专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

US20150332046A1 OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR 审中-公开
标题翻译：双重指导管病毒合作者的操作
公开(公告)号：US20150332046A1
公开(公告)日：2015-11-19
申请号：US14810870
申请日：2015-07-28
申请人： Fortinet, Inc.
发明人： Xu Zhou , Lin Huang , Michael Xie
IPC分类号： G06F21/56
CPC分类号： G06F21/561 , G06F9/3867 , G06F9/3885 , G06F21/55 , G06F21/56 , G06F21/564 , G06F21/568 , G06F21/755 , G06F2221/031 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1433
摘要： Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory.
摘要翻译：电路和方法被提供用于检测，识别和/或去除不需要的内容。根据一个实施例，待病毒处理的内容对象由通用处理器存储到系统存储器。内容对象的病毒扫描参数由通用处理器设置。基于病毒扫描参数的病毒协处理器读取来自病毒协处理器的病毒签名存储器的指令。指令包含第一指令类型的操作码和第二指令类型的操作码。将包含第一指令类型的操作码的指令分配给病毒协处理器的多个指令管道的第一指令管道，以执行。由第一指令管道执行包含第一指令类型的操作码的分配指令的指令，包括从系统存储器访问内容对象的一部分。

52. 发明授权

US09177154B2 Remediation of computer security vulnerabilities 有权
标题翻译：修复计算机安全漏洞
公开(公告)号：US09177154B2
公开(公告)日：2015-11-03
申请号：US13879533
申请日：2011-10-17
申请人： Todd Wolff
发明人： Todd Wolff
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F21/57 , G06F21/56 , H04L29/06
CPC分类号： G06F21/577 , G06F21/568 , G06F2221/034 , H04L63/20
摘要： A computer security vulnerability remediation system (CSVRS) is disclosed, including a CSVRS client communicatively coupled to a remediation server through a network. The CSVRS client includes software having a security vulnerability, which vulnerability may be known to malicious actors who develop an exploit. In some cases, the exploit is a “zero-day exploit,” meaning the vulnerability may not be known to the CSVRS client until the exploit is deployed. A RSP receives information about the exploit and vulnerability from a team of remediation experts. The RSP may prepare a remedial exploit, which carries a self-healing pay load. The remedial exploit may be delivered either through the vulnerability itself, or through credentials granted by the CSVRS client to the RSP. The self-healing pay-load takes appropriate action, such as closing ports or disabling scripts, to prevent the vulnerability from being further exploited.
摘要翻译：公开了一种计算机安全漏洞修复系统（CSVRS），包括通过网络通信地耦合到修复服务器的CSVRS客户机。 CSVRS客户端包括具有安全漏洞的软件，该漏洞可能是开发漏洞的恶意行为者所知道的。在某些情况下，漏洞利用是“零日漏洞”，这意味着在部署漏洞之前，CSVRS客户端可能不知道该漏洞。 RSP从一个补救专家小组收到关于利用和脆弱性的信息。 RSP可以准备一个补救漏洞，其中包含自我修复的负担。可以通过漏洞本身或通过CSVRS客户端向RSP授予的凭证提供补救性利用。自愈付费负载采取适当的措施，例如关闭端口或禁用脚本，以防止漏洞进一步利用。

53. 发明申请

US20150269381A1 EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM 审中-公开
标题翻译：病毒加工系统中的有效数据传输
公开(公告)号：US20150269381A1
公开(公告)日：2015-09-24
申请号：US14734488
申请日：2015-06-09
申请人： FORTINET, INC.
发明人： Xu Zhou , Lin Huang , Michael Xie
IPC分类号： G06F21/56
CPC分类号： G06F21/568 , G06F12/1009 , G06F21/562 , G06F21/564 , G06F21/565 , G06F21/567 , G06F2212/1052 , G06F2212/152 , G06F2212/657
摘要： Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the memory using one or more virtual addresses and indicating to the hardware accelerator that the content object is available for processing. Responsive thereto, the hardware accelerator: (i) translates the virtual addresses to corresponding physical addresses based on the page directory and the page table; (ii) accesses the scanning parameters based on the physical addresses; (iii) scans the content object for viruses by applying multiple virus signatures; and (iv) returns a result of the scanning to the processor.
摘要翻译：电路和方法被提供用于检测，识别和/或去除不需要的内容。根据一个实施例，处理器维护页面目录和在系统存储器内的包含用于将虚拟地址转换为物理地址的信息的页表。通过使用一个或多个虚拟地址将包括内容对象和内容对象的类型的扫描参数存储到存储器中，将内容对象的病毒处理卸载到耦合到处理器的硬件加速器，并向硬件加速器指示内容对象可用于处理。响应于此，硬件加速器：（i）基于页目录和页表将虚拟地址转换为相应的物理地址; （ii）基于物理地址访问扫描参数; （iii）通过应用多个病毒签名对内容对象进行病毒扫描; 和（iv）将扫描结果返回给处理器。

