-
公开(公告)号:US07950057B1
公开(公告)日:2011-05-24
申请号:US11614758
申请日:2006-12-21
申请人: Mark Kennedy , Bruce McCorkendale
发明人: Mark Kennedy , Bruce McCorkendale
IPC分类号: G06F11/00
CPC分类号: G06F21/53
摘要: A method includes determining that a driver load address is in a system service dispatch table (SSDT) addressable area. The method further includes determining whether the driver is authorized to be in the SSDT addressable area. If the driver is authorized to be in the SSDT addressable area, the driver is loaded in the SSDT addressable area and is able to hook operating system functions. Conversely, if the driver is not authorized to be in the SSDT addressable area, the driver is loaded outside the SSDT addressable area and is not able to hook operating system functions. In this manner, only authorized drivers are allowed to hook operating system functions.
摘要翻译: 一种方法包括确定驱动程序加载地址在系统服务调度表(SSDT)可寻址区域中。 该方法还包括确定驾驶员是否被授权在SSDT可寻址区域中。 如果驱动程序被授权在SSDT可寻址区域,则驱动程序加载到SSDT可寻址区域,并且能够挂接操作系统功能。 相反,如果驱动程序没有被授权在SSDT可寻址区域,驱动程序将被加载到SSDT可寻址区域之外,并且不能挂起操作系统功能。 以这种方式,只允许授权的驱动程序挂起操作系统功能。
-
62.发明授权System and method of logical prefetching for optimizing file scanning operations 有权用于优化文件扫描操作的逻辑预取的系统和方法公开(公告)号:US07818807B1
公开(公告)日:2010-10-19
申请号:US11479435
申请日:2006-06-30
CPC分类号: G06F21/562
摘要: Scanning of a file for malware is performed by prefetching data needed for the scan. The sequence of data to be prefetched is determined based on a previous malware scan of the file. Logical prefetching functionality is used to monitor a sequence of data accesses during the previous malware scan. The sequence is saved and is then later usable to prefetch data in anticipation of a next malware scan of the file.
摘要翻译: 通过预取扫描所需的数据来执行扫描恶意软件的文件。 要预取的数据序列是根据文件的先前恶意软件扫描确定的。 逻辑预取功能用于监视先前恶意软件扫描期间的数据访问序列。 该序列被保存,然后可用于预期下一次文件的恶意软件扫描时预取数据。
-
公开(公告)号:US07809797B2
公开(公告)日:2010-10-05
申请号:US11697467
申请日:2007-04-06
申请人: Shaun Cooley , Bruce McCorkendale
发明人: Shaun Cooley , Bruce McCorkendale
IPC分类号: G06F15/16
CPC分类号: G06F21/6218 , G06F2221/2141 , G06F2221/2149
摘要: A parent defines friend rules for on-line association with their child. Upon a request of an on-line stranger to be a new friend of the child, stranger information about the on-line stranger is retrieved and compared to the friend rules to determine whether the stranger is allowed, blocked or restricted from being a friend with the child. Accordingly, the parent only has to use a minimal amount of time in establishing the friend rules to protect the parent's child from on-line strangers.
摘要翻译: 父母定义与他们的孩子在线关联的朋友规则。 根据一位在线陌生人的要求成为该小孩的新朋友,有关陌生人关于在线陌生人的信息被检索,并与朋友规则进行比较,以确定陌生人是否被允许,阻止或限制为朋友 孩子 因此,父母只需要花费最少的时间来建立朋友的规则来保护父母的子女免受在线陌生人的影响。
-
公开(公告)号:US07730533B1
公开(公告)日:2010-06-01
申请号:US11282539
申请日:2005-11-18
CPC分类号: G06F21/562
摘要: A computer includes a filter module providing a standardized interface for intercepting file access requests. The computer also includes a cache manager that manages the caching mode used with the requests. An application on the computer issues a file access request and explicitly or implicitly specifies a cache hint informing the cache manager of a desired caching mode. A security scanner module scans files on the computer for malicious software. The security scanner module intercepts a file access request and alters the caching mode, if necessary, to one optimized for security scanning. The security scanner module performs the file scan using the optimal caching mode, and, if necessary, resets the caching mode to its original state.
摘要翻译: 计算机包括提供用于拦截文件访问请求的标准化接口的过滤器模块。 计算机还包括管理与请求一起使用的缓存模式的缓存管理器。 计算机上的应用程序发出文件访问请求,并显式或隐式地指定缓存提示,通知缓存管理器所需的缓存模式。 安全扫描器模块扫描计算机上的文件以获取恶意软件。 安全扫描器模块拦截文件访问请求,如果需要,将其改变为针对安全扫描进行优化的缓存模式。 安全扫描器模块使用最佳缓存模式执行文件扫描,如有必要,将缓存模式重置为原始状态。
-
公开(公告)号:US07694139B2
公开(公告)日:2010-04-06
申请号:US10280665
申请日:2002-10-24
IPC分类号: H04L9/32
CPC分类号: G06F21/51
摘要: A software development system (SDS) (228) digitally signs software (230) developed on the system. The SDS (228) executes on a computer system (112) having a trusted computing platform. The platform includes protected areas (220, 226) that store data and cannot be accessed by unauthorized modules. A code signing module (232) executing in a protected area (226) obtains a private/public key pair and a corresponding digital certificate. The SDS (228) is configured to automatically and transparently utilize the code signing module (232) to sign software (230) produced by the system. End-user systems (114) receive the certificate with the software and can use it to verify the signature. This verification will fail if a parasitic virus or other malicious code has altered the software (230). Accordingly, the SDS (228) greatly reduces the risk of malicious code executing on the end-user computer system (114).
