MALWARE DETECTION METHOD AND APPARATUS

US 20110167275A1
Filed: 09/07/2009
Published: 07/07/2011
Est. Priority Date: 09/11/2008
Status: Active Grant

First Claim

Patent Images

1. A malware detection method implemented within a computer and comprising:

for a given electronic file, determining if the file is associated with a valid digital signature; and

if it is, then verifying that the signature belongs to a trusted source and if so then not performing a malware scan of said file, and if the signature cannot be verified as belonging to a trusted source then performing said scan.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to a first aspect of the present invention there is provided a malware detection method implemented within a computer. The method includes, for a given electronic file, determining if the file is associated with a valid digital signature. If the file is associated with a valid digital signature, then verifying that the signature belongs to a trusted source. If the signature does belong to a trusted source then not performing a malware scan of said file, and if the signature cannot be verified as belonging to a trusted source then performing said scan.

35 Citations

View as Search Results

13 Claims

1. A malware detection method implemented within a computer and comprising:
- for a given electronic file, determining if the file is associated with a valid digital signature; and
  
  if it is, then verifying that the signature belongs to a trusted source and if so then not performing a malware scan of said file, and if the signature cannot be verified as belonging to a trusted source then performing said scan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, further comprising:
    - if the file is associated with a valid digital signature and the signature belongs to a trusted source, generating a hash value of the file path and adding the file path hash value to a database of trusted files.
  - 3. A method according to claim 2, wherein on subsequent occasions and prior to determining if the file is associated with a valid digital signature, the method further comprising:
    - generating a hash value of the file path;
      
      determining if the hash value of the file path is contained in the database of trusted files; and
      
      if it is then not performing a malware scan of said file, and if the hash value of the file path is not contained in database of trusted files, then proceeding to determine if the file is associated with a valid digital signature and verify that the signature belongs to a trusted source.
  - 4. A method according to claim 1, wherein the step of determining if the file is associated with a valid digital signature comprises:
    - determining if the file has a valid embedded or attached signature.
  - 5. A method according to claim 4 and comprising, if the file does not have a valid embedded or attached signature then:
    - generating a hash value of the file; and
      
      determining if the hash value is listed in a catalog having a valid embedded or attached digital signature.
  - 6. A method according to claim 1, wherein said digital signature relies upon a public key infrastructure.
  - 7. A method according to claim 6, wherein the step of verifying that the signature belongs to a trusted source comprises:
    - maintaining a database of trusted public keys;
      
      identifying a public key used to verify the digital signature; and
      
      determining if the public key is contained in the database of trusted public keys.
  - 8. A method according to claim 7, wherein step of maintaining the database of trusted public keys comprises:
    - periodically receiving new trusted public keys and adding these to the database.
  - 9. A method according to claim 1, wherein said step of determining if the file is associated with a valid digital signature comprises using an Application Programming Interface of an operating system of the computer.
  - 10. A method according to claim 9, wherein said operating system is a Windows¹⁹⁸ based operating system and said Application Programming Interface is the WinVerifyTrustEx Application Programming Interface.
  - 11. A recording medium storing computer interpretable instructions for causing a programmable computer to perform a malware scanning method, the method being according to claim 1.

12. A computer comprising:
- a memory storing a database of trusted public keys; and
  
  a processor for determining if a given electronic file is associated with a valid digital signature and, if it is, then verifying that the signature belongs to a trusted source, and if the signature is verified then not performing a malware scan of said file, and if the signature cannot be verified as belonging to a trusted source then performing said scan.

13. A method of maintaining a database of trusted public keys in a plurality of computer devices for the purpose of eliminating the need to scan trusted files for malware at the computer devices, the method comprising:
- identifying at a network based service, public keys belonging to a public key infrastructure architecture and which are used to digitally sign electronic files;
  
  verifying that these public keys belong to a trusted source; and
  
  securely sending the trusted public keys to the devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Withsecure Corporation
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
Niemelä, Jarno

Granted Patent

US 9,910,987 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/188
CPC Class Codes

G06F 21/562   Static detection

G06F 21/565   by checking file integrity

G06F 2221/033   Test or assess software

H04L 63/0823   using certificates cryptogr...

H04L 63/145   the attack involving the pr...

MALWARE DETECTION METHOD AND APPARATUS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

MALWARE DETECTION METHOD AND APPARATUS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links