Single point of entry/origination item scanning within an enterprise or workgroup

US 6,611,925 B1
Filed: 06/13/2000
Issued: 08/26/2003
Est. Priority Date: 06/13/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for reducing malicious code within a computer system comprising:

(a) scanning an item with a trusted virus scanner;

(b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free; and

(c) appending to the item a pointer pointing to the certificate in a database, wherein the pointer is a globally unique identifier.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for on-access virus scanning within an enterprise or in a workgroup, where all users are authenticated against a trusted certificate authority. The first time an item, such as an executable file or document, is accessed, it is scanned for viruses, worms, trojan horses, or other malicious code, and, after the item is determined to be free from threats or is corrected, a certificate noting this information is generated. At the same time a Globally Unique Identifier (“GUID”) is generated and appended to the item. The certificate contains various information, including the identity of the scanner that performed the virus check, as well as a means for determining if the original item has been altered since it was scanned, and is stored in a certificate database. The GUID is used as a pointer for locating the certificate. A subsequent user who accesses the item will detect the GUID and can use the GUID to locate the certificate for the item. If the certificate can be located and has not been tampered with and the item has not been changed since it was scanned, the subsequent user can access the item without re-scanning it.

Citations

22 Claims

1. A method for reducing malicious code within a computer system comprising:
- (a) scanning an item with a trusted virus scanner;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free; and
  
  (c) appending to the item a pointer pointing to the certificate in a database, wherein the pointer is a globally unique identifier.
- View Dependent Claims (2, 3)
- - 2. The method recited in claim 1 further comprising recording the identity of the virus scanner in the certificate.
  - 3. The method recited in claim 1 further comprising signing the pointer, certificate, and item with a single digital signature.

4. A method for reducing computer viruses, worms, trojan horses, and other malicious code within a computer system comprising:
- (a) scanning an item with a trusted virus scanner;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free;
  
  (c) maintaining the certificate in a database;
  
  (d) appending to the item a pointer pointing to the certificate in the database, wherein the pointer is a globally unique identifier; and
  
  before allowing a user to access the item;
  
  (i) examining the certificate to confirm that the item has been previously scanned by a trusted virus scanner;
  
  (ii) confirming that the item has not been altered since it was scanned by the trusted virus scanner;
  
  (iii) confirming that the certificate has not been tampered with.

5. A method for reducing computer viruses, worms, trojan horses, and other malicious code within a computer system comprising:
- (a) scanning an item with a trusted virus scanner;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free;
  
  (c) maintaining the certificate in a database;
  
  (d) appending to the item a pointer pointing to the certificate in the database; and
  
  before allowing a user to access the item;
  
  (i) examining the certificate to confirm that the item has been previously scanned by a trusted virus scanner;
  
  (ii) confirming that the item has not been altered since it was scanned by the trusted virus scanner;
  
  (iii) confirming that the certificate has not been tampered with;
  
  wherein the item is signed after it is scanned with a first digital signature;
  
  wherein the pointer is signed after it is generated with a second digital signature;
  
  wherein the certificate is signed after it is created with a third digital signature.
- View Dependent Claims (6)
- - 6. The method recited in claim 5 wherein the confirming that the item has not been altered and the confirming that the certificate has not been tampered with are done by examining a single digital signature.

7. A method for reducing computer viruses, worms, trojan horses, and other malicious code within a computer system comprising:
- (a) scanning an item with a trusted virus scanner;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free; and
  
  before allowing a user to access the item;
  
  (i) examining the certificate to confirm that the item has been previously scanned by a trusted virus scanner;
  
  (ii) confirming that the item has not been altered since it was scanned by the trusted virus scanner;
  
  (iii) confirming that the certificate has not been tampered with;
  
  wherein the confirming that the item has not been altered and confirming that the certificate has not been tampered with are performed by verifying multiple digital signatures.

8. A system for checking for computer viruses, trojan horses, worms, and other malicious code comprising:
- (a) at least one computer item capable of carrying computer viruses;
  
  (b) at least one trusted virus scanner that includes a Certificate Authority and is capable of scanning the item, creating a corresponding certificate relating to the item after it is scanned that indicates the result of the virus scan;
  
  (c) a corresponding certificate for items that have been previously scanned by the trusted virus scanner certifying that the item is free from viruses; and
  
  (d) a verifier for verifying that the item has not been altered since it was scanned by the trusted virus scanner and that the certificate has not been tampered with.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system as in claim 8, further comprising an operating system which prevents users from accessing items that are not verified by the verification procedure.
  - 10. The system of claim 9 further comprising software for generating and appending to each scanned item a pointer for pointing to the corresponding certificate in the certificate database.
  - 11. A system as in claim 8, further comprising an operating system which restricts users access to those items that are verified by the verification procedure.
  - 12. A system as in claim 8, wherein the trusted virus scanner is capable of digitally signing the scanned item and the certificate.
  - 13. A system as in claim 12, wherein the verifier comprises a software package that verifies the digital signature.
  - 14. The system of claim 8 further comprising a certificate database for maintaining the certificates.

