专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08286241B1 Identifying legitimate content using user-agent-based white listing 有权
标题翻译：使用基于用户代理的白名单来识别合法内容
公开(公告)号：US08286241B1
公开(公告)日：2012-10-09
申请号：US12553010
申请日：2009-09-02
申请人： Matthew Yeo , Jeffrey Wilhelm
发明人： Matthew Yeo , Jeffrey Wilhelm
IPC分类号： H04L29/06
CPC分类号： H04L63/101 , H04L63/1416 , H04L63/168
摘要： Known legitimate applications are analyzed to establish a list of trusted user-agent strings used by the applications to download content from a network. Traffic interception modules connected to the network examine traffic exchanged between clients and servers on the network, recognize traffic associated with downloads of content from the network, and create content download descriptions describing the downloads. The content download descriptions are analyzed to identify content downloads using the trusted user-agent strings. Identifiers of the content downloaded using the trusted user-agent strings are added to a white list of legitimate content. Access to the white list is provided to clients and the clients use the white list to identify legitimate content.
摘要翻译：分析已知的合法应用以建立应用程序使用的可信用户代理字符串列表，以从网络下载内容。连接到网络的流量拦截模块检查客户端和网络上的服务器之间交换的流量，识别与从网络下载内容相关联的流量，并创建描述下载的内容下载描述。分析内容下载描述，以使用可信用户代理字符串来识别内容下载。使用受信任用户代理字符串下载的内容的标识符将添加到合法内容的白名单中。访问白名单提供给客户端，客户端使用白名单来识别合法内容。

2. 发明授权

US08819049B1 Frame injection blocking 有权
标题翻译：框架注入阻塞
公开(公告)号：US08819049B1
公开(公告)日：2014-08-26
申请号：US11243479
申请日：2005-10-03
申请人： Matthew Yeo , Jeffrey Wilhelm , Frank Barajas , Pak Wai Yung , James Croall
发明人： Matthew Yeo , Jeffrey Wilhelm , Frank Barajas , Pak Wai Yung , James Croall
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： H04L63/1483 , G06F21/64 , G06F2221/2119
摘要： A parsing module identifies a framed page within a web page received from a network. The parsing module further identifies information regarding the frame such as the framed page's uniform resource locator. A lookup module accesses a memory module to determine if the identified information regarding the frame is included in a protection list stored in the memory module. A notification module notifies a client's user that the framing web page is fraudulent if the identified information regarding the frame is included in the protection list. Alternatively, the parsing module is adapted to identify a security tag within the framed page indicating that the framed page is not permitted to be displayed within a frame. If the framed page includes a security tag, the notification module notifies the client's user that the framing web page is fraudulent.
摘要翻译：解析模块识别从网络接收的网页内的框架页面。解析模块进一步识别关于帧的信息，例如框架页的统一资源定位符。查找模块访问存储器模块以确定关于帧的所识别的信息是否被包括在存储在存储器模块中的保护列表中。如果关于帧的识别信息被包括在保护列表中，则通知模块通知客户用户该成帧网页是欺诈性的。或者，解析模块适于识别框架页面内的安全标签，指示框架页面不被允许在帧内显示。如果框架页面包含安全标签，通知模块通知客户的用户框架网页是欺诈性的。

3. 发明授权

US08127360B1 Method and apparatus for detecting leakage of sensitive information 有权
标题翻译：检测敏感信息泄漏的方法和装置
公开(公告)号：US08127360B1
公开(公告)日：2012-02-28
申请号：US11477231
申请日：2006-06-29
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： H04L29/06
CPC分类号： G06F21/552
摘要： A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.
摘要翻译：描述了一种用于防止敏感信息从计算机泄露的方法和装置。该方法包括将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据，并且识别至少一种损害安全性的条件污染数据。该系统是包括污染分析软件的计算机系统，用于将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据并至少识别损害数据的安全性的一个条件。

