System and method for enforcing a security context on a downloadable

US 7,613,918 B2
Filed: 02/16/2006
Issued: 11/03/2009
Est. Priority Date: 02/16/2006
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for computer security, comprising:

receiving content including potentially malicious executable code (“

CODE-A”

), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;

scanning CODE-A to derive a profile thereof;

determining, based on the derived profile of CODE-A, an appropriate computer account from among the plurality of computer accounts, under which CODE-A may be processed by the client computer;

combining (i) information about the determined computer account name and (ii) CODE-A, with (iii) executable wrapper code (“

CODE-B”

) into combined code (“

CODE-C”

); and

forwarding CODE-C to the client computer for processing.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive a profile thereof, determining, based on the derived profile of CODE-A, an appropriate computer account from among a plurality of computer accounts, under which CODE-A may be processed by the client computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable run under such account is processed, combining (i) information about the determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into combined code (“CODE-C”), and forwarding CODE-C to the client computer for processing. A system and a computer-readable storage medium are also described and claimed.

21 Citations

View as Search Results

36 Claims

1. A method for computer security, comprising:
- receiving content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  scanning CODE-A to derive a profile thereof;
  
  determining, based on the derived profile of CODE-A, an appropriate computer account from among the plurality of computer accounts, under which CODE-A may be processed by the client computer;
  
  combining (i) information about the determined computer account name and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ) into combined code (“
  
  CODE-C”
  
  ); and
  
  forwarding CODE-C to the client computer for processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising attaching a digital signature to CODE-C.
  - 3. The method of claim 1 wherein said determining is also based on at least one security rule applicable to the client computer.
  - 4. The method of claim 1 wherein said determining comprises:
    - identifying an appropriate security context; and
      
      identifying an appropriate computer account corresponding to the identified security context.
  - 5. The method of claim 1 wherein said determining accesses the plurality of computer accounts from a database of computer accounts.
  - 6. The method of claim 1 wherein said determining accesses the plurality of computer accounts from a Microsoft Active Directory of computer accounts.
  - 7. The method of claim 1 wherein said determining checks if the appropriate computer account exists on the client computer.
  - 8. The method of claim 7 wherein said determining replaces the appropriate computer account with a default computer account if the appropriate computer account does not exist on the client computer.
  - 9. The method of claim 1 wherein CODE-A is a member of the group consisting of JavaScript, VBScript, PerScript, Java applet, Active X, and a standalone executable.
  - 10. The method of claim 1 wherein CODE-B is a Windows Portable Executable.
  - 11. The method of claim 1 further comprising maintaining an activity log including an entry for each combined CODE-C generated by said combining.

12. A computer security system for a gateway computer, comprising:
- a receiver for receiving content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  a code profiler, coupled with said receiver, for scanning CODE-A and deriving a profile thereof;
  
  a security context generator, coupled with said code profiler, for determining, based on the profile of CODE-A derived by said profiler, an appropriate computer account from among the plurality of computer accounts, under which CODE-A may be processed by the client computer;
  
  a code packager, coupled with said security context generator, for packaging (i) information about the computer account determined by said security context generator and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ), into a combined code (“
  
  CODE-C”
  
  ); and
  
  a transmitter, coupled with said code packager, for forwarding CODE-C to the client computer for processing.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer security system of claim 12 further comprising a digital authenticator for attaching a digital signature to CODE-C.
  - 14. The computer security system of claim 12 wherein said security context generator also bases its determination on at least one security rule applicable to the client computer.
  - 15. The computer security system of claim 12 wherein said security context generator first identifies an appropriate security context, and then identifies an appropriate computer account for the identified security context.
  - 16. The computer security system of claim 12 further comprising a database for storing information about the plurality of computer accounts accessed by said context security generator.
  - 17. The computer security system of claim 12 wherein said context security generator accesses information about the plurality of computer accounts from a Microsoft Active Directory of computer accounts.
  - 18. The computer security system of claim 12 wherein CODE-A is a member of the group consisting of JavaScript, VBScript, PerScript, Java applet, Active X, and a standalone executable.
  - 19. The computer security system of claim 12 wherein CODE-B is a Windows Portable Executable.
  - 20. The computer security system of claim 12 further comprising a log manager for maintaining an activity log including an entry for each combined CODE-C generated by said code packager.

21. A computer-readable storage medium storing program code for causing at least one computing device to:
- receive content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  scan CODE-A to derive a profile thereof;
  
  determine, based on the derived profile of CODE-A, an appropriate computer account from among the plurality of computer accounts, under which CODE-A may be processed by the client computer;
  
  combine (i) information about the determined computer account name and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ) into combined code (“
  
  CODE-C”
  
  ); and
  
  forward CODE-C to the client computer for processing.

22. A method for computer security, comprising:
- downloading, by a computer, executable code (“
  
  CODE-C”
  
  ), where CODE-C includes (i) wrapper executable code (“
  
  CODE-B”
  
  ), (ii) potentially malicious executable code (“
  
  CODE-A”
  
  ), and (iii) information about a computer account for CODE-A, wherein the computer manages a plurality of computer accounts for logging in to the computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the computer under such account is processed; and
  
  processing, by the computer, CODE-B, comprising;
  
  extracting CODE-A from within CODE-C;
  
  extracting the information about the computer account for CODE-A from within CODE-C; and
  
  processing CODE-A within the security context associated with the computer account for CODE-A.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The method of claim 22 further comprising:
    - checking if the computer account for CODE-A exists on the computer; and
      
      replacing the computer account for CODE-A with a default computer account, if the computer account for CODE-A does not exist on the computer.
  - 24. The method of claim 22 wherein said processing CODE-A includes invoking a Windows function CreateProcessAsUser() with the computer account name as an input parameter.
  - 25. The method of claim 22 further comprising if CODE-A itself initiates executable code (“
    - CODE-D”
      
