Selectively trusting signed files
First Claim
1. A computer-implemented method of assigning a trust level to a digitally-signed file, comprising:
- receiving, at a computer, signing information identifying a certificate used to sign the file;
determining, by the computer, whether the certificate is compromised;
responsive to determining that the certificate is compromised, comparing, by the computer, a discovery date of the file with a compromise date of the certificate; and
generating, by the computer, trust data assigning the trust level to the file responsive to the comparison, the generating comprising;
generating trust data assigning an intermediate trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the discovery date is within a threshold amount of time before or after the compromise date;
generating trust data assigning a low trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is past the threshold amount of time after the compromise date; and
generating trust data assigning a high trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is prior to the threshold amount of time before the compromise date.
2 Assignments
0 Petitions
Accused Products
Abstract
A security module on a client detects a signed file at the client and reports signing information identifying a certificate used to sign the file and a file identifier identifying the file to a security server. The security server uses the signing information to determine whether the certificate is compromised. If the certificate is compromised, the security server compares a discovery date of the file with a compromise date of the certificate. The security server generates trust data assigning a trust level to the file responsive to the comparison. The trust data assign a low trust level to the file if the comparison indicates that the file discovery date is after the compromise date and assign a high trust level to the file if the comparison indicates that the file discovery date is not after the compromise date. The security server provides the trust data to the client.
42 Citations
15 Claims
-
1. A computer-implemented method of assigning a trust level to a digitally-signed file, comprising:
-
receiving, at a computer, signing information identifying a certificate used to sign the file; determining, by the computer, whether the certificate is compromised; responsive to determining that the certificate is compromised, comparing, by the computer, a discovery date of the file with a compromise date of the certificate; and generating, by the computer, trust data assigning the trust level to the file responsive to the comparison, the generating comprising; generating trust data assigning an intermediate trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the discovery date is within a threshold amount of time before or after the compromise date; generating trust data assigning a low trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is past the threshold amount of time after the compromise date; and generating trust data assigning a high trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is prior to the threshold amount of time before the compromise date. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium storing executable computer program instructions for assigning a trust level to a digitally-signed file, the instructions comprising instructions for:
-
receiving signing information identifying a certificate used to sign the file; determining whether the certificate is compromised; responsive to determining that the certificate is compromised, comparing a discovery date of the file with a compromise date of the certificate; and generating trust data assigning the trust level to the file responsive to the comparison, the generating comprising; generating trust data assigning an intermediate trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the discovery date is within a threshold amount of time before or after the compromise date; generating trust data assigning a low trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is past the threshold amount of time after the compromise date; and generating trust data assigning a high trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is prior to the threshold amount of time before the compromise date. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer for assigning a trust level to a digitally-signed file, comprising:
-
a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for; receiving signing information identifying a certificate used to sign the file; determining whether the certificate is compromised; responsive to determining that the certificate is compromised, comparing a discovery date of the file with a compromise date of the certificate; and generating trust data assigning the trust level to the file responsive to the comparison, the generating comprising; generating trust data assigning an intermediate trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the discovery date is within a threshold amount of time before or after the compromise date; generating trust data assigning a low trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is past the threshold amount of time after the compromise date; and generating trust data assigning a high trust level to the file responsive to the comparison of the compromise date with the discovery date indicating that the file discovery date is prior to the threshold amount of time before the compromise date; and a processor for executing the computer program instructions. - View Dependent Claims (12, 13, 14, 15)
-
Specification