DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES
First Claim
1. A method comprising:
- determining whether there exists a certificate chain associated with a computer file; and
if the certificate chain is determined to exist then;
evaluating the certificate chain by extracting information from the certificate chain and analyzing the extracted information;
classifying the computer file into a category of a plurality of categories based on said evaluating; and
handling the computer file in accordance with a policy associated with the category.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a determination is made regarding whether there exists a certificate chain associated with a computer file. If the certificate chain is determined to exist, then the certificate chain is evaluated by extracting information from the certificate chain and analyzing the extracted information. The computer file is then classified into one of multiple categories based on the evaluation. Finally, the computer file is handled in accordance with a policy associated with the category to which it was assigned. For example, a confirmed or suspected undesired file may be quarantined and/or an end user or an administrator may be notified regarding the confirmed or suspected undesired file.
61 Citations
24 Claims
-
1. A method comprising:
-
determining whether there exists a certificate chain associated with a computer file; and if the certificate chain is determined to exist then; evaluating the certificate chain by extracting information from the certificate chain and analyzing the extracted information; classifying the computer file into a category of a plurality of categories based on said evaluating; and handling the computer file in accordance with a policy associated with the category. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of detecting undesired computer files comprising:
-
identifying a type and structure of a file at issue; determining whether there is a certificate chain associated with the file at issue; locating the associated certificate chain; extracting the associated certificate chain in its entirety or specific identification information from the associated certificate chain; examining the extracted information to determine if the file at issue is undesired or suspected of being undesired; and if the file at issue is found to be undesired or suspected of being undesired, advising a computer user or administrator regarding the determination or communicating other related information to the computer user or the administrator about the file at issue. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification