专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO1997029425A2 EMULATION REPAIR SYSTEM 审中-公开
标题翻译：仿真维修系统
公开(公告)号：WO1997029425A2
公开(公告)日：1997-08-14
申请号：PCT/US1997001510
申请日：1997-02-03
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , NACHENBERG, Garey
IPC分类号： G06F11/00
CPC分类号： G06F21/53 , G06F21/564 , G06F21/566 , G06F21/568
摘要： An emulation repair system (200) restores virus-infected computer files (220) to their uninfected states without risk of infecting the rest of the computer system (202), by providing a virtual machine (216) for emulating the virus-infected computer file (220), a foundation module (240) including generic, machine language repair routines (242), and a virus specific overlay module (262). Emulation repair system (200) receives the identity of the infected computer file (220) and the infecting virus (224) from a virus scanning module, and uses the received information to access a virus definition (232) that includes decryption information on the identified virus (224). The infected computer file (220) is emulated in the virtual machine (216) until it is determined from comparison with the decryption information that the virus (224) is fully decrypted. The foundation and overlay modules (240, 262) are then loaded into the virtual machine (216) and control of the virtual machine (216) is given to the overlay module (262). The overlay module (262) calls repair routines in the foundation module (240), the overlay module (262), and the virus itself (224), as necessary, to restore over-written host bytes (228) from the infected host file (220) to their proper locations in the infected host file (220). Repairs made to the image (220") of the host file (220) in the virtual machine (216) are reflected to a back-up file (220') in the computer system (202).
摘要翻译：仿真修复系统（200）通过提供用于模拟病毒感染的计算机文件的虚拟机（216）将病毒感染的计算机文件（220）恢复到未感染的状态，而不会感染计算机系统的其余部分（202）的风险（220），包括通用机器语言修复例程（242）的基础模块（240）和病毒特定覆盖模块（262）。仿真修复系统（200）从病毒扫描模块接收受感染的计算机文件（220）和感染病毒（224）的身份，并且使用所接收的信息来访问病毒定义（232），该病毒定义包括所识别的解密信息病毒（224）。感染的计算机文件（220）在虚拟机（216）中被仿真，直到从解密信息的比较确定病毒（224）被完全解密为止。基础和覆盖模块（240,262）然后被加载到虚拟机（216）中，虚拟机（216）的控制被提供给覆盖模块（262）。覆盖模块（262）根据需要调用基础模块（240），覆盖模块（262）和病毒本身（224）中的修复例程，以从受感染的主机文件恢复过度写入的主机字节（228）（220）到其受感染主机文件（220）中的适当位置。对虚拟机（216）中的主机文件（220）的图像（220“）进行的修复被反映到计算机系统（202）中的备份文件（220'）。

2. 发明申请

WO1997042726A1 CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS 审中-公开
标题翻译：用于支持多个用户的安全访问的拼接文件标签系统
公开(公告)号：WO1997042726A1
公开(公告)日：1997-11-13
申请号：PCT/US1997006335
申请日：1997-04-14
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , LOHSTROH, Shawn, R. , McDONNAL, William, D. , GRAWROCK, David
IPC分类号： H04K01/00
CPC分类号： G06F21/6209 , G06F12/1408 , G06F2211/007 , G06F2211/008 , G06F2221/2141
摘要： A system is disclosed for automatically distributing secured versions (*Sys_D_key*) of a file decryption key (Sys_D_key) to a plurality of file users by way of the file's security label. The label is defined to contain a plurality of Access-Control-Entries Records (ACER's) where each ACER includes a respective secured version (*Sys_D_key*) of the file decryption key. Each such secured version (*Sys_D_key*) is decipherable by a respective ACER private key. Each ACER may include respective other data such as: (a) ACER-unique identifying data for uniquely identifiying the ACER or an associated user; (b) decryption algorithm identifying data for identifying the decryption process to be used to decrypt the encrypted *DATA* portion of the file; and (c) special handling code for specifying special handling for the code-containing ACER. The label is preferably covered by a digital signature but includes an extension buffer that is not covered by the digital signature. Users who wish to have an ACER of their own added to the label may submit add-on requests by writing to the extension buffer.
摘要翻译：公开了一种用于通过文件的安全标签将文件解密密钥（Sys_D_key）的安全版本（* Sys_D_key *）自动分发到多个文件用户的系统。该标签被定义为包含多个访问控制条目记录（ACER），其中每个ACER包括文件解密密钥的相应的安全版本（* Sys_D_key *）。每个这样的安全版本（* Sys_D_key *）可由相应的ACER私钥解密。每个ACER可以包括相应的其他数据，例如：（a）用于唯一地识别ACER或相关用户的ACER唯一识别数据; （b）识别用于识别用于解密文件的加密的* DATA *部分的解密过程的数据的解密算法; 和（c）用于指定代码含有ACER的特殊处理的特殊处理代码。标签优选地被数字签名覆盖，但包括未被数字签名覆盖的扩展缓冲区。希望将ACER自己添加到标签的用户可以通过写入扩展缓冲区来提交附加请求。

