专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08782797B2 Lockbox for mitigating same origin policy failures 有权
标题翻译： Lockbox用于减轻相同的原始策略失败
公开(公告)号：US08782797B2
公开(公告)日：2014-07-15
申请号：US12175264
申请日：2008-07-17
申请人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
发明人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
IPC分类号： G06F7/04
CPC分类号： G06F21/55 , H04L63/1416
摘要： Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
摘要翻译：提供了管理在计算环境中发生的相同来源策略（SOP）故障的系统和方法。在说明性实现中，示例性计算环境包括锁箱模块，以及指令集，其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令，以及根据一个选定的SOP管理模式。在说明性实现中，SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令，允许管理，监视和控制可在相同原始策略下操作的计算应用特征/操作。

2. 发明授权

US08613096B2 Automatic data patch generation for unknown vulnerabilities 有权
标题翻译：针对未知漏洞生成自动数据补丁
公开(公告)号：US08613096B2
公开(公告)日：2013-12-17
申请号：US11948681
申请日：2007-11-30
申请人： Marcus Peinado , Weidong Cui , Jiahe Helen Wang , Michael E. Locasto
发明人： Marcus Peinado , Weidong Cui , Jiahe Helen Wang , Michael E. Locasto
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F21/577
摘要： The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要翻译：所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。该系统可以包括检查从数据流接收或获取的漏洞的设备和组件，构建探测并确定探针是否利用漏洞。至少部分地基于这样的确定，动态地产生数据补丁以补救迄今为止的漏洞。

3. 发明授权

US08225392B2 Immunizing HTML browsers and extensions from known vulnerabilities 有权
标题翻译：免疫HTML浏览器和已知漏洞的扩展
公开(公告)号：US08225392B2
公开(公告)日：2012-07-17
申请号：US11183329
申请日：2005-07-15
申请人： Opher Dubrovsky , Boaz Ein-Gil , Jiahe Helen Wang
发明人： Opher Dubrovsky , Boaz Ein-Gil , Jiahe Helen Wang
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , H04L63/145 , H04L67/02
摘要： An exemplary computer-implementable method (300) transforms or “immunizes” information to reduce or eliminate risk of exploitation of a known vulnerabilty of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and an immunization component (264, 268) for immunizing the information to prevent exploitation of a vulnerabilty of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.
摘要翻译：示例性的可计算机可实现的方法（300）转换或“免疫”信息以减少或消除利用软件服务的已知脆弱性的风险，并且包括响应于请求接收信息（304），将信息（308）变换为产生变换后的信息并发送变换后的信息（312）。示例性防火墙服务器（112）包括服务器软件（144,148），其允许防火墙服务器（112）经由网络从资源（104,108）接收信息，并将信息发送到客户端计算机（114）和用于免疫所述信息以防止利用所述客户端计算机（114）上的浏览器软件（154）的脆弱性的免疫组件（264,268）。还公开了各种其它示例性方法，装置，系统等。

4. 发明授权

US07856100B2 Privacy-preserving data aggregation using homomorphic encryption 有权
标题翻译：使用同态加密的隐私保护数据聚合
公开(公告)号：US07856100B2
公开(公告)日：2010-12-21
申请号：US11311916
申请日：2005-12-19
申请人： Jiahe Helen Wang , Qiang Huang , David Jao
发明人： Jiahe Helen Wang , Qiang Huang , David Jao
IPC分类号： H04K1/00 , H04L9/00 , H04L9/30 , H04L29/06 , B41K3/38 , G06F7/04 , G06F17/30 , G06F7/00 , G06F15/00 , H04N7/16
CPC分类号： H04L9/008 , H04L9/30
摘要： A method and system for collecting data from devices using a homomorphic encryption of the data is provided. A collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device. When the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data. The device then forwards the reply to the previous device. The initiator device ultimately removes its contribution to the encryption and identifies the data.
摘要翻译：提供了一种使用数据的同态加密从设备收集数据的方法和系统。设备的收集系统对同态加密的数据添加贡献，并将请求转发到另一个设备。当设备收到对请求的回复时，它将其贡献与数据的同态加密相结合。然后，设备将回复转发到以前的设备。启动器设备最终消除其对加密的贡献并识别数据。

5. 发明授权

US07694022B2 Method and system for filtering communications to prevent exploitation of a software vulnerability 有权
标题翻译：用于过滤通信以防止利用软件漏洞的方法和系统
公开(公告)号：US07694022B2
公开(公告)日：2010-04-06
申请号：US10955963
申请日：2004-09-30
申请人： Jason Garms , Chuanxiong Guo , Daniel R. Simon , Jiahe Helen Wang , Alf Peter Zugenmaier
发明人： Jason Garms , Chuanxiong Guo , Daniel R. Simon , Jiahe Helen Wang , Alf Peter Zugenmaier
IPC分类号： G06F15/173 , G06F15/16 , G06F11/00
CPC分类号： H04L63/1408 , H04L63/1433
摘要： A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.
摘要翻译：提供了一种用于保护实现通信协议以免利用基于通信的漏洞的应用的方法和系统。保护系统提供了保护策略，指定如何识别暴露特定漏洞的消息，并指定暴露漏洞时采取的操作。保护策略规定了暴露漏洞的消息及其有效载荷特征的顺序。保护系统可以使用消息协议状态机来指定消息的序列。应用程序的消息协议状态机表示应用程序在接收各种消息时转换的状态。保护策略的消息协议状态机可以是与该漏洞相关的应用的消息协议状态机的一部分。保护系统使用消息协议状态机来跟踪导致该漏洞暴露的状态。

