System and method for protecting systems from active content

US 9,858,424 B1
Filed: 06/07/2017
Issued: 01/02/2018
Est. Priority Date: 01/05/2017
Status: Active Grant

First Claim

Patent Images

1. A method of disarming targeted active content in a received input file in a computer system having a processor, the method comprising:

identifying from digital content of the input file, targeted active content associated with an automatically invoked subroutine;

altering the automatically invoked subroutine to prevent automatic execution of instructions associated with the subroutine upon rendering by a rendering application, wherein the altering includes renaming the subroutine to not correspond with an automatically invoked subroutine;

creating protective active content associated with the renamed subroutine and configured to invoke the targeted active content responsive to receipt of a selection of a selectable feature; and

configuring the input file to include the protective active content and the selectable feature, thereby creating a reconfigured input file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments include a method of disarming active content in a received input file in a computer system having a processor. The method includes steps for identifying from digital content of the input file, targeted active content associated with an automatically invoked subroutine, altering the automatically invoked subroutine to prevent automatic execution of the instructions associated with the subroutine upon rendering by a rendering application, such that functionality of the targeted active content is preserved, and configuring the input file to include a selectable feature enabling a user to invoke the targeted active content responsive to a user input, thereby creating a reconfigured input file.

43 Citations

View as Search Results

20 Claims

1. A method of disarming targeted active content in a received input file in a computer system having a processor, the method comprising:
- identifying from digital content of the input file, targeted active content associated with an automatically invoked subroutine;
  
  altering the automatically invoked subroutine to prevent automatic execution of instructions associated with the subroutine upon rendering by a rendering application, wherein the altering includes renaming the subroutine to not correspond with an automatically invoked subroutine;
  
  creating protective active content associated with the renamed subroutine and configured to invoke the targeted active content responsive to receipt of a selection of a selectable feature; and
  
  configuring the input file to include the protective active content and the selectable feature, thereby creating a reconfigured input file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the automatically invoked subroutine includes an automatically invoked function.
  - 3. The method of claim 1, wherein the automatically invoked subroutine is one of a predetermined function automatically invoked by a rendering application according to a specification of the targeted active content.
  - 4. The method of claim 1, wherein the targeted active content includes programmable instructions executable by the rendering application.
  - 5. The method of claim 4, wherein the targeted active content includes at least one of a word processing or spreadsheet macro, formula, or script, or programmable instructions embedded in the input file according to a portable document format.
  - 6. The method of claim 1, wherein the protective active content is configured to generate the selectable feature that enables a user to invoke the targeted active content.
  - 7. The method of claim 1, wherein the altering includes wrapping the subroutine within the protective active content.
  - 8. The method of claim 1, further comprising inserting a notification feature into the digital content as part of the reconfigured input file, the notification feature being configured to provide an indication upon rendering of the reconfigured input file that targeted active content included in the input file has been disabled from automatically executing.
  - 9. The method of claim 1, wherein the configuring the input file to include a selectable feature enabling a user to invoke the targeted active content responsive to a user input is performed according to a policy of the computer system based on one or more characteristics of the input file.
  - 10. The method of claim 9, wherein the one or more characteristics of the input file include an identity of the sender and an identity of an intended recipient of the input file.
  - 11. The method of claim 9, wherein, when the one or more characteristics of the input file are not consistent with a policy of the computer system, the method further comprises preventing functionality of the targeted active content.
  - 12. The method of claim 1, wherein the reconfigured input file is a new file.
  - 13. The method of claim 1, wherein the targeted active content associated with an automatically invoked subroutine includes a subroutine configured to be automatically invoked unknown to the user during interaction with the input file.
  - 14. The method of claim 1, wherein the selectable feature includes a button, prompt, icon, or link, and wherein selection of the selectable feature includes a click or a keystroke.

15. A method of disarming targeted active content in a received input file in a computer system having a processor, the method comprising:
- identifying from digital content of the input file, targeted active content associated with a predetermined function;
  
  altering an aspect of a call to the predetermined function to prevent the predetermined function of the targeted active content from being invoked, wherein the altering includes renaming the function call;
  
  creating protective active content associated with the renamed function call and configured to invoke the targeted active content responsive to receipt of a selection of a selectable feature; and
  
  configuring the input file to include the protective active content and the selectable feature, thereby creating a reconfigured input file.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the predetermined function is defined in a specification of the targeted active content.
  - 17. The method of claim 16, wherein the predetermined function is associated with suspected malicious content.
  - 18. The method of claim 15, wherein the protective active content is configured to generate the selectable feature.
  - 19. The method of claim 15, wherein the protective active content is configured to cause display of a notification feature indicating that the predefined function has been disabled.
  - 20. The method of claim 15, wherein the altering includes wrapping the call to the predetermined function within the protective active content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Votiro Cybersec Ltd
Original Assignee
Votiro Cybersec Ltd
Inventors
Grafi, Aviv
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/616,577
Time in Patent Office

209 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/316   by observing the pattern of...

G06F 21/53   by executing in a restricte...

G06F 21/55   Detecting local intrusion o...

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0236   Filtering by address, proto...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

H04L 63/1466   Active attacks involving in...

H04L 63/308   retaining data, e.g. retain...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H05K 999/99   dummy group

System and method for protecting systems from active content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting systems from active content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links