-
公开(公告)号:US09202058B1
公开(公告)日:2015-12-01
申请号:US14325221
申请日:2014-07-07
Applicant: Po-Hsun Yen , Chuan-Hung Lin , Jie-Ren Shih
Inventor: Po-Hsun Yen , Chuan-Hung Lin , Jie-Ren Shih
CPC classification number: G06F9/4555 , G06F8/61 , G06F21/57 , G06F21/60 , G06F21/6245
Abstract: Techniques to perform root volume encryption in a para-virtualized virtual machine are described. A disk layout supports the root volume encryption, set key flow, and normal boot flow of the para-virtualized virtual machine. An implementation for performing encryption for a cloud-based service is disclosed.
Abstract translation: 描述了在虚拟虚拟机中执行根卷加密的技术。 磁盘布局支持副虚拟化虚拟机的根卷加密,设置密钥流和正常启动流。 公开了一种用于为基于云的服务执行加密的实现。
-
公开(公告)号:US09202053B1
公开(公告)日:2015-12-01
申请号:US13779422
申请日:2013-02-27
Applicant: Yong Huang , Hua Ye , Hong Bo Gan , Yue Feng Li
Inventor: Yong Huang , Hua Ye , Hong Bo Gan , Yue Feng Li
CPC classification number: G06F21/566 , G06F21/561 , G06F21/575
Abstract: Emulation software executes upon an operating system of a computer and creates an emulated computer. Bootstrapping code is read into this emulated computer from a sector (such as a master boot record) of a mass storage device. Instructions in the bootstrapping code are executed by an instruction emulator (also using an emulated CPU, emulated memory and an emulated hard disk) and these instructions and behavior are collected as each instruction executes. Access to the actual hard disk may be allowed. The collected information is then compared to a virus signature or behavior rules indicating malware and a conclusion is drawn as to whether the bootstrapping code includes malicious software.
Abstract translation: 仿真软件在计算机的操作系统上执行并创建仿真计算机。 引导代码从大容量存储设备的扇区(例如主引导记录)读入此仿真计算机。 引导代码中的指令由指令仿真器(也使用仿真CPU,仿真存储器和仿真硬盘)执行,并且每个指令执行时会收集这些指令和行为。 可以访问实际的硬盘。 然后将收集的信息与指示恶意软件的病毒签名或行为规则进行比较,并且得出关于引导代码是否包括恶意软件的结论。
-
公开(公告)号:US09178900B1
公开(公告)日:2015-11-03
申请号:US14085546
申请日:2013-11-20
Applicant: Yuefeng Li , Qiang Huang , Ben Huang
Inventor: Yuefeng Li , Qiang Huang , Ben Huang
CPC classification number: G06F21/566 , G06F11/1446 , G06F21/552 , G06F21/554 , G06F21/568 , G06F2009/45587 , G06F2201/815 , G06F2221/2101 , H04L63/1416 , H04L63/145
Abstract: A computer executes a suspicious software sample directly on its CPU in order to detect if the software sample is malicious. The software sample does not execute within a sandbox or virtual machine. Before the sample executes, a memory state of the computer is saved and a virtual disk file is created to bootstrap the computer at a later time. Malicious behavior of the software sample is collected while it executes and a report is generated. Hard disk access requests are redirected to a virtual disk file. The software sample does not detect that it is being analyzed. After execution of the sample, the computer is reverts to a clean state by bootstrapping the computer from the saved virtual disk file and then restoring the computer's volatile and non-volatile virtual memory from the saved memory state. A new software sample may then be executed and analyzed on the clean computer.
