address of 192.168.0.1. A network administrator wishes to identify if this computer system has a Peer-to-Peer software application installed thereon. The network administrator executes the detection software. The detection software creates a file named, “123456.txt.” with the contents of this file being the IP address of computer system # 1. The detection software places this file in every folder of computer system # 1. The network administrator then issues a search on a Peer-to-Peer network for “123456.txt.” The network administrator locates a file named, “123456.txt.” The network administrator acquires the file and reviews the data. The IP address within the file is “192.168.0.1.” The network administrator now knows that computer system # 1 has a Peer-to-Peer network software application installed thereon.
Example 3
This example illustrates a system for detecting a Peer-to-Peer software application on multiple computer systems by creating a specific target file with specific data, placing this target file in the folders of a target computer, and searching for this target file on a Peer-to-Peer network.
In this example there are five computer systems on a network:
Computer system # 1 with an IP address of 192.168.0.1
Computer system # 2 with an IP address of 192.168.0.2
Computer system # 3 with an IP address of 192.168.0.3
Computer system # 4 with an IP address of 192.168.0.4
Computer system #5 with an IP address of 192.168.0.5
The network administrator wishes to identify if any of these computer systems have a Peer-to-Peer network software application installed thereon. One or more users have installed a Peer-to-Peer software application onto computer system # 1 and computer system # 3. The network administrator executes the detection software on each computer system. The detection software on each computer system creates a file named, “12456.txt.” with the contents of this file being the IP address of the corresponding computer system. The detection software places this file in every folder of the corresponding computer system. The network administrator then issues a search on a Peer-to-Peer network for “12456.txt.” The network administrator locates two files named, “12456.txt.” The network administrator acquires these file and reviews the data. The IP address within file # 1 is “192.168.0.1” and the IP address within file # 2 is “192.168.0.3.” The network administrator now knows that computer system # 1 and computer system # 3 have a Peer-to-Peer network software application installed thereon.
Example 4
This example illustrates a system for detecting a Peer-to-Peer software application on the computers of a network which share the same IP addresses by creating a specific target file with specific data, placing this file in the folders of a target computer, and searching for this file on a Peer-to-Peer network.
In this example there is a corporate network that includes two remote offices. Each remote office network has two computer systems. Each computer system has a unique computer name. Each remote office utilizes an IP address scheme that is the same as the other. The resulting IP addresses are:
  • Remote Office # 1, Computer System #1: COMPA, 192.168.0.1
  • Remote Office # 1, Computer System #2: COMPB, 192.168.0.2
  • Remote Office # 2, Computer System #1: COMPC, 192.168.0.1
  • Remote Office # 2, Computer System #2: COMPD, 192.168.0.2
    One or more users have installed a Peer-to-Peer software application on computer system # 1 in remote office # 1 and on computer system # 2 in remote office # 2. A network administrator wishes to identify if any computer system on either remote office network has a Peer-to-Peer software application installed thereon. The network administrator executes the detection software on all computer systems on both remote office networks. The detection software on each computer system creates a file named, “12456.txt.” with the contents of this file being the IP address and name of the corresponding computer system. The detection software places this file in every folder of the corresponding computer system. The network administrator then issues a search on a Peer-to-Peer network for “12456.txt.” The network administrator locates two files named, “12456.txt.” The network administrator acquires these file and reviews the data. The IP address within file # 1 is “192.168.0.1” and the IP address within file # 2 is “192.168.0.2.” The name in file # 1 is “COMPA” and the name in file # 2 is “COMPD.” The network administrator now knows that computer system # 1 in remote office # 1 and computer system # 2 in remote office # 2 have a Peer-to-Peer network software application installed thereon.
Example 5
This example illustrates a secure system for detecting a Peer-to-Peer software application on multiple computer systems by creating a specific target file with specific data, encrypting this data, placing this file in the folders of a target computer, and searching for this file on a Peer-to-Peer network.
In this example, there are five computer systems on a network:
Computer system # 1 with an IP address of 192.168.0.1
Computer system # 2 with an IP address of 192.168.0.2
Computer system # 3 with an IP address of 192.168.0.3
Computer system # 4 with an IP address of 192.168.0.4
Computer system #5 with an IP address of 192.168.0.5
The network administrator wishes to identify in a secure manner if any of these computer systems have a Peer-to-Peer network software application installed thereon. One or more users have installed a Peer-to-Peer software application onto computer system # 1 and computer system # 3. The network administrator executes the detection software on each computer system. The detection software on each computer system creates a file named, “12456.txt.” with the contents of this file being the IP address of the corresponding computer system. The detection software encrypts the contents of the file. The detection software places this file in every folder of the corresponding computer system. The network administrator then issues a search on a Peer-to-Peer network for “12456.txt.” The network administrator locates two files named, “12456.txt.” The network administrator acquires these files, decrypts the data, and reviews the data. The IP address within file # 1 is “192.168.0.1” and the IP address within file # 2 is “192.168.0.3.” The network administrator now knows that computer system # 1 and computer system # 3 have a Peer-to-Peer network software application installed thereon.
Finally, it will be appreciated by those skilled in the art that changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but is intended to cover modifications within the spirit and scope of the present invention as defined in the appended claims.

