The invention relates generally to computer based encryption and decryption systems and more particularly to computer based encryption and decryption systems having content analysis mechanisms such as computer virus detection.
Computer networks containing cryptographic systems offer secure transmission and receipt of electronic data including images or other information. Such systems are increasingly desirable in view of the transfer of electronic information including business documents and other information over local networks and global networks. Also, content analysis mechanisms, such as virus detection mechanisms are known which detect commonly known viruses on a computer, or viruses travelling through or over networks. However, typical content analysis systems, such as virus detection mechanisms, can not generally operate properly on encrypted documents since the content analysis tools typically must be applied to clear text files, for example virus detection programs are not generally designed to decrypt encrypted information. Consequently, where a user has a virus detection mechanism such as a software application on a computer and also has encrypted documents on the computer, a virus may go undetected and become a latent destruction source when the document is decrypted and opened.
For example, typical virus detection programs will search a computer""s hard drive or network server and only detect viruses in fully decoded information packets such as e-mail files and other files. Encrypted documents however cannot generally be analyzed to determine whether a virus is contained within the encrypted content. Hence a user may receive a notification by the virus detection system that no viruses have been detected when in fact viruses are still present in encrypted documents and are unleashed upon launching of the program through a decryption system.
Also, some networks are arranged to have a perimeter or firewall which may be a server through which all electronic information is first passed before being transferred to other networked computers within the perimeter to provide additional security. Such systems offer controlled screening of unwanted information through a common point prior to dissemination to other computers within a network. Some of these fire-walled or perimeter based computer network systems are known to have virus detection at the perimeter. However such perimeter control systems do not typically detect viruses or other specified content in encrypted documents being passed through the perimeter. Hence, a virus may be embedded in the encrypted information and may be allowed to infect the computers within the perimeter when the information is opened (decrypted). The encrypted information may also contain other undesired content which the perimeter control system is designed to filter out, but the analysis required to carry out such filtering is not possible when the information to be analyzed is encrypted.
Consequently, there exists a need for a computer based encryption and decryption system that provides content analysis, such as detection of a computer virus in encrypted information. Such a system should facilitate content inspection to provide a real-time communication of unauthorized content in encrypted files.