Abstract translation: 计算机直接在其CPU上执行可疑软件样本,以检测软件样本是否是恶意的。 软件样本不在沙箱或虚拟机中执行。 在执行示例之前,将保存计算机的内存状态,并创建一个虚拟磁盘文件,以便以后引导计算机。 收集执行软件样本的恶意行为并生成报告。 硬盘访问请求被重定向到一个虚拟磁盘文件。 软件样本没有检测到它正在被分析。 执行样品后,计算机将通过从保存的虚拟磁盘文件引导计算机,然后从保存的内存状态恢复计算机的易失性和非易失性虚拟内存,恢复为干净状态。 然后可以在干净的计算机上执行和分析新的软件样本。
-
公开(公告)号:US09177146B1
公开(公告)日:2015-11-03
申请号:US13270965
申请日:2011-10-11
Applicant: Wen-Chih Lee , Ming-Chang Shih , Wei-Chung Chou
Inventor: Wen-Chih Lee , Ming-Chang Shih , Wei-Chung Chou
IPC: G06F21/56
CPC classification number: G06F21/566
Abstract: A database of known graphical user interface layouts is generated using samples of known executable files. An executable file having an unknown function is obtained; it is executed within a safe environment and its graphical user interface is identified. Layout analysis enumerates all of the windows within the interface and extracts the position values of each window and the dimension values of each window to form a set of layout information. If the layout database contains this layout information set then it is determined that the layout information is of the same type of software corresponding to the type of software contained within the database (or of the type of software to which the layout information is matched within the database). A match may occur if all the windows match, if only some percentage of the windows match, or if the windows do not match exactly but the dimensions of the corresponding window in the database are within a certain percentage.
Abstract translation: 使用已知可执行文件的样本生成已知图形用户界面布局的数据库。 获得具有未知功能的可执行文件; 它在安全的环境中执行,并且其图形用户界面被识别。 布局分析枚举界面中的所有窗口,并提取每个窗口的位置值和每个窗口的维度值,以形成一组布局信息。 如果布局数据库包含该布局信息集,则确定布局信息是与包含在数据库内的软件类型相对应的相同类型的软件(或者布局信息在该数据库内匹配的软件的类型) 数据库)。 如果所有窗口匹配,则只有一部分窗口匹配,或者窗口不完全匹配,但数据库中相应窗口的尺寸在一定百分比之内时,则可能会发生匹配。
-
公开(公告)号:US09111073B1
公开(公告)日:2015-08-18
申请号:US13680834
申请日:2012-11-19
Applicant: Juliang Jiang , Jing Cao , Xiangdong Ruan
Inventor: Juliang Jiang , Jing Cao , Xiangdong Ruan
IPC: G06F21/31
CPC classification number: G06F21/36
Abstract: A user generates a pattern in a matrix (or two-dimensional grid) and enters a user name and an associated password. This username, password and pattern are stored locally on a computing device or are transmitted to a remote computer server for later authentication. Upon authentication, an input matrix is displayed. The user enters the password into the matrix in the form of the pattern, and also enters the username. The computer retrieves the previously stored pattern and password with the username. The previously stored pattern is used to read the input password from the input matrix. A match with the stored password indicates authentication. Alternatively, the input matrix only includes the pattern and password is entered separately. The input matrix may also be filled with random characters to improve security. The stored pattern is compared to the input pattern using image analysis or by comparing a set of coordinates.
Abstract translation: 用户以矩阵(或二维网格)生成模式,并输入用户名和关联的密码。 该用户名,密码和模式本地存储在计算设备上,或者被发送到远程计算机服务器以供稍后验证。 认证后,显示输入矩阵。 用户以模式的形式将密码输入矩阵,并输入用户名。 计算机使用用户名检索先前存储的模式和密码。 先前存储的模式用于从输入矩阵读取输入密码。 与存储的密码匹配表示认证。 或者,输入矩阵仅包括模式,密码分别输入。 输入矩阵也可以用随机字符填充以提高安全性。 使用图像分析或通过比较一组坐标将存储的图案与输入图案进行比较。
-
Patent Agency Ranking
公开(公告)号:US09049222B1
公开(公告)日:2015-06-02
申请号:US13365161
申请日:2012-02-02
Applicant: Juan He , Jialai Zhu , Xuewen Zhu , Xiaochuan Wan
Inventor: Juan He , Jialai Zhu , Xuewen Zhu , Xiaochuan Wan
CPC classification number: H04L63/1416 , G06F21/566 , G06F21/577 , H04L63/1425 , H04L63/1433 , H04L63/145
Abstract: Cross-site scripting vulnerabilities in a Web browser that may lead to malware execution on a computing device are reduced. The specific vulnerabilities arise from HTML-based e-mails using e-mail service providers (e.g., Hotmail, Gmail, Yahoo) that have unknown or malformed HTML elements and Javascripts. These unknown elements may execute in a browser and cause harm to the computing device. To prevent this, the e-mail is parsed to create a DOM tree. The DOM tree is filtered using a normal element filter. The modified DOM tree is filtered a second time using a script analyzer filter to isolate potentially harmful HTML and Javascript elements. These elements are then emulated to determine which of them are in fact malicious. These malicious elements are then prevented from executing, for example, by preventing the e-mail recipient from opening the e-mail in the browser.