Claims (42)

What is claimed is:
1. A method for detecting whether peer-to-peer network file sharing software is operating on a target computer, the target computer connected to a computer network, comprising:
a. creating, by a software program configured to access a file system of the target computer, a target file, and placing the target file that contains identifying data in one or more folders on the target computer, the identifying data uniquely identifying the target computer;
b. locatingreceiving, by the software program, a search string of a search for the target file on a Peer-to-Peerpeer-to-peer file sharing network, wherein the search is issued from a node of the peer-to-peer file sharing network to locate the target file independent of the target computer responding to athe search issued on the Peer-to-Peerpeer-to-peer network for the target file; and
c. detecting a determining, by the software program, that the target file is shared to one or more nodes of the peer-to-peer file sharing network as a result of the search;
determining, by the software program, that the peer-to-peer file sharing software is operating on the target computer in an event the target file is located on the Peer-to-Peer network in response to determining that the target file is in at least one folder of the target computer; and
blocking, by the software program, the target computer from communicating data traffic with the peer-to-peer file sharing network.
2. The method of claim 1, wherein the target file is placed in a plurality of folders on the target computer.
3. The method of claim 1, wherein the target file contains data that uniquely identifies the target computer.
4. The method of claim 3 1, wherein the identifying data is encrypted.
5. The method of claim 3 1, wherein the identifying data includes at least one of an IP address of the target computer, a name of the target computer, a name of a user of the target computer, an email address of the user of the target computer, or information entered by the network administrator or operator responsible for monitoring the target computer.
6. The method of claim 3, wherein the data contains a name of the target computer.
7. The method of claim 3, wherein the data contains a name of a user of the target computer.
8. The method of claim 3, wherein the data contains an email address of a user of the target computer.
9. The method of claim 3, wherein the data contains information entered by a network administrator or operator responsible for monitoring the target computer.
10. The method of claim 1, wherein the method is implemented at least in part using software that executes on the target computer.
11. The method of claim 1, wherein the method is implemented at least in part using software that executes on a computer different from the target computer.
12. The method of claim 1, further comprising: notifying at least one of a firewall, an intrusion detection system, a router, or an application, that the peer-to-peer file sharing software has been detected determined to be operating on the target computer, wherein the notification is performed based in accordance with an output of the detecting determining step.
13. A system for detecting whether peer-to-peer network file sharing software is operating on a target computer, the target computer connected to a computer network, comprising:
a storage medium for storing instructions; and
a user input device for receiving user input; and
a processor unit operable to process the user input and to use the instructions to:
create a target file; place the target file in one or more folders of the storage medium on the target computer prior to an administrator knowing whether or not the target computer is participating in peer-to-peer file sharing;
locatereceive a search string of a search for the target file on a Peer-to-Peerpeer-to-peer file sharing network, wherein the search is issued from a node of the peer-to-peer file sharing network to locate the target file independent of the target computer responding to athe search issued on a Peer-to-Peerpeer-to-peer network for the target file; and
determine that the target file is shared to one or more nodes of the peer-to-peer file sharing network as a result of the search;
detect whetherdetermine that the peer-to-peer file sharing software is operating on the target computer in an event the target file is located on the Peer-to-Peer networkin response to determining that the target file is in at least one folder of the target computer; and
block the target computer from communicating data traffic with the peer-to-peer file sharing network.
14. The system of claim 13, wherein the processor unit is operable to process the user input and to use the instructions to place the target file in a plurality of folders on the target computer.
15. The system of claim 14, wherein the target file contains data that uniquely identifies the target computer.
16. The system of claim 15 13, wherein the identifying data is encrypted.
17. The system of claim 15 13, wherein the identifying data includes at least one of an IP address of the target computer, a name of the target computer, a name of a user of the target computer, an email address of the user of the target computer, information entered by a network administrator, or an operator responsible for monitoring the target computer.
18. The system of claim 15, wherein the data contains a name of the target computer.
19. The system of claim 15, wherein the data contains a name of a user of the target computer.
20. The system of claim 15, wherein the data contains an email address of a user of the target computer.
21. The system of claim 15, wherein the data contains information entered by a network operator or administrator responsible for monitoring the target computer.
22. The system of claim 13, wherein the system is implemented using software that executes at least in part on the target computer.
23. The system of claim 13, wherein the system is implemented using software that executes at least in part on a computer different from the target computer.
24. The system of claim 13, wherein the processor unit automatically notifies at least one of a firewall, an intrusion detection system, a router, or an application, upon detection of peer-to-peer software.
25. A system for the detection of one or more Peer-to-Peer network software applications operating on a target computer, comprising:
a. means for creating a target file, and placing the target file in one or more folders on the target computer;
b. means for locating the target file on a Peer-to-Peer network independent of the target computer responding to a search issued on a Peer-to-Peer network for the target file; and
c. means for detecting whether peer-to-peer software is operating on the target computer in an event the target file is located on the Peer-to-Peer network.
26. The system of claim 25, wherein the target file is placed in a plurality of folders on the target computer.
27. The system of claim 25, wherein the target file contains data that uniquely identifies the target computer.
28. A method executed by a monitoring agent on a peer-to-peer network for detecting peer-to-peer network participation of a first node, comprising:
a. monitoring network data sent to the first node; and
b. issuing a search for a predetermined term on a peer-to-peer network while monitoring the network data sent to the first node;
c. detecting peer-to-peer participation of the first node in the peer-to-peer network if the monitoring identifies the the search being sent to the first node, the detecting being independent of the first node receiving the issued search.
29. The method of claim 28, further comprising notifying an administrator responsible for monitoring the node if peer-to-peer participation is detected.
30. The method of claim 28, further comprising automatically blocking data access to the first node if peer-to-peer participation is detected.
31. The method of claim 28, further comprising disabling peer-to-peer software associated with the first node if peer-to-peer participation is detected.
32. The method of claim 28, wherein the first node resides on a corporate computer network.
33. The method of claim 28, wherein the first node resides on a home computer network.
34. A system for detecting peer-to-peer network participation, comprising:
a. means for monitoring network data sent to the first node;
b. means for issuing a search for a predetermined term on a peer-to-peer network while the means for monitoring the network data monitors the network data sent to the first node; and
c. means for detecting peer-to-peer participation of the first node in the peer-to-peer network if the means for monitoring identifies the the search being sent to the first node, the detecting means being independent of the first node receiving the issued search.
35. A method comprising:
receiving, by a target computer, a target file to be placed in one or more folders on the target computer, the target file comprising identifying data, the identifying data uniquely identifying the target computer, wherein the target computer is configured to transmit and receive one or more messages over the computer network;
receiving, by target computer, a search string of a search on a peer-to-peer file sharing network for the target file;
determining, by the target computer, that the target file is on the peer-to-peer file sharing network in response to issuing the search, wherein the search is issued from a node of the peer-to-peer file sharing network to locate the target file independent of the target computer responding to the search issued on the peer-to-peer network for the target file;
determining, by the target computer, that peer-to-peer file sharing software is operating on the target computer in response to determining that the target file is in at least one folder of the target computer; and
blocking, by the target computer, the target computer from communicating data traffic with the one or more nodes of the peer-to-peer file sharing network in response to determining that the peer-to-peer file sharing software is on the target computer.
36. The method of claim 35, wherein the target file is placed in one or more folders located on the target computer.
37. The method of claim 35, wherein the identifying data includes at least one of an IP address of the target computer, a name of the target computer, or a name of a user of the target computer.
38. The method of claim 37, further comprising, removing the peer-to-peer software from the target computer.
39. A method for detecting peer-to-peer file sharing software operating on a target computer participating in a computer network, comprising:
creating, by a software program of a computer, a target file containing data uniquely identifying the target computer in one or more folders on the target computer prior to an administrator knowing whether or not the target computer is participating in a peer-to-peer file sharing network;
issuing, by the software program, a search for the target file on the peer-to-peer file sharing network, wherein the search is issued to locate the target file independent of the target computer responding to the search issued on the peer-to-peer network for the target file;
determining, by the software program, that the peer-to-peer file sharing software is operating on the target computer based upon the search results received from the target computer; and
blocking, by the software program, the target computer from communicating data traffic in the peer-to-peer file sharing network.
40. The method of claim 39, wherein the target file is placed in a plurality of folders on the target computer.
41. A system for detecting peer-to-peer file sharing software operating on a target computer participating in a computer network, comprising:
a storage medium for storing instructions; and
a user input device for receiving user input; and
a processor unit operable to process the user input and to use the instructions to:
create a target file containing data uniquely identifying the target computer in one or more folders on the target computer prior to an administrator knowing whether or not the target computer is participating in a peer-to-peer file sharing network;
issue a search for the target file on the peer-to-peer file sharing network, wherein the search is issued to locate the target file independent of the target computer responding to the search issued on the peer-to-peer network for the target file;
determine that the peer-to-peer file sharing software is operating on the target computer based upon the search results received from the target computer; and
block the target computer from communicating data traffic in the peer-to-peer file sharing network.
42. The system of claim 41, wherein the processor unit is operable to process the user input and to use the instructions to place the target file in a plurality of folders on the target computer.
US13/445,343 2005-04-12 2012-04-12 System for identifying the presence of peer-to-peer network software applications Active 2026-10-04 USRE47628E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/445,343 USRE47628E1 (en) 2005-04-12 2012-04-12 System for identifying the presence of peer-to-peer network software applications