6. 发明申请

US20080201337A1 METHOD AND SYSTEM FOR COLLECTING INFORMATION FROM COMPUTER SYSTEMS BASED ON A TRUSTED RELATIONSHIP 失效
标题翻译：基于信任关系从计算机系统收集信息的方法和系统
公开(公告)号：US20080201337A1
公开(公告)日：2008-08-21
申请号：US12044760
申请日：2008-03-07
申请人： Chun Yuan , Jiahe Helen Wang , Yi-Min Wang , Zheng Zhang
发明人： Chun Yuan , Jiahe Helen Wang , Yi-Min Wang , Zheng Zhang
IPC分类号： G06F17/30
CPC分类号： H04L41/0853
摘要： A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.
摘要翻译：提供了以寻求保护隐私并确保检索的数据的完整性的方式从设备检索数据的方法和系统。在通过安全通信链路彼此通信的设备网络上实现检索系统。每个设备直接连接到它信任的一个或多个“朋友”设备。检索系统通过将数据的请求从一个朋友设备转发到另一个朋友设备来操作。每个朋友设备可以选择性地向请求中添加数据，直到添加所有请求的数据。具有检索到的数据的请求将返回给发起请求的设备。

7. 发明申请

US20080127341A1 Systematic Approach to Uncover GUI Logic Flaws 有权
标题翻译：揭示GUI逻辑缺陷的系统方法
公开(公告)号：US20080127341A1
公开(公告)日：2008-05-29
申请号：US11772085
申请日：2007-06-29
申请人： Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
发明人： Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
IPC分类号： H04L9/32 , G06F3/00
CPC分类号： G06F11/3608 , G06F21/577 , G06F21/83
摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译：为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。这里描述的发明是使用系统推理方法揭露这些缺陷的技术。该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

8. 发明授权

US08935677B2 Automatic reverse engineering of input formats 有权
标题翻译：自动逆向工程的输入格式
公开(公告)号：US08935677B2
公开(公告)日：2015-01-13
申请号：US12098496
申请日：2008-04-07
申请人： Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
发明人： Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/53
摘要： Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files.
摘要翻译：使用动态数据流分析自动逆向工程输入数据格式的系统和方法。将输入数据与使用输入数据的二进制程序的模拟执行相结合，并通过程序分析数据的使用，以生成表示输入数据格式的类BNL语法。输入数据可以是应用级协议，网络协议或格式化文件。

9. 发明授权

US08307443B2 Securing anti-virus software with virtualization 有权
标题翻译：使用虚拟化保护防病毒软件
公开(公告)号：US08307443B2
公开(公告)日：2012-11-06
申请号：US11863870
申请日：2007-09-28
申请人： Jiahe Helen Wang , Jacob R. Lorch , Bryan Jeffrey Parno
发明人： Jiahe Helen Wang , Jacob R. Lorch , Bryan Jeffrey Parno
IPC分类号： G06F11/00
CPC分类号： G06F21/53
摘要： The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.
摘要翻译：本发明涉及通过虚拟化来保护防病毒软件的系统和方法。防病毒系统可以通过虚拟化与用户应用程序和操作系统分开维护。用户应用程序和操作系统在客户虚拟机中运行，而防病毒系统在安全虚拟机中被隔离。这些虚拟机是部分相互依赖的，因此防病毒系统可以监控用户应用程序和操作系统，同时防病毒系统保持免受来自用户环境的可能的恶意攻击。此外，防病毒系统可以抵御零日攻击，从而可以在零日后发生检测和恢复。

10. 发明授权

US08266714B2 Access control in a multi-principal browser 有权
标题翻译：访问控制在多主浏览器
公开(公告)号：US08266714B2
公开(公告)日：2012-09-11
申请号：US12550263
申请日：2009-08-28
申请人： Jiahe Helen Wang , Alexander Moshchuk
发明人： Jiahe Helen Wang , Alexander Moshchuk
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , G06F21/82 , H04L67/02
摘要： A principal operating system based-browser controls access to resources. The resources are represented semantically in a resource object model. A browser kernel of the browser mediates resources access calls from principals. In some implementations the principals are web entities and the resources are peripheral devices. The resource object model separates device semantics from physical device access. Resource access control policies are maintained by the browser kernel and separated from device access mechanisms.
摘要翻译：基于主要操作系统的浏览器控制对资源的访问。资源在资源对象模型中以语义表示。浏览器的浏览器内核会调用来自主体的资源访问调用。在一些实现中，主体是web实体，资源是外围设备。资源对象模型将设备语义与物理设备访问分开。资源访问控制策略由浏览器内核维护，并与设备访问机制分离。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式