Disarming malware in digitally signed content

US 9,923,921 B1
Filed: 10/26/2017
Issued: 03/20/2018
Est. Priority Date: 01/05/2017
Status: Active Grant

First Claim

Patent Images

1. A method for disarming malicious code in digitally-signed content in a computer system having a processor, the method comprising:

determining, by the processor, that content is associated with a first digital signature;

modifying, by the processor, at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content; and

signing, by the processor, the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for disarming malicious code in digitally-signed content are provided. An example method includes determining that content is associated with a first digital signature, modifying at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content, and signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

33 Citations

View as Search Results

24 Claims

1. A method for disarming malicious code in digitally-signed content in a computer system having a processor, the method comprising:
- determining, by the processor, that content is associated with a first digital signature;
  
  modifying, by the processor, at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content; and
  
  signing, by the processor, the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the content is received by the computer system and intended for a recipient in a network, the method further comprising enabling access to the modified content by the intended recipient.
  - 3. The method of claim 1, further comprising verifying, by the processor and before the modifying, authenticity of the first digital signature.
  - 4. The method of claim 3, wherein verifying the authenticity of the first digital signature includes receiving an indication from a trusted third party indicative of the authenticity of the first digital signature.
  - 5. The method of claim 3, wherein verifying the authenticity of the first digital signature includes approving the first digital signature based on a policy associated with the computer system.
  - 6. The method of claim 5, wherein the policy enables approval of the first digital signature based on a characteristic of a certificate associated with the first digital signature.
  - 7. The method of claim 3, wherein verifying the authenticity of the first digital signature includes receiving an indication from an administrator of the computer system indicative of approval of the digital signature.
  - 8. The method of claim 2, further comprising providing a notification to the intended recipient that the first digital signature of the content has been verified.
  - 9. The method of claim 8, wherein the notification is included in content of the modified content.
  - 10. The method of claim 8, wherein the notification is included in a communication associated with the modified content.
  - 11. The method of claim 10, wherein the communication is an electronic message including the modified content attached thereto.
  - 12. The method of claim 2, wherein the second digital signature is associated with a security gateway in the network.
  - 13. The method of claim 2, further comprising:
    - storing the content in association with the first digital signature in a dedicated storage area of the computer system; and
      
      enabling access to the content by the intended recipient according to a policy of the computer system.

14. A method for disarming malicious code in a computer system having a processor, the method comprising:
- determining that input content associated with a recipient in a network is associated with a first digital signature;
  
  communicating with an authentication service to verify authenticity of the first digital signature;
  
  modifying at least a portion of digital values of the input content to disable any malicious code included in the input content, thereby creating modified input content; and
  
  signing the modified input content with a second digital signature, thereby creating signed modified input content, the signed modified input content including one or more elements indicative of the authenticity of the first digital signature.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14, wherein the authentication service is associated with the computer system.
  - 16. The method of claim 14, wherein the authentication service is associated with a security gateway of the network.
  - 17. The method of claim 14, wherein the authentication service is associated with a trusted third party.
  - 18. The method of claim 14, wherein the modifying is performed without first detecting malicious code in the input content.
  - 19. The method of claim 14, further comprising:
    - storing the input content in association with the first digital signature in a dedicated storage area of the computer system; and
      
      enabling access to the input content by the recipient according to a policy of the computer system.
  - 20. The method of claim 14, further comprising inserting the one or more content elements into the modified input content.
  - 21. The method of claim 14, further comprising inserting the one or more content elements into the second digital signature.
  - 22. A non-transitory computer-readable medium comprising instructions that when executed by a processor are configured for carrying out the method of claim 14.

23. A system for disarming malicious code in digitally-signed content, the system comprising:
- a memory device storing a set of instructions; and
  
  a processor configured to execute the set of instructions to;
  
  determine that content is associated with a first digital signature;
  
  modify at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content; and
  
  sign the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

24. A system for disarming malicious code, the system comprising:
- a memory device storing a set of instructions; and
  
  a processor configured to execute the set of instructions to;
  
  determine that input content associated with a recipient in a network is associated with a first digital signature;
  
  communicate with an authentication service to verify authenticity of the first digital signature;
  
  modify at least a portion of digital values of the input content to disable any malicious code included in the input content, thereby creating modified input content; and
  
  sign the modified input content with a second digital signature, thereby creating signed modified input content, the signed modified input content including one or more elements indicative of the authenticity of the first digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Votiro Cybersec Ltd
Original Assignee
Votiro Cybersec Ltd
Inventors
Grafi, Aviv
Primary Examiner(s)
Korsak, Oleg

Application Number

US15/795,021
Time in Patent Office

145 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/316   by observing the pattern of...

G06F 21/53   by executing in a restricte...

G06F 21/55   Detecting local intrusion o...

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0236   Filtering by address, proto...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

H04L 63/1466   Active attacks involving in...

H04L 63/308   retaining data, e.g. retain...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H05K 999/99   dummy group

Disarming malware in digitally signed content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Disarming malware in digitally signed content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links