公开(公告)号：EP3520359B1

公开(公告)日：2020-09-09

申请号：EP17784502.1

申请日：2017-09-29

申请人： McAfee, Inc.

发明人： ANDERSON, Glen J. ,  TEDDY, John ,  KOTAMRAJU, Chakradhar

IPC分类号： H04L29/06

公开(公告)号：EP3479305A1

公开(公告)日：2019-05-08

申请号：EP17737144.0

申请日：2017-06-26

申请人： McAfee, Inc.

发明人： INFANTE-LOPEZ, Gabriel G. ,  FIRBY, Robert J.

IPC分类号： G06N5/04 ,  G06N99/00 ,  H04W4/00

公开(公告)号：EP3479247A1

公开(公告)日：2019-05-08

申请号：EP17728369.4

申请日：2017-05-24

申请人： McAfee, Inc.

发明人： TISCHART, James

IPC分类号： G06F11/36

公开(公告)号：EP3262559A4

公开(公告)日：2018-08-01

申请号：EP16756040

申请日：2016-02-02

申请人： MCAFEE INC

发明人： ALME CHRISTOPH ,  HAHN SLAWA ,  FINKE STEFAN

IPC分类号： G06F21/56 ,  G06F21/55 ,  G06F21/64

CPC分类号： G06F21/563 ,  G06F17/30327 ,  G06F21/552

摘要： Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.

公开(公告)号：EP3238373A4

公开(公告)日：2018-07-25

申请号：EP15874052

申请日：2015-11-27

申请人： MCAFEE INC

发明人： BEAN JAMES ,  SPURLOCK JOEL R ,  COCHIN CEDRIC ,  KAPOOR ADITYA ,  VENUGOPALAN RAMNATH

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0823 ,  H04L63/0853 ,  H04L63/101 ,  H04L63/126

摘要： Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.

公开(公告)号：EP3238413A4

公开(公告)日：2018-05-23

申请号：EP15874065

申请日：2015-11-29

申请人： MCAFEE INC

发明人： SRIVASTAVA NEETA ,  ZHENG YI ,  BENNETT JEREMY

IPC分类号： H04L29/06 ,  H04L12/58

CPC分类号： H04L63/123 ,  H04L63/0227 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1425

摘要： In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score.

公开(公告)号：EP3210152A4

公开(公告)日：2018-03-07

申请号：EP14904361

申请日：2014-12-27

申请人： MCAFEE INC

发明人： THAKUR SHASHIN ,  BOGGARAPU ARVIND K ,  SINGH HARVIR

IPC分类号： G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  H04L29/06

CPC分类号： G06F21/554 ,  G06F21/55 ,  G06F21/552 ,  G06F21/566 ,  G06F21/575 ,  G06F21/577 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/20

摘要： In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.

公开(公告)号：EP3238413A1

公开(公告)日：2017-11-01

申请号：EP15874065.4

申请日：2015-11-29

申请人： McAfee, Inc.

发明人： SRIVASTAVA, Neeta ,  ZHENG, Yi ,  BENNETT, Jeremy

IPC分类号： H04L29/06 ,  H04L12/58

CPC分类号： H04L63/123 ,  H04L63/0227 ,  H04L63/0876 ,  H04L63/1408 ,  H04L63/1425

摘要： In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score.

摘要翻译： 在一个示例中，提供了用于验证诸如电子邮件，文本消息，语音邮件，网络消息，网络发布或其他电子消息的消息的发送者的系统和方法。 真实性服务器引擎可以首先用反垃圾邮件，反恶意软件和其他过滤器预先筛选消息。 屏蔽的消息然后被提供给最终用户。 如果最终用户认为该消息可疑，他可以要求额外的验证。 然后，真实性服务器引擎可以应用示例四阶段验证方案，包括分析头部数据以与消息主体一致，分析公共数据源，分析私人数据源以及向发件人接收信道外挑战的结果。 服务器然后可以将该消息分配给发送者有效性置信度分数。

公开(公告)号：EP3238410A1

公开(公告)日：2017-11-01

申请号：EP15874025.8

申请日：2015-11-25

申请人： McAfee, Inc.

发明人： DALCHER, Greg W.

IPC分类号： H04L29/06

CPC分类号： G06F21/566 ,  G06F21/52 ,  G06F2221/033

摘要： Particular embodiments described herein provide for an electronic device that can be configured to intercept a process, store execution profiling for the process if the process involves a privileged resource or a privileged operation, and analyze the code involved in each stack frame to determine malicious activity. If the process does not involve a privileged resource or a privileged operation, then the process is not analyzed.

摘要翻译： 这里描述的特定实施例提供了一种电子设备，该电子设备可以被配置为拦截进程，如果进程涉及特权资源或特权操作则存储进程的执行概况分析，并且分析涉及每个堆栈帧的代码以确定恶意活动。 如果进程不涉及特权资源或特权操作，则不分析进程。

公开(公告)号：EP3238372A1

公开(公告)日：2017-11-01

申请号：EP15873989.6

申请日：2015-11-24

申请人： McAfee, Inc.

发明人： SHARAGA, Avishay ,  NAYSHTUT, Alex ,  POGORELIK, Oleg ,  MUTTIK, Igor ,  SMITH, Ned M.

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04L63/0853 ,  G06F21/606 ,  G06F21/82 ,  G06F2221/2115 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/0892

摘要： Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.

摘要翻译： 在实施例中提供了用于建立可信执行环境（TEE）与外围设备之间的信任的技术。 实施例被配置为与证明服务器通信以生成加密密钥，并且使用加密密钥建立与认证服务器的安全连接以实现认证服务器与外围设备之间的通信。 实施例还被配置为如果外围设备被认证则接收成对主密钥并且至少部分地基于成对主密钥来接收来自外围设备的可信通信。 实施例还可以被配置为在外围设备向认证服务器认证之前识别到外围设备的连接，从外围设备接收标识符并且基于标识符的至少一部分建立到认证服务器的连接。