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US11/103,818 US9178940B2 (en) 2005-04-12 2005-04-12 System and method for detecting peer-to-peer network software
US73679405P 2005-11-15 2005-11-15
US11/599,828 US7697520B2 (en) 2005-04-12 2006-11-15 System for identifying the presence of Peer-to-Peer network software applications
US13/445,343 USRE47628E1 (en) 2005-04-12 2012-04-12 System for identifying the presence of peer-to-peer network software applications

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/599,828 Reissue US7697520B2 (en) 2005-04-12 2006-11-15 System for identifying the presence of Peer-to-Peer network software applications

Publications (1)

Publication Number Publication Date
USRE47628E1 true USRE47628E1 (en) 2019-10-01

Family

ID=67998860

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/445,343 Active 2026-10-04 USRE47628E1 (en) 2005-04-12 2012-04-12 System for identifying the presence of peer-to-peer network software applications

Country Status (1)

Country Link
US (1) USRE47628E1 (en)

Citations (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992003001A1 (en) 1990-08-07 1992-02-20 Concord Communications, Inc. Access controller for local area network
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
US6061794A (en) 1997-09-30 2000-05-09 Compaq Computer Corp. System and method for performing secure device communications in a peer-to-peer bus architecture
US6151643A (en) 1996-06-07 2000-11-21 Networks Associates, Inc. Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer
US20010003191A1 (en) 1999-12-03 2001-06-07 Kovacs Ern?Ouml; Communication device and software for operating multimedia applications
US6289446B1 (en) 1998-09-29 2001-09-11 Axis Ab Exception handling utilizing call instruction with context information
US20020044549A1 (en) 2000-06-12 2002-04-18 Per Johansson Efficient scatternet forming
US20020069098A1 (en) 2000-08-31 2002-06-06 Infoseer, Inc. System and method for protecting proprietary material on computer networks
US20020073204A1 (en) 2000-12-07 2002-06-13 Rabindranath Dutta Method and system for exchange of node characteristics for DATA sharing in peer-to-peer DATA networks
US20020087885A1 (en) * 2001-01-03 2002-07-04 Vidius Inc. Method and application for a reactive defense against illegal distribution of multimedia content in file sharing networks
US20020184310A1 (en) 2001-01-22 2002-12-05 Traversat Bernard A. Providing peer groups in a peer-to-peer environment
US20030041141A1 (en) * 2001-01-22 2003-02-27 Abdelaziz Mohamed M. Peer-to-peer presence detection
US20030055892A1 (en) 2001-09-19 2003-03-20 Microsoft Corporation Peer-to-peer group management and method for maintaining peer-to-peer graphs
US20030093466A1 (en) * 2001-11-15 2003-05-15 Jarman James D. Drag and drop technology for remote control tool
US20030095660A1 (en) * 2001-10-15 2003-05-22 Overpeer, Inc. System and method for protecting digital works on a communication network
US6574729B1 (en) 1999-08-26 2003-06-03 Lucent Technologies Inc. System for remotely identifying and providing information of unknown software on remote network node by comparing the unknown software with software audit file maintained on server
US20030112974A1 (en) * 2001-12-13 2003-06-19 Levy Kenneth L. Forensic digital watermarking with variable orientation and protocols
WO2003063023A2 (en) 2002-01-22 2003-07-31 Koninklijke Philips Electronics N.V. Method and system for distributing multimedia object
US20030195852A1 (en) * 2002-04-16 2003-10-16 Geoff Campbell System, method, apparatus and means for protecting digital content
US20030208621A1 (en) 2002-05-06 2003-11-06 Sandvine Incorporated Path optimizer for peer to peer networks
US20040003266A1 (en) 2000-09-22 2004-01-01 Patchlink Corporation Non-invasive automatic offsite patch fingerprinting and updating system and method
US20040030651A1 (en) 2002-08-08 2004-02-12 Jin-Sung Kim Method and apparatus for distributing content through on-line network
JP2004046419A (en) 2002-07-10 2004-02-12 Nippon Telegr & Teleph Corp <Ntt> Content matching server and content matching system
US20040039921A1 (en) 2000-10-17 2004-02-26 Shyne-Song Chuang Method and system for detecting rogue software
US20040044996A1 (en) 2002-08-29 2004-03-04 Dario Atallah System and method for verifying installed software
WO2004047408A1 (en) 2002-11-15 2004-06-03 International Business Machines Corporation Network traffic control in peer-to-peer environments
US20040107347A1 (en) * 2002-08-01 2004-06-03 Akira Ogino Content distribution system, content distribution method and terminal device
US20040122958A1 (en) 2002-12-19 2004-06-24 International Business Machines Corporation Method and system for peer-to-peer authorization
US20040133640A1 (en) 2002-10-31 2004-07-08 Yeager William J. Presence detection using mobile agents in peer-to-peer networks
US20040148434A1 (en) 2003-01-24 2004-07-29 Hitachi, Ltd. Method and apparatus for peer-to peer access
US20040153658A1 (en) 2003-01-31 2004-08-05 Microsoft Corporation Systems and methods for deterring software piracy in a volume license environment
US20040162871A1 (en) * 2003-02-13 2004-08-19 Pabla Kuldipsingh A. Infrastructure for accessing a peer-to-peer network environment
US6792545B2 (en) 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
