Disarming malware in protected content

US 10,331,890 B2
Filed: 03/20/2018
Issued: 06/25/2019
Est. Priority Date: 03/20/2017
Status: Active Grant

First Claim

Patent Images

1. A method of disarming malicious code in protected content in a computer system having a processor, the method comprising:

determining, by the processor, that a received input file intended for a recipient is protected;

accessing a credential associated with the intended recipient for accessing the protected input file;

accessing, by the processor, the content of the protected input file based on the credential;

modifying, by the processor, at least a portion of digital values of the content configuring to disable any malicious code included in the content without intentionally altering non-malicious functionality of the received input file, thereby creating a modified input file, wherein the modified input file is modified to be substantially similar to the received input file; and

protecting, by the processor, the modified input file based on the credential associated with the intended recipient.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Citations

23 Claims

1. A method of disarming malicious code in protected content in a computer system having a processor, the method comprising:
- determining, by the processor, that a received input file intended for a recipient is protected;
  
  accessing a credential associated with the intended recipient for accessing the protected input file;
  
  accessing, by the processor, the content of the protected input file based on the credential;
  
  modifying, by the processor, at least a portion of digital values of the content configuring to disable any malicious code included in the content without intentionally altering non-malicious functionality of the received input file, thereby creating a modified input file, wherein the modified input file is modified to be substantially similar to the received input file; and
  
  protecting, by the processor, the modified input file based on the credential associated with the intended recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising enabling access to the modified input file by the intended recipient.
  - 3. The method of claim 2, further comprising providing a notification to the intended recipient that the modified input file includes modified content.
  - 4. The method of claim 3, wherein the notification is included in content of the modified input file.
  - 5. The method of claim 3, wherein the notification is included in a communication associated with the modified input file.
  - 6. The method of claim 5, wherein the communication is an electronic message including the modified input file attached thereto.
  - 7. The method of claim 2, further comprising:
    - storing the protected input file in a dedicated storage area of the computer system; and
      
      enabling access to the content by the intended recipient according to a policy of the computer system.
  - 8. The method of claim 1, wherein accessing the credential includes requesting the credential from the intended recipient.
  - 9. The method of claim 1, wherein accessing the credential includes determining the credential based on a content of a communication associated with the input file intended for the recipient.
  - 10. The method of claim 1, wherein determining that the input file is protected includes determining that the input file is password-protected.
  - 11. The method of claim 10, wherein the credential associated with the intended recipient is a password for accessing the content of the protected input file.
  - 12. The method of claim 10, wherein protecting the modified input file includes password-protecting the modified input file based on the password.
  - 13. The method of claim 1, wherein determining that the input file is protected includes determining that the input file is encrypted.
  - 14. The method of claim 13, wherein the credential associated with the intended recipient is a private key for decrypting the input file.
  - 15. The method of claim 13, wherein the private key is stored by a gateway in the network.
  - 16. The method of claim 14, wherein protecting the modified input file includes encrypting the modified input file using a public key associated with the intended recipient.
  - 17. The method of claim 1, wherein accessing the content of the protected input file includes decrypting the protected input file based on the credential.

18. A method of disarming malicious code in protected content in a computer system having a processor, the method comprising:
- determining, by the processor, that a received content intended for a recipient is protected;
  
  accessing, by the processor, a credential for accessing the protected content;
  
  accessing, by the processor, the digital values of the protected content based on the credential;
  
  modifying, by the processor, at least a portion of the digital values of the content configuring to disable any malicious code included in the content without intentionally altering non-malicious functionality of the received content, thereby creating modified content, wherein the modified content is modified to be substantially similar to the received content; and
  
  enabling access to the modified content by the intended recipient.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, further comprising, before enabling access to the modified content, protecting, by the processor, the modified content based on the credential.
  - 20. The method of claim 18, wherein the received content includes at least one of an electronic message or a file.
  - 21. The method of claim 18, wherein the modifying is performed without first detecting malicious code in the digital values of the received content.
  - 22. A non-transitory computer-readable medium comprising instructions that when executed by a processor are configured for carrying out the method of claim 18.

23. A system for disarming malicious code in protected content, the system comprising:
- a memory device storing a set of instructions; and
  
  a processor configured to execute the set of instructions to;
  
  determine that a received content intended for a recipient in a network is protected;
  
  access a credential for accessing the protected content;
  
  access the digital values of the protected content based on the credential;
  
  modify at least a portion of the digital values of the content configuring to disable any malicious code included in the content without intentionally altering non-malicious functionality of the received content, thereby creating modified content, wherein the modified content is modified to be substantially similar to the received content; and
  
  enable access to the modified content by the intended recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Votiro Cybersec Ltd
Original Assignee
Votiro Cybersec Ltd
Inventors
Grafi, Aviv
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/926,484
Publication Number

US 20180268143A1
Time in Patent Office

462 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/563   by source code analysis

G06F 21/568   eliminating virus, restorin...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

Disarming malware in protected content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Disarming malware in protected content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links