3. 发明申请

WO1997037313A1 OPPORTUNISTIC TILE-PULLING, VACANCY-FILLING METHOD AND APPARATUS FOR FILE-STRUCTURE REORGANIZATION 审中-公开
标题翻译：机动式拉拽，空气填充方法和装置重新组态
公开(公告)号：WO1997037313A1
公开(公告)日：1997-10-09
申请号：PCT/US1997004952
申请日：1997-03-24
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , STOCKMAN, Steven , BLACKBURN, John
IPC分类号： G06F17/30
CPC分类号： G06F17/30135 , G06F3/0601 , G06F12/023 , G06F2003/0697 , G11B27/329 , Y10S707/99956
摘要： A storage reorganizing system subdivides a reorganizable storage space into tile areas (159). Each tile area either contains file data or does not contain file data. The data in a tile area that contains file data is referred to as a tile. A tile area that does not contain file data is referred to as a vacancy. Tiles that are not yet located in their goal positions, as defined by a recorded goal state definition (349), are opportunistically moved to available vacancies that are the goal positions for such tiles as the vacancies become available. Each tile move leaves behind it a new vacancy. The speed of opportunistic tile moving is optimized by first locating the largest vacancies that are each to be filled with the largest amount of tile data and by first moving tiles to such vacancies.
摘要翻译：存储重组系统将可重组的存储空间细分为瓦片区域（159）。每个瓦片区域都包含文件数据或不包含文件数据。将包含文件数据的瓦片区域中的数据称为瓦片。不包含文件数据的瓦片区域被称为空缺。根据记录的目标状态定义（349）定义的尚未位于目标位置的瓦片，机会主义地转移到可用空缺，这些空缺是空缺可用的这种瓦片的目标位置。每个瓷砖移动留下一个新的空缺。通过首先定位最大的空位，最大量的瓦片数据填充最大的空位，并通过首先将瓦片移动到这样的空位来优化机会砖移动的速度。