JP2004343186A (en) 2003-05-13 2004-12-02 Nippon Telegr & Teleph Corp <Ntt> Traffic separation method, traffic separation device, address information collection node, and traffic separation system device
US20050044483A1 (en) * 2003-07-18 2005-02-24 Canon Kabushiki Kaisha Method of accessing and sharing a digital document in P2P communication network
US20050071485A1 (en) 2003-09-26 2005-03-31 Arun Ramagopal System and method for identifying a network resource
US20050091397A1 (en) 2001-02-14 2005-04-28 Microsoft Corporation Method and system for managing data transfer over a network
US20050102383A1 (en) * 2003-01-23 2005-05-12 Computer Associates Think, Inc. Method and apparatus for remote discovery of software applications in a networked environment
US20050105476A1 (en) * 2003-11-18 2005-05-19 P-Cube Ltd. Initialization and acquisition of peers in a peers' list in a peer-to-peer network
US20050108557A1 (en) * 2003-10-11 2005-05-19 Kayo David G. Systems and methods for detecting and preventing unauthorized access to networked devices
WO2005045624A2 (en) 2003-10-29 2005-05-19 P2P Engineering Llc Method of protecting copyrighted digital files in a distributed file sharing network
US6918113B2 (en) 2000-11-06 2005-07-12 Endeavors Technology, Inc. Client installation and execution system for streamed applications
US20050177752A1 (en) 1999-11-14 2005-08-11 Mcafee, Inc. System, method and computer program product for detection of unwanted processes
US20050193216A1 (en) 2004-03-01 2005-09-01 Melanie Gurda Methods, systems, and computer program products for detecting the presence of an installation on a data processing system based on the relative storage locations of one or more files
US20050198535A1 (en) 2004-03-02 2005-09-08 Macrovision Corporation, A Corporation Of Delaware System, method and client user interface for a copy protection service
US20050251486A1 (en) 2004-02-03 2005-11-10 Mark Nair System and methods for protecting digital works using a watermark gateway
US6983326B1 (en) 2001-04-06 2006-01-03 Networks Associates Technology, Inc. System and method for distributed function discovery in a peer-to-peer network environment
US20060059560A1 (en) * 2004-09-10 2006-03-16 Montulli Louis J Systems and methods for detecting music sharing
US7042852B2 (en) 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7046995B2 (en) 2000-06-09 2006-05-16 Aramira Corporation Mobile application peer-to-peer security system and method
US20060103732A1 (en) 2004-11-12 2006-05-18 The University Court Of The University Of St Andrews System, method & computer program product for video fingerprinting
US7051098B2 (en) 2000-05-25 2006-05-23 United States Of America As Represented By The Secretary Of The Navy System for monitoring and reporting performance of hosts and applications and selectively configuring applications in a resource managed system
US7086089B2 (en) 2002-05-20 2006-08-01 Airdefense, Inc. Systems and methods for network security
US7089301B1 (en) 2000-08-11 2006-08-08 Napster, Inc. System and method for searching peer-to-peer computer networks by selecting a computer based on at least a number of files shared by the computer
US7096503B1 (en) 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US20060200865A1 (en) 2005-03-07 2006-09-07 International Business Machines Corporation System, service, and method for enabling authorized use of distributed content on a protected media
US20060242121A1 (en) * 2005-04-22 2006-10-26 Microsoft Corporation Systems, methods, and user interfaces for storing, searching, navigating, and retrieving electronic information
US20060248062A1 (en) 2005-03-09 2006-11-02 Medio Systems, Inc. Method and system for content search with mobile computing devices
JP2006311048A (en) 2005-04-27 2006-11-09 Nec Corp Band control device
JP2006330783A (en) 2005-05-23 2006-12-07 Nec Corp Device and method for specifying overlay network generation application starting node
US7213047B2 (en) 2002-10-31 2007-05-01 Sun Microsystems, Inc. Peer trust evaluation using mobile agents in peer-to-peer networks
US7263070B1 (en) 2002-11-05 2007-08-28 Sprint Spectrum L.P. Method and system for automating node configuration to facilitate peer-to-peer communication
US7277404B2 (en) * 2002-05-20 2007-10-02 Airdefense, Inc. System and method for sensing wireless LAN activity
US7296288B1 (en) 2002-11-15 2007-11-13 Packeteer, Inc. Methods, apparatuses, and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users
US7325251B1 (en) 2003-12-16 2008-01-29 Symantec Corporation Method and system to prevent peer-to-peer (P2P) worms
US7543052B1 (en) 2003-12-22 2009-06-02 Packeteer, Inc. Automatic network traffic discovery and classification mechanism including dynamic discovery thresholds
US7664048B1 (en) 2003-11-24 2010-02-16 Packeteer, Inc. Heuristic behavior pattern matching of data flows in enhanced network traffic classification
US7840663B1 (en) * 2001-12-21 2010-11-23 Mcafee, Inc. Desktop security in peer-to-peer networks
US7903822B1 (en) * 2000-11-10 2011-03-08 DMT Licensing, LLC. Method and system for establishing a trusted and decentralized peer-to-peer network
US8667103B2 (en) 2002-04-26 2014-03-04 Hewlett-Packard Development Company, L.P. System and method for message traffic analysis, categorization, and reporting, within a system for harvesting community knowledge