Abstract translation: Web浏览器中可能导致计算设备上恶意软件执行的跨站点脚本漏洞减少。 特定的漏洞源自使用电子邮件服务提供商(例如Hotmail,Gmail,Yahoo)的HTML电子邮件,其中包含未知或格式错误的HTML元素和Javascript。 这些未知元素可能在浏览器中执行,并对计算设备造成危害。 为了防止这种情况,电子邮件被解析为创建一个DOM树。 使用普通元素过滤器过滤DOM树。 修改后的DOM树第二次使用脚本分析器过滤器进行过滤,以隔离可能有害的HTML和Javascript元素。 然后将这些元素模拟以确定其中哪些实际上是恶意的。 然后,例如通过防止电子邮件接收者在浏览器中打开电子邮件来防止这些恶意元素的执行。
-
公开(公告)号:US09025900B1
公开(公告)日:2015-05-05
申请号:US13607565
申请日:2012-09-07
Applicant: Wen-Kwang Tsao , Kuan-Ru Fu , Yu-Kuang Lin
Inventor: Wen-Kwang Tsao , Kuan-Ru Fu , Yu-Kuang Lin
CPC classification number: G06F17/3028
Abstract: A signal processing transformation (wavelet, Fourier, discrete cosine) is applied to a digital image on a mobile device in order to produce a low-level information image and at least one high-level information image. The low-level image is recognizable as the digital image and is kept on the device; all other related images are deleted. The high-level information images are uploaded. The transformation is applied recursively and is dictated by a default setting, calculated from data of the mobile device, or input. To regenerate the original image the device connects to the server and downloads a set of high-level information images or all sets. The low resolution image is combined with the high-level information images using the reverse of the transformation originally applied to produce a higher resolution version of the low resolution image. Successive sets of high-level information images may be recursively applied to generate successively higher resolution images.
Abstract translation: 将信号处理变换(小波,傅立叶,离散余弦)应用于移动设备上的数字图像,以便产生低级信息图像和至少一个高级信息图像。 低级图像可识别为数字图像并保存在设备上; 所有其他相关图像被删除。 上传高级信息图像。 转换是递归地应用的,并且由根据移动设备的数据或输入计算的默认设置来规定。 要重新生成原始图像,设备将连接到服务器并下载一组高级信息图像或所有集合。 低分辨率图像与高级信息图像结合使用原始应用的变换的反向以产生较高分辨率版本的低分辨率图像。 可以递归地应用连续的高级信息图像集合以生成连续更高分辨率的图像。
-
公开(公告)号:US08949588B1
公开(公告)日:2015-02-03
申请号:US13863235
申请日:2013-04-15
Applicant: Hua Ye , Xiaodong Huang , Yong Huang , Yue Feng Li , Wei Zuo
Inventor: Hua Ye , Xiaodong Huang , Yong Huang , Yue Feng Li , Wei Zuo
CPC classification number: G06F21/568 , G06F21/575
Abstract: A mobile telephone is used to diagnose a computer with malware. The telephone becomes a bootable device with a bootable partition in persistent storage. An operating system image including antivirus software in the bootable partition of the telephone is used to bootstrap the affected computer. The antivirus software executes upon the computer and transfers results (files, checksums, registry data) to the mobile telephone. The telephone uploads these results to a remote cloud service which then develops instructions, patterns, files, etc. for counteracting the malware. The cloud service downloads this response to the mobile telephone which then transfers the response back to the computer. The antivirus software on the computer uses the response to remove the malware on the computer. An interface application on the mobile telephone handles transfer with the computer and uploading and downloading with the cloud service.
