System and method for detecting, analyzing and controlling hidden data embedded in computer files
First Claim
1. A system for analyzing a computer file, comprising:
- a file decomposer operated by a computer process, said file decomposer comprising one or more object identification modules to identify objects within the computer file, and one or more object decomposition modules linked to the object identification modules, wherein said object decomposition modules decompose identified objects into component objects.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting, analyzing, and controlling the content of computer files and information in a variety of formats, including embedded information. The system examines one or more computer files in their entirely, including any embedded files, objects, or data, looks of confidential or secret information according to an established security search protocol, which may vary from user to user. Objects in a computer file are identified and decomposed into component objects. This process can be repeated until a user-specified depth of decomposition is achieved, or until the component objects can no longer be decomposed. The component objects are then analyzed for specific content, which is displayed for review by the user. The user can then make decisions regarding removal or modification of that content before sending the file on for further processing or delivery to a recipient. A certificate file linked to the computer file documents the results of the analysis and any deletions or modifications, and can be stored in a central database. Files also may be given a risk score based on the occurrence of certain objects, data, or keywords in a file, based on type and location.
16 Citations
40 Claims
-
1. A system for analyzing a computer file, comprising:
a file decomposer operated by a computer process, said file decomposer comprising one or more object identification modules to identify objects within the computer file, and one or more object decomposition modules linked to the object identification modules, wherein said object decomposition modules decompose identified objects into component objects. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A system for evaluating the data content of one or more computer files, comprising:
-
means for identifying and analyzing the content of said computer files;
a user interface for allowing a user to examine the results from the analysis of said computer files;
means to remove or modify certain content with said computer files; and
means to create or modify one or more certificate files linked to said computer files to document the results of the analysis and modification of said computer files. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method for analyzing a computer file, comprising the steps of:
-
identifying the types of objects contained in the computer file;
decomposing the objects into component objects; and
examining the component objects. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for evaluating the data content of one or more computer files, comprising the steps of:
-
identifying the content of said computer files, analyzing the content of said computer files, examining the results from the analysis of said computer files;
removing or modifying certain content with said computer files; and
creating or modifying one or more certificate files linked to said computer files to document the results of the analysis and modification of said computer files. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. A method for scoring or ranking the relative security risk of one or more computer files based on content, comprising the steps of:
-
assigning weights to occurrences of different objects, data or keywords based on their type, content, and location in a particular computer file;
multiplying the weight assigned to each occurrence by the frequency of said occurrence in said computer file; and
summing all weighted occurrences for all occurrences of said objects, data or keywords in said computer file to derive a risk score. - View Dependent Claims (38, 39, 40)
-
Specification