Certification Of E-Mails With Embedded Code

US 20090106840A1
Filed: 10/20/2008
Published: 04/23/2009
Est. Priority Date: 10/18/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for certifying embedded content in an electronic mail message, the method comprising:

receiving from an e-mail sender an item of proposed content to be certified, the proposed content including code for affecting the behavior of a computer;

determining that the included code is not malicious code; and

responsive to the determination, providing a certification to the e-mail sender that the code is not malicious code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certification of embedded content in e-mail is provided. A sender wishing to have code certified for inclusion in e-mail sends the code to a token authority. A code verification engine acting automatically or in conjunction with an analyst examines the code to determine whether it poses a risk of harm to e-mail recipients. If not, the token authority issues a certificate for the embedded content. The mail sender sends e-mail to recipients including the embedded content, and the certification is sent in conjunction with the content itself. A mailbox provider inspects the received e-mail to determine whether it includes embedded content and, if so, whether a certification is attached that the embedded content is not harmful. If not, or if the message includes uncertified content in addition to certified content, then the message is rejected, or delivered with a warning that certification is not present.

61 Citations

View as Search Results

25 Claims

1. A method for certifying embedded content in an electronic mail message, the method comprising:
- receiving from an e-mail sender an item of proposed content to be certified, the proposed content including code for affecting the behavior of a computer;
  
  determining that the included code is not malicious code; and
  
  responsive to the determination, providing a certification to the e-mail sender that the code is not malicious code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the included code is JavaScript code.
  - 3. The method of claim 1 wherein the proposed content includes an object tag.
  - 4. The method of claim 1 wherein the proposed content specifies indicia of a video player.
  - 5. The method of claim 4 further comprising receiving code for executing the indicated video player.
  - 6. The method of claim 5 further comprising storing the received code in a video player database.
  - 7. The method of claim 4 wherein the indicated video player is one selected by the e-mail sender from among a plurality of available video players.
  - 8. The method of claim 1 wherein the included code causes the computer to display a video.
  - 9. The method of claim 1 wherein the included code causes the computer to play audio.
  - 10. The method of claim 1 wherein determining that the included code is not malicious code further comprises:
    - automatically routing the code to a human evaluator; and
      
      receiving an indication from the evaluator that the code is not malicious.
  - 11. The method of claim 1 wherein determining that the included code is not malicious further comprises:
    - comparing a portion of the included code to a set of known malicious code fragments; and
      
      responsive to the comparison not resulting in a match, determining that the included code is not malicious.
  - 12. The method of claim 1 wherein providing the certification that the code is not malicious further comprises:
    - providing a digital signature associated with the proposed content.

13. The method of claim 12 further comprising providing a second digital signature usable to validate the first digital signature.

13-1. A method for certifying embedded content in an electronic mail message, the method comprising:
- providing an item of proposed content to be certified, the proposed content including code for affecting the behavior of a computer;
  
  receiving a certification of the proposed content;
  
  creating an electronic mail message, the message including the certified content; and
  
  transmitting the electronic mail message to an addressee of the message.

14. A method for displaying certified content in an electronic mail message, the method comprising:
- receiving an electronic mail message having embedded content;
  
  validating a certificate associated with the embedded content; and
  
  responsive to the certificate being valid, displaying the embedded content.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14 further comprising:
    - responsive to the certificate not being valid, rejecting the electronic mail message.
  - 16. The method of claim 14 further comprising:
    - responsive to the certificate not being valid, removing the embedded content from the message; and
      
      displaying the message.
  - 17. The method of claim 14 wherein the embedded content has a first portion and a second portion and the certificate is associated only with the first portion, the method further comprising:
    - removing the second portion of the embedded content from the message; and
      
      displaying the first portion of the embedded content.
  - 18. The method of claim 14 wherein the certificate is signed using a digital signature and the method further comprising validating the digital signature.

19. A system for certifying embedded content in an electronic mail message, the system comprising:
- a code verification engine adapted to receive from an e-mail sender an item of proposed content to be certified, the proposed content including code for affecting the behavior of a computer, and further adapted to determine that the included code is not malicious code; and
  
  a token generator, coupled to the code verification engine, adapted to provide a certification to the e-mail sender that the code is not malicious code.
- View Dependent Claims (22)
- - 22. The system of claim 19 wherein the token generator is further adapted to receive indicia of an electronic mail message from the e-mail sender that includes the proposed content and to generate a token certifying the electronic mail message and return the generated token to the e-mail sender.

20. The system of 19 wherein the proposed content specifies indicia of a video content player.

21. The system of 19 further comprising a video player database coupled to the code verification engine and including code for executing the video content player indicated by the proposed content.

23. A computer program product having a computer-readable storage medium having computer executable code for certifying embedded content in an electronic mail message, the code adapted to perform steps comprising:
- receiving from an e-mail sender an item of proposed content to be certified, the proposed content including code for affecting the behavior of a computer;
  
  determining that the included code is not malicious code; and
  
  responsive to the determination, providing a certification to the e-mail sender that the code is not malicious code.

24. A method for certifying embedded content in an electronic mail message, the method comprising:
- receiving from an e-mail sender an item of proposed content, the proposed content including code for affecting the behavior of a computer;
  
  determining that the included code is not malicious code;
  
  storing the proposed code;
  
  receiving a request on behalf of an email recipient for the stored proposed code; and
  
  providing the stored proposed code in response to the request.
- View Dependent Claims (25)
- - 25. The method of claim 24 further comprising providing a certification to the e-mail sender that the code is not malicious code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Barracuda Networks Incorporated
Inventors
Gluck, Yoel, Vo, Anh, Dreymann, Daniel T., Brunner, Stephan

Application Number

US12/254,831
Publication Number

US 20090106840A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6272   by registering files or doc...

H04L 51/212   using filtering or selectiv...

H04L 63/145   the attack involving the pr...

Certification Of E-Mails With Embedded Code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Certification Of E-Mails With Embedded Code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links