4. 发明申请

WO1998028744A1 OPTIMIZING ACCESS TO MULTIPLEXED DATA STREAMS 审中-公开
标题翻译：优化访问多路数据流
公开(公告)号：WO1998028744A1
公开(公告)日：1998-07-02
申请号：PCT/US1997022230
申请日：1997-11-26
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , CHI, Darren
IPC分类号： G11B27/32
CPC分类号： G11B27/329
摘要： A system and method accelerate access time to multiplexed data streams. Data streams are stored in a storage medium (120), and a link allocation table (LAT) (160), which is stored in the storage medium (120), maps blocks of a data stream to sectors of the storage medium (120). The LAT (160) is organized as a set of linked lists, and each data stream is associated with a different linked list in the LAT (160). Each link in a linked list includes the sector location for a different block of the data stream. Traversing the links of the linked list gives the sector location of each subsequent block of data. Each data stream is also associated with a cache memory (140). For each link of a linked list that is traversed, a cache interface (150) writes into an appropriate cache (140) the sector location information stored in the link. When the sector location of a block in a data stream is desired, the cache interface (150) consults the appropriate cache (140) associated with the data stream to determine whether the sector location of the block has been cached. If the information has been cached, the information is retrieved from the cache (140), and the LAT (160) is not used. If the sector location has not been cached, the cache interface (150) determines the last sector location to have been cached, and the appropriated linked list in the LAT (160) is traverse from the entry corresponding to the last sector location cached.
摘要翻译：一种系统和方法加速了复用数据流的访问时间。数据流存储在存储介质（120）中，并且存储在存储介质（120）中的链路分配表（LAT）（160）将数据流的块映射到存储介质（120）的扇区，。 LAT（160）被组织为一组链接列表，并且每个数据流与LAT中的不同链接列表相关联（160）。链接列表中的每个链接包括数据流的不同块的扇区位置。遍历链表的链接给出每个后续数据块的扇区位置。每个数据流也与高速缓存存储器（140）相关联。对于所遍历的链表的每个链接，高速缓存接口（150）向存储在链路中的扇区位置信息写入适当的高速缓存（140）。当期望数据流中的块的扇区位置时，高速缓存接口（150）参考与数据流相关联的适当的高速缓存（140），以确定块的扇区位置是否已被缓存。如果信息被缓存，则从高速缓存（140）检索信息，并且不使用LAT（160）。如果扇区位置尚未缓存，则高速缓存接口（150）确定已被高速缓存的最后一个扇区位置，并且LAT（160）中的专用链表从与缓存的最后扇区位置相对应的条目遍历。

5. 发明申请

WO1998009380A1 METHOD AND APPARATUS FOR STORING RUN-INTENSIVE INFORMATION IN COMPACT FORM 审中-公开
标题翻译：用于在紧凑形式中存储运行强度信息的方法和装置
公开(公告)号：WO1998009380A1
公开(公告)日：1998-03-05
申请号：PCT/US1997014940
申请日：1997-08-25
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , KENNEDY, Mark, Kevin
IPC分类号： H03M07/46
CPC分类号： H03M7/46 , G06T9/005 , Y10S707/99942
摘要： A method of compressing FAT and FAT-like structures (180), which include runs of primitive and runs of intervening codes, includes the steps of receiving a plurality of primitive runs in a memory (120) and generating a plurality of variable-length code sequences (190) where each code sequence is dedicated to a primtive run. Each code sequence indicates of its dedicated run, a primitive-type, a primitive runlength, the presence of an intervening run and, if present, an intervening runlength, and the presence of a jump value pointer. If a jump value pointer is present, the code sequence further indicates the jumplength, which is indicated as a difference (or DELTA ) value. The length of each code sequence varies depending on run characteristics such as primitive runlength, intervening runlength, and jumplength.
摘要翻译：一种压缩FAT和类似FAT的结构（180）的方法，包括原始和运行的中间代码的运行，包括以下步骤：在存储器（120）中接收多个原始运行并产生多个可变长度代码序列（190），其中每个代码序列专用于原始运行。每个代码序列指示其专用运行，原始类型，原始游程长度，中间运行的存在以及（如果存在）中间运行长度以及是否存在跳转值指针。如果存在跳转值指针，则代码序列进一步指示jumplength，其被表示为差（或DELTA）值。每个代码序列的长度根据诸如原始游程长度，居间游程长度和跳跃长度等运行特性而变化。

6. 发明申请

WO1997008623A1 COHERENT FILE SYSTEM ACCESS DURING DEFRAGMENTATION OPERATIONS ON A STORAGE MEDIA 审中-公开
标题翻译：存储介质中的缺陷操作期间的相关文件系统访问
公开(公告)号：WO1997008623A1
公开(公告)日：1997-03-06
申请号：PCT/US1996003683
申请日：1996-03-18
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , COHEN, Leonardo , KENNEDY, Mark, Kevin
IPC分类号： G06F13/00
CPC分类号： G06F17/30135 , G06F3/0607 , G06F3/0643 , G06F3/0674 , Y10S707/99957
摘要： A file defragmentation utility for a computer system (10) is disclosed that enables multithreaded preemptive multi-tasking during file defragmentation. The utility includes a defragmentor (60) routine that defragments clusters or portions of a file on a storage media (18) and then updates one or more file system structures to indicate the new locations of the defragmented clusters of the file. An alias driver (16) is provided that traps accesses to the file and that maintains coherent access to the file while the file system structures are updated.
摘要翻译：公开了一种用于计算机系统（10）的文件碎片整理实用程序，其在文件碎片整理期间实现多线程抢占式多任务。该实用程序包括碎片整理程序（60）例程，其对存储介质（18）上的文件的集群或部分进行碎片整理，然后更新一个或多个文件系统结构以指示文件的经碎片整理的集群的新位置。提供了一个别名驱动程序（16），用于捕获对文件的访问，并在更新文件系统结构时维护文件的一致访问。