摘要翻译: 软件开发系统(SDS)(228)对系统上开发的软件(230)进行数字签名。 SDS(228)在具有可信计算平台的计算机系统(112)上执行。 该平台包括存储数据的保护区域(220,226),并且不被未经授权的模块访问。 在保护区域(226)中执行的代码签名模块(232)获得私钥/公钥对和相应的数字证书。 SDS(228)被配置为自动且透明地利用代码签名模块(232)来签署由系统产生的软件(230)。 最终用户系统(114)使用软件接收证书,并可以使用它来验证签名。 如果寄生病毒或其他恶意代码已更改软件,则此验证将失败(230)。 因此,SDS(228)大大降低了在最终用户计算机系统(114)上执行恶意代码的风险。
-
66.发明申请SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO DATA THROUGH APPLICATION VIRTUALIZATION LAYERS 有权通过应用虚拟化层控制访问数据的系统和方法公开(公告)号:US20100064340A1
公开(公告)日:2010-03-11
申请号:US12147700
申请日:2008-06-27
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , G06F21/6218 , H04L63/16
摘要: A computer-implemented method for controlling access to data is. A request to access data is received. A determination is made that an access-control policy of the data is satisfied. A virtualization layer is activated to allow access to the data after determining that the access-control policy is satisfied. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于控制对数据访问的计算机实现的方法是。 接收到访问数据的请求。 确定满足数据的访问控制策略。 在确定访问控制策略被满足之后,虚拟化层被激活以允许访问数据。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US07647622B1
公开(公告)日:2010-01-12
申请号:US11112192
申请日:2005-04-22
CPC分类号: H04L63/1425 , H04L63/20
摘要: Risk events occurring on a computer system are logged over time and a risk profile is dynamically generated and updated based on the logged risk events. In one embodiment, a security policy is dynamically set and updated based on the risk profile.
摘要翻译: 随着时间的推移,计算机系统上发生的风险事件将被记录,并根据记录的风险事件动态生成和更新风险配置文件。 在一个实施例中,基于风险简档动态地设置和更新安全策略。
-
公开(公告)号:US07571485B1
公开(公告)日:2009-08-04
申请号:US11094648
申请日:2005-03-30
IPC分类号: G06F7/04
CPC分类号: H04L63/1441 , G06F21/554 , G06F2221/2119 , H04L63/1483
摘要: A network traffic manager detects an attempt by a computer to communicate with a remote site over a computer network. The network traffic manager queries a database containing descriptions of known legitimate sites for an entry describing the remote site, and determines whether the remote site is to be treated as suspicious or legitimate. If there is no entry describing the site in the database, the network traffic manager treats the site as suspicious. If there is an entry describing the remote site, the network traffic manager compares the entry to the site itself, to determine whether the site conforms to the database description. If it does not so conform, the site is treated as suspicious. If the site does conform to its description, it is considered legitimate. In some embodiments, additional tests are performed.
摘要翻译: 网络流量管理器检测计算机尝试通过计算机网络与远程站点进行通信。 网络流量管理器查询包含描述远程站点的条目的已知合法站点描述的数据库,并确定该远程站点是否被视为可疑或合法的。 如果没有描述数据库中的站点的条目,则网络流量管理器将站点视为可疑。 如果存在描述远程站点的条目,则网络流量管理器将该条目与站点本身进行比较,以确定站点是否符合数据库描述。 如果不符合要求,该网站被视为可疑。 如果网站符合其描述,则认为是合法的。 在一些实施例中,执行附加测试。
-
69.发明申请公开(公告)号:US20090158399A1
公开(公告)日:2009-06-18
申请号:US12002706
申请日:2007-12-18
申请人: Shaun Cooley , Bruce McCorkendale
发明人: Shaun Cooley , Bruce McCorkendale
IPC分类号: G06F21/20
CPC分类号: G06F21/31 , G06F21/41 , G06F2221/2119
摘要: A method of automating an authentication sequence for accessing a computer resource comprising processing form information associated with the authentication sequence, wherein the authentication sequence comprises a plurality of queries associated with a plurality of web pages; and communicating a response to a portion of the authentication sequence using form information that corresponds to a query upon recognition of indicia of the portion of the plurality of web pages where the portion comprises the query.
摘要翻译: 一种自动化用于访问计算机资源的认证序列的方法,包括处理与所述认证序列相关联的表单信息,其中所述认证序列包括与多个网页相关联的多个查询; 以及在识别出所述部分包括所述查询的所述多个网页的所述部分的标记的对应于所述查询的表单信息时,向所述认证序列的一部分传达响应。
-
公开(公告)号:US20060130139A1
公开(公告)日:2006-06-15
申请号:US11325762
申请日:2006-01-04
申请人: William Sobel , Bruce McCorkendale
发明人: William Sobel , Bruce McCorkendale
IPC分类号: G06F12/14
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1433 , H04L63/1441
摘要: Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.
摘要翻译: 来自入侵检测系统(IDS)传感器,脆弱性评估(VA)传感器和/或其他安全传感器的安全传感器数据用于增强客户端符合性系统中的合规性确定。 数据库用于存储安全传感器数据。 在一个特定实施例中,由IDS,VA和/或其他安全感测技术组合的对应标识符(例如,IP / MAC地址)索引的设备合规性状态列表可用作用于查询的不合规数据库,使得 客户端和其他合规认证元素可以告诉某个客户端似乎不合规。 启用了客户端自我监管合规性系统,并且可以与自动化端点合规策略配置结合使用,以减少系统管理员的负担。
-
-
-
-
-
-
-
-
-
搜索结果
129 条记录 (耗时 0.023 秒)