Patent Citations (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1992003001A1 (en) 1990-08-07 1992-02-20 Concord Communications, Inc. Access controller for local area network
US6151643A (en) 1996-06-07 2000-11-21 Networks Associates, Inc. Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer
US6668289B2 (en) 1996-06-07 2003-12-23 Networks Associates Technology, Inc. System, method, and computer program product for uninstalling computer software
US6061794A (en) 1997-09-30 2000-05-09 Compaq Computer Corp. System and method for performing secure device communications in a peer-to-peer bus architecture
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
US6289446B1 (en) 1998-09-29 2001-09-11 Axis Ab Exception handling utilizing call instruction with context information
US6574729B1 (en) 1999-08-26 2003-06-03 Lucent Technologies Inc. System for remotely identifying and providing information of unknown software on remote network node by comparing the unknown software with software audit file maintained on server
US20050177752A1 (en) 1999-11-14 2005-08-11 Mcafee, Inc. System, method and computer program product for detection of unwanted processes
US7281268B2 (en) 1999-11-14 2007-10-09 Mcafee, Inc. System, method and computer program product for detection of unwanted processes
US20010003191A1 (en) 1999-12-03 2001-06-07 Kovacs Ern?Ouml; Communication device and software for operating multimedia applications
US7051098B2 (en) 2000-05-25 2006-05-23 United States Of America As Represented By The Secretary Of The Navy System for monitoring and reporting performance of hosts and applications and selectively configuring applications in a resource managed system
US7046995B2 (en) 2000-06-09 2006-05-16 Aramira Corporation Mobile application peer-to-peer security system and method
US20020044549A1 (en) 2000-06-12 2002-04-18 Per Johansson Efficient scatternet forming
US7089301B1 (en) 2000-08-11 2006-08-08 Napster, Inc. System and method for searching peer-to-peer computer networks by selecting a computer based on at least a number of files shared by the computer
US20020069098A1 (en) 2000-08-31 2002-06-06 Infoseer, Inc. System and method for protecting proprietary material on computer networks
US20040003266A1 (en) 2000-09-22 2004-01-01 Patchlink Corporation Non-invasive automatic offsite patch fingerprinting and updating system and method
US20040039921A1 (en) 2000-10-17 2004-02-26 Shyne-Song Chuang Method and system for detecting rogue software
US6918113B2 (en) 2000-11-06 2005-07-12 Endeavors Technology, Inc. Client installation and execution system for streamed applications
US7903822B1 (en) * 2000-11-10 2011-03-08 DMT Licensing, LLC. Method and system for establishing a trusted and decentralized peer-to-peer network
US20020073204A1 (en) 2000-12-07 2002-06-13 Rabindranath Dutta Method and system for exchange of node characteristics for DATA sharing in peer-to-peer DATA networks
US20020087885A1 (en) * 2001-01-03 2002-07-04 Vidius Inc. Method and application for a reactive defense against illegal distribution of multimedia content in file sharing networks
US20020184310A1 (en) 2001-01-22 2002-12-05 Traversat Bernard A. Providing peer groups in a peer-to-peer environment
US7574523B2 (en) 2001-01-22 2009-08-11 Sun Microsystems, Inc. Relay peers for extending peer availability in a peer-to-peer networking environment
US20030041141A1 (en) * 2001-01-22 2003-02-27 Abdelaziz Mohamed M. Peer-to-peer presence detection
US20050091397A1 (en) 2001-02-14 2005-04-28 Microsoft Corporation Method and system for managing data transfer over a network
US6983326B1 (en) 2001-04-06 2006-01-03 Networks Associates Technology, Inc. System and method for distributed function discovery in a peer-to-peer network environment
US7096503B1 (en) 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US20030055892A1 (en) 2001-09-19 2003-03-20 Microsoft Corporation Peer-to-peer group management and method for maintaining peer-to-peer graphs
US20030095660A1 (en) * 2001-10-15 2003-05-22 Overpeer, Inc. System and method for protecting digital works on a communication network
US20030093466A1 (en) * 2001-11-15 2003-05-15 Jarman James D. Drag and drop technology for remote control tool
US20030112974A1 (en) * 2001-12-13 2003-06-19 Levy Kenneth L. Forensic digital watermarking with variable orientation and protocols
US7840663B1 (en) * 2001-12-21 2010-11-23 Mcafee, Inc. Desktop security in peer-to-peer networks
WO2003063023A2 (en) 2002-01-22 2003-07-31 Koninklijke Philips Electronics N.V. Method and system for distributing multimedia object
US20030195852A1 (en) * 2002-04-16 2003-10-16 Geoff Campbell System, method, apparatus and means for protecting digital content
US8667103B2 (en) 2002-04-26 2014-03-04 Hewlett-Packard Development Company, L.P. System and method for message traffic analysis, categorization, and reporting, within a system for harvesting community knowledge
US20030208621A1 (en) 2002-05-06 2003-11-06 Sandvine Incorporated Path optimizer for peer to peer networks
US7042852B2 (en) 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7277404B2 (en) * 2002-05-20 2007-10-02 Airdefense, Inc. System and method for sensing wireless LAN activity
US7086089B2 (en) 2002-05-20 2006-08-01 Airdefense, Inc. Systems and methods for network security