4. 发明授权

US09124472B1 Providing file information to a client responsive to a file download stability prediction 有权
标题翻译：响应于文件下载稳定性预测，向客户端提供文件信息
公开(公告)号：US09124472B1
公开(公告)日：2015-09-01
申请号：US13558177
申请日：2012-07-25
申请人： Scott Schneider , Jeffrey Wilhelm
发明人： Scott Schneider , Jeffrey Wilhelm
IPC分类号： G06F13/00 , H04L29/08
CPC分类号： H04L29/08072 , G06F21/567 , H04L63/1425 , H04L67/06
摘要： A client sends a file information request to a security server, where the file information request identifies a URL from which the client is attempting to download a file. Upon receiving the request, the security server determines the stability information of the identified URL and provides the requested file information for the file provided by the URL. The security server determines the stability information of a URL by analyzing the file identifiers and URLs identified in downloaded file reports received from multiple clients. The determination of the stability information of a URL may be based on a variety of factors, such as stability of a URL over time, a textual analysis of the URL, and the set of files provided by the URL. A user of the client can review the file information and decide whether to expend the resources to download the file.
摘要翻译：客户端向安全服务器发送文件信息请求，其中文件信息请求标识客户端尝试下载文件的URL。在接收到请求时，安全服务器确定所识别的URL的稳定性信息，并提供由URL提供的文件的所请求的文件信息。安全服务器通过分析从多个客户端接收的下载文件报告中识别的文件标识符和URL来确定URL的稳定性信息。 URL的稳定性信息的确定可以基于各种因素，例如URL随时间的稳定性，URL的文本分析以及由URL提供的文件集合。客户端的用户可以查看文件信息，并决定是否花费资源下载文件。

5. 发明授权

US08925088B1 Method and apparatus for automatically excluding false positives from detection as malware 有权
标题翻译：用于自动排除检测中的误报的恶意软件的方法和装置
公开(公告)号：US08925088B1
公开(公告)日：2014-12-30
申请号：US12534171
申请日：2009-08-03
申请人： Jeffrey Wilhelm , Abubakar Wawda
发明人： Jeffrey Wilhelm , Abubakar Wawda
IPC分类号： G06F12/14
CPC分类号： G06F21/561 , G06F21/552
摘要： A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.
摘要翻译：描述了用于自动排除检测中的误报的恶意软件的方法和装置。在一个实施例中，使用一个或多个处理器为存储器中的多个文件的基于启发式的恶意软件检测提供假阳性减少的方法包括访问与多个文件相关联的全局第一出现信息，访问包括启发式的全局恶意软件信息，与多个恶意软件组的每个恶意软件组相关联的出现日期，将全局恶意软件信息与全局第一外观信息进行比较，以识别多个文件中的至少一个假阳性，并防止将至少一个假阳性检测为恶意软件。

6. 发明授权

US08201254B1 Detection of e-mail threat acceleration 有权
标题翻译：检测电子邮件威胁加速
公开(公告)号：US08201254B1
公开(公告)日：2012-06-12
申请号：US11214631
申请日：2005-08-30
申请人： Jeffrey Wilhelm , Carey Nachenberg
发明人： Jeffrey Wilhelm , Carey Nachenberg
IPC分类号： G06F11/00
CPC分类号： H04L51/12 , H04L63/1416
摘要： A plurality of queuing components each monitor an incoming email stream, and identify incoming email messages with suspicious attachments. Each queuing component generates signatures of the suspicious attachments, and submits periodic reports to a correlation component. The reports list signatures and receipt times for suspicious attachments received since a last submitted report. The queuing component queues the suspicious attachments for a specified hold time, and further processes queued attachments based upon information concerning attachment acceleration rates received from the correlation component. The correlation component receives reports from the plurality of queuing components, and uses information in the submitted reports to maintain a system wide receipt history for each suspicious attachment. The correlation component uses the receipt histories to calculate receipt acceleration rates for suspicious attachments, which it provides to the queuing components, to be used to manage the queued attachments.
摘要翻译：多个排队组件各自监视传入的电子邮件流，并且识别具有可疑附件的传入电子邮件消息。每个排队组件生成可疑附件的签名，并向相关组件提交定期报告。报告列出自上次提交报告以来收到的可疑附件的签名和收据时间。排队组件将可疑附件排队指定的保留时间，并且基于从相关组件接收的关于附加加速率的信息进一步处理排队的附件。相关分量从多个排队组件接收报告，并使用所提交的报告中的信息来维护每个可疑附件的系统广泛的接收历史。相关组件使用收据历史来计算可用于管理排队的附件的可排除组件的可疑附件的接收加速率。

