专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20100064340A1 SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO DATA THROUGH APPLICATION VIRTUALIZATION LAYERS 有权
标题翻译：通过应用虚拟化层控制访问数据的系统和方法
公开(公告)号：US20100064340A1
公开(公告)日：2010-03-11
申请号：US12147700
申请日：2008-06-27
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： G06F21/00
CPC分类号： H04L63/102 , G06F21/6218 , H04L63/16
摘要： A computer-implemented method for controlling access to data is. A request to access data is received. A determination is made that an access-control policy of the data is satisfied. A virtualization layer is activated to allow access to the data after determining that the access-control policy is satisfied. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于控制对数据访问的计算机实现的方法是。接收到访问数据的请求。确定满足数据的访问控制策略。在确定访问控制策略被满足之后，虚拟化层被激活以允许访问数据。还公开了各种其它方法，系统和计算机可读介质。

32. 发明授权

US07647622B1 Dynamic security policy through use of empirical security events 有权
标题翻译：通过使用实证安全事件的动态安全策略
公开(公告)号：US07647622B1
公开(公告)日：2010-01-12
申请号：US11112192
申请日：2005-04-22
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06F17/00 , G06F12/14 , G06F15/16 , H04L9/00 , H04L12/22 , H04L29/00
CPC分类号： H04L63/1425 , H04L63/20
摘要： Risk events occurring on a computer system are logged over time and a risk profile is dynamically generated and updated based on the logged risk events. In one embodiment, a security policy is dynamically set and updated based on the risk profile.
摘要翻译：随着时间的推移，计算机系统上发生的风险事件将被记录，并根据记录的风险事件动态生成和更新风险配置文件。在一个实施例中，基于风险简档动态地设置和更新安全策略。

33. 发明授权

US07571485B1 Use of database schema for fraud prevention and policy compliance 有权
标题翻译：使用数据库模式进行欺诈预防和策略合规
公开(公告)号：US07571485B1
公开(公告)日：2009-08-04
申请号：US11094648
申请日：2005-03-30
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： G06F7/04
CPC分类号： H04L63/1441 , G06F21/554 , G06F2221/2119 , H04L63/1483
摘要： A network traffic manager detects an attempt by a computer to communicate with a remote site over a computer network. The network traffic manager queries a database containing descriptions of known legitimate sites for an entry describing the remote site, and determines whether the remote site is to be treated as suspicious or legitimate. If there is no entry describing the site in the database, the network traffic manager treats the site as suspicious. If there is an entry describing the remote site, the network traffic manager compares the entry to the site itself, to determine whether the site conforms to the database description. If it does not so conform, the site is treated as suspicious. If the site does conform to its description, it is considered legitimate. In some embodiments, additional tests are performed.
摘要翻译：网络流量管理器检测计算机尝试通过计算机网络与远程站点进行通信。网络流量管理器查询包含描述远程站点的条目的已知合法站点描述的数据库，并确定该远程站点是否被视为可疑或合法的。如果没有描述数据库中的站点的条目，则网络流量管理器将站点视为可疑。如果存在描述远程站点的条目，则网络流量管理器将该条目与站点本身进行比较，以确定站点是否符合数据库描述。如果不符合要求，该网站被视为可疑。如果网站符合其描述，则认为是合法的。在一些实施例中，执行附加测试。

34. 发明授权

US08977842B1 Hypervisor enabled secure inter-container communications 有权
标题翻译：管理程序启用安全的集装箱间通信
公开(公告)号：US08977842B1
公开(公告)日：2015-03-10
申请号：US12701399
申请日：2010-02-05
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L63/0428 , G06F21/53 , G06F21/57 , G06F21/602 , H04L9/0816
摘要： A secure component communication management system provides secure, trusted communication between components in a hypervisor based virtual computing environment. A hypervisor security extension generates a container level private key/public key pair. The hypervisor security extension container injects the container level public key into one or more VM(s) that are to securely receive trustworthy data. The hypervisor security extension container encrypts data to transmit to VMs with the container level private key, and injects the encrypted data into one or more target VM(s), such that the injected data is trusted by the VM(s). The one or more VM(s) receive the container level public key and data encrypted with the container level private key, injected by the hypervisor security extension container. These VM(s) use the public key to decrypt injected data encrypted with the private key, such that the decrypted data is trusted.
摘要翻译：安全组件通信管理系统在基于虚拟机管理程序的虚拟计算环境中的组件之间提供安全的可信任的通信。管理程序安全扩展生成容器级私钥/公钥对。虚拟机管理程序安全扩展容器将容器级公钥注入一个或多个要安全地接收可靠数据的VM。虚拟机管理程序安全扩展容器加密数据以使用容器级私有密钥发送到VM，并将加密的数据注入到一个或多个目标VM中，使得注入的数据被VM信任。一个或多个VM接收容器级公钥和使用由管理程序安全扩展容器注入的容器级别私钥加密的数据。这些VM使用公钥来解密用私钥加密的注入数据，使得解密的数据被信任。

