专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08856921B1 Threat emergence date scan optimization to avoid unnecessary loading of scan engines 有权
标题翻译：威胁出现日期扫描优化，以避免不必要的加载扫描引擎
公开(公告)号：US08856921B1
公开(公告)日：2014-10-07
申请号：US11864768
申请日：2007-09-28
申请人： Bruce McCorkendale , William E. Sobel , Mark Spiegel , Shaun Cooley
发明人： Bruce McCorkendale , William E. Sobel , Mark Spiegel , Shaun Cooley
IPC分类号： G06F11/00
CPC分类号： G06F21/564
摘要： Threat emergence dates as well as file modification and scanning history are tracked to determine which files need to be scanned for possible infection by various attacking agents. Information concerning which scan engines are used to scan for the presence of different attacking agents is also tracked. Where given files only need to be scanned for a subset of all possible threats and the relevant scanning code resides in only a subset of all the scan engines, only the required scan engines are initialized, loaded or called in order to scan those files.
摘要翻译：跟踪威胁出现日期以及文件修改和扫描历史，以确定哪些文件需要被各种攻击代理人可能的感染扫描。还跟踪了哪些扫描引擎用于扫描不同攻击剂的存在的信息。在给定文件只需要扫描所有可能的威胁的一个子集的情况下，相关扫描代码仅驻留在所有扫描引擎的一个子集中，只有所需的扫描引擎被初始化，加载或调用才能扫描这些文件。

2. 发明授权

US07730533B1 Cache hint correction for security scanning 有权
标题翻译：缓存提示校正安全扫描
公开(公告)号：US07730533B1
公开(公告)日：2010-06-01
申请号：US11282539
申请日：2005-11-18
申请人： William E. Sobel , Mark Spiegel , Bruce McCorkendale
发明人： William E. Sobel , Mark Spiegel , Bruce McCorkendale
IPC分类号： G06F11/30 , G06F11/00
CPC分类号： G06F21/562
摘要： A computer includes a filter module providing a standardized interface for intercepting file access requests. The computer also includes a cache manager that manages the caching mode used with the requests. An application on the computer issues a file access request and explicitly or implicitly specifies a cache hint informing the cache manager of a desired caching mode. A security scanner module scans files on the computer for malicious software. The security scanner module intercepts a file access request and alters the caching mode, if necessary, to one optimized for security scanning. The security scanner module performs the file scan using the optimal caching mode, and, if necessary, resets the caching mode to its original state.
摘要翻译：计算机包括提供用于拦截文件访问请求的标准化接口的过滤器模块。计算机还包括管理与请求一起使用的缓存模式的缓存管理器。计算机上的应用程序发出文件访问请求，并显式或隐式地指定缓存提示，通知缓存管理器所需的缓存模式。安全扫描器模块扫描计算机上的文件以获取恶意软件。安全扫描器模块拦截文件访问请求，如果需要，将其改变为针对安全扫描进行优化的缓存模式。安全扫描器模块使用最佳缓存模式执行文件扫描，如有必要，将缓存模式重置为原始状态。

3. 发明授权

US09450960B1 Virtual machine file system restriction system and method 有权
标题翻译：虚拟机文件系统限制系统及方法
公开(公告)号：US09450960B1
公开(公告)日：2016-09-20
申请号：US12265157
申请日：2008-11-05
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , G06F21/53 , G06F21/568 , G06F21/6218 , H04L63/102 , H04L63/1416
摘要： A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
摘要翻译：一种方法包括创建包括远程文件系统，文件系统服务和安全应用程序的虚拟机。在未知的恶意代码爆发时，访问远程文件系统受到安全应用程序的限制。对威胁的了解越多，对文件系统的限制越准确，从而将对文件系统的用户的影响降到绝对最小。

4. 发明授权

US08706745B1 Systems and methods for determining a file set 有权
标题翻译：用于确定文件集的系统和方法
公开(公告)号：US08706745B1
公开(公告)日：2014-04-22
申请号：US12130839
申请日：2008-05-30
申请人： Shaun Cooley , William E. Sobel , Bruce McCorkendale
发明人： Shaun Cooley , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F21/564
摘要： A computer-implemented method for determining a file set may include identifying a file set and identifying a key file for the file set. The method may also include transmitting a key-file identifier to a second computing system. A first computing system may receive first and second file identifiers from a second computing system. The first computing system may determine whether the file set comprises a file identified by the first file identifier, and whether the file set comprises a file identified by the second file identifier. The method also includes transmitting a result of the determination to the second computing system. A method for determining a file set on a second computing device is also disclosed. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于确定文件集的计算机实现的方法可以包括识别文件集并且识别文件集的密钥文件。该方法还可以包括将密钥文件标识符发送到第二计算系统。第一计算系统可以从第二计算系统接收第一和第二文件标识符。第一计算系统可以确定文件集是否包括由第一文件标识符标识的文件，以及文件集是否包括由第二文件标识符标识的文件。该方法还包括将确定的结果发送给第二计算系统。还公开了一种用于确定在第二计算设备上的文件集的方法。还公开了相应的系统和计算机可读介质。

5. 发明授权

US08578006B2 Enabling selective policy driven propagation of configuration elements between and among a host and a plurality of guests 有权
标题翻译：启用主机和多个客户端之间的配置元素的选择性策略驱动的传播
公开(公告)号：US08578006B2
公开(公告)日：2013-11-05
申请号：US13074850
申请日：2011-03-29
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06F15/173
CPC分类号： G06F9/44505
摘要： Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest.
摘要翻译：基于策略，配置元素在主机和多个客户端之间选择性地传播。监控主机和客户端的配置元素。检测到对受监视的配置元素进行的更改。根据策略确定是否在操作系统环境之间传播已更改的配置元素。响应于诸如源的身份和/或分类或类型，属性，内容和/或身份的因素，可以确定将更改的配置元素从源传播到一个或多个目的地的更改的配置元素。检测到新客人的创建。作为响应，来自至少一个源的至少一个配置元素被自动传播到新创建的访客。

