BitLaw

Section 101 Examples
1-Removing Malicious Code From Email Messages

This is an example provided by the U.S. Patent and Trademark Office for analyzing Section 101 patent subject matter eligibility issues. The example is one of the "Abstract Idea Examples" provided by the USPTO on January 27, 2015. The original PDF document is found here. The numbering of these examples is taken from Appendix 2 of the July 2015 Update on Subject Matter Eligibility.

This example should be viewed in light of the introduction that was provided with it.

Index to USPTO's Section 101 Examples
| Next: Example 2

Example 1: Isolating and Removing Malicious Code from Electronic Messages

Hypothetical claims 1 and 2 are not directed to an abstract idea.

Background

The invention relates to isolating and removing malicious code from electronic messages (e.g., email) to prevent a computer from being compromised, for example by being infected with a computer virus. The specification explains the need for computer systems to scan electronic communications for malicious computer code and clean the electronic communication before it may initiate malicious acts. The disclosed invention operates by physically isolating a received electronic communication in a “quarantine” sector of the computer memory. A quarantine sector is a memory sector created by the computer’s operating system such that files stored in that sector are not permitted to act on files outside that sector.

When a communication containing malicious code is stored in the quarantine sector, the data contained within the communication is compared to malicious code-indicative patterns stored within a signature database. The presence of a particular malicious code-indicative pattern indicates the nature of the malicious code. The signature database further includes code markers that represent the beginning and end points of the malicious code.

The malicious code is then extracted from malicious code-containing communication. An extraction routine is run by a file parsing component of the processing unit. The file parsing routine performs the following operations:

  1. scan the communication for the identified beginning malicious code marker;
  2. flag each scanned byte between the beginning marker and the successive end malicious code marker;
  3. continue scanning until no further beginning malicious code marker is found; and
  4. create a new data file by sequentially copying all non-flagged data bytes into the new file, which thus forms a sanitized communication file.

The new, sanitized communication is transferred to a non-quarantine sector of the computer memory. Subsequently, all data on the quarantine sector is erased.

Claims

1. A computer-implemented method for protecting a computer from an electronic communication containing malicious code, comprising executing on a processor the steps of:
• receiving an electronic communication containing malicious code in a computer with a memory having a boot sector, a quarantine sector and a non-quarantine sector;
• storing the communication in the quarantine sector of the memory of the computer, wherein the quarantine sector is isolated from the boot and the non-quarantine sector in the computer memory, where code in the quarantine sector is prevented from performing write actions on other memory sectors;
• extracting, via file parsing, the malicious code from the electronic communication to create a sanitized electronic communication, wherein the extracting comprises
• scanning the communication for an identified beginning malicious code marker, flagging each scanned byte between the beginning marker and a successive end
• malicious code marker,
• continuing scanning until no further beginning malicious code marker is found, and
• creating a new data file by sequentially copying all non-flagged data bytes into a
• new file that forms a sanitized communication file;
• transferring the sanitized electronic communication to the non-quarantine sector of the memory; and
• deleting all data remaining in the quarantine sector.
2. A non-transitory computer-readable medium for protecting a computer from an electronic communication containing malicious code, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
• receiving an electronic communication containing malicious code in a computer with a memory having a boot sector, a quarantine sector and a non-quarantine sector;
• storing the communication in the quarantine sector of the memory of the computer, wherein the quarantine sector is isolated from the boot and the non-quarantine sector in the computer memory, where code in the quarantine sector is prevented from performing write actions on other memory sectors;
• extracting, via file parsing, the malicious code from the electronic communication to create a sanitized electronic communication, wherein the extracting comprises
• scanning the communication for an identified beginning malicious code marker, flagging each scanned byte between the beginning marker and a successive end
• malicious code marker,
• continuing scanning until no further beginning malicious code marker is found, and
• creating a new data file by sequentially copying all non-flagged data bytes into a new file that forms a sanitized communication file;
• transferring the sanitized electronic communication to the non-quarantine sector of the memory; and
• deleting all data remaining in the quarantine sector.

Analysis

Claim 1: Eligible.

The method claim recites a series of acts for protecting a computer from an electronic communication containing malicious code. Thus, the claim is directed to a process, which is one of the statutory categories of invention (Step 1: YES).

The claim is then analyzed to determine whether it is directed to any judicial exception. The claimed invention relates to software technology for isolation and extraction of malicious code contained in an electronic communication. The claim is directed towards physically isolating a received communication on a memory sector and extracting malicious code from that communication to create a sanitized communication in a new data file. Such action does not describe an abstract concept, or a concept similar to those found by the courts to be abstract, such as a fundamental economic practice, a method of organizing human activity, an idea itself (standing alone), or a mathematical relationship. In contrast, the invention claimed here is directed towards performing isolation and eradication of computer viruses, worms, and other malicious code, a concept inextricably tied to computer technology and distinct from the types of concepts found by the courts to be abstract. Accordingly, the claimed steps do not recite an abstract idea. Nor do they implicate any other judicial exception. Accordingly, the claim is not directed to any judicial exception (Step 2A: NO). The claim is eligible.

Claim 2: Eligible.

The claim is directed to a non-transitory computer-readable medium, which is a manufacture, and thus a statutory category of invention (Step 1: YES).

The claim recites the same steps as claim 1 stored on a non-transitory computer readable medium such that they are executable on a processor. The invention described by those steps is not directed towards an abstract idea, for the reasons explained above (Step 2A: NO). The claim is eligible.