Method and system for controlling and filtering files using a virus-free certificate

US 6,986,051 B2
Filed: 01/02/2001
Issued: 01/10/2006
Est. Priority Date: 04/13/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for use in a virus-free certificate firewall in controlling and filtering files using a virus-free certificate, the method comprising the steps of:

the firewall receiving a file;

if a virus-free certificate is required for the file, searching through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;

if a stored virus-free certificate is found which corresponds to the file, authenticating the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;

if the corresponding stored virus-free certificate is authenticated, determining whether the file is virus-free or not;

if the file is virus-free, forwarding the file with the corresponding stored virus-free certificate;

if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, determining whether the file is virus-free;

if the file is virus-free, associating with the file a new virus-free certificate, storing the new virus-free certificate, and forwarding the file with the new virus-free certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to computer viruses and more particularly to a method and system for use in a virus-free certificate firewall, of controlling and filtering files using a virus-free certificate. An example embodiment of the method comprises the steps of: receiving a file; if a virus-free certificate (200) is required for the file: determining whether the a virus-free certificate is already associated with the file; if a virus-free certificate is already associated with the file: authenticating the associated virus-free certificate, said virus-free certificate comprising a certificate signature; if the virus-free certificate is authenticated, determining whether the file is virus-free or not; if the file is virus-free, forwarding the file with the associated virus-free certificate; if the virus-free certificate is not authenticated or if no virus-free, certificate is associated with the file; determining whether the file is virus-free or not, if the file is virus-free, associating with the file a new virus-free certificate; and forwarding the file with the new virus-free certificate.

66 Citations

View as Search Results

16 Claims

1. A method for use in a virus-free certificate firewall in controlling and filtering files using a virus-free certificate, the method comprising the steps of:
- the firewall receiving a file;
  
  if a virus-free certificate is required for the file, searching through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;
  
  if a stored virus-free certificate is found which corresponds to the file, authenticating the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;
  
  if the corresponding stored virus-free certificate is authenticated, determining whether the file is virus-free or not;
  
  if the file is virus-free, forwarding the file with the corresponding stored virus-free certificate;
  
  if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, determining whether the file is virus-free;
  
  if the file is virus-free, associating with the file a new virus-free certificate, storing the new virus-free certificate, and forwarding the file with the new virus-free certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, further comprising the steps of:
    - identifying the file in a table, said table comprising for each identified file at least one anti-virus criteria;
      
      referring to the table and retrieving at least one of said at least one anti-virus criteria,; and
      
      determining from said at least one anti-virus criteria whether a virus-free certificate is required for the file or not.
  - 3. The method according to claim 2, wherein the step of referring to the table and retrieving at least one of said at least one anti-virus criteria includes the step of determining whether or not the identified file satisfies requirements of the retrieved anti-virus criteria.
  - 4. The method according to claim 1, wherein the virus-free certificate comprises a file signature for determining that the file is virus-free.
  - 5. The method according to claim 1, wherein the virus-free certificate includes a list of anti-virus programs that have been executed on the file.
  - 6. The method according to claim 1, wherein the virus-free certificate further comprises at least one of the following:
    - a file identification;
      
      a virus-free certificate authority identification;
      
      a public key for decrypting the file signature;
      
      a certificate signature for authenticating the virus-free certificate; and
      
      an indication of the virus-free certificate validity.
  - 7. The method according to claim 1, wherein said step of determining whether the file is virus-free or not includes:
    - decrypting the file signature using a public key comprised in the virus-free certificate;
      
      hashing the file to generate a file digest; and
      
      comparing the decrypted file signature with the generated file digest.
  - 8. The method according to claim 1, wherein said step of determining whether the file is virus-free or not comprises the further step ofif the file is not virus-free, discarding the file.
  - 9. The method according to claim 1, wherein the step of authenticating the virus-free certificate includes:
    - validating the virus-free certificate, the virus-free certificate including a list of at least one anti-virus program that has been executed on the file;
      
      identifying the file in a table, said table comprising for each identified file at least one anti-virus criteria; and
      
      verifying that the list of said at least one anti-virus program comprised in the virus-free certificate is included in a list of anti-virus programs associated with the file in the table.
  - 10. The method according to claim 1, wherein the step of associating with the file a new virus-free certificate includes the step of requesting a virus-free certificate to a virus-free certificate authority.
  - 11. The method according to claim 1, wherein the step of associating with the file a new virus-free certificate includes the step of retrieving a virus-free certificate from a cache, said cache storing existing virus-free certificates.
  - 12. The method according to claim 1, wherein the step of forwarding the file with the new virus-free certificate includes updating a cache with the new virus-free certificate.