54. 发明申请

US20150268947A1 Integrity Assurance and Rebootless Updating During Runtime 审中-公开
标题翻译：运行期间的完整性保证和无启动更新
公开(公告)号：US20150268947A1
公开(公告)日：2015-09-24
申请号：US14220362
申请日：2014-03-20
申请人： CrowdStrike, Inc.
发明人： Ion-Alexandru Ionescu
IPC分类号： G06F9/445 , H04L12/26 , H04L29/08
CPC分类号： G06F8/656 , G06F21/566 , G06F21/568 , H04L67/34
摘要： Techniques are described herein for, without rebooting a computing device, unloading at least a component of a kernel-mode component of the computing device and loading an updated version of the component of the kernel-mode component. The techniques may be performed by an integrity manager associated with the kernel-mode component. The integrity manager may also determine integrity of the kernel-mode component by causing the kernel-mode component to perform an action associated with a known reaction, determining whether the known reaction occurred, and in response, performing a remediation action or notifying a remote security service. Further, the integrity manager may determine whether any computing device lists include representations of components or connections associated with the kernel-mode component. The integrity manager may then remove the representations from the lists or remove the representations from responses to requests for contents of the computing device lists.
摘要翻译：这里描述了技术，而不重新启动计算设备，卸载计算设备的内核模式组件的至少一个组件并加载内核模式组件的组件的更新版本。这些技术可以由与内核模式组件相关联的完整性管理器执行。完整性管理器还可以通过使内核模式组件执行与已知反应相关联的动作，确定是否发生已知的反应，并作为响应执行修复动作或通知远程安全性来确定内核模式组件的完整性服务。此外，完整性管理器可以确定任何计算设备列表是否包括与内核模式组件相关联的组件或连接的表示。然后，完整性管理器可以从列表中移除表示，或者从对计算设备列表的内容的请求的响应中移除表示。

55. 发明申请

US20150195298A1 Identification of Infected Devices in Broadband Environments 有权
标题翻译：识别宽带环境中感染的设备
公开(公告)号：US20150195298A1
公开(公告)日：2015-07-09
申请号：US14663087
申请日：2015-03-19
申请人： CenturyLink Intellectual Property LLC
发明人： Michael Glenn , Donald J. Smith , John Butala
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , G06F21/55 , G06F21/552 , G06F21/56 , G06F21/561 , G06F21/562 , G06F21/564 , G06F21/566 , G06F21/568 , H04L63/0227 , H04L63/0272 , H04L63/0281 , H04L63/14 , H04L63/1441 , H04L63/20
摘要： Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware.
摘要翻译：用于在订户的内部网络上检测和/或处理恶意软件的新型解决方案。这样的解决方案可以包括但不限于可以检测和/或使得能够检测用户网络内的各个订户设备上的恶意软件感染的工具和技术。在特定实施例中，例如，一个驻地网关或该用户的驻地网络上的其他设备被配置成分析通过该住宅网关行进的分组，并且基于该分析识别被恶意软件感染的一个或多个订户设备。

56. 发明授权

US09043916B1 Security content injection 有权
标题翻译：安全内容注入
公开(公告)号：US09043916B1
公开(公告)日：2015-05-26
申请号：US14140920
申请日：2013-12-26
申请人： Juniper Networks, Inc.
发明人： Bryan Burns , Alexander S. Waterman
IPC分类号： G06F12/14 , H04L29/06
CPC分类号： H04L63/145 , G06F21/54 , G06F21/568 , H04L63/1416
摘要： A computing device may receive content from a content source. The content may include software code that is executable by a web browser, and may be directed to another computing device. The computing device may inject security content into the content. The security content may include software instructions to enable the web browser to detect malicious software content within the content. The computing device may communicate the content to the other computing device.
摘要翻译：计算设备可以从内容源接收内容。内容可以包括可由web浏览器执行的软件代码，并且可以被引导到另一个计算设备。计算设备可以将安全内容注入到内容中。安全内容可以包括使得web浏览器能够检测内容内的恶意软件内容的软件指令。计算设备可以将内容传送到另一计算设备。

57. 发明授权

US09032523B2 Rollback feature 有权
标题翻译：回滚功能
公开(公告)号：US09032523B2
公开(公告)日：2015-05-12
申请号：US14027895
申请日：2013-09-16
申请人： McAfee, Inc.
发明人： Prabhat Kumar Singh , Nitin Jyoti , Gangadharasa Srinivasa
IPC分类号： H04L29/06 , G06F21/56 , G06F17/30
CPC分类号： G06F21/565 , G06F11/1417 , G06F11/1446 , G06F11/1451 , G06F17/30109 , G06F17/30117 , G06F21/56 , G06F21/562 , G06F21/568 , G06F2201/84 , G06F2221/034 , H04L63/1416 , H04L63/1441 , H04L67/10
摘要： A file stored in a first portion of a computer memory of a computer is determined to be a malicious file. A duplicate of the file is stored in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory. One or more protection processes are performed on the file. The determination that the file is a malicious file is determined to be a false positive and the file is restored, during a boot sequence, to a state prior to the one or more protection processes being performed on the file.
摘要翻译：存储在计算机的计算机存储器的第一部分中的文件被确定为恶意文件。文件的副本存储在计算机存储器的隔离区域中，隔离区位于与计算机存储器的第一部分不同的计算机存储器的第二部分中。在文件上执行一个或多个保护过程。确定文件是恶意文件的确定被确定为假阳性，并且在引导顺序期间将文件恢复到对文件执行一个或多个保护处理之前的状态。