35. 发明授权

US08856921B1 Threat emergence date scan optimization to avoid unnecessary loading of scan engines 有权
标题翻译：威胁出现日期扫描优化，以避免不必要的加载扫描引擎
公开(公告)号：US08856921B1
公开(公告)日：2014-10-07
申请号：US11864768
申请日：2007-09-28
申请人： Bruce McCorkendale , William E. Sobel , Mark Spiegel , Shaun Cooley
发明人： Bruce McCorkendale , William E. Sobel , Mark Spiegel , Shaun Cooley
IPC分类号： G06F11/00
CPC分类号： G06F21/564
摘要： Threat emergence dates as well as file modification and scanning history are tracked to determine which files need to be scanned for possible infection by various attacking agents. Information concerning which scan engines are used to scan for the presence of different attacking agents is also tracked. Where given files only need to be scanned for a subset of all possible threats and the relevant scanning code resides in only a subset of all the scan engines, only the required scan engines are initialized, loaded or called in order to scan those files.
摘要翻译：跟踪威胁出现日期以及文件修改和扫描历史，以确定哪些文件需要被各种攻击代理人可能的感染扫描。还跟踪了哪些扫描引擎用于扫描不同攻击剂的存在的信息。在给定文件只需要扫描所有可能的威胁的一个子集的情况下，相关扫描代码仅驻留在所有扫描引擎的一个子集中，只有所需的扫描引擎被初始化，加载或调用才能扫描这些文件。

36. 发明申请

US20140068273A1 Secure App Ecosystem with Key and Data Exchange According to Enterprise Information Control Policy 有权
标题翻译：根据企业信息控制政策，实现关键和数据交换的安全应用生态系统
公开(公告)号：US20140068273A1
公开(公告)日：2014-03-06
申请号：US13598248
申请日：2012-08-29
申请人： William E. Sobel , Thomas Jeffrey Enderwick , Bruce McCorkendale
发明人： William E. Sobel , Thomas Jeffrey Enderwick , Bruce McCorkendale
IPC分类号： G06F21/24
CPC分类号： G06F21/606 , G06F17/30238 , G06F21/604 , H04L63/0428 , H04L63/20
摘要： Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.
摘要翻译：计算机上生态系统的多个应用程序根据企业的信息控制策略安全地交换加密数据，而不允许从生态系统外面进行未经授权的访问。生态系统代理创建一个生态系统目录，其中包含有关生态系统中每个特定应用程序（包括生态系统代理）的策略信息和标识信息。每个生态系统应用程序都会生成一个非对称密钥对，其公钥仅通过目录与生态系统中的应用共享。生态系统代理的私钥用于加密目录。通过使用适当的生态系统应用程序密钥加密和解密消息和数据对象，可以在生态系统中的应用程序之间安全地传送数据。生态系统中的每个具体应用都符合企业信息控制政策。生态系统应用程序可以从目录中读取策略，并从企业接收策略更新。

37. 发明授权

US08645923B1 Enforcing expected control flow in program execution 有权
标题翻译：在程序执行中执行预期的控制流程
公开(公告)号：US08645923B1
公开(公告)日：2014-02-04
申请号：US12263362
申请日：2008-10-31
申请人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
发明人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
IPC分类号： G06F9/45
CPC分类号： G06F9/44589 , G06F21/52
摘要： When a program is loaded for execution, all code pages of the program except the one containing the entry point are set to be non-executable. When the executing program attempts to jump between code pages, an exception is thrown. Responsive to such an exception, a control flow graph of the program is examined, to determine if the attempted jump between code pages is expected. If the attempted jump is not expected, it is determined that the program is attempting a malicious activity. If the attempted jump is expected, the code page to which the program is attempting to jump is set to be executable, and control is returned to the program such that the jump executes.
摘要翻译：当程序加载执行时，除了包含入口点的程序之外，程序的所有代码页都被设置为不可执行。当执行程序尝试在代码页之间跳转时，抛出异常。响应于这种异常，检查程序的控制流程图，以确定是否期望在代码页之间尝试跳转。如果不希望尝试跳转，则确定程序正在尝试恶意活动。如果尝试跳转，程序尝试跳转的代码页被设置为可执行，并且控制返回到程序，使得跳转执行。