6. 发明授权

US08434073B1 Systems and methods for preventing exploitation of byte sequences that violate compiler-generated alignment 有权
标题翻译：防止使用违反编译器生成的对齐方式的字节序列的系统和方法
公开(公告)号：US08434073B1
公开(公告)日：2013-04-30
申请号：US12263739
申请日：2008-11-03
申请人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
发明人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
IPC分类号： G06F9/44 , G06F9/45 , G06F9/445 , G06F12/00 , G06F12/14
CPC分类号： G06F21/54
摘要： An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于防止违反编译器生成的指令对准的字节序列的示例性方法可以包括：1）识别过程的实例化，2）识别与该过程相关联的地址空间，3）在与该过程相关联的地址空间内识别，至少一个控制传输指令，4）确定控制传输指令之前的至少一个字节能够导致不对齐指令，然后5）防止执行控制传输指令。在一个示例中，系统可以通过插入钩来代替执行预期指令的预期指令来防止控制传输指令被执行，然后将控制流程返回到实例化的进程。还公开了相应的系统和计算机可读介质。

7. 发明授权

US08281363B1 Methods and systems for enforcing network access control in a virtual environment 有权
标题翻译：在虚拟环境中执行网络访问控制的方法和系统
公开(公告)号：US08281363B1
公开(公告)日：2012-10-02
申请号：US12059725
申请日：2008-03-31
申请人： Brian Hernacki , Bruce McCorkendale , William E. Sobel
发明人： Brian Hernacki , Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06
CPC分类号： H04L29/08846 , G06F2009/45595 , H04L61/2038
摘要： A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要翻译：计算机实现的方法可以包括接收访问网络的请求。请求可以从虚拟机发送。该方法还可以包括向网络访问控制模块代理请求，从网络访问控制模块接收响应，以及将响应发送到虚拟机。向网络访问控制模块代理请求可以包括为虚拟机分配虚拟标识符。代理请求还可以包括创建临时接口。临时接口可以被编程为从网络访问控制模块接收响应并将响应发送到虚拟机。本文还公开了各种其它方法，系统和计算机可读介质。

8. 发明授权

US08171256B1 Systems and methods for preventing subversion of address space layout randomization (ASLR) 有权
标题翻译：防止地址空间布局随机化（ASLR）颠覆的系统和方法
公开(公告)号：US08171256B1
公开(公告)日：2012-05-01
申请号：US12340968
申请日：2008-12-22
申请人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
发明人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F12/00 , G06F11/00 , G06F12/14 , G06F12/16
CPC分类号： G06F21/52
摘要： A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
摘要翻译：描述了一种用于防止计算设备中的地址空间布局随机化（ASLR）的颠覆的方法。试图加载到计算设备的存储器的地址空间中的未验证的模块被截取。分析与未验证模块相关联的属性。基于分析的属性确定是否存在将未验证的模块加载到超过阈值的多个地址空间的概率。如果未验证的模块将被加载到超过阈值的多个地址空间的概率存在，则未经验证的模块被阻止加载到地址空间中。

9. 发明授权

US08001049B2 Data submission for anti-fraud context evaluation 有权
标题翻译：数据提交反欺诈情境评估
公开(公告)号：US08001049B2
公开(公告)日：2011-08-16
申请号：US11860686
申请日：2007-09-25
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06Q40/00
CPC分类号： G06Q20/403 , G06Q20/04 , G06Q20/40 , G06Q40/12
摘要： Contextual data is gathered about a user's known location and/or about a user's expected location and generates contextual indicators based on at least a portion of the gathered contextual data. The contextual indicators are provided to one or more relying parties, such as an anti-fraud system to allow the anti-fraud system to more effectively determine the validity of transactions associated with the user, such as credit card transactions associated with the user's credit card.
摘要翻译：收集关于用户的已知位置和/或关于用户的预期位置的上下文数据，并且基于所收集的上下文数据的至少一部分来生成上下文指示符。上下文指标被提供给一个或多个依赖方，例如反欺诈系统，以允许反欺诈系统更有效地确定与用户相关联的交易的有效性，诸如与用户的信用卡相关联的信用卡交易。

10. 发明授权

US07827607B2 Enhanced client compliancy using database of security sensor data 有权
标题翻译：使用安全传感器数据的数据库增强客户端符合性
公开(公告)号：US07827607B2
公开(公告)日：2010-11-02
申请号：US11271656
申请日：2005-11-09
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06F21/00
CPC分类号： H04L63/20 , H04L63/105 , H04L63/1433 , H04L63/1441
摘要： Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.
摘要翻译：来自入侵检测系统（IDS）传感器，脆弱性评估（VA）传感器和/或其他安全传感器的安全传感器数据用于增强客户端符合性系统中的合规性确定。数据库用于存储安全传感器数据。在一个特定实施例中，由IDS，VA和/或其他安全感测技术组合的对应标识符（例如，IP / MAC地址）索引的设备合规性状态列表可用作用于查询的不合规数据库，使得客户端和其他合规认证元素可以告诉某个客户端似乎不合规。启用了客户端自我监管合规性系统，并且可以与自动化端点合规策略配置结合使用，以减少系统管理员的负担。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式