System and method for detecting, analyzing and controlling hidden data embedded in computer files

US 20060174123A1
Filed: 06/07/2005
Published: 08/03/2006
Est. Priority Date: 01/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system for analyzing a computer file, comprising:

a file decomposer operated by a computer process, said file decomposer comprising one or more object identification modules to identify objects within the computer file, and one or more object decomposition modules linked to the object identification modules, wherein said object decomposition modules decompose identified objects into component objects.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting, analyzing, and controlling the content of computer files and information in a variety of formats, including embedded information. The system examines one or more computer files in their entirely, including any embedded files, objects, or data, looks of confidential or secret information according to an established security search protocol, which may vary from user to user. Objects in a computer file are identified and decomposed into component objects. This process can be repeated until a user-specified depth of decomposition is achieved, or until the component objects can no longer be decomposed. The component objects are then analyzed for specific content, which is displayed for review by the user. The user can then make decisions regarding removal or modification of that content before sending the file on for further processing or delivery to a recipient. A certificate file linked to the computer file documents the results of the analysis and any deletions or modifications, and can be stored in a central database. Files also may be given a risk score based on the occurrence of certain objects, data, or keywords in a file, based on type and location.

16 Citations

View as Search Results

40 Claims

1. A system for analyzing a computer file, comprising:
- a file decomposer operated by a computer process, said file decomposer comprising one or more object identification modules to identify objects within the computer file, and one or more object decomposition modules linked to the object identification modules, wherein said object decomposition modules decompose identified objects into component objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, further wherein the component objects are subjected to further identification by the object identification modules and decomposition by the object decomposition modules, until all objects and component objects in a computer file have been reduced to a user-specified depth or until the component objects can no longer be decomposed.
  - 3. The system of claim 1, further comprising an object analyzer linked to the file decomposer, wherein the object analyzer receives the objects and component objects derived from the computer file by the general decomposition module and analyzes the content of said objects and component objects.
  - 4. The system of claim 3, said object analyzer comprising one or more object analysis modules adapted to analyze particular object types.
  - 5. The system of claim 4, wherein said object analysis modules comprise one or more key word scanners to analyze text objects, one or more image and pattern recognition scanners to analyze image objects, or one or more data structure scanners.
  - 6. The system of claim 3, further comprising interface means for displaying the results of the object analysis to a user.
  - 7. The system of claim 6, wherein said interface means comprises a graphic user interface.
  - 8. The system of claim 6, further wherein said interface means displays the results of the object analysis in a hierarchical manner.
  - 9. The system of claim 6, wherein said interface means alerts the user to certain content within objects.
  - 10. The system of claim 6, wherein said interface means further comprises means to accept input from the user with regard to one or more actions to take regarding one or more of the objects displayed.
  - 11. The system of claim 10, wherein said user actions include accepting the object as is, altering or modifying the object by alternating or removing certain content from the object to create an altered or modified object, converting the object from one object type to a converted object of a different object type, or removing the object in its entirety.
  - 12. The system of claim 11, further comprising a reassembler module that reassembles the accepted, altered, modified, and converted objects into a modified computer file.
  - 13. The system of claim 3, further comprising a certificate file linked to the computer file, wherein said certificate file documents the results of the examination and analysis of the computer file.
  - 14. The system of claim 13, further comprising a certificate handler for generating a new certificate file or modifying an existing certificate file linked to the computer file or a modified computer file, said certificate file documenting the results of the examination, analysis and reassembling of the computer file or modified computer file.
  - 15. The system of claim 14, further comprising means for one or more reviewers to review the modified file and certificate file.
  - 16. The system of claim 13, further comprising a transfer module, wherein the transfer module detaches the certificate file and sends the certificate file to a database for storage, and transfers or prepares to transfer the modified computer file to a recipient.

17. A system for evaluating the data content of one or more computer files, comprising:
- means for identifying and analyzing the content of said computer files;
  
  a user interface for allowing a user to examine the results from the analysis of said computer files;
  
  means to remove or modify certain content with said computer files; and
  
  means to create or modify one or more certificate files linked to said computer files to document the results of the analysis and modification of said computer files.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, further comprising means for scoring or ranking computer files based on content.
  - 19. The system of claim 18, further wherein said means for scoring or ranking comprises assigning weights to occurrences of different objects, data or keywords based on their type, content, and location in the computer file, multiplying the weight assigned to each occurrence by the number of said occurrence in the computer file, and summing such weighted occurrences.
  - 20. The system of claim 17, further comprising means for additional review of said computer files and certificate files.
  - 21. The system of claim 17, further comprising means for sorting the computer files into target domain-specific locations or folders.
  - 22. The system of claim 17, further comprising means to send said certificate files to a computer database;
    - and means to send modified computer files to a recipient.