US6792545B2 (en) 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
JP2004046419A (en) 2002-07-10 2004-02-12 Nippon Telegr & Teleph Corp <Ntt> Content matching server and content matching system
US20040107347A1 (en) * 2002-08-01 2004-06-03 Akira Ogino Content distribution system, content distribution method and terminal device
US20040030651A1 (en) 2002-08-08 2004-02-12 Jin-Sung Kim Method and apparatus for distributing content through on-line network
US20040044996A1 (en) 2002-08-29 2004-03-04 Dario Atallah System and method for verifying installed software
US7213047B2 (en) 2002-10-31 2007-05-01 Sun Microsystems, Inc. Peer trust evaluation using mobile agents in peer-to-peer networks
US20040133640A1 (en) 2002-10-31 2004-07-08 Yeager William J. Presence detection using mobile agents in peer-to-peer networks
US7263070B1 (en) 2002-11-05 2007-08-28 Sprint Spectrum L.P. Method and system for automating node configuration to facilitate peer-to-peer communication
US20060168304A1 (en) 2002-11-15 2006-07-27 Bauer Daniel N Network traffic control in peer-to-peer environments
US7296288B1 (en) 2002-11-15 2007-11-13 Packeteer, Inc. Methods, apparatuses, and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users
WO2004047408A1 (en) 2002-11-15 2004-06-03 International Business Machines Corporation Network traffic control in peer-to-peer environments
US20040122958A1 (en) 2002-12-19 2004-06-24 International Business Machines Corporation Method and system for peer-to-peer authorization
US20050102383A1 (en) * 2003-01-23 2005-05-12 Computer Associates Think, Inc. Method and apparatus for remote discovery of software applications in a networked environment
US7318092B2 (en) * 2003-01-23 2008-01-08 Computer Associates Think, Inc. Method and apparatus for remote discovery of software applications in a networked environment
US20040148434A1 (en) 2003-01-24 2004-07-29 Hitachi, Ltd. Method and apparatus for peer-to peer access
US20040153658A1 (en) 2003-01-31 2004-08-05 Microsoft Corporation Systems and methods for deterring software piracy in a volume license environment
US20040162871A1 (en) * 2003-02-13 2004-08-19 Pabla Kuldipsingh A. Infrastructure for accessing a peer-to-peer network environment
WO2004086168A2 (en) 2003-03-20 2004-10-07 Patchlink Corporation Non-invasive automatic offsite patch fingerprinting and updating system and method
JP2004343186A (en) 2003-05-13 2004-12-02 Nippon Telegr & Teleph Corp <Ntt> Traffic separation method, traffic separation device, address information collection node, and traffic separation system device
US20050044483A1 (en) * 2003-07-18 2005-02-24 Canon Kabushiki Kaisha Method of accessing and sharing a digital document in P2P communication network
US20050071485A1 (en) 2003-09-26 2005-03-31 Arun Ramagopal System and method for identifying a network resource
US20050108557A1 (en) * 2003-10-11 2005-05-19 Kayo David G. Systems and methods for detecting and preventing unauthorized access to networked devices
WO2005045624A2 (en) 2003-10-29 2005-05-19 P2P Engineering Llc Method of protecting copyrighted digital files in a distributed file sharing network
US20050105476A1 (en) * 2003-11-18 2005-05-19 P-Cube Ltd. Initialization and acquisition of peers in a peers' list in a peer-to-peer network
US7664048B1 (en) 2003-11-24 2010-02-16 Packeteer, Inc. Heuristic behavior pattern matching of data flows in enhanced network traffic classification
US7325251B1 (en) 2003-12-16 2008-01-29 Symantec Corporation Method and system to prevent peer-to-peer (P2P) worms
US7543052B1 (en) 2003-12-22 2009-06-02 Packeteer, Inc. Automatic network traffic discovery and classification mechanism including dynamic discovery thresholds
US20050251486A1 (en) 2004-02-03 2005-11-10 Mark Nair System and methods for protecting digital works using a watermark gateway
US20050193216A1 (en) 2004-03-01 2005-09-01 Melanie Gurda Methods, systems, and computer program products for detecting the presence of an installation on a data processing system based on the relative storage locations of one or more files
US20050198535A1 (en) 2004-03-02 2005-09-08 Macrovision Corporation, A Corporation Of Delaware System, method and client user interface for a copy protection service
US20060059560A1 (en) * 2004-09-10 2006-03-16 Montulli Louis J Systems and methods for detecting music sharing
US20060103732A1 (en) 2004-11-12 2006-05-18 The University Court Of The University Of St Andrews System, method & computer program product for video fingerprinting
US20060200865A1 (en) 2005-03-07 2006-09-07 International Business Machines Corporation System, service, and method for enabling authorized use of distributed content on a protected media
US20060248062A1 (en) 2005-03-09 2006-11-02 Medio Systems, Inc. Method and system for content search with mobile computing devices
US20060242121A1 (en) * 2005-04-22 2006-10-26 Microsoft Corporation Systems, methods, and user interfaces for storing, searching, navigating, and retrieving electronic information
JP2006311048A (en) 2005-04-27 2006-11-09 Nec Corp Band control device
JP2006330783A (en) 2005-05-23 2006-12-07 Nec Corp Device and method for specifying overlay network generation application starting node