13. A system for controlling and filtering files using a virus-free certificate, the system comprising a firewall operative:
- (i) to receive a file;
  
  (ii) if a virus-free certificate is required for the file, to search through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;
  
  (iii) if a stored virus-free certificate is found which corresponds to the file, to authenticate the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;
  
  (iv) if the corresponding stored virus-free certificate is authenticated, to determine whether the file is virus-free or not;
  
  (v) if the file is virus-free, to forward the file with the corresponding stored virus-free certificate;
  
  (vi) if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, to determine whether the file is virus-free; and
  
  (vii) if the file is virus-free, to associate with the file a new virus-free certificate, to store the new virus-free certificate, and to forward the file with the new virus-free certificate.

14. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing employment of a virus-free certificate firewall, the computer readable program code means in said article of manufacture comprising one or more programs which when executed implement the steps of:
- receiving a file;
  
  if a virus-free certificate is required for the file, searching through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;
  
  if a stored virus-free certificate is found which corresponds to the file, authenticating the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;
  
  if the corresponding stored virus-free certificate is authenticated, determining whether the file is virus-free or not;
  
  if the file is virus-free, forwarding the file with the corresponding stored virus-free certificate;
  
  if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, determining whether the file is virus-free; and
  
  if the file is virus-free, associating with the file a new virus-free certificate, storing the new virus-free certificate, and forwarding the file with the new virus-free certificate.

15. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing employment of a virus-free certificate firewall, the computer readable program code means in said computer program product comprising computer readable program code which when executed causes a computer to effect the steps of:
- receiving a file;
  
  if a virus-free certificate is required for the file, searching through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;
  
  if a stored virus-free certificate is found which corresponds to the file, authenticating the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;
  
  if the corresponding stored virus-free certificate is authenticated, determining whether the file is virus-free or not;
  
  if the file is virus-free, forwarding the file with the corresponding stored virus-free certificate;
  
  if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, determining whether the file is virus-free; and
  
  if the file is virus-free, associating with the file a new virus-free certificate, storing the new virus-free certificate, and forwarding the file with the new virus-free certificate.

16. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for employment of a virus-free certificate firewall, said method steps comprising the steps of:
- receiving a file;
  
  if a virus-free certificate is required for the file, searching through at least one cache of stored virus-free certificates to determine whether one of the stored virus-free certificates corresponds to the file;
  
  if a stored virus-free certificate is found which corresponds to the file, authenticating the corresponding stored virus-free certificate, said corresponding stored virus-free certificate comprising a certificate signature;
  
  if the corresponding stored virus-free certificate is authenticated, determining whether the file is virus-free or not;
  
  if the file is virus-free, forwarding the file with the corresponding stored virus-free certificate;
  
  if the corresponding stored virus-free certificate is not authenticated or if no corresponding stored virus-free certificate associated with the file is found, determining whether the file is virus-free; and
  
  if the file is virus-free, associating with the file a new virus-free certificate, storing the new virus-free certificate, and forwarding the file with the new virus-free certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Le Pennec, Jean-Francois, Hericourt, Olivier
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US09/753,773
Publication Number

US 20020016925A1
Time in Patent Office

1,834 Days
Field of Search

713/155, 713/156, 713/177, 713/188, 713/200, 713/201, 713/175, 713/176, 380/30, 707/9, 714/38
US Class Current

713/188
CPC Class Codes

G06F 21/562   Static detection

H04L 63/0823   using certificates cryptogr...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Method and system for controlling and filtering files using a virus-free certificate

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling and filtering files using a virus-free certificate

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links