23. A method for analyzing a computer file, comprising the steps of:
- identifying the types of objects contained in the computer file;
  
  decomposing the objects into component objects; and
  
  examining the component objects.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The method of claim 23, wherein the steps of identification and decomposition are repeated until all objects and component objects in a computer file have been reduced to a user-specified depth or until the component objects can no longer be decomposed.
  - 25. The method of claim 23, further comprising the steps of:
    - determining whether specific content is present in each object or component object; and
      
      determining appropriate action to be taken if said specific content is present.
  - 26. The method of claim 25, further wherein the appropriate action to be taken is the creation of one or more modified component objects by altering or removal of the specific content from the corresponding component pieces.
  - 27. The method of claim 26, further comprising the step of creating a modified computer file by reassembling the modified component objects and any component objects from the computer file that were not modified.
  - 28. The method of claim 27, further comprising the step of modifying or creating a certificate file linked to the modified computer file to document the results of the analysis and any modifications.
  - 29. The method of claim 28, further comprising the step of submitting the modified computer file and certificate file to one or more reviewers for further review and analysis and possible modification.
  - 30. The method of claim 28, further comprising the steps of:
    - sending the modified computer file to a recipient; and
      
      sending the certificate file to a database for storage.

31. A method for evaluating the data content of one or more computer files, comprising the steps of:
- identifying the content of said computer files, analyzing the content of said computer files, examining the results from the analysis of said computer files;
  
  removing or modifying certain content with said computer files; and
  
  creating or modifying one or more certificate files linked to said computer files to document the results of the analysis and modification of said computer files.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The method of claim 31, further comprising the step of:
    - scoring or ranking computer files based on content.
  - 33. The method of claim 32, where the scoring or ranking of computer files comprises the steps of:
    - assigning weights to occurrences of different objects, data or keywords based on their type, content, and location in a particular computer file;
      
      multiplying the weight assigned to each occurrence by the frequency of said occurrence in said computer file; and
      
      summing all weighted occurrences for all occurrences of said objects, data or keywords in said computer file.
  - 34. The method of claim 33, further comprising the step of comparing the sum of all weighted occurrences for said computer file to one or more threshold values to determine how the computer file is to be handled.
  - 35. The method of claim 31, wherein the steps of identifying the content of said computer files, analyzing the content of said computer files, examining the results from the analysis of said computer files, removing or modifying certain content with said computer files, and creating or modifying one or more certificate files linked to said computer files to document the results of the analysis and modification of said computer files, are repeated by one or more additional individuals or users.
  - 36. The method of claim 31, further comprising the steps of:
    - sending said certificate files to a computer database; and
      
      sending said computer files to a recipient.

37. A method for scoring or ranking the relative security risk of one or more computer files based on content, comprising the steps of:
- assigning weights to occurrences of different objects, data or keywords based on their type, content, and location in a particular computer file;
  
  multiplying the weight assigned to each occurrence by the frequency of said occurrence in said computer file; and
  
  summing all weighted occurrences for all occurrences of said objects, data or keywords in said computer file to derive a risk score.
- View Dependent Claims (38, 39, 40)
- - 38. The method of claim 37, further comprising the step of comparing the risk score for said computer file to one or more threshold values to determine how the computer file is to be handled.
  - 39. The method of claim 37, wherein the weight assigned to an occurrence may be a fatality indicator.
  - 40. The method of claim 37, further comprising the step of sorting computer files into risk categories based on risk scores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mantech SRS Technologies Incorporated (Mantech International Corporation)
Original Assignee
Mantech SRS Technologies Incorporated (Mantech International Corporation)
Inventors
Nord, John D., Johnson, David Casey, Troy, Edward, Hackett, Ronald D.

Application Number

US11/146,720
Publication Number

US 20060174123A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G06F 21/645 using a third party

System and method for detecting, analyzing and controlling hidden data embedded in computer files

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detecting, analyzing and controlling hidden data embedded in computer files

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links