Non-Patent Citations (42)

* Cited by examiner, † Cited by third party
Title
Brandon Wiley, Freenet, "Inoperability Through Gateways," Chapter 19, pp. 381-392.
Decision on Appeal-Reversed, dated Mar. 4, 2014 for U.S. Appl. No. 11/103,818, filed Apr. 12, 2005 for System and Method for Detecting Peer-To-Peer Network Software, 8 pages.
Decision on Appeal—Reversed, dated Mar. 4, 2014 for U.S. Appl. No. 11/103,818, filed Apr. 12, 2005 for System and Method for Detecting Peer-To-Peer Network Software, 8 pages.
Findeli, M., "Peer-to-Peer (P2P) Networking," Online, Jul. 1, 2001, p. 1-21.
Hessing, S., "Peer to Peer Messaging Protocol," Internet-Draft, Apr. 2002, pp. 1-57.
International Search Report and Written Opinion dated Sep. 24, 2007 for PCT/US06/13671 filed on Apr. 11, 2006 by Tiversa, Inc., 8 pages.
International Search Report and Written Opinion dated Sep. 26, 2007 for PCT/US06/44366 filed on Nov. 15, 2006 by Tiversa, Inc., 8 pages.
Katsuo Yamada, "Latest P2P Mechanism and Corporate Defense Measures," "N + I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 084 to 093-Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
Katsuo Yamada, "Latest P2P Mechanism and Corporate Defense Measures," "N + I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 084 to 093—Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
Kotegawa et al., "Design for end host security management mechanism with mobile agents," a collection of papers of Computer Security Symposium 2004 (CSS2004) vol. II of II, Information Processing Society of Japan, Oct. 20, 2004, vol. 2004, No. 11, pp. 637-642-Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Kotegawa et al., "Design for end host security management mechanism with mobile agents," a collection of papers of Computer Security Symposium 2004 (CSS2004) vol. II of II, Information Processing Society of Japan, Oct. 20, 2004, vol. 2004, No. 11, pp. 637-642—Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Lindemann, C. et al., "A Distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications," Peer-to-Peer Computing, 2002, Proceedings of the Second International Conference on Peer-to-Peer Computing, Sep. 5-7, 2002.
Liu, J. et al., "Distributed Distance Measurement for Large-Scale Networks," Computer Networks 41 (2003) 177-192.
Marmor, M.S., "Make the P2P Lead with Toadnode," www.webtechniques.com, Dec. 2000, pp. 44-49.
Mennecke, Thomas, "P2P Users Face New Challenge-Update," Slyck News, Dec. 15, 2003, http://www.slyck.com/story345_P2P_Users_Face_New_Challenge_Update, 3 pages.
Mennecke, Thomas, "P2P Users Face New Challenge—Update," Slyck News, Dec. 15, 2003, http://www.slyck.com/story345_P2P_Users_Face_New_Challenge_Update, 3 pages.
Miyamoto, "Method of detecting/blocking unexpected communication," the Jun. 2004 issue of SoftwareDesign, Gijutsu-Hyohron CO., Ltd., Jun. 18, 2004, No. 230, pp. 33-36-Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Miyamoto, "Method of detecting/blocking unexpected communication," the Jun. 2004 issue of SoftwareDesign, Gijutsu-Hyohron CO., Ltd., Jun. 18, 2004, No. 230, pp. 33-36—Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Mockapetris et al., "Development of the Domain Name System," ACM SigComm Computer Communication Review (2001), Herewith.
Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.
Oda et al., "Part 3 Putting home server to practical use on the Internet with dynamic DNS," the Apr. 2003 issue of PC Japan, Softbank Publishing Co., Ltd., Apr. 1, 2003, vol. 8, No. 4, pp. 147-155-Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Oda et al., "Part 3 Putting home server to practical use on the Internet with dynamic DNS," the Apr. 2003 issue of PC Japan, Softbank Publishing Co., Ltd., Apr. 1, 2003, vol. 8, No. 4, pp. 147-155—Partial English Translation available (See Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.).
Office Action dated Oct. 19, 2018 in Brazil Appln. PI06186130 (including translation), Herewith.
Office Action for Japanese Patent Application No. 2008-506642, dated Feb. 15, 2010, 8 pages.
Oram, A., "Peer-to-Peer: Harnessing the Power of Distruptive Technologies," Ch. 19: Inoperability Through Gateways, Mar. 2001, p. 381-392.
Richard, Matthew, "Intrusion Detection FAQ: Are there limitations of Intrusion Signatures?" Sans Institute, Apr. 5, 2001, https://www.sans.org/security-resources/idfaq/limitations.php., 5 pages.
Scarlata, V. et al., "Responder Anonymity and Anonymous Peer-to-Peer File Sharing," Proceedings of the International Conference on Network Protocols, Nov. 11, 2001, p. 272-280.
Sen, Subhabrata, Oliver Spatscheck and Dongmei Wang/ "Accurate, scalable in-network identification on p2p traffic using application signatures." Proceedings of the 13th international conference on World Wide Web ACM 2004.
Siu Man Lui and Sai Ho Kowk, "Interoperability of Peer-to-Peer File Sharing," ACM SIGecom Exchanges, vol. 3, No. 3, Aug. 2002, pp. 25-33.
Spognardi, Angelo, Alessandro Lucarelli and Roberto Di Pietro. "A methodology for P2P file-sharing traffic detection." Hot Topics in Peer-to-Peer Systems, 2005. Hot-P2P 2005. Second International Workshop on IEEE, 2005.
Steven Hessing, "Peer to Peer Messaging Protocol," Internet-Draft, 1-57 (2002).
Supplementary European Search Report dated Jul. 7, 2016 for European Application No. EP 06 83 7687 by Tiversa IP, Inc. 8 pages.
Supplementary Search Report dated Dec. 20, 2012 for European Patent Application No. 06 749 896.4 filed on Apr. 11, 2006 by Tiversa, Inc., 7 pages.
TTS, "Latest P2P Mechanism and Corporate Defense Measures," "N + I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 071 to 078-Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
TTS, "Latest P2P Mechanism and Corporate Defense Measures," "N +I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 094 to 097-Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
TTS, "Latest P2P Mechanism and Corporate Defense Measures," "N + I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 071 to 078—Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
TTS, "Latest P2P Mechanism and Corporate Defense Measures," "N +I Network Guide," Japan, Softbank Publishing Corp., Nov. 1, 2004, 2004. 11, pp. 094 to 097—Partial English explanation available (See Notice of Reasons for Rejection, dated Jun. 24, 2013 for Japanese Patent Application No. 2011-239203, 5 pages.).
Ueda, K. et al., "Peer-to-Peer Network Topology Control within a Mobile Ad-hoc Network," 2003 IEEE, pp. 243-247.
Xiao, L. et al., "Mutual Anonymity Protocols for Hybrid Peer-to-Peer Systems," Proceedings of the 23rd International Conference on Distributed Computing Systems, May 19-22, 2003.
Youngfen Chen, et al. "Detecting randomly scanning worms based on heavy-tailed property", Networking, Sensing and Control, 2005, Proceedings 2005 IEEE Tucson, AZ Mar. 19-22, 2005, Piscataway, NJ, IEEE, Mar. 19, 2005, pp. 354-358.
Zhenyun Zhuang et al., "Hybrid Periodical Flooding in Unstructured Peer-to-Peer Networks," Proceedings of the 2003 International Conference on Parallel Proceeding.
Zupeng, Li et al., "Research of Peer-to-Peer Network Architecture," Proceedings of ICCT2003, pp. 312-315.

