会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • EMULATION REPAIR SYSTEM
    • 仿真维修系统
    • WO1997029425A2
    • 1997-08-14
    • PCT/US1997001510
    • 1997-02-03
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONNACHENBERG, Garey
    • G06F11/00
    • G06F21/53G06F21/564G06F21/566G06F21/568
    • An emulation repair system (200) restores virus-infected computer files (220) to their uninfected states without risk of infecting the rest of the computer system (202), by providing a virtual machine (216) for emulating the virus-infected computer file (220), a foundation module (240) including generic, machine language repair routines (242), and a virus specific overlay module (262). Emulation repair system (200) receives the identity of the infected computer file (220) and the infecting virus (224) from a virus scanning module, and uses the received information to access a virus definition (232) that includes decryption information on the identified virus (224). The infected computer file (220) is emulated in the virtual machine (216) until it is determined from comparison with the decryption information that the virus (224) is fully decrypted. The foundation and overlay modules (240, 262) are then loaded into the virtual machine (216) and control of the virtual machine (216) is given to the overlay module (262). The overlay module (262) calls repair routines in the foundation module (240), the overlay module (262), and the virus itself (224), as necessary, to restore over-written host bytes (228) from the infected host file (220) to their proper locations in the infected host file (220). Repairs made to the image (220") of the host file (220) in the virtual machine (216) are reflected to a back-up file (220') in the computer system (202).
    • 仿真修复系统(200)通过提供用于模拟病毒感染的计算机文件的虚拟机(216)将病毒感染的计算机文件(220)恢复到未感染的状态,而不会感染计算机系统的其余部分(202)的风险 (220),包括通用机器语言修复例程(242)的基础模块(240)和病毒特定覆盖模块(262)。 仿真修复系统(200)从病毒扫描模块接收受感染的计算机文件(220)和感染病毒(224)的身份,并且使用所接收的信息来访问病毒定义(232),该病毒定义包括所识别的解密信息 病毒(224)。 感染的计算机文件(220)在虚拟机(216)中被仿真,直到从解密信息的比较确定病毒(224)被完全解密为止。 基础和覆盖模块(240,262)然后被加载到虚拟机(216)中,虚拟机(216)的控制被提供给覆盖模块(262)。 覆盖模块(262)根据需要调用基础模块(240),覆盖模块(262)和病毒本身(224)中的修复例程,以从受感染的主机文件恢复过度写入的主机字节(228) (220)到其受感染主机文件(220)中的适当位置。 对虚拟机(216)中的主机文件(220)的图像(220“)进行的修复被反映到计算机系统(202)中的备份文件(220')。
    • 2. 发明申请
    • CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS
    • 用于支持多个用户的安全访问的拼接文件标签系统
    • WO1997042726A1
    • 1997-11-13
    • PCT/US1997006335
    • 1997-04-14
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONLOHSTROH, Shawn, R.McDONNAL, William, D.GRAWROCK, David
    • H04K01/00
    • G06F21/6209G06F12/1408G06F2211/007G06F2211/008G06F2221/2141
    • A system is disclosed for automatically distributing secured versions (*Sys_D_key*) of a file decryption key (Sys_D_key) to a plurality of file users by way of the file's security label. The label is defined to contain a plurality of Access-Control-Entries Records (ACER's) where each ACER includes a respective secured version (*Sys_D_key*) of the file decryption key. Each such secured version (*Sys_D_key*) is decipherable by a respective ACER private key. Each ACER may include respective other data such as: (a) ACER-unique identifying data for uniquely identifiying the ACER or an associated user; (b) decryption algorithm identifying data for identifying the decryption process to be used to decrypt the encrypted *DATA* portion of the file; and (c) special handling code for specifying special handling for the code-containing ACER. The label is preferably covered by a digital signature but includes an extension buffer that is not covered by the digital signature. Users who wish to have an ACER of their own added to the label may submit add-on requests by writing to the extension buffer.
