Safe file transmission and reputation lookup

US 9,690,939 B2
Filed: 01/05/2015
Issued: 06/27/2017
Est. Priority Date: 02/27/2008
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processing units; and

memory comprising instructions that when executed by at least one of the one or more processing units perform a method comprising;

overriding protection that prevents access to a data file received via a network after reputation information indicating a level of suspiciousness associated with the data file is accessed, the data file received wrapped in a protective file to create a package file that inhibits at least one of access to or execution of the data file until data file reputation information is accessed, the level of suspiciousness based at least in part upon at least one of;

a number of users that executed the data file;

a number of times the data file has travelled through a network;

a first time and date the data file was observed;

whether the data file was reviewed by an analyst;

a certificate used to sign the data file;

a link to a company that controls the certificate;

a link to a search page comprising information about the data file;

ora link to a discussion group comprising information about the data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of safe file transmission and reputation lookup is provided. As a part of the safe file transmission and reputation lookup methodology, a data file that is to be made available to a data file receiver is accessed and it is determined whether the data file needs to be provided a protective file. The data file is wrapped in a protective file to create a non-executing package file. Access is provided to the non-executing package file where the associated data file is prevented from being executed until data file reputation information is received.

24 Citations

20 Claims

1. A system comprising:
- one or more processing units; and
  
  memory comprising instructions that when executed by at least one of the one or more processing units perform a method comprising;
  
  overriding protection that prevents access to a data file received via a network after reputation information indicating a level of suspiciousness associated with the data file is accessed, the data file received wrapped in a protective file to create a package file that inhibits at least one of access to or execution of the data file until data file reputation information is accessed, the level of suspiciousness based at least in part upon at least one of;
  
  a number of users that executed the data file;
  
  a number of times the data file has travelled through a network;
  
  a first time and date the data file was observed;
  
  whether the data file was reviewed by an analyst;
  
  a certificate used to sign the data file;
  
  a link to a company that controls the certificate;
  
  a link to a search page comprising information about the data file;
  
  ora link to a discussion group comprising information about the data file.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the method further comprises:
    - at least one of sending or receiving the data file via an email message or an instant message.
  - 3. The system of claim 1, wherein the method further comprises:
    - accessing the package file by a receiver via an application comprised in the package file.
  - 4. The system of claim 1, at least one of access to or execution of the data file based at least in part upon whether a computer comprises a specific version of software.
  - 5. The system of claim 1, wherein wrapping of the data file in the protective file is performed upon determining that the data file needs to be protected.
  - 6. The system of claim 5, at least some of at least one of the wrapping or the determining implemented by an intermediate server upon receiving the data file from a sender, the data file comprised in a message addressed to a receiver, the receiver not comprising the intermediate server.

7. A computer readable medium comprising instructions that when executed perform a method comprising:
- receiving via a network a data file wrapped in a protective file to create a package file that inhibits at least one of access to or execution of the data file until data file reputation information is accessed;
  
  determining a level of suspiciousness associated with the data file based at least in part upon at least one of;
  
  a number of users that executed the data file;
  
  a number of times the data file has travelled through a network;
  
  a first time and date the data file was observed;
  
  whether the data file was reviewed by an analyst;
  
  a certificate used to sign the data file;
  
  a link to a company that controls the certificate;
  
  a link to a search page comprising information about the data file;
  
  ora link to a discussion group comprising information about the data file; and
  
  providing reputation information indicating the level of suspiciousness associated with the data file.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The computer readable medium of claim 7, wherein the method further comprises:
    - at least one of sending or receiving the data file via an email message or an instant message.
  - 9. The computer readable medium of claim 7, wherein the method further comprises:
    - determining that the data file needs to be protected based at least in part upon;
      
      whether the data file was sent by an unknown sender with an internet protocol address;
      
      whether malware has previously been received from the internet protocol address;
      
      a likelihood that the data file comprises malware; and
      
      whether malware has previously been received from a user associated with the data file.
  - 10. The computer readable medium of claim 7, wherein the method further comprises:
    - accessing the package file by a receiver via an application comprised in the package file.
  - 11. The computer readable medium of claim 10, wherein the method further comprises:
    - selecting the application for accessing the package file based at least in part upon at least one of;
      
      a file extension;
      
      orinformation received from a predetermined web-site.
  - 12. The computer readable medium of claim 7, wherein the method further comprises:
    - performing the wrapping upon determining that the data file needs to be protected.
  - 13. The computer readable medium of claim 12, wherein at least some of at least one of the wrapping or the determining is implemented by an intermediate server upon receiving the data file from a sender, the data file comprised in a message addressed to a receiver.
  - 14. The computer readable medium of claim 13, wherein the receiver does not comprise the intermediate server.

15. A method, comprising:
- receiving via a network a data file wrapped in a protective file to create a package file that inhibits at least one of access to or execution of the data file until data file reputation information is accessed; and
  
  overriding protection that prevents access to the data file after reputation information indicating a level of suspiciousness associated with the data file is accessed, the level of suspiciousness based at least in part upon at least one of;
  
  a number of users that executed the data file;
  
  a number of times the data file has travelled through a network;
  
  a first time and date the data file was observed;
  
  whether the data file was reviewed by an analyst;
  
  a certificate used to sign the data file;
  
  a link to a company that controls the certificate;
  
  a link to a search page comprising information about the data file;
  
  ora link to a discussion group comprising information about the data file.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - at least one of sending or receiving the data file via an email message or an instant message.
  - 17. The method of claim 15, further comprising:
    - performing the wrapping upon determining that the data file needs to be protected.
  - 18. The method of claim 17, further comprising:
    - determining that the data file needs to be protected based at least in part upon;
      
      whether the data file was sent by an unknown sender with an internet protocol address;
      
      whether malware has previously been received from the internet protocol address;
      
      a likelihood that the data file comprises malware; and
      
      whether malware has previously been received from a user associated with the data file.
  - 19. The method of claim 15, further comprising:
    - accessing the package file by a receiver via an application comprised in the package file.
  - 20. The method of claim 19, further comprising:
    - selecting the application for accessing the package file based at least in part upon at least one of;
      
      a file extension;
      
      orinformation received from a predetermined web-site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Iverson, Kristofer N., Scarrow, John, Osipkov, Ivan, Hulten, Geoff
Primary Examiner(s)
Lipman, Jacob

Application Number

US14/589,433
Publication Number

US 20150128261A1
Time in Patent Office

904 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/6209   to a single file or object,...

Safe file transmission and reputation lookup

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Safe file transmission and reputation lookup

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links