-
公开(公告)号:US20230087954A1
公开(公告)日:2023-03-23
申请号:US18054110
申请日:2022-11-09
Applicant: OPSWAT Inc.
Inventor: John CURRY , Tzvetan CHALIAVSKI , Cosmin BANCIU
IPC: G06F21/53
Abstract: A method includes transmitting data by a first interface card in a trusted domain. A second interface card in an untrusted domain receives the data. The second interface card stores the data in a first memory location of a plurality of first memory locations in the untrusted domain and verifies integrity of the data. The second interface card writes a result of the verifying in a second memory location of a plurality of second memory locations in the untrusted domain. The first interface card retrieves the result of the verifying from the second memory location of the plurality of second memory locations in the untrusted domain. The first interface card creates a table configured to identify and track a state of the second memory location of the plurality of second memory locations in the untrusted domain corresponding to the data received from the first interface card in the trusted domain.
-
公开(公告)号:US20230085632A1
公开(公告)日:2023-03-23
申请号:US18054107
申请日:2022-11-09
Applicant: OPSWAT Inc.
Inventor: John Curry , Tzvetan Chaliavski , Cosmin BANCIU
Abstract: A method includes transmitting, by a first interface card in a trusted domain, data. A second interface card in an untrusted domain receives the data. The second interface card stores the data to a first memory location in the untrusted domain, and verifies integrity of the data. The second interface card writes a result of the verifying in a second memory location in the untrusted domain. The first interface card in the trusted domain retrieves the result of the verifying from the second memory location in the untrusted domain. The first interface card in the trusted domain determines if the data in the transmitting was received by the second interface card based on the result.
-
公开(公告)号:US10554681B2
公开(公告)日:2020-02-04
申请号:US16174139
申请日:2018-10-29
Applicant: OPSWAT, Inc.
Inventor: Benjamin Czarny , Jianpeng Mo , Ali Rezafard , David Matthew Patt
Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
-
公开(公告)号:US20180293180A1
公开(公告)日:2018-10-11
申请号:US16009512
申请日:2018-06-15
Applicant: OPSWAT, Inc.
Inventor: Benjamin Czarny , Jianpeng Mo , Boris Dynin
IPC: G06F12/14 , G06F17/30 , G06F3/06 , G06F7/02 , G06F21/85 , G06F21/62 , G06F21/60 , G06F3/12 , G06F21/00
CPC classification number: G06F12/1408 , G06F3/0623 , G06F3/0635 , G06F3/0673 , G06F3/1226 , G06F7/02 , G06F17/3007 , G06F17/30135 , G06F17/30312 , G06F17/30371 , G06F17/30386 , G06F17/30864 , G06F21/00 , G06F21/60 , G06F21/602 , G06F21/62 , G06F21/6209 , G06F21/6218 , G06F21/85 , G06F2212/1052 , G06F2221/2107
Abstract: A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.
-
公开(公告)号:US09471794B2
公开(公告)日:2016-10-18
申请号:US15015084
申请日:2016-02-03
Applicant: OPSWAT, Inc.
Inventor: Benjamin Czarny , Jianpeng Mo , Boris Dynin
CPC classification number: G06F12/1408 , G06F3/0623 , G06F3/0635 , G06F3/0673 , G06F3/1226 , G06F7/02 , G06F17/3007 , G06F17/30135 , G06F17/30312 , G06F17/30371 , G06F17/30386 , G06F17/30864 , G06F21/00 , G06F21/60 , G06F21/602 , G06F21/62 , G06F21/6209 , G06F21/6218 , G06F21/85 , G06F2212/1052 , G06F2221/2107
Abstract: A method, program and/or system reads a file through a first path from a data storage to obtain a first data. The file is read through a second path from the data storage to obtain a second data. The first data is compared to the second data. When the first data matches the second data, the file is determined not to be encrypted in the data storage. When the first data does not match the second data, the file is determined to be encrypted in the data storage.
Abstract translation: 方法,程序和/或系统通过来自数据存储器的第一路径读取文件以获得第一数据。 从数据存储器通过第二路径读取文件以获得第二数据。 将第一数据与第二数据进行比较。 当第一数据与第二数据匹配时,该文件被确定为不在数据存储器中被加密。 当第一数据与第二数据不匹配时,该文件被确定为在数据存储器中被加密。
-
Patent Agency Ranking
公开(公告)号:US09256635B2
公开(公告)日:2016-02-09
申请号:US14696228
申请日:2015-04-24
Applicant: OPSWAT, Inc.