    • 公开了一种用于通过文件的安全标签将文件解密密钥(Sys_D_key)的安全版本(* Sys_D_key *)自动分发到多个文件用户的系统。 该标签被定义为包含多个访问控制条目记录(ACER),其中每个ACER包括文件解密密钥的相应的安全版本(* Sys_D_key *)。 每个这样的安全版本(* Sys_D_key *)可由相应的ACER私钥解密。 每个ACER可以包括相应的其他数据,例如:(a)用于唯一地识别ACER或相关用户的ACER唯一识别数据; (b)识别用于识别用于解密文件的加密的* DATA *部分的解密过程的数据的解密算法; 和(c)用于指定代码含有ACER的特殊处理的特殊处理代码。 标签优选地被数字签名覆盖,但包括未被数字签名覆盖的扩展缓冲区。 希望将ACER自己添加到标签的用户可以通过写入扩展缓冲区来提交附加请求。
    • 4. 发明申请
    • OPTIMIZING ACCESS TO MULTIPLEXED DATA STREAMS
    • 优化访问多路数据流
    • WO1998028744A1
    • 1998-07-02
    • PCT/US1997022230
    • 1997-11-26
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONCHI, Darren
    • G11B27/32
    • G11B27/329
    • A system and method accelerate access time to multiplexed data streams. Data streams are stored in a storage medium (120), and a link allocation table (LAT) (160), which is stored in the storage medium (120), maps blocks of a data stream to sectors of the storage medium (120). The LAT (160) is organized as a set of linked lists, and each data stream is associated with a different linked list in the LAT (160). Each link in a linked list includes the sector location for a different block of the data stream. Traversing the links of the linked list gives the sector location of each subsequent block of data. Each data stream is also associated with a cache memory (140). For each link of a linked list that is traversed, a cache interface (150) writes into an appropriate cache (140) the sector location information stored in the link. When the sector location of a block in a data stream is desired, the cache interface (150) consults the appropriate cache (140) associated with the data stream to determine whether the sector location of the block has been cached. If the information has been cached, the information is retrieved from the cache (140), and the LAT (160) is not used. If the sector location has not been cached, the cache interface (150) determines the last sector location to have been cached, and the appropriated linked list in the LAT (160) is traverse from the entry corresponding to the last sector location cached.
    • 一种系统和方法加速了复用数据流的访问时间。 数据流存储在存储介质(120)中,并且存储在存储介质(120)中的链路分配表(LAT)(160)将数据流的块映射到存储介质(120)的扇区, 。 LAT(160)被组织为一组链接列表,并且每个数据流与LAT中的不同链接列表相关联(160)。 链接列表中的每个链接包括数据流的不同块的扇区位置。 遍历链表的链接给出每个后续数据块的扇区位置。 每个数据流也与高速缓存存储器(140)相关联。 对于所遍历的链表的每个链接,高速缓存接口(150)向存储在链路中的扇区位置信息写入适当的高速缓存(140)。 当期望数据流中的块的扇区位置时,高速缓存接口(150)参考与数据流相关联的适当的高速缓存(140),以确定块的扇区位置是否已被缓存。 如果信息被缓存,则从高速缓存(140)检索信息,并且不使用LAT(160)。 如果扇区位置尚未缓存,则高速缓存接口(150)确定已被高速缓存的最后一个扇区位置,并且LAT(160)中的专用链表从与缓存的最后扇区位置相对应的条目遍历。
    • 5. 发明申请
    • METHOD AND APPARATUS FOR STORING RUN-INTENSIVE INFORMATION IN COMPACT FORM
    • 用于在紧凑形式中存储运行强度信息的方法和装置
    • WO1998009380A1
    • 1998-03-05
    • PCT/US1997014940
    • 1997-08-25
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONKENNEDY, Mark, Kevin
    • H03M07/46
    • H03M7/46G06T9/005Y10S707/99942
    • A method of compressing FAT and FAT-like structures (180), which include runs of primitive and runs of intervening codes, includes the steps of receiving a plurality of primitive runs in a memory (120) and generating a plurality of variable-length code sequences (190) where each code sequence is dedicated to a primtive run. Each code sequence indicates of its dedicated run, a primitive-type, a primitive runlength, the presence of an intervening run and, if present, an intervening runlength, and the presence of a jump value pointer. If a jump value pointer is present, the code sequence further indicates the jumplength, which is indicated as a difference (or DELTA ) value. The length of each code sequence varies depending on run characteristics such as primitive runlength, intervening runlength, and jumplength.
