Comprehensive password management arrangment facilitating security

US 9,003,531 B2
Filed: 02/02/2010
Issued: 04/07/2015
Est. Priority Date: 10/01/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A machine-implemented process for screening data for malware, the process being performed by a computer system having processing circuitry operatively coupled to at least one data store, the process comprising:

storing received data in the at least one data store, wherein the received data includes at least;

(i) a first and a second protected item of data, each containing contents that are inaccessible without corresponding access credential information, and (ii) first access credential information corresponding to the first protected item of data, the first access credential information having been received separately from the first protected item of data;

storing other access credential information in the at least one data store, the other access credential information including at least second access credential information corresponding to the second protected item of data;

analyzing the received data to detect the first protected item of data therein based on predetermined protected data item identification criteria;

analyzing the received data to detect the first access credential information contained therein based on predetermined access credential identification criteria that includes application of a measure of proximity between information items contained in separately-received portions of the received data and detected protected items of data in the received data;

in response to a detection of the first access credential information in the at least one data store, storing the first access credential information in the at least one data store in a grouping arrangement with the other access credential information;

in response to a detection of at least one of the first and the second protected item of data, using the corresponding access credential information stored in the grouping arrangement, including the first access credential information and the second access credential information, to facilitate access to the first and the second protected items of data by a malware screening process to extract content from the first and the second protected items of data; and

executing the malware screening process to scan the content extracted from the first and the second protected items of data to detect a presence of malware.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented process and apparatus for screening data for malware. Received data stored in at least one data store includes at least: (i) a first protected item of data containing contents that are generally inaccessible without specific access credential information, and (ii) specific access credential information corresponding to the first protected item of data. The received data is analyzed to detect any protected items of data therein based on predetermined protected data item identification criteria and to detect any access credential information contained therein based on predetermined access credential identification criteria. In response to a detection of the specific access credential information in the at least one data store, the specific access credential information is stored in the at least one data store in a grouping arrangement with other access credential information. In response to a detection of the first protected item of data, use the specific access credential information is stored in the grouping arrangement to facilitate access to the first protected item of data by a malware screening process to extract its content. The malware screening process is executed to scan the content extracted from the first protected data item to detect a presence of malware.

53 Citations

View as Search Results

24 Claims

1. A machine-implemented process for screening data for malware, the process being performed by a computer system having processing circuitry operatively coupled to at least one data store, the process comprising:
- storing received data in the at least one data store, wherein the received data includes at least;
  
  (i) a first and a second protected item of data, each containing contents that are inaccessible without corresponding access credential information, and (ii) first access credential information corresponding to the first protected item of data, the first access credential information having been received separately from the first protected item of data;
  
  storing other access credential information in the at least one data store, the other access credential information including at least second access credential information corresponding to the second protected item of data;
  
  analyzing the received data to detect the first protected item of data therein based on predetermined protected data item identification criteria;
  
  analyzing the received data to detect the first access credential information contained therein based on predetermined access credential identification criteria that includes application of a measure of proximity between information items contained in separately-received portions of the received data and detected protected items of data in the received data;
  
  in response to a detection of the first access credential information in the at least one data store, storing the first access credential information in the at least one data store in a grouping arrangement with the other access credential information;
  
  in response to a detection of at least one of the first and the second protected item of data, using the corresponding access credential information stored in the grouping arrangement, including the first access credential information and the second access credential information, to facilitate access to the first and the second protected items of data by a malware screening process to extract content from the first and the second protected items of data; and
  
  executing the malware screening process to scan the content extracted from the first and the second protected items of data to detect a presence of malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The process of claim 1, wherein analyzing the received data to detect any access credential information contained therein based on predetermined access credential identification criteria does not take into account any predefined association of the access credential information with any protected item of data.
  - 3. The process of claim 1, further comprising:
    - preventing direct user access to the contents of the first protected item of data until successful completion of the malware screening process.
  - 4. The process of claim 1, wherein the grouping arrangement includes at least one data structure in which grouped items of access credential information are stored.
  - 5. The process of claim 1, wherein the grouping arrangement includes at least one index identifying locations in the data store where grouped items of access credential information are stored.
  - 6. The process of claim 1, wherein storing the first access credential information in a grouping arrangement with the other access credential information includes storing the first access credential information grouped with user-provided access credential information for a variety of different programs or services in a secure arrangement of at least one data structure.
  - 7. The process of claim 1, wherein storing the first access credential information in a grouping arrangement with the other access credential information includes storing the first access credential information grouped with community-provided access credential information compiled from a plurality of different computer systems.
  - 8. The process of claim 1, wherein storing the first access credential information in a grouping arrangement with the other access credential information includes storing the first access credential information with the first protected item of data.
  - 9. The process of claim 8, wherein associating of the first access credential information with the first protected item of data is based on an information organizational proximity between where the first access credential information is stored in relation to the first protected item of data.
  - 10. The process of claim 1, wherein:
    - the first protected item of data is received as part of a first message and the second protected item of data is received as part of a second message; and
      
