Simplified communication of a reputation score for an entity

US 8,595,282 B2
Filed: 06/30/2008
Issued: 11/26/2013
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for communicating an entity'"'"'s reputation to a user, the method comprising:

determining hygiene scores associated with a plurality of clients, the hygiene scores representing assessments of trustworthiness of the clients and determined based on frequencies of malware detections on the clients;

receiving a notification that one of the plurality of clients encountered an entity, wherein the entity comprises a file, a program, or a website;

identifying a set of trustworthy clients based on the hygiene scores of the clients, a trustworthy client having a hygiene score indicating at least a threshold level of trustworthiness;

calculating a reputation score for the entity, the reputation score comprising a measure of a ratio of trustworthy clients that have used the entity to all clients that have used the entity, wherein the reputation score represents an assessment of whether the entity is malicious; and

presenting the reputation score on the client that encountered the entity, the reputation score accompanied by a message indicating that the reputation score is based on other clients deemed trustworthy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reputation server is coupled to multiple clients via a network. A security module in each client monitors client encounters with entities such as files, programs, and websites, and then computes a hygiene score based on the monitoring. The hygiene scores are then provided to the reputation server, which computes reputation scores for the entities based on the clients'"'"' hygiene scores and the interactions between the clients and the entity. When a particular client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The reputation score may comprises a statistical measure based on a number of other trustworthy or “good hygiene” clients that have a hygiene score above a threshold. The client communicates this reputation score to a user with a message indicating that the reputation score is based on other clients deemed trustworthy.

83 Citations

View as Search Results

22 Claims

1. A computer implemented method for communicating an entity'"'"'s reputation to a user, the method comprising:
- determining hygiene scores associated with a plurality of clients, the hygiene scores representing assessments of trustworthiness of the clients and determined based on frequencies of malware detections on the clients;
  
  receiving a notification that one of the plurality of clients encountered an entity, wherein the entity comprises a file, a program, or a website;
  
  identifying a set of trustworthy clients based on the hygiene scores of the clients, a trustworthy client having a hygiene score indicating at least a threshold level of trustworthiness;
  
  calculating a reputation score for the entity, the reputation score comprising a measure of a ratio of trustworthy clients that have used the entity to all clients that have used the entity, wherein the reputation score represents an assessment of whether the entity is malicious; and
  
  presenting the reputation score on the client that encountered the entity, the reputation score accompanied by a message indicating that the reputation score is based on other clients deemed trustworthy.
- View Dependent Claims (2, 3, 4, 5, 21)
- - 2. The method of claim 1, wherein the reputation score further comprises a mathematical transformation of the hygiene scores of a set of clients that have used the entity.
  - 3. The method of claim 1, wherein the message comprises a statistic about use of the entity by one or more trustworthy clients.
  - 4. The method of claim 1, wherein the entity is a file, and the encounter of the entity comprises downloading or attempting to download the entity.
  - 5. The method of claim 1, wherein the entity is a website, and the encounter of the entity comprises viewing or attempting to view the website.
  - 21. The method of claim 1, wherein malware on a client is detected by matching data on the client with signatures of known malware.

6. A computer implemented method for communicating a reputation of an entity to a user, the method comprising:
- encountering an entity at a client, wherein the entity comprises a file, a program, or a website;
  
  receiving a reputation score that represents an assessment of whether the entity is malicious, the reputation score comprising a measure of a ratio of trustworthy clients that have used the entity to all clients that have used the entity, wherein a trustworthy client is a client that has a hygiene score above a threshold, a hygiene score representing an assessment of trustworthiness of the client and determined based on a frequency of malware detections on the client;
  
  communicating the reputation score via an output device of the client; and
  
  communicating a message indicating that the reputation score is based on other clients deemed trustworthy.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the reputation score further comprises a mathematical transformation of the hygiene scores of a set of clients that have used the entity.
  - 8. The method of claim 6, wherein the message comprises information about use of the entity by one or more trustworthy clients.
  - 9. The method of claim 6, wherein the entity is a file, and encountering the entity comprises downloading or attempting to download the entity.
  - 10. The method of claim 6, wherein the entity is a website, and encountering the entity comprises viewing or attempting to view the website.

11. A computer program product for communicating an entity'"'"'s reputation to a user, the computer program product comprising a non-transitory computer-readable storage medium containing computer program code for:
- determining hygiene scores associated with a plurality of clients, the hygiene scores representing assessments of trustworthiness of the clients and determined based on frequencies of malware detections on the clients;
  
  receiving a notification that one of the plurality of clients encountered an entity, wherein the entity comprises a file, a program, or a website;
  
  determining a set of trustworthy clients based on the hygiene scores of the clients, a trustworthy client having a hygiene score indicating at least a threshold level of trustworthiness;
  
  calculating a reputation score for the entity, the calculated reputation score comprising a measure of a ratio of trustworthy clients that have used the entity to all clients that have used the entity, wherein the reputation score represents an assessment of whether the entity is malicious; and
  
  presenting the reputation score on the client that encountered the entity, the reputation score accompanied by a message indicating that the reputation score is based on other clients deemed trustworthy.
- View Dependent Claims (12, 13, 14, 15, 22)
- - 12. The computer program product of claim 11, wherein the reputation score further comprises a mathematical transformation of the hygiene scores of a set of clients that have used the entity.
  - 13. The computer program product of claim 11, wherein the message comprises a statistic about use of the entity by one or more trustworthy clients.
  - 14. The computer program product of claim 11, wherein the entity is a file, and the encounter of the entity comprises downloading or attempting to download the entity.
  - 15. The computer program product of claim 11, wherein the entity is a website, and the encounter of the entity comprises viewing or attempting to view the website.
  - 22. The computer program product of claim 11, wherein malware on a client is detected by matching data on the client with signatures of known malware.

16. A computer program product for communicating a reputation of an entity to a user, the computer program product comprising a non-transitory computer-readable storage medium containing computer program code for:
- encountering an entity at a client, wherein the entity comprises a file, a program, or a website;
  
  receiving a reputation score that represents an assessment of whether the entity is malicious, the reputation score comprising a measure of a ratio of trustworthy clients that have used the entity to all clients that have used the entity, wherein a trustworthy client is a client that has a hygiene score above a threshold, a hygiene score representing an assessment of trustworthiness of the client and determined based on a frequency of malware detections on the client;
  
  communicating the reputation score via an output device of the client; and
  
  communicating a message indicating that the reputation score is based on other clients deemed trustworthy.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the reputation score further comprises a mathematical transformation of the hygiene scores of a set of clients that have used the entity.
  - 18. The computer program product of claim 16, wherein the message comprises information about use of the entity by one or more trustworthy clients.
  - 19. The computer program product of claim 16, wherein the entity is a file, and encountering the entity comprises downloading or attempting to download the entity.
  - 20. The computer program product of claim 16, wherein the entity is a website, and encountering the entity comprises viewing or attempting to view the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Nachenberg, Carey S.
Primary Examiner(s)
Gilles, Jude Jean
Assistant Examiner(s)
ISOM, JOHN W

Application Number

US12/165,599
Publication Number

US 20090328209A1
Time in Patent Office

1,975 Days
Field of Search

709/200, 709/225, 726/25, 726/29, 705/35
US Class Current

709/200
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/562   Static detection

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2115   Third party

G06Q 10/10   Office automation; Time man...

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

Simplified communication of a reputation score for an entity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified communication of a reputation score for an entity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links