    • 一种压缩FAT和类似FAT的结构(180)的方法,包括原始和运行的中间代码的运行,包括以下步骤:在存储器(120)中接收多个原始运行并产生多个可变长度代码 序列(190),其中每个代码序列专用于原始运行。 每个代码序列指示其专用运行,原始类型,原始游程长度,中间运行的存在以及(如果存在)中间运行长度以及是否存在跳转值指针。 如果存在跳转值指针,则代码序列进一步指示jumplength,其被表示为差(或DELTA)值。 每个代码序列的长度根据诸如原始游程长度,居间游程长度和跳跃长度等运行特性而变化。
    • 8. 发明申请
    • USE OF POLYMORPHIC PACKAGE FILES TO UPDATE SOFTWARE COMPONENTS
    • 使用多项包装文件更新软件组件
    • WO1997048044A1
    • 1997-12-18
    • PCT/US1997010163
    • 1997-06-10
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONSADOWSKY, Richard, Scott
    • G06F09/445
    • G06F8/61
    • A server computer (102) in a communication system (100) provides uptdated software programs to client computers (102) independent of the type of client (104) and the type of server (102). A polymorphic master object (300) has a predetermined structure known to all servers (102) and clients (104). Upon connection of the client (104) to the server (102), the server (102) provides the master object (300) to the client (104). The polymorphic master object (300) includes fields that indicate polymorphic package files that are available for transfer to the client (104). One such field is a distributed install file that includes, in a text format, instructions for instantiating the selected package file. Upon receipt, either the user or the client selects package file. The client (104) provides a request to the server (102) for the selected file, which the server (102) provides to the client (104). Using the distributed install file, the client (104) instantiates the selected package file.
    • 通信系统(100)中的服务器计算机(102)将独立于客户端(104)的类型和服务器(102)的类型的升级的软件程序提供给客户端计算机(102)。 多态主对象(300)具有所有服务器(102)和客户端(104)已知的预定结构。 当客户端(104)连接到服务器(102)时,服务器(102)向客户机(104)提供主对象(300)。 多态主对象(300)包括指示可用于传送到客户机(104)的多态包文件的字段。 一个这样的字段是分布式安装文件,其以文本格式包括用于实例化所选择的包文件的指令。 收到后,用户或客户端都会选择包文件。 客户端(104)向服务器(102)提供服务器(102)向客户机(104)提供的所选文件的请求。 使用分布式安装文件,客户机(104)实例化所选择的包文件。
    • 10. 发明申请
    • PRE-FETCH QUEUE EMULATION
    • PRE-FETCH队列仿真
    • WO1998003916A1
    • 1998-01-29
    • PCT/US1997012043
    • 1997-07-11
    • SYMANTEC CORPORATION
    • SYMANTEC CORPORATIONNACHENBERG, Carey, S.MARCUS, Kevin
    • G06F11/00
    • G06F21/564G06F21/566
    • An emulation module (110) includes a pre-fetch queue (116) having an adjustable size (126) to eliminate any dependence of virus decryption routines on the size of the pre-fetch queue (116) when emulating executable files to test for the presence of virus infections. An executable file is tested by setting (210, 258) the size of the emulator's pre-fetch queue (116) and emulating (220) the file under the guidance of an emulation control module (130). Emulated instructions are monitored and a flag is set (230) when any instructions are modified (224) after being copied to the pre-fetch queue and subsequently executed (228). Emulation continues until the emulation control module (130) indicates (230) that the file should be scanned for virus signatures. If no virus signatures are detected (234) and the flag is set (224), the size of the pre-fetch queue is reduced (258) and the process is repeated. An executable file is declared virus-free (250) if the file is emulated (220) without setting the flag (230) and no virus signatures are detected (234). The executable file is declared virus-infected (240) when virus signatures are detected (234), independent of whether the flag is set (230). For Intel3 processors, pre-fetch queue sizes of 32, 16, 8 and zero bytes may be emulated.
    • 仿真模块(110)包括具有可调整大小(126)的预取队列(116),以在模拟可执行文件以测试所述预取队列(116)的大小时消除病毒解密例程对于所述预取队列(116)的大小的任何依赖 存在病毒感染。 通过在仿真控制模块(130)的指导下设置(210,258)模拟器的预取队列(116)的大小并仿真(220)文件来测试可执行文件。 在复制到预取队列并随后执行(228)之后,当任何指令被修改(224)时,监视仿真指令并设置标志(230)。 仿真继续,直到仿真控制模块(130)指示(230)文件应被扫描为病毒签名。 如果没有检测到病毒签名(234)并且设置了标志(224),则预取队列的大小减小(258),并重复该过程。 如果文件被仿真(220)而不设置标志(230)并且没有检测到病毒签名(234),则可执行文件被声明为无病毒(250)。 当检测到病毒签名(234)时,可执行文件被声明为病毒感染(240),与标志是否被设置无关(230)。 对于Intel3处理器,可以模拟32,16,8和零字节的预取队列大小。