      ), then inserting CODE-D into CODE-C.
  - 26. The method of claim 22 further comprising:
    - if CODE-A itself initiates executable code (“
      
      CODE-D”
      
      ), thenscanning CODE-D to derive a profile thereof;
      
      determining, based on the derived profile of CODE-D, an appropriate computer account for CODE-D from among a plurality of computer accounts, under which CODE-D may be processed, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable is processed; and
      
      combining (i) information about the determined computer account name and (ii) CODE-D, with (iii) CODE-B into combined code (“
      
      Code E”
      
      ).
  - 27. The method of claim 22 wherein CODE-C is signed, the method further comprising authenticating the signature of CODE-C.

28. A computer security system, comprising:
- a receiver within a computer, for downloading executable code (“
  
  CODE-C”
  
  ), where CODE-C includes (i) wrapper executable code (“
  
  CODE-B”
  
  ), (ii) potentially malicious executable code (“
  
  CODE-A”
  
  ), and (iii) information about a computer account for CODE-A;
  
  an account manager within the computer, for managing a plurality of computer accounts for logging in to the computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the computer under such account is processed by a processor within the computer;
  
  a code extractor within the computer, coupled with said receiver, for extracting CODE-A from within CODE-C;
  
  a computer account extractor within the computer, coupled with said receiver, for extracting the information about the computer account name for CODE-A from within CODE-C; and
  
  a processor within the computer, coupled with said account manager, said code extractor and said computer account extractor, for processing CODE-A within the security context associated with the computer account for CODE-A.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The system of claim 28 wherein said computer account extractor checks if the computer account for CODE-A exists on the computer, and replaces the computer account for CODE-A with a default computer account if the computer account for CODE-A does not exist on the computer.
  - 30. The computer security system of claim 28 wherein said processor further comprises a code packager for inserting executable code (“
    - CODE-D”
      
      ) into CODE-C if CODE-A itself initiates such executable code.
  - 31. The computer security system of claim 28 wherein said processor further comprises:
    - a code profiler for scanning executable code (“
      
      CODE-D”
      
      ) and deriving a profile thereof;
      
      a security context generator for determining, based on the profile of CODE-D derived by said code profiler, an appropriate computer account from among a plurality of computer accounts, under which CODE-D may be processed, wherein each account of the plurality of computer accounts has associated therewith a security context within which an executable is processed; and
      
      a code packager for packaging (i) information about the computer account name determined by said security context generator and (ii) CODE-D, with (iii) executable wrapper code (“
      
      Code B”
      
      ), into a combined code (“
      
      CODE-E”
      
      ).
  - 32. The computer security system of claim 28 wherein CODE-C is signed, the system further comprising a code validator for validating the signature of CODE-C.

33. A computer-readable storage medium storing program code for causing at least one computing device to:
- download executable code (“
  
  CODE-C”
  
  ), where CODE-C includes (i) wrapper executable code (“
  
  CODE-B”
  
  ), (ii) potentially malicious executable code (“
  
  CODE-A”
  
  ), and (iii) information about a computer account for CODE-A, wherein the computer manages a plurality of computer accounts for logging in to the computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the computer under such account is processed; and
  
  process Code B, comprising;
  
  extracting CODE-A from within CODE-C;
  
  extracting the information about the computer account name for CODE-A from within CODE-C; and
  
  processing CODE-A within the security context associated with the computer account for CODE-A.

34. A method for computer security, comprising:
- receiving content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  receiving the name of a predetermined computer account from the plurality of computer accounts;
  
  scanning CODE-A to derive a profile thereof;
  
  combining (i) information about the predetermined computer account and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ) into combined code (“
  
  CODE-C”
  
  ); and
  
  forwarding CODE-C to the client computer for processing.

35. A computer security system for a gateway computer, comprising:
- a receiver for receiving content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  a code profiler, coupled with said receiver, for scanning CODE-A and deriving a profile thereof; and
  
  a code packager, coupled with said security context generator, for packaging (i) information about a predetermined computer account from the plurality of computer accounts, and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ), into a combined code (“
  
  CODE-C”
  
  ); and
  
  a transmitter, coupled with said code packager, for forwarding CODE-C to the client computer for processing.

36. A computer-readable storage medium storing program code for causing at least one computing device to:
- receive content including potentially malicious executable code (“
  
  CODE-A”
  
  ), intended for downloading at a client computer, wherein the client computer manages a plurality of computer accounts for logging in to the client computer, and wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable running on the client computer under such account is processed;
  
  receive the name of a predetermined computer account from the plurality of computer accountsscan CODE-A to derive a profile thereof;
  
  combine (i) information about the predetermined computer account name and (ii) CODE-A, with (iii) executable wrapper code (“
  
  CODE-B”
  
  ) into combined code (“
  
  CODE-C”
  
  ); and
  
  forward CODE-C to the client computer for processing.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan Software Limited (SoftBank Group Corp.)
Inventors
Ben-Itzhak, Yuval
Primary Examiner(s)
Revak; Christopher A
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US11/354,893
Publication Number

US 20070192857A1
Time in Patent Office

1,356 Days
Field of Search

713/150
US Class Current

713/150
CPC Class Codes

G06F 21/54 by adding security routines...

System and method for enforcing a security context on a downloadable

First Claim

5 Assignments

Litigations

1 Petition

Accused Products

Abstract

21 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

System and method for enforcing a security context on a downloadable

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others