Securing file trust with file format conversions
First Claim
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for reducing a security risk posed by a digital file, which when executed by one or more processors, cause:
- converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format,wherein converting the digital file from the first format to the second format is performed, without user input, in response to a component determining that the digital file (a) has entered a secure area of a storage medium and (b) does not contain a digital signature from a trusted entity.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.
-
Citations
21 Claims
-
1. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for reducing a security risk posed by a digital file, which when executed by one or more processors, cause:
-
converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein converting the digital file from the first format to the second format is performed, without user input, in response to a component determining that the digital file (a) has entered a secure area of a storage medium and (b) does not contain a digital signature from a trusted entity. - View Dependent Claims (2, 3, 5, 6, 7, 10, 11, 13, 14, 21)
-
-
4. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for reducing a security risk posed by a digital file, which when executed by one or more processors, cause:
-
converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein converting the digital file from the first format to the second format is performed, without user input, in response to a component determining that the digital file does not contain a digital signature from a trusted entity, wherein the component executes on or corresponds to an edge router, an email server, an email client, a web browser, software responsible for managing the instantiation and de-instantiation of one or more virtual machines, a hardware device, or an application specific integrated circuit (ASIC).
-
-
8. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for reducing a security risk posed by a digital file, which when executed by one or more processors, cause:
-
converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein converting the digital file from the first format to the second format is performed, without user input, in response to a component determining that the digital file does not contain a digital signature from a trusted entity; converting the digital file from the second format back to the first format; and after converting the digital file from the second format back to the first format to produce a sterilized digital file, storing, within a file system, an original copy of the digital file in association with the sterilized digital file, wherein the original copy of the digital file is in the first format and has an attribute that hides the original copy from the user'"'"'s view, and wherein the original copy of the digital file has not been converted to or from the second format. - View Dependent Claims (9, 12, 15)
-
-
16. One or more non-transitory computer-readable storage mediums storing one or more sequences of instructions for reducing a security risk posed by a digital file, which when executed by one or more processors, cause:
-
converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein converting the digital file from the first format to the second format is performed, without user input, in response to a component determining that the digital file does not contain a digital signature from a trusted entity; and in response to a request to perform a type of merge operation, performing the steps of; instantiating a new virtual machine for the purpose of creating a merged document; merging, within the new virtual machine, a portion of the digital file with a portion of a particular digital file to create the merged document, wherein the merged document does comprise metadata or file format data structures of the first format, and after extracting the merged document from the new virtual machine, de-instantiating the new virtual machine.
-
-
17. An apparatus for reducing a security risk posed by a digital file, which when executed by one or more processors, comprising:
-
one or more processors; and one or more non-transitory computer-readable storage mediums storing one or more sequences of instructions, which when executed, cause; converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein creating the second format is performed, without user input, in response to a component determining that the digital file (a) has entered a secure area of a storage medium and (b) does not contain a digital signature from a trusted entity. - View Dependent Claims (18)
-
-
19. A machine-implemented method for reducing a security risk posed by a digital file, which when executed by one or more processors, comprising:
a machine executing one or more sequences of instructions to cause; converting the digital file from a first format to a second format, wherein the second format is different than the first format, wherein the second format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the first format, wherein creating the second format is performed, without user input, in response to a component determining that the digital file (a) has entered a secure area of a storage medium and (b) does not contain a digital signature from a trusted entity. - View Dependent Claims (20)
Specification