Abstract translation: 手机用于诊断具有恶意软件的计算机。 电话成为可持续存储中的可引导分区的可引导设备。 使用包括电话可引导分区中的防病毒软件的操作系统映像来引导受影响的计算机。 防病毒软件在计算机上执行,并将结果(文件,校验和,注册表数据)传输到移动电话。 电话将这些结果上传到远程云服务,然后开发用于抵消恶意软件的指令,模式,文件等。 云服务将此响应下载到移动电话,然后将响应传回计算机。 计算机上的防病毒软件使用响应来删除计算机上的恶意软件。 移动电话上的接口应用程序处理与计算机的传输,并使用云服务上传和下载。
-
公开(公告)号:US08893274B2
公开(公告)日:2014-11-18
申请号:US13197701
申请日:2011-08-03
Applicant: Minghang Zhu , Gongwei Qian
Inventor: Minghang Zhu , Gongwei Qian
CPC classification number: G06F21/53 , H04L63/0227 , H04L63/145
Abstract: A security virtual machine inspects all data traffic between other virtual machines on a virtualization platform in order to prevent an inter-VM attack. Data traffic between the machines is intercepted at the privileged domain and directed to the security virtual machine via a hook mechanism and a shared memory location. The traffic is read by the security machine and analyzed for malicious software. After analysis, the security machine sends back a verdict for each data packet to the privileged machine which then drops each data packet or passes each data packet on to its intended destination. The privileged domain keeps a copy of each packet or relies upon the security machine to send back each packet. The security machine also substitutes legitimate or warning data packets into a malicious data package instead of blocking data packets. The shared memory location is a circular buffer for greater performance. Traffic is intercepted on a single host computer or between host computers.
Abstract translation: 安全虚拟机检查虚拟化平台上的其他虚拟机之间的所有数据流量,以防止VM间的攻击。 机器之间的数据流量在特权域被拦截,并通过挂钩机制和共享存储器位置定向到安全虚拟机。 流量由安全机读取并分析恶意软件。 分析后,安全机器将每个数据包的判决发回给特权机器,该机器然后丢弃每个数据包或将每个数据包传递到其预定的目的地。 特权域保留每个数据包的副本,或依赖于安全机器发送每个数据包。 安全机器还可以将合法或警告数据包替换为恶意数据包,而不是阻止数据包。 共享内存位置是一个循环缓冲区,用于提高性能。 流量在单个主机或主机之间被拦截。
-
公开(公告)号:US08868979B1
公开(公告)日:2014-10-21
申请号:US13301604
申请日:2011-11-21
Applicant: Zhihe Zhang , Zhifei Tao , Min Zhang , Yong An , Xiaodong Huang
Inventor: Zhihe Zhang , Zhifei Tao , Min Zhang , Yong An , Xiaodong Huang
IPC: G06F11/00
CPC classification number: G06F11/0706 , G06F11/079 , G06F11/1417 , G06F11/1446 , G06F21/56 , G06F21/575
Abstract: Critical resources are identified within a computer system such as operating system files, drivers, modules and registry keys that are used to bootstrap the computer. During a successful bootstrap, these resources are saved into persistent storage during the bootstrap phase. Changes to critical resources are monitored and these resources are backed up if they are changed. Upon computer system failure, steps of identifying the type of failure and an analysis of its root cause are optionally performed. A user is presented with a bootstrap menu and critical resources necessary to bootstrap the computer are retrieved from persistent storage and saved into their appropriate locations. A successful bootstrap is then performed of the computer system in order to recover from the failure.
Abstract translation: 在计算机系统中识别关键资源,例如用于引导计算机的操作系统文件,驱动程序,模块和注册表项。 在成功的引导过程中,这些资源在引导阶段被保存到持久存储器中。 监视对关键资源的更改,如果更改这些资源,则备份这些资源。 在计算机系统故障时,可选地执行识别故障类型和分析其根本原因的步骤。 向用户呈现引导菜单,并从永久存储器检索引导计算机所需的关键资源,并将其保存到适当的位置。 然后对计算机系统执行成功的引导,以便从故障中恢复。
-
-
-
-
-
-
-
-
-
Search Results
140
records
(took 0.038 seconds)
