System and method for antivirus checking of files based on level of trust of their digital certificates
First Claim
Patent Images
1. A method for performing antivirus checking of a file, the method comprising:
- obtaining a digital certificate of the file, wherein the digital certificate is an end certificate associated with a certificate chain;
determining, by a hardware processor, validity of the obtained digital certificate by decrypting a digital signature of the obtained digital certificate using a public key of an intermediate certificate authority, calculating a hash value of the digital certificate, and determining a match of the decrypted digital signature with the calculated hash value;
assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file and further based on a set of intermediate digital certificates in the certificate chain,wherein a low level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a digital certificate used to sign a known malicious file,wherein a medium level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a valid digital certificate, andwherein a high level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates being issued by a trusted certification authority; and
performing an antivirus checking method on the file based on the assigned level of trust of the digital certificate of the file, wherein one or more of heuristic analysis, emulation, and blocking execution is performed on the file having a digital certificate with an assigned low level of trust.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and computer program products for antivirus checking of files based on level of trust of their digital certificates. An example method includes obtaining a digital certificate of a digital signature of a file; determining validity of the obtained digital certificate; assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file; based on the assigned level of trust of the digital certificate of the file, determining what antivirus checking method to perform on the file; and performing the determined antivirus checking method on the file.
16 Citations
20 Claims
-
1. A method for performing antivirus checking of a file, the method comprising:
-
obtaining a digital certificate of the file, wherein the digital certificate is an end certificate associated with a certificate chain; determining, by a hardware processor, validity of the obtained digital certificate by decrypting a digital signature of the obtained digital certificate using a public key of an intermediate certificate authority, calculating a hash value of the digital certificate, and determining a match of the decrypted digital signature with the calculated hash value; assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file and further based on a set of intermediate digital certificates in the certificate chain, wherein a low level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a digital certificate used to sign a known malicious file, wherein a medium level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a valid digital certificate, and wherein a high level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates being issued by a trusted certification authority; and performing an antivirus checking method on the file based on the assigned level of trust of the digital certificate of the file, wherein one or more of heuristic analysis, emulation, and blocking execution is performed on the file having a digital certificate with an assigned low level of trust. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for performing antivirus checking of a file, the system comprising:
a hardware processor configured to; obtain a digital certificate of the file, wherein the digital certificate is an end certificate associated with a certificate chain; determine validity of the obtained digital certificate of the file by decrypting a digital signature of the obtained digital certificate using a public key of an intermediate certificate authority, calculating a hash value of the digital certificate, and determining a match of the decrypted digital signature with the calculated hash value; assign a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file and further based on a set of intermediate digital certificates in the certificate chain, wherein a low level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a digital certificate used to sign a known malicious file, wherein a medium level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a valid digital certificate, and wherein a high level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates being issued by a trusted certification authority; and perform an antivirus checking method on the file based on the assigned level of trust of the digital certificate of the file, wherein one or more of heuristic analysis, emulation, and blocking execution is performed on the file having a digital certificate with an assigned low level of trust. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A computer program product, stored on a non-transitory computer readable medium, wherein the computer program product includes computer executable instructions for performing antivirus checking of a file, including instructions for:
-
obtaining a digital certificate of the file, wherein the digital certificate is an end certificate associated with a certificate chain; determining, by a hardware processor, validity of the obtained digital certificate by decrypting a digital signature of the obtained digital certificate using a public key of an intermediate certificate authority, calculating a hash value of the digital certificate, and determining a match of the decrypted digital signature with the calculated hash value; assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file and further based on a set of with intermediate digital certificates in the certificate chain, wherein a low level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a digital certificate used to sign a known malicious file, wherein a medium level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates is a valid digital certificate, and wherein a high level of trust is assigned to the end certificate based on a determination that at least one intermediate digital certificate of the set of intermediate digital certificates being issued by a trusted certification authority; and performing an antivirus checking method on the file based on the assigned level of trust of the digital certificate of the file, wherein one or more of heuristic analysis, emulation, and blocking execution is performed on the file having a digital certificate with an assigned low level of trust. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification