Data Content Checking

US 20120226917A1
Filed: 10/20/2010
Published: 09/06/2012
Est. Priority Date: 10/22/2009
Status: Active Grant

First Claim

Patent Images

1. An automated method of data content checking comprising using a computer system to implement the steps of:

a) encrypting data,b) applying multiple independent content checks to a decrypted copy of the data, andc) if the data passes a content check, applying a digital signature to it associated with that check and making it available in unencrypted form for passing on.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data content checker arrangement for protecting communication between a sensitive computer system (102) and an external computer system (104). The arrangement includes a store (108) connected to input and output sub-systems (106) and (114) and to content checkers (110) and (112) arranged in parallel. The input and output sub-systems (106) and (114) are connected to the external computer system (104) and the sensitive computer system (102) respectively. Data received from the external computer system (104) is encrypted by the input sub-system (106) using an encryption key to which the content checkers (110) and (112) have access. The content checkers (110) and (112) can therefore decrypt, read and check the data. If the data passes a content checker'"'"'s checks, the checker digitally signs and stores it, decrypted, in the store (108); if the checks are not passed, the checker discards the data. The output sub-system (114) delivers data to the sensitive computer system (102) if the data has received both content checkers'"'"' digital signatures indicating acceptability.

24 Citations

View as Search Results

19 Claims

1. An automated method of data content checking comprising using a computer system to implement the steps of:
- a) encrypting data,b) applying multiple independent content checks to a decrypted copy of the data, andc) if the data passes a content check, applying a digital signature to it associated with that check and making it available in unencrypted form for passing on.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1 wherein the multiple content checks are performed in parallel.
  - 3. A method according to claim 1 including:
    - a) using an input sub-system to receive data and an output sub-system to pass on data which has passed the content checks, both the input sub-system and the output sub-system being arranged to verify passing of content checks, andb) using a respective separate and independent checking means to implement each content check to obtain a respective check outcome and to communicate check outcomes to both the input sub-system and the output sub-system, the output sub-system being arranged to pass on data only if both the input sub-system and the output sub-system have verified that the multiple content checks have been passed.
  - 4. A method according to claim 1 including:
    - a) using an input sub-system to receive and encrypt data and deposit the encrypted data in a store,b) using a respective separate and independent checking means to implement each content check, to apply a respective digital signature and store the data in decrypted form in the store if the data passes that content check,c) using an output sub-system to retrieve decrypted data from the store, to check digital signatures and pass on the data if it has passed the required content checks.
  - 5. A method according to claim 1 wherein each of the multiple content checks provides one of three outcomes as follows, i.e. data is (a) recognised and accepted, (b) recognised and rejected or (c) not recognised.
  - 6. A method according to claim 1 wherein the multiple content checks are performed by suites of content checkers, the suites having been developed and specified independently of one another.
  - 7. A method according to claim 1 wherein each of the multiple content checks is arranged to detect data embedded in a data item, the embedded data and the data item having different formats, and the method including recycling the embedded data for further checking, and, if data already checked in the data item is acceptable, continuing to check data remaining unchecked in the data item.
  - 8. A method according to claim 1 wherein content checks are associated with modification of data to remove content not required, and the method including making modified data available for passing on.
  - 9. A method according to claim 8 wherein a content check providing a positive outcome is associated with provision of a cryptographic hash of the modified data.

10. Apparatus for automated data content checking comprising a computer system arranged to implement the steps of:
- a) encrypting data,b) applying multiple independent content checks to a decrypted copy of the data, andc) if the data passes a content check, applying a digital signature to it associated with that check and making it available in unencrypted form for passing on.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. Apparatus according to claim 10 wherein the computer system is arranged to implement the multiple content checks in parallel.
  - 12. Apparatus according to claim 10 wherein the computer system is arranged to:
    - a) use an input sub-system to receive data and an output sub-system to pass on data which has passed the content checks, both the input sub-system and the output sub-system being arranged to verify passing of content checks, andb) use a respective separate and independent checking means to implement each content check to obtain a respective check outcome and to communicate check outcomes to both the input sub-system and the output sub-system, the output sub-system being arranged to pass on data only if both the input sub-system and the output sub-system have verified that the multiple content checks have been passed.
  - 13. Apparatus according to claim 10 wherein the computer system is arranged to:
    - a) use an input sub-system to receive and encrypt data and deposit the encrypted data in a store,b) use a respective separate and independent checking means to implement each content check, to apply a respective digital signature and store the data in decrypted form in the store if the data passes that content check,c) use an output sub-system to retrieve decrypted data from the store, to check digital signatures and pass on the data if it has passed the required content checks.
  - 14. Apparatus according to claim 10 wherein each of the multiple content checks is arranged to provide one of three outcomes as follows, i.e. data is (a) recognised and accepted, (b) recognised and rejected or (c) not recognised.
  - 15. Apparatus according to claim 10 wherein the computer system is arranged to perform the multiple content checks using suites of content checkers, the suites having been developed and specified independently of one another.
  - 16. Apparatus according to claim 10 wherein each of the multiple content checks is arranged to detect data embedded in a data item, the embedded data and the data item having different formats, and the computer system is arranged to recycle the embedded data for multiple independent content checks once more, and, if data already checked in the data item is acceptable, to continue to check data remaining unchecked in the data item.
  - 17. Apparatus according to claim 10 wherein content checks are associated with modification of data to remove content not required, and the computer system is arranged to make modified data available for passing on.
  - 18. Apparatus according to claim 17 wherein a content check providing a positive outcome is associated with provision of a cryptographic hash of the modified data.

19. A computer program product comprising a computer readable medium containing computer readable instructions for controlling operation of a computer system to implement the steps of:
- a) encrypting data,b) applying multiple independent content checks to a decrypted copy of the data, andc) if the data passes a content check, applying a digital signature to it associated with that check and making it available in unencrypted form for passing on.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qinetiq Limited (QinetiQ Group PLC)
Original Assignee
Qinetiq Limited (QinetiQ Group PLC)
Inventors
Wiseman, Simon Robert, Hughes, Katherine Jane

Granted Patent

US 9,195,825 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/56 Computer malware detection ...

Data Content Checking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data Content Checking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links