Using multiple layers of policy management to manage risk

US 9,729,513 B2
Filed: 08/13/2015
Issued: 08/08/2017
Est. Priority Date: 11/08/2007
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a receiver to receive a file at a computer system, the file including a content, the content including a first portion;

a file type identifier to identify a purported file type of the file;

a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue identifier (ID);

a quarantine that can store the file;

a file issue exclusion policy specifying an approved file type and a second issue ID;

a file content policy to allow the first portion of the content of the file to be included in the file, the file content policy including a whitelist of hashes of known approved portions of content;

a hasher to generate a hash of the first portion of the content of the file;

a comparator to compare the first portion of the content of the file with the whitelist;

a scanning service to perform additional analysis to determine whether the file can be released from quarantine; and

a transmitter to transmit the file to the recipient instead of storing the file in the quarantine when the approved file type in the file issue exclusion policy matches the purported file type and the second issue ID in the file issue exclusion policy matches the first issue ID,wherein the first portion of the content of the file is included in the file when the first portion of the content of the file matches a known approved portion of content in the whitelist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for processing a file using a file issue exclusion policy to manage risk is disclosed. If a file does not conform to a set of rules and would otherwise be quarantined, a file issue exclusion policy can be reviewed. If the file issue exclusion policy indicates that the reason why the file did not conform to the set of rules is acceptable, the file can be delivered to the recipient despite not conforming to the set of rules.

95 Citations

View as Search Results

17 Claims

1. A system, comprising:
- a receiver to receive a file at a computer system, the file including a content, the content including a first portion;
  
  a file type identifier to identify a purported file type of the file;
  
  a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue identifier (ID);
  
  a quarantine that can store the file;
  
  a file issue exclusion policy specifying an approved file type and a second issue ID;
  
  a file content policy to allow the first portion of the content of the file to be included in the file, the file content policy including a whitelist of hashes of known approved portions of content;
  
  a hasher to generate a hash of the first portion of the content of the file;
  
  a comparator to compare the first portion of the content of the file with the whitelist;
  
  a scanning service to perform additional analysis to determine whether the file can be released from quarantine; and
  
  a transmitter to transmit the file to the recipient instead of storing the file in the quarantine when the approved file type in the file issue exclusion policy matches the purported file type and the second issue ID in the file issue exclusion policy matches the first issue ID,wherein the first portion of the content of the file is included in the file when the first portion of the content of the file matches a known approved portion of content in the whitelist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system according to claim 1, further comprising a file type policy to block the file when the purported file type of the file matches a file type in the file type policy.
  - 3. The system according to claim 1, wherein the file content policy indicates to:
    - quarantine the file, orsanitize the first portion of the content of the file.
  - 4. The system according to claim 1, wherein the system includes a sanitizer to sanitize the first portion of the content of the file when the first portion of the content of the file does not matches a known approved portion of content in the whitelist.
  - 5. The system according to claim 1, wherein the system is operative to quarantine the file when the first issue ID does not match the second issue ID.
  - 6. The system according to claim 1, wherein the file issue exclusion policy can specify a blocked file type and a third issue ID.
  - 7. The system according to claim 1, wherein the file issue exclusion policy is set by the recipient.
  - 8. The system according to claim 1, wherein the file issue exclusion policy applies to a plurality of recipients by corporate policy.

9. A method, comprising:
- receiving a file at a computer system, the file include content;
  
  determining a purported file type of the file;
  
  scanning the content of the file using a set of rules corresponding to the purported file type, including;
  
  identifying a first portion of the content of the file that can include malicious content;
  
  accessing a whitelist of hashes of known approved portions of content;
  
  calculating a hash of the first portion of the content of the file;
  
  comparing the hash of the first portion of the content of the file with the whitelist of hashes of known approved portions of content; and
  
  when the hash of the first portion of the content of the file is included in the whitelist, including the first portion of the content of the file in the file;
  
  determining that content does not conform to the set of rules corresponding to the purported file type;
  
  flagging the file for quarantine;
  
  when the file is subject to quarantine, submitting the file to a scanning service for additional analysis to determine whether the file is to be released from quarantine;
  
  determining a first issue identifier (ID) for an issue as to why the content does not conform to the set of rules;
  
  accessing a file issue exclusion policy, the file issue exclusion policy specifying an approved file type and a second issue ID; and
  
  transmitting the file to a recipient instead of quarantining the file when approved file type in the file issue exclusion policy matches the purported file type and the second issue ID in the file issue exclusion policy matches the first issue ID.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method according to claim 9, further comprising quarantining the file when the first issue ID does not match the second issue ID.
  - 11. The method according to claim 9, wherein the file issue exclusion policy can specify a blocked file type and a third issue ID.
  - 12. The method according to claim 9, wherein the file issue exclusion policy is set by the recipient.
  - 13. The method according to claim 9, wherein the file issue exclusion policy applies to a plurality of recipients by corporate policy.
  - 14. The method according to claim 9, further comprising:
    - comparing the purported file type with a file type policy;
      
      when the file type policy specifies that the purported file type is blocked, disallowing the file; and
      
      when the file type policy specifies that the purported file type is allowed, allowing the file to proceed to scanning.
  - 15. The method according to claim 9, wherein scanning the content of the file using a set of rules corresponding to the purported file type includes:
    - identifying a first portion of the content of the file that can include malicious content;
      
      accessing a file content policy;
      
      when the file content policy specifies that the first portion of the content of the file is allowed, allowing the first portion of the content of the file to be included in the file;
      
      when the file content policy specifies that the first portion of the content of the file is disallowed, quarantining the file; and
      
      when the file content policy specifies that the first portion of the content of the file is to be sanitized, sanitizing the first portion of the content of the file.
  - 16. The method according to claim 15, wherein accessing a file content policy includes:
    - accessing a whitelist of known approved portions of content;
      
      comparing the first portion of the content of the file with the whitelist of known approved portions of content; and
      
      when the first portion of the content of the file is included in the whitelist, including the first portion of the content of the file in the file.
  - 17. The method according to claim 16, wherein accessing a file content policy further includes, when the first portion of the content of the file is not included in the whitelist, removing the first portion of the content of the file from the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Glasswall (Ip) Limited
Original Assignee
Glasswall (Ip) Limited
Inventors
Shirk, Leon Maurice, Hutton, Samuel Harrison
Primary Examiner(s)
HO, DAO Q

Application Number

US14/825,808
Publication Number

US 20170048199A1
Time in Patent Office

726 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/152   using file content signatur...

G06F 21/51   at application loading time...

G06F 21/564   by virus signature recognition

G06F 21/565   by checking file integrity

G06F 21/64   Protecting data integrity, ...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Using multiple layers of policy management to manage risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

95 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Using multiple layers of policy management to manage risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links