7. 发明申请

WO1998024023A1 STATE-BASED CACHE FOR ANTIVIRUS SOFTWARE 审中-公开
标题翻译：基于状态的缓存软件
公开(公告)号：WO1998024023A1
公开(公告)日：1998-06-04
申请号：PCT/US1997020827
申请日：1997-11-17
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , NACHENBERG, Carey, S.
IPC分类号： G06F11/00
CPC分类号： G06F21/568 , G06F21/564 , G06F21/565 , G06F21/566
摘要： A computer-implemented method for executing a computer file in a CPU emulator (154) to detect a computer virus. The method includes simulating (302) the execution of a predetermined number of instructions of the computer file in the CPU emulator (154), suspending (303) the execution, constructing (304) a state record, temporarily storing (305) the state record in memory, comparing (306) the constructed state record to state records stored in a state cache (158), and indicating (308) that the file is virus-free when the constructed state record matches one of the stored state records.
摘要翻译：一种用于在CPU模拟器（154）中执行计算机文件以检测计算机病毒的计算机实现的方法。该方法包括模拟（302）CPU仿真器（154）中计算机文件的预定数目的指令的执行，暂停（303）执行，构造（304）状态记录，临时存储（305）状态记录在存储器中，将构造的状态记录与存储在状态高速缓存（158）中的状态记录进行比较（306），并且当构造的状态记录与所存储的状态记录之一匹配时，指示（308）文件是无病毒的。

8. 发明申请

WO1997048044A1 USE OF POLYMORPHIC PACKAGE FILES TO UPDATE SOFTWARE COMPONENTS 审中-公开
标题翻译：使用多项包装文件更新软件组件
公开(公告)号：WO1997048044A1
公开(公告)日：1997-12-18
申请号：PCT/US1997010163
申请日：1997-06-10
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , SADOWSKY, Richard, Scott
IPC分类号： G06F09/445
CPC分类号： G06F8/61
摘要： A server computer (102) in a communication system (100) provides uptdated software programs to client computers (102) independent of the type of client (104) and the type of server (102). A polymorphic master object (300) has a predetermined structure known to all servers (102) and clients (104). Upon connection of the client (104) to the server (102), the server (102) provides the master object (300) to the client (104). The polymorphic master object (300) includes fields that indicate polymorphic package files that are available for transfer to the client (104). One such field is a distributed install file that includes, in a text format, instructions for instantiating the selected package file. Upon receipt, either the user or the client selects package file. The client (104) provides a request to the server (102) for the selected file, which the server (102) provides to the client (104). Using the distributed install file, the client (104) instantiates the selected package file.
摘要翻译：通信系统（100）中的服务器计算机（102）将独立于客户端（104）的类型和服务器（102）的类型的升级的软件程序提供给客户端计算机（102）。多态主对象（300）具有所有服务器（102）和客户端（104）已知的预定结构。当客户端（104）连接到服务器（102）时，服务器（102）向客户机（104）提供主对象（300）。多态主对象（300）包括指示可用于传送到客户机（104）的多态包文件的字段。一个这样的字段是分布式安装文件，其以文本格式包括用于实例化所选择的包文件的指令。收到后，用户或客户端都会选择包文件。客户端（104）向服务器（102）提供服务器（102）向客户机（104）提供的所选文件的请求。使用分布式安装文件，客户机（104）实例化所选择的包文件。

