Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation

US 8,650,649 B1
Filed: 08/22/2011
Issued: 02/11/2014
Est. Priority Date: 08/22/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for determining whether to independently evaluate the trustworthiness of digitally signed files based on signer reputation, the method comprising:

identifying a file;

determining that the file has been digitally signed;

identifying a signer responsible for digitally signing the file;

identifying a reputation of the signer, the signer'"'"'s reputation being based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer;

determining whether the signer'"'"'s reputation satisfies a predetermined threshold;

only performing an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold;

wherein each step of the method is performed by a computing device comprising at least one hardware processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation may include (1) identifying a file, (2) determining that the file has been digitally signed, (3) identifying a signer responsible for digitally signing the file, (4) identifying the signer'"'"'s reputation, and then (5) determining whether to evaluate the trustworthiness of the file based at least in part on the signer'"'"'s reputation. In one example, the signer'"'"'s reputation may be based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer. Various other methods, systems, and encoded computer-readable media are also disclosed.

38 Citations

View as Search Results

19 Claims

1. A computer-implemented method for determining whether to independently evaluate the trustworthiness of digitally signed files based on signer reputation, the method comprising:
- identifying a file;
  
  determining that the file has been digitally signed;
  
  identifying a signer responsible for digitally signing the file;
  
  identifying a reputation of the signer, the signer'"'"'s reputation being based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer;
  
  determining whether the signer'"'"'s reputation satisfies a predetermined threshold;
  
  only performing an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold;
  
  wherein each step of the method is performed by a computing device comprising at least one hardware processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein identifying the signer'"'"'s reputation comprises obtaining the signer'"'"'s reputation from a reputation server.
  - 3. The method of claim 1, wherein the signer'"'"'s reputation is based at least in part on at least one of:
    - whether the signer has previously signed a file containing malware;
      
      whether the signer has previously signed a file having a reputation that fails to satisfy a predetermined threshold.
  - 4. The method of claim 1, wherein only performing an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold comprises determining that an independent evaluation of the trustworthiness of the file is unnecessary in response to at least one of:
    - determining that the signer'"'"'s reputation indicates that the signer is classified as trusted;
      
      determining that the signer'"'"'s reputation satisfies a predetermined reputation-score threshold.
  - 5. The method of claim 1, wherein only performing an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold comprises:
    - determining, based at least in part on a determination that the signer'"'"'s reputation fails to satisfy the predetermined threshold, that an independent evaluation of the trustworthiness of the file is necessary;
      
      ordetermining, based at least in part on a determination that the signer'"'"'s reputation satisfies the predetermined threshold, that an independent evaluation of the trustworthiness of the file is unnecessary.
  - 6. The method of claim 1, wherein the computing device comprises at least one of:
    - a server-side computing device;
      
      a client-side computing device.
  - 7. The method of claim 1, further comprising:
    - identifying the additional file that was previously signed by the signer;
      
      determining the trustworthiness of the additional file;
      
      deriving the signer'"'"'s reputation based at least in part on the trustworthiness of the additional file.
  - 8. The method of claim 1, wherein identifying the reputation of the signer comprises at least one of:
    - identifying a binary classification assigned to the signer;
      
      identifying a reputation score assigned to the signer.

9. A system for determining whether to independently evaluate the trustworthiness of digitally signed files based on signer reputation, the system comprising:
- a file-analysis module programmed to;
  
  identify a file;
  
  determine that the file has been digitally signed;
  
  identify a signer responsible for digitally signing the file;
  
  a reputation module programmed to identify a reputation of the signer, the signer'"'"'s reputation being based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer;
  
  a security module programmed to;
  
  determine whether the signer'"'"'s reputation satisfies a predetermined threshold;
  
  only perform an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold;
  
  at least one processor configured to execute the file-analysis module, the reputation module, and the security module.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the reputation module identifies the signer'"'"'s reputation by obtaining the signer'"'"'s reputation from a reputation server.
  - 11. The system of claim 9, wherein the signer'"'"'s reputation is based at least in part on at least one of:
    - whether the signer has previously signed a file containing malware;
      
      whether the signer has previously signed a file having a reputation that fails to satisfy a predetermined threshold.
  - 12. The system of claim 9, wherein the security module is further programmed to determine that an independent evaluation of the trustworthiness of the file is unnecessary in response to at least one of:
    - determining that the signer'"'"'s reputation indicates that the signer is classified as trusted;
      
      determining that the signer'"'"'s reputation satisfies a predetermined reputation-score threshold.
  - 13. The system of claim 9, wherein the security module is further programmed to:
    - determine, based at least in part on a determination that the signer'"'"'s reputation fails to satisfy the predetermined threshold, that an independent evaluation of the trustworthiness of the file is necessary;
      
      ordetermine, based at least in part on a determination that the signer'"'"'s reputation satisfies the predetermined threshold, that an independent evaluation of the trustworthiness of the file is unnecessary.
  - 14. The system of claim 9, further comprising at least one of:
    - a server-side computing device comprising at least one processor configured to execute at least one of the file-analysis module, the reputation module, and the security module;
      
      a client-side computing device comprising at least one processor configured to execute at least one of the file-analysis module, the reputation module, and the security module.

15. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a file;
  
  determine that the file has been digitally signed;
  
  identify a signer responsible for digitally signing the file;
  
  identify a reputation of the signer, the signer'"'"'s reputation being based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer;
  
  determine whether the signer'"'"'s reputation satisfies a predetermined threshold;
  
  only perform an independent evaluation of the trustworthiness of the file if the signer'"'"'s reputation fails to satisfy the predetermined threshold.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer-readable-storage medium of claim 15, wherein the computing device identifies the signer'"'"'s reputation by obtaining the signer'"'"'s reputation from a reputation server.
  - 17. The computer-readable-storage medium of claim 15, wherein the signer'"'"'s reputation is based at least in part on at least one of:
    - whether the signer has previously signed a file containing malware;
      
      whether the signer has previously signed a file having a reputation that fails to satisfy a predetermined threshold.
  - 18. The computer-readable-storage medium of claim 15, wherein the computing device:
    - determines, based at least in part on a determination that the signer'"'"'s reputation fails to satisfy the predetermined threshold, that an independent evaluation of the trustworthiness of the file is necessary;
      
      ordetermines, based at least in part on a determination that the signer'"'"'s reputation satisfies the predetermined threshold, that an independent evaluation of the trustworthiness of the file is unnecessary.
  - 19. The computer-readable-storage medium of claim 15, wherein the computing device determines that an independent evaluation of the trustworthiness of the file is unnecessary in response to at least one of:
    - determining that the signer'"'"'s reputation indicates that the signer is classified as trusted;
      
      determining that the signer'"'"'s reputation satisfies a predetermined reputation-score threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Chen, Joseph H., Woirhaye, Brendon V
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/214,514
Time in Patent Office

904 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links