Similar Documents

Publication Publication Date Title
US7697520B2 (en) System for identifying the presence of Peer-to-Peer network software applications
US9178940B2 (en) System and method for detecting peer-to-peer network software
JP4327698B2 (en) Network type virus activity detection program, processing method and system
EP1860590B1 (en) Posture-based data protection
US8955135B2 (en) Malicious code infection cause-and-effect analysis
US9294505B2 (en) System, method, and computer program product for preventing a modification to a domain name system setting
US20030037138A1 (en) Method, apparatus, and program for identifying, restricting, and monitoring data sent from client computers
US7636943B2 (en) Method and system for detecting blocking and removing spyware
JP2007241513A (en) Equipment monitoring device
KR20070121659A (en) Computer-implemented method and system for authorizing a file containing computer executable code
CN108027856A (en) The real-time indicator of attack information is established using credible platform module
US9552491B1 (en) Systems and methods for securing data
CA2629273C (en) System for identifying the presence of peer-to-peer network software applications
USRE47628E1 (en) System for identifying the presence of peer-to-peer network software applications
US20200389435A1 (en) Auditing smart bits
WO2007069337A1 (en) Improper communication program restriction system and program
US20060075493A1 (en) Sending a message to an alert computer
US8832842B1 (en) Storage area network external security device
Mendo Document flow tracking within corporate networks
da Silva Mendo Document flow tracking within corporate networks
JP2019135577A (en) Control program, control method, and information processing device

Legal Events

Date Code Title Description
AS Assignment

Owner name: TIVERSA HOLDING CORP., PENNSYLVANIA

Free format text: MERGER;ASSIGNOR:TIVERSA, INC.;REEL/FRAME:028683/0581

Effective date: 20120411

AS Assignment

Owner name: TIVERSA IP, INC., PENNSYLVANIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TIVERSA HOLDING CORP.;REEL/FRAME:028722/0545

Effective date: 20120731

AS Assignment

Owner name: KROLL INFORMATION ASSURANCE, LLC, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TIVERSA IP INC.;REEL/FRAME:043099/0908

Effective date: 20170606

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONN

Free format text: SECURITY INTEREST;ASSIGNOR:KROLL INFORMATION ASSURANCE, LLC;REEL/FRAME:045665/0314

Effective date: 20180430

AS Assignment

Owner name: KROLL INFORMATION ASSURANCE, LLC, NEW YORK

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS RECORDED AT R/F 045665/0314;ASSIGNOR:UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT;REEL/FRAME:052358/0685

Effective date: 20200409

AS Assignment

Owner name: GOLDMAN SACHS LENDING PARTNERS LLC, NEW YORK

Free format text: GRANT OF SECURITY INTEREST IN PATENT RIGHTS (2L);ASSIGNOR:KROLL INFORMATION ASSURANCE, LLC;REEL/FRAME:053539/0059

Effective date: 20200409

Owner name: GOLDMAN SACHS LENDING PARTNERS LLC, NEW YORK

Free format text: GRANT OF SECURITY INTEREST IN PATENT RIGHTS (1L);ASSIGNOR:KROLL INFORMATION ASSURANCE, LLC;REEL/FRAME:054153/0235

Effective date: 20200409

FEPP Fee payment procedure

Free format text: 11.5 YR SURCHARGE- LATE PMT W/IN 6 MO, LARGE ENTITY (ORIGINAL EVENT CODE: M1556); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

AS Assignment

Owner name: KROLL INFORMATION ASSURANCE, LLC, NEW YORK

Free format text: SECOND LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:GOLDMAN SACHS LENDER PARTNERS LLC;REEL/FRAME:072871/0279

Effective date: 20250912

Owner name: KROLL GOVERNMENT SOLUTIONS, LLC (F/K/A VERUS ANALYTICS LLC), NEW YORK

Free format text: SECOND LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:GOLDMAN SACHS LENDER PARTNERS LLC;REEL/FRAME:072871/0279

Effective date: 20250912

Owner name: KROLL INFORMATION ASSURANCE, LLC, NEW YORK

Free format text: FIRST LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:GOLDMAN SACHS LENDER PARTNERS LLC;REEL/FRAME:072871/0311

Effective date: 20250912

Owner name: KROLL GOVERNMENT SOLUTIONS, LLC (F/K/A VERUS ANALYTICS LLC), NEW YORK

Free format text: FIRST LIEN RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:GOLDMAN SACHS LENDER PARTNERS LLC;REEL/FRAME:072871/0311

Effective date: 20250912

AS Assignment

Owner name: ALTER DOMUS (US) LLC, AS COLLATERAL AGENT, ILLINOIS

Free format text: GRANT OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:KROLL INFORMATION ASSURANCE, LLC;REEL/FRAME:072906/0455

Effective date: 20250912