38. 发明授权

US08429734B2 Method for detecting DNS redirects or fraudulent local certificates for SSL sites in pharming/phishing schemes by remote validation and using a credential manager and recorded certificate attributes 有权
标题翻译：通过远程验证和使用凭证管理器和记录的证书属性来检测PHP /网络钓鱼方案中的SSL站点的DNS重定向或欺诈性本地证书的方法
公开(公告)号：US08429734B2
公开(公告)日：2013-04-23
申请号：US11831843
申请日：2007-07-31
申请人： Paul Agbabian , William E. Sobel , Bruce McCorkendale
发明人： Paul Agbabian , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , H04L63/0823 , H04L63/166
摘要： Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site.
摘要翻译：与接收到的证书（例如安全套接字层（SSL））证书相关联的证书信息被存储在受信任的本地高速缓存和/或一个或多个远程可信源中，诸如单个远程可信源和/或可信对等网络。当在主机系统上接收到站点证书时，获得与接收到的站点证书相关联的证书信息，并将其与存储的证书信息进行比较，以确定站点证书是否指示恶意活动，例如恶意DNS重定向或欺诈本地证书。当找不到指示恶意活动的站点证书时，将发布站点证书。或者，当发现指示恶意行为的现场证书时，采取保护措施。在一些实施例中，从受信任的本地高速缓存自动地获得用户的登录凭证并自动提交给网站。

39. 发明授权

US08413146B1 Hypervisor assisted single instance data access by multiple virtual machines 有权
标题翻译：虚拟机管理程序辅助多个虚拟机的单一实例数据访问
公开(公告)号：US08413146B1
公开(公告)日：2013-04-02
申请号：US12940835
申请日：2010-11-05
申请人： Bruce McCorkendale , David Buches , William E. Sobel
发明人： Bruce McCorkendale , David Buches , William E. Sobel
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F2009/45575 , G06F2009/45579 , G06F2009/45583
摘要： A data instance to be shared by multiple virtual machines is stored at a hypervisor level. A file system driver is provided to each virtual machine. Each virtual machine mounts a file system backed by the data instance, and thus has read access to the data through its mounted file system. A virtual machine is suspended. A copy of the data instance is saved as part of the stored image of the suspended virtual machine. The suspended virtual machine is subsequently restored from the stored image, and the copy of the data instance is present in the restored virtual machine. The copy of the data instance is detected at a hypervisor level, and the restored virtual machine is provided with read access to the data instance through its mounted filed system.
摘要翻译：要由多个虚拟机共享的数据实例存储在管理程序级别。文件系统驱动程序提供给每个虚拟机。每个虚拟机安装由数据实例支持的文件系统，从而通过其安装的文件系统读取对数据的访问。虚拟机被暂停。数据实例的副本将作为已暂停虚拟机的存储映像的一部分进行保存。被暂停的虚拟机随后从存储的映像还原，并且数据实例的副本存在于还原的虚拟机中。在虚拟机管理程序级别检测数据实例的副本，并通过其安装的现场系统向恢复的虚拟机提供对数据实例的读取访问。

40. 发明授权

US07818809B1 Confidential data protection through usage scoping 有权
标题翻译：机密数据保护通过使用范围
公开(公告)号：US07818809B1
公开(公告)日：2010-10-19
申请号：US10958477
申请日：2004-10-05
申请人： William E. Sobel , Bruce McCorkendale , Richard Willey
发明人： William E. Sobel , Bruce McCorkendale , Richard Willey
IPC分类号： G06F7/04 , G06Q30/00 , G06F21/00 , G06F15/173
CPC分类号： G06Q30/00 , G06F21/6218 , G06F2221/2113 , G06Q30/0633
摘要： Methods, apparatuses, and computer-readable media for protecting confidential data on a network. An embodiment of the inventive method comprises the steps of: monitoring 110 data directed to a website; identifying 120 a data string having at least one confidential characteristic; categorizing the data string with a categorization level; examining 140 the website for at least one characteristic consistent with confidential data; creating 155 a website characteristic profile; comparing 170 the website characteristic profile with the data string's categorization level for compatibility; and determining 180 whether the data string can be communicated to the website.
摘要翻译：用于保护网络上机密数据的方法，装置和计算机可读介质。本发明方法的一个实施例包括以下步骤：监视指向网站的110个数据; 识别120具有至少一个机密特征的数据串; 将数据串与分类级别进行分类; 检查140个网站至少一个与机密数据一致的特征; 创建155个网站特色档案; 将网站特征配置文件与数据字符串的分类级别进行比较，以实现兼容性; 并确定180是否可以将数据串传送到网站。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式