      the second access credential information corresponding to the second protected item of data, is received as part of a third message separately from the second message.
  - 11. The process of claim 1, wherein storing received data in the at least one data store includes storing the first protected item of data and the first access credential information as part of an email inbox.
  - 12. The process of claim 1, further comprising:
    - scanning at least a major portion of the at least one data store to detect any access credential information contained therein based on the predetermined access credential identification criteria; and
      
      in response to a detection of any new item of access credential information during that scanning, updating the grouping arrangement to add that new item.
  - 13. The process of claim 1, wherein in the access credential identification criteria the measure of proximity is a temporal measure of proximity representing a time window during which items of information contained within the received data are separately received.
  - 14. The process of claim 1, wherein in the access credential identification criteria the measure of proximity represents a relative proximity of storage locations of separately-received items of information from the received data in the data store.

15. Apparatus for screening data for malware comprising:
- a computer system having processing circuitry operatively coupled to at least one data store, the computer system being configured to;
  
  store received data in the at least one data store, wherein the received data includes at least;
  
  (i) a first and a second protected item of data, each containing contents that are inaccessible without corresponding access credential information, and (ii) first access credential information corresponding to the first protected item of data, the first access credential information having been received separately from the first protected item of data;
  
  store other access credential information in the at least one data store, the other access credential information including at least second access credential information corresponding to the second protected item of data;
  
  analyze the received data to detect the first protected item of data therein based on predetermined protected data item identification criteria;
  
  analyze the received data to detect the first access credential information contained therein based on predetermined access credential identification criteria that includes application of a measure of proximity between information items contained in separately-received portions of the received data and detected protected items of data in the received data;
  
  in response to a detection of the first access credential information in the at least one data store, store the first access credential information in the at least one data store in a grouping arrangement with other access credential information;
  
  in response to a detection of at least one of the first and the second protected item of data, use the corresponding access credential information stored in the grouping arrangement, including the first access credential information and the second access credential information, to facilitate access to the first and the second protected items of data by a malware screening process to extract content from the first and the second protected items of data; and
  
  execute the malware screening process to scan the content extracted from the first and the second protected items of data to detect a presence of malware.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The apparatus of claim 15, wherein the grouping arrangement includes at least one data structure in which grouped items of access credential information are stored.
  - 17. The apparatus of claim 15, wherein the grouping arrangement includes at least one index identifying locations in the data store where grouped items of access credential information are stored.
  - 18. The apparatus of claim 15, wherein the access credential information stored in the grouping arrangement is grouped with user-generated access credential information for a variety of different programs or services in a secure arrangement of at least one data structure.
  - 19. The apparatus of claim 15, wherein the first access credential information stored in a grouping arrangement with the other access credential information is associated with the first protected item of data.
  - 20. The apparatus of claim 15, wherein the received data stored in the at least one data store is stored as part of an email inbox, and includes the first protected item of data and the first access credential information.
  - 21. The apparatus of claim 15, wherein the computer system is further configured to:
    - scan at least a major portion of the at least one data store to detect any access credential information contained therein based on the predetermined access credential identification criteria; and
      
      in response to a detection of any new item of access credential information as a result of that scan, update the grouping arrangement to add that new item.
  - 22. The apparatus of claim 15, wherein:
    - the first protected item of data is received as part of a first message and the second protected item of data is received as part of a second message; and
      
      the second access credential information corresponding to the second protected item of data is received as part of a third message separately from the second message.
  - 23. The apparatus of claim 15, wherein in the access credential identification criteria the measure of proximity is a temporal measure of proximity representing a time window during which items of information contained within the received data are separately received.
  - 24. The apparatus of claim 15, wherein in the access credential identification criteria the measure of proximity represents a relative proximity of storage locations of separately-received items of information from the received data in the data store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Kaspersky Lab ZAO
Inventors
NAZAROV, DENIS
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Shepperd, Eric W

Application Number

US12/698,694
Publication Number

US 20110083181A1
Time in Patent Office

1,890 Days
Field of Search

726 1- 5, 726 22- 24, 726 26- 27, 713/153, 713/173, 713187-188, 380/1
US Class Current

726/24
CPC Class Codes

G06F 21/562   Static detection

H04L 63/14   for detecting or protecting...

H04L 63/308   retaining data, e.g. retain...

Comprehensive password management arrangment facilitating security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Comprehensive password management arrangment facilitating security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links