15. A system for checking for computer viruses, trojan horses, worms, and other malicious code comprising:
- (a) at least one computer item capable of carrying computer viruses;
  
  (b) at least one trusted virus scanner that is capable of scanning the item, creating a corresponding certificate relating to the item after it is scanned that indicates the result of the virus scan;
  
  (c) a corresponding certificate for items that have been previously scanned by the trusted virus scanner certifying that the item is free from viruses;
  
  (d) a verifier for verifying that the item has not been altered since it was scanned by the trusted virus scanner and that the certificate has not been tampered with;
  
  (e) an operating system which prevents users from accessing items that are not verified by the verification procedure; and
  
  (f) a Certificate Authority built into the virus scanner.

16. A method for reducing computer viruses, worms, trojan horses, and other malicious code in one or more computer networks comprising:
- (a) scanning an item residing in a first network with a virus scanner trusted by the first network;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free (d) transmitting a copy of the item to a second network;
  
  (e) transmitting a copy of the certificate to the second network;
  
  wherein a pointer is appended to the item, the pointer capable of pointing to the certificate regardless of whether the certificate is located in the first network or the second network.
- View Dependent Claims (17)
- - 17. The method recited in claim 16 further comprising recording the identity of the virus scanner in the certificate.

18. A method for reducing computer viruses, worms, trojan horses, and other malicious code in one or more computer networks comprising:
- (a) scanning an item residing in a first network with a virus scanner trusted by the first network;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free;
  
  (c) establishing a Trust Relationship between the first network and a second network;
  
  (d) transmitting a copy of the item to the second network;
  
  (e) transmitting a copy of the certificate to the second network;
  
  (f) maintaining the certificate in a second network database;
  
  before allowing a user on the second network to access the item;
  
  (i) examining the certificate to confirm that the item has been previously scanned by a virus scanner trusted by a network in a trust relationship with the second network;
  
  (ii) confirming that the item has not been altered since it was scanned by the trusted virus scanner;
  
  (iii) confirming that the certificate has not been tampered with.

19. A method for reducing computer viruses, worms, trojan horses, and other malicious code in one or more computer networks comprising:
- (a) scanning an item residing in a first network with a virus scanner trusted by the first network;
  
  (b) creating a certificate, if the scanning did not detect a virus, certifying that the item is virus free;
  
  (c) establishing a Trust Relationship between the first network and a second network;
  
  (d) transmitting a copy of the item to the second network;
  
  (e) transmitting a copy of the certificate to the second network;
  
  before allowing a user on the second network to access the item;
  
  (i) examining the certificate to confirm that the item has been previously scanned by a virus scanner trusted by a network in a trust relationship with the second network;
  
  (ii) confirming that the item has not been altered since it was scanned by the trusted virus scanner;
  
  (iii) confirming that the certificate has not been tampered with;
  
  wherein a pointer is appended to the item, the pointer capable of pointing to the certificate regardless of whether the certificate is located in the first network or the second network.

20. A certificate indicating that a computer item is free from threats comprising:
- first portion having information indicating that the item has been scanned by a virus scanner and has been found to be free from computer viruses, trojan horses, worms, and other malicious code; and
  
  a second portion comprising a digital signature;
  
  wherein a pointer is capable of pointing to the certificate regardless of where the certificate is located on a network.
- View Dependent Claims (21, 22)
- - 21. A certificate as recited in claim 20, wherein the second portion contains a single digital signature for:
    - the computer item, the first portion, and for a unique identifier that links the item to the certificate.
  - 22. A certificate as recited in claim 21, wherein the first portion contains the version number of the virus scanner that performed the scan.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Spear, Paul
Primary Examiner(s)
Beausoliel, Robert
Assistant Examiner(s)
Damiano, Anne L.

Application Number

US09/593,261
Time in Patent Office

1,169 Days
Field of Search

714/38, 714/2, 714/25, 714/45, 713/200, 713/156
US Class Current

714/38.14
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/562 Static detection

Single point of entry/origination item scanning within an enterprise or workgroup

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Single point of entry/origination item scanning within an enterprise or workgroup

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links