US 8635697

Here's a concise summary of US Patent 8635697:

US Patent Number: 8635697

Title: Method and system for operating system identification in a network based security monitoring solution

Current Assignee: Netskope Inc. (as of 2024-07-05 assignment).

Inventors: Kevin McNamee, Mike Pelley, Darren Deridder, Paul Edwards.

Filing Date: April 8, 2011.

Issue Date: January 21, 2014.

Abstract:
The patent discloses a method and system for network-based malware detection in a service provider network. It involves receiving Transmission Control Protocol (TCP) packets from an access device, which define a TCP session between a computing device and a destination. An operating system identifier (OS ID) for the TCP session and computing device is determined. If malware is detected by comparing a malware signature to the TCP packets, an associated malware ID is determined. An alert is then generated, identifying the network address of the access device, the malware ID, and the OS ID of the TCP session that triggered the alert.

Plain-Language Overview of Independent Claims:

• Claim 1 (Method Claim): This claim describes a method for detecting malware in a service provider network. It involves:

  1. Receiving TCP packets that originate from an access device (like a home router) and form a TCP session between a computing device (behind the router) and a destination on the network.
  2. Identifying the operating system (OS ID) of the computing device participating in that TCP session.
  3. Checking if malware is present in the TCP session by comparing the received packets against known malware signatures to get a malware ID.
  4. Generating an alert that includes the network address of the access device, the identified malware, and the operating system of the infected computing device.

• Claim 15 (System Claim): This claim describes a system that performs network-based malware detection in a service provider network. The system includes multiple network sensors, each capable of:

  1. Receiving TCP packets from an access device, which define a TCP session between a computing device and a network destination.
  2. Determining the operating system (OS ID) of the computing device involved in the TCP session.
  3. Detecting malware in the TCP session by comparing packets to malware signatures and identifying an associated malware ID.
  4. Generating an alert with the network address of the access device, the malware ID, and the OS ID of the session that generated the alert.

• Claim 24 (Computer Readable Memory Claim): This claim covers a computer-readable memory containing instructions. When these instructions are run by a processor, they cause the processor to perform the following steps for network-based malware detection in a service provider network:

  1. Receive TCP packets from an access device, defining a TCP session from a computing device to a network destination.
  2. Determine the operating system identifier (OS ID) of the computing device associated with that TCP session.
  3. Determine if malware is present in the TCP session and its malware ID by comparing malware signatures to the TCP packets.
  4. Generate an alert that identifies the access device's network address, the malware ID, and the OS ID related to the TCP session that caused the alert.

CAFC 2026 Dockets:
Information on specific CAFC 2026 dockets for US8635697 is not definitively available from the provided search results. The search results provided general access points to CAFC scheduled cases for May, June, and July 2026, but do not list specific patent numbers or cases related to US8635697 within those schedules.

However, the Google Patents page indicates that the patent family has litigation, including a PTAB case IPR2026-00031 (which was "Not Instituted - Procedural") and US district court cases filed in the California Northern District Court (case numbers 4:25-cv-02360 and 3:25-cv-02360). These are not direct CAFC 2026 docket entries.