9. 发明申请

WO1997046953A1 DETECTING SIGNIFICANT FILE SYSTEM ALTERATIONS DURING EXECUTION OF A STORAGE MEDIA SOFTWARE UTILITY 审中-公开
标题翻译：在存储媒体软件实施期间检测重要文件系统更改
公开(公告)号：WO1997046953A1
公开(公告)日：1997-12-11
申请号：PCT/US1997008920
申请日：1997-05-28
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , KENNEDY, Mark, Kevin
IPC分类号： G06F17/30
CPC分类号： G06F3/0601 , G06F11/1435 , G06F2003/0697 , Y10S707/99931 , Y10S707/99953
摘要： A method for handling a file system write to a media (24) during execution of a software utility for the media (200) wherein the software utility reads at least one file structure from the media and stores the file structure into a local copy of the file structure. A write monitor driver routine (140) detects the file system write to the media and logs a set of parameters for the file system write (142). The software utility retrieves the log and determines whether the parameters indicate that the file system write affects the local copy of the file structure and whether a restart is required.
摘要翻译：一种在媒体（200）的软件实用程序的执行期间处理文件系统写入媒体（24）的方法，其中所述软件实用程序从所述媒体读取至少一个文件结构，并将所述文件结构存储到所述媒体文件结构。写入监视器驱动程序（140）检测文件系统对介质的写入并记录文件系统写入的一组参数（142）。软件实用程序检索日志并确定参数是否指示文件系统写入会影响文件结构的本地副本以及是否需要重新启动。

10. 发明申请

WO1998003916A1 PRE-FETCH QUEUE EMULATION 审中-公开
标题翻译： PRE-FETCH队列仿真
公开(公告)号：WO1998003916A1
公开(公告)日：1998-01-29
申请号：PCT/US1997012043
申请日：1997-07-11
申请人： SYMANTEC CORPORATION
发明人： SYMANTEC CORPORATION , NACHENBERG, Carey, S. , MARCUS, Kevin
IPC分类号： G06F11/00
CPC分类号： G06F21/564 , G06F21/566
摘要： An emulation module (110) includes a pre-fetch queue (116) having an adjustable size (126) to eliminate any dependence of virus decryption routines on the size of the pre-fetch queue (116) when emulating executable files to test for the presence of virus infections. An executable file is tested by setting (210, 258) the size of the emulator's pre-fetch queue (116) and emulating (220) the file under the guidance of an emulation control module (130). Emulated instructions are monitored and a flag is set (230) when any instructions are modified (224) after being copied to the pre-fetch queue and subsequently executed (228). Emulation continues until the emulation control module (130) indicates (230) that the file should be scanned for virus signatures. If no virus signatures are detected (234) and the flag is set (224), the size of the pre-fetch queue is reduced (258) and the process is repeated. An executable file is declared virus-free (250) if the file is emulated (220) without setting the flag (230) and no virus signatures are detected (234). The executable file is declared virus-infected (240) when virus signatures are detected (234), independent of whether the flag is set (230). For Intel3 processors, pre-fetch queue sizes of 32, 16, 8 and zero bytes may be emulated.
摘要翻译：仿真模块（110）包括具有可调整大小（126）的预取队列（116），以在模拟可执行文件以测试所述预取队列（116）的大小时消除病毒解密例程对于所述预取队列（116）的大小的任何依赖存在病毒感染。通过在仿真控制模块（130）的指导下设置（210,258）模拟器的预取队列（116）的大小并仿真（220）文件来测试可执行文件。在复制到预取队列并随后执行（228）之后，当任何指令被修改（224）时，监视仿真指令并设置标志（230）。仿真继续，直到仿真控制模块（130）指示（230）文件应被扫描为病毒签名。如果没有检测到病毒签名（234）并且设置了标志（224），则预取队列的大小减小（258），并重复该过程。如果文件被仿真（220）而不设置标志（230）并且没有检测到病毒签名（234），则可执行文件被声明为无病毒（250）。当检测到病毒签名（234）时，可执行文件被声明为病毒感染（240），与标志是否被设置无关（230）。对于Intel3处理器，可以模拟32,16,8和零字节的预取队列大小。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式