Disarming malware in digitally signed content

US 10,452,853 B2
Filed: 03/20/2018
Issued: 10/22/2019
Est. Priority Date: 01/05/2017
Status: Active Grant

First Claim

Patent Images

1. A system for disarming malicious code in digitally-signed content, the system comprising:

means for determining that content is associated with a first digital signature;

means for creating modified content by modifying at least a portion of digital values of the content to disable any malicious code included in the content; and

means for signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for disarming malicious code in digitally-signed content are provided. An example method includes determining that content is associated with a first digital signature, modifying at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content, and signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

36 Citations

20 Claims

1. A system for disarming malicious code in digitally-signed content, the system comprising:
- means for determining that content is associated with a first digital signature;
  
  means for creating modified content by modifying at least a portion of digital values of the content to disable any malicious code included in the content; and
  
  means for signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising enabling access to the modified content by an intended recipient.
  - 3. The system of claim 1, further comprising means for verifying authenticity of the first digital signature.
  - 4. The system of claim 3, further comprising means for receiving an indication from a trusted third party indicative of the authenticity of the first digital signature.
  - 5. The system of claim 3, further comprising means for approving the first digital signature based on a policy.
  - 6. The system of claim 5, wherein the policy enables approval of the first digital signature based on a characteristic of a certificate associated with the first digital signature.
  - 7. The system of claim 3, further comprising means for receiving an indication from an administrator indicating approval of the digital signature.
  - 8. The system of claim 2, further comprising means for providing a notification to the intended recipient that the first digital signature of the content has been verified.
  - 9. The system of claim 8, wherein the notification is included in content of the modified content.
  - 10. The system of claim 8, wherein the notification is included in a communication associated with the modified content.
  - 11. The system of claim 10, wherein the communication is an electronic message including the modified content attached thereto.
  - 12. The system of claim 2, wherein the second digital signature is associated with a security gateway in the network.
  - 13. The system of claim 2, further comprising:
    - means for storing the content in association with the first digital signature in a dedicated storage area; and
      
      means for enabling access to the content by the intended recipient according to a policy.

14. A method for disarming malicious code in a computer system having a processor, the method comprising:
- determining that input content associated with a recipient in a network is signed with a first digital signature;
  
  verify authenticity of the first digital signature;
  
  generating modified input content by modifying at least a portion of digital values of the input content to disable any malicious code included in the input content; and
  
  signing the modified input content with a second digital signature, the signed modified input content including one or more elements indicative of the authenticity of the first digital signature.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the generating is performed without first detecting malicious code in the input content.
  - 16. The method of claim 14, further comprising:
    - storing the input content in association with the first digital signature in a dedicated storage area of the computer system; and
      
      enabling access to the input content by the recipient according to a policy of the computer system.
  - 17. The method of claim 14, further comprising inserting the one or more content elements into the modified input content.
  - 18. The method of claim 14, further comprising inserting the one or more content elements into the second digital signature.
  - 19. A non-transitory computer-readable medium comprising instructions that when executed by a processor are configured for carrying out the method of claim 14.

20. A non-transitory computer-readable medium comprising instructions that when executed by a processor cause the processor to:
- determine that content is associated with a first digital signature;
  
  create modified content by modifying at least a portion of digital values of the content to disable any malicious code included in the content; and
  
  sign the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Votiro Cybersec Ltd
Original Assignee
Votiro Cybersec Ltd
Inventors
Grafi, Aviv
Primary Examiner(s)
Korsak, Oleg

Application Number

US15/926,878
Publication Number

US 20180276390A1
Time in Patent Office

581 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/316   by observing the pattern of...

G06F 21/53   by executing in a restricte...

G06F 21/55   Detecting local intrusion o...

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0236   Filtering by address, proto...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

H04L 63/1466   Active attacks involving in...

H04L 63/308   retaining data, e.g. retain...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H05K 999/99   dummy group

Disarming malware in digitally signed content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Disarming malware in digitally signed content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links