Inventor: Benjamin Czarny , Jianpeng Mo , Boris Dynin
CPC classification number: G06F12/1408 , G06F3/0623 , G06F3/0635 , G06F3/0673 , G06F3/1226 , G06F7/02 , G06F17/3007 , G06F17/30135 , G06F17/30312 , G06F17/30371 , G06F17/30386 , G06F17/30864 , G06F21/00 , G06F21/60 , G06F21/602 , G06F21/62 , G06F21/6209 , G06F21/6218 , G06F21/85 , G06F2212/1052 , G06F2221/2107
Abstract: A method, program and/or system for determining whether a data storage is encrypted. A file is written through a first path to the data storage. The file is read through a second path from the data storage. First data known to have been written in the file is compared to second data that has been read from the file. When the first data matches the second data, the first path is determined not to have encrypted the file when writing to the data storage. When the first data does not match the second data, the first path is determined to have encrypted the file when writing to the data storage.
-
公开(公告)号:US20230394146A1
公开(公告)日:2023-12-07
申请号:US17805677
申请日:2022-06-06
Applicant: OPSWAT Inc.
Inventor: Ran Dubin
CPC classification number: G06F21/565 , G06F9/45558 , G06F21/53 , G06F2009/45595 , G06F2221/034
Abstract: A method includes receiving, by a computerized system, a file in network traffic to an enterprise system. The computerized system identifies data associated with the file. The computerized system receives a policy based on the data associated with the file for an event of the file. The computerized system executes the file in a user mode of a virtual machine. A driver in a kernel mode of the virtual machine analyzes the event of the file based on the policy during the executing of the file. When the event violates the policy, the computerized system denies an entry of the file to the enterprise system.
-
公开(公告)号:US11811738B2
公开(公告)日:2023-11-07
申请号:US17651387
申请日:2022-02-16
Applicant: OPSWAT Inc.
Inventor: John Curry , Tzvetan Chaliavski , Cosmin Banciu
IPC: H04L9/40 , H04L1/1607 , H04L12/46 , G06F21/53
CPC classification number: H04L63/0281 , G06F21/53 , H04L1/1621 , H04L12/46 , H04L63/0209 , H04L63/105 , G06F2221/034
Abstract: A method includes a processor in a trusted domain receiving a first request having a plurality of messages for a device in an untrusted domain. The processor assigns a memory location having data segments and status segments. The memory location is accessible by an untrusted side interface card. The processor transmits a first message to a first data segment. The processor receives a first value associated with the first message from a first status segment. The processor determines whether the first value indicates that the first message has been received and stores a first representation of a successful data transmission. The processor transmits a second message to a second data segment. The processor retrieves a second value from the second status segment. The processor determines whether the second value indicates that the second message has been received and stores a second representation of the successful data transmission.
-
公开(公告)号:US11165811B2
公开(公告)日:2021-11-02
申请号:US16780674
申请日:2020-02-03
Applicant: OPSWAT, Inc.
Inventor: Benjamin Czarny , Jianpeng Mo , Ali Rezafard , David Matthew Patt
Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
-
公开(公告)号:US20190268352A1
公开(公告)日:2019-08-29
申请号:US15905441
申请日:2018-02-26
Applicant: OPSWAT, Inc.
Inventor: Taeil Goh , Vinh Nguyen Xuan Lam , Nhut Minh Ngo , Dung Huu Nguyen
Abstract: A Content Disarm and Reconstruction (CDR) method is disclosed including a computer receiving an input file having a file format configured with a structured storage. The computer disassembles the structured storage into at least one subfile. Each subfile is a stream subfile. For each subfile, the computer identifies an item in the stream subfile. The computer analyzes the item in the stream subfile for an unwanted behavior by determining an acceptability of the unwanted behavior, distinguishing a visibility of the item, and recognizing a necessity of the item. The computer, based on a result of the analyzing step, processes the item in the stream subfile resulting in a processed subfile. The computer assembles the processed subfiles into an output file having the same file format as the file format as the input file.
-
-
-
-
-
-
-
-
-
Search Results
33
records
(took 0.022 seconds)