58. 发明授权

US09021590B2 Spyware detection mechanism 有权
标题翻译：间谍软件检测机制
公开(公告)号：US09021590B2
公开(公告)日：2015-04-28
申请号：US11680136
申请日：2007-02-28
申请人： Cormac E. Herley , Brian W. Keogh , Aaron Michael Hulett , Adrian M. Marinescu , Jeffrey S. Williams , Stanislav Nurilov
发明人： Cormac E. Herley , Brian W. Keogh , Aaron Michael Hulett , Adrian M. Marinescu , Jeffrey S. Williams , Stanislav Nurilov
IPC分类号： G06F21/00 , G06F21/56
CPC分类号： G06F21/565 , G06F21/564 , G06F21/568
摘要： A system and method that facilitates and effectuates detection of malware secreted and/or hidden in plain sight on a machine. The system and method in order to achieve its aims generates a list of all loaded modules, identifies from the list a set of modules common to more than a threshold number of processes, and eliminates from the list those modules included in an authentication list. The resultant list is prioritized based, in one instance, on the number of occurrences a particular module makes in the resultant list, and thereafter the list is distributed analyst workstations.
摘要翻译：一种系统和方法，可以帮助并实现机器上分布和/或隐藏的恶意软件的检测。为了实现其目的，系统和方法生成所有加载的模块的列表，从列表中识别出超过阈值数量的进程通用的一组模块，并从列表中删除包括在认证列表中的那些模块。在一个实例中，所得到的列表基于特定模块在结果列表中所出现的次数的优先次序，此后该列表是分布式分析工作站。

59. 发明授权

US08997074B1 Dynamic linking library (DLL) replacement in an embedded operating system environment 有权
标题翻译：在嵌入式操作系统环境中动态链接库（DLL）替换
公开(公告)号：US08997074B1
公开(公告)日：2015-03-31
申请号：US11537551
申请日：2006-09-29
申请人： Gen Chen , Zhentao Huang
发明人： Gen Chen , Zhentao Huang
IPC分类号： G06F9/44 , G06F21/56
CPC分类号： G06F21/568 , G06F21/54
摘要： Techniques for replacing ROM-based (Read-Only Memory) DLLs (Dynamic Link Libraries) in a Windows CE type embedded operating system such that the target DLL is replaceable by the hook DLL, and the target DLL is callable by the hook DLL but not callable directly by any other applications after loading of the hook DLL. The techniques enable replacement irrespective whether the hook DLL and the target DLL have the same name and irrespective of which DLL is loaded first. The techniques change the file name of the target DLL in a list of loaded DLL modules by a trusted program that executes in the full kernel mode.
摘要翻译：在Windows CE类型嵌入式操作系统中替换基于ROM（只读存储器）DLL（动态链接库）的技术，使得目标DLL可由钩子DLL替换，并且目标DLL可由钩子DLL调用，但不是在挂载DLL后，可以直接由任何其他应用程序调用。无论钩DLL和目标DLL是否具有相同的名称，并且无论首先加载哪个DLL，这些技术都能够进行替换。该技术通过在完整内核模式下执行的可信程序来更改加载的DLL模块列表中目标DLL的文件名。

60. 发明申请

US20150067830A1 DYNAMIC APPLICATION SECURITY VERIFICATION 有权
标题翻译：动态应用安全验证
公开(公告)号：US20150067830A1
公开(公告)日：2015-03-05
申请号：US14012520
申请日：2013-08-28
申请人： Amazon Technologies, Inc.
发明人： JESPER MIKAEL JOHANSSON , ERIC JASON BRANDWINE
IPC分类号： H04L29/06
CPC分类号： G06F21/566 , G06F21/53 , G06F21/554 , G06F21/568 , G06Q30/0601 , H04L63/12 , H04L63/14 , H04L63/1408 , H04W12/10 , H04W12/12
摘要： Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A security evaluation is performed on the dynamically loaded code, and an action is initiated responsive to the security evaluation.
摘要翻译：公开了用于对动态应用进行安全验证的各种实施例。执行应用程序的一个实例。在运行时，确定应用程序是否从网站访问动态加载的代码。在一个实施例中，可以通过使用特定应用编程接口（API）来检测访问。在另一个实施例中，可以通过将下载的数据加载到存储器的可执行部分中来检测访问。对动态加载的代码执行安全性评估，并且响应于安全评估启动一个操作。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式