7. 发明授权

US09088604B1 Systems and methods for treating locally created files as trustworthy 有权
标题翻译：将本地创建的文件视为可靠的系统和方法
公开(公告)号：US09088604B1
公开(公告)日：2015-07-21
申请号：US13517537
申请日：2012-06-13
申请人： Joseph Chen , Jeffrey Wilhelm
发明人： Joseph Chen , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F21/56
CPC分类号： H04L63/1433 , G06F21/562 , G06F21/566 , H04L63/12 , H04L63/1441
摘要： A computer-implemented method for treating locally created files as trustworthy may include identifying at least one file created on a computing system protected by a security system that determines whether files encountered by the computing system are trustworthy. The method may also include identifying a software application used to create the file on the computing system. The method may further include determining that the software application used to create the file on the computing system comprises a reputable software application used to create trustworthy files within a user community comprising users of computing systems protected by the security system. In addition, the method may include establishing a trustworthiness exception that causes the security system to treat the file as trustworthy on the computing system that created the file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于将本地创建的文件视为可信赖的计算机实现的方法可以包括识别在由安全系统保护的计算系统上创建的至少一个文件，其确定计算系统遇到的文件是否可信任。该方法还可以包括识别用于在计算系统上创建文件的软件应用。该方法还可以包括确定用于在计算系统上创建文件的软件应用程序包括用于在由安全系统保护的计算系统的用户的用户社区内创建可信赖的文件的信誉良好的软件应用。此外，该方法可以包括建立可信赖异常，其导致安全系统在创建该文件的计算系统上将该文件视为可信赖的。还公开了各种其它方法，系统和计算机可读介质。

8. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

9. 发明授权

US07739740B1 Detecting polymorphic threats 有权
标题翻译：检测多态性威胁
公开(公告)号：US07739740B1
公开(公告)日：2010-06-15
申请号：US11233195
申请日：2005-09-22
申请人： Carey Nachenberg , Jeffrey Wilhelm
发明人： Carey Nachenberg , Jeffrey Wilhelm
IPC分类号： G06F11/30 , G06F12/14 , G08B23/00
CPC分类号： G06F21/566
摘要： A polymorphic threat manager monitors an incoming email stream, and identifies incoming email messages to which executable files are attached. The polymorphic threat manager characterizes incoming executable files according to at least one metric. For example, the polymorphic threat manager can decompose an executable file into fragments, hash some or all of these, and use the hashes as characterization metrics. The polymorphic threat manager subsequently de-obfuscates executable files, and creates corresponding characterization metrics for the de-obfuscated images. The characterizations of executable files before and after de-obfuscation are compared, and if they differ sufficiently, the polymorphic threat manager determines that the file in question is polymorphic. The characterization metrics of such an executable file after de-obfuscation can be used as a signature for that file.
摘要翻译：多态威胁管理器监视传入的电子邮件流，并标识可执行文件所附加的传入电子邮件。多态威胁管理器根据至少一个度量来表征传入的可执行文件。例如，多态威胁管理器可以将可执行文件分解为片段，散列其中的一些或全部，并将哈希值用作特征度量。多态威胁管理器随后对可执行文件进行模糊处理，并为去混淆图像创建相应的表征度量。比较在去混淆之前和之后的可执行文件的特征，并且如果它们不同，则多态性威胁管理器确定所述文件是多态的。解除混淆后的这种可执行文件的表征度量可以用作该文件的签名。

10. 发明授权

US07721330B1 Utility computing firewall 有权
标题翻译：实用计算防火墙
公开(公告)号：US07721330B1
公开(公告)日：2010-05-18
申请号：US11199759
申请日：2005-08-08
申请人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
发明人： Carey S. Nachenberg , Alfred C. Hartmann , Jeffrey Wilhelm , Frank Barajas
IPC分类号： H04L9/32 , H04L9/00 , G06F7/04
CPC分类号： H04L63/0227
摘要： A firewall dynamically adapts to changes in a utility computing system. The utility computing system has multiple nodes that are dynamically provisioned in different roles. The different roles are best served by different security and/or Quality-of-Service (QoS) policies. The firewall selects and applies security and/or QoS policies to a node or group of nodes based on the roles provisioned to the node or group. The firewall detects when the provisioning of a node changes, and dynamically applies a new security and/or QoS policy to the node based on the new provisioning. The firewall thus provides adaptive network-level security and QoS functionality to a utility computing system.
摘要翻译：防火墙动态地适应公用事业计算系统的变化。实用计算系统具有以不同角色动态配置的多个节点。不同的角色最好由不同的安全和/或服务质量（QoS）策略来实现。防火墙根据提供给节点或组的角色，为节点或节点组选择并应用安全和/或QoS策略。防火墙检测节点的配置何时改变，并且基于新的配置动态地将新的安全和/或QoS策略应用于节点。因此，防火墙为公用事业计算系统提供了自适应的网络级安全性和QoS功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式