Virtual Browsing Environment
    1.
    发明申请
    Virtual Browsing Environment 有权
    虚拟浏览环境

    公开(公告)号:US20110167492A1

    公开(公告)日:2011-07-07

    申请号:US12827203

    申请日:2010-06-30

    IPC分类号: G06F21/00 G06F3/048 G06F15/16

    摘要: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.

    摘要翻译: 用于提供安全虚拟浏览环境的实施例包括利用共享支持操作系统的操作系统内核并在虚拟浏览环境中执行浏览器应用的虚拟操作系统创建虚拟浏览环境。 另一个实施例包括在浏览器应用程序内接收网站选择,确定网站选择是否对应于安全书签,以及创建第二虚拟浏览环境并在第二虚拟浏览环境中执行浏览器应用程序以在网站选择时访问网站选择 对应于指定为安全书签的网站。 另一个实施例包括在至少一个虚拟浏览环境中监视操作系统的操作,确定操作系统的操作何时包括潜在的恶意活动,以及当操作包括潜在的恶意活动时终止虚拟浏览环境。

    On-demand disposable virtual work system
    2.
    发明授权
    On-demand disposable virtual work system 有权
    按需一次性虚拟工作系统

    公开(公告)号:US08856782B2

    公开(公告)日:2014-10-07

    申请号:US12037412

    申请日:2008-02-26

    IPC分类号: G06F9/455 G06F9/46

    摘要: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

    摘要翻译: 一种按需一次性虚拟工作系统,其包括:虚拟机监视器以托管虚拟机,虚拟机池管理器,主机操作系统,主机程序许可列表和请求处理程序模块。 虚拟机池管理器管理虚拟机资源。 主机操作系统与用户以及使用参考操作系统映像创建的虚拟机进行接口。 主机程序许可列表可以是用于指示允许的程序的黑名单和/或白名单。 如果程序是允许的,请求处理程序模块允许执行程序。 如果程序不允许,主机请求处理程序模块:拒绝程序执行,并且敦促由虚拟机池管理器指定的虚拟机执行该程序。 虚拟机在程序关闭时终止。

    ON-DEMAND DISPOSABLE VIRTUAL WORK SYSTEM
    3.
    发明申请
    ON-DEMAND DISPOSABLE VIRTUAL WORK SYSTEM 有权
    需求可行的虚拟工作系统

    公开(公告)号:US20090125902A1

    公开(公告)日:2009-05-14

    申请号:US12037412

    申请日:2008-02-26

    IPC分类号: G06F9/455

    摘要: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

    摘要翻译: 一种按需一次性虚拟工作系统,其包括:虚拟机监视器以托管虚拟机,虚拟机池管理器,主机操作系统,主机程序许可列表和请求处理程序模块。 虚拟机池管理器管理虚拟机资源。 主机操作系统与用户以及使用参考操作系统映像创建的虚拟机进行接口。 主机程序许可列表可以是用于指示允许的程序的黑名单和/或白名单。 如果程序是允许的,请求处理程序模块允许执行程序。 如果程序不允许,主机请求处理程序模块:拒绝程序执行,并且敦促由虚拟机池管理器指定的虚拟机执行该程序。 虚拟机在程序关闭时终止。

    Virtual browsing environment
    4.
    发明授权
    Virtual browsing environment 有权
    虚拟浏览环境

    公开(公告)号:US08839422B2

    公开(公告)日:2014-09-16

    申请号:US12827203

    申请日:2010-06-30

    摘要: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.

    摘要翻译: 用于提供安全虚拟浏览环境的实施例包括利用共享支持操作系统的操作系统内核并在虚拟浏览环境中执行浏览器应用的虚拟操作系统创建虚拟浏览环境。 另一个实施例包括在浏览器应用程序内接收网站选择,确定网站选择是否对应于安全书签,以及创建第二虚拟浏览环境并在第二虚拟浏览环境中执行浏览器应用程序以在网站选择时访问网站选择 对应于指定为安全书签的网站。 另一个实施例包括在至少一个虚拟浏览环境中监视操作系统的操作,确定操作系统的操作何时包括潜在的恶意活动,以及当操作包括潜在的恶意活动时终止虚拟浏览环境。

    Hardware Assisted Operating System Switch
    5.
    发明申请
    Hardware Assisted Operating System Switch 审中-公开
    硬件辅助操作系统开关

    公开(公告)号:US20120297177A1

    公开(公告)日:2012-11-22

    申请号:US13296303

    申请日:2011-11-15

    IPC分类号: G06F15/177

    CPC分类号: G06F21/575 G06F21/53

    摘要: An interoperable firmware memory containing a Basic Input Output System (BIOS) and a trusted platform module (TPSM). The BIOS includes CPU System Management Mode (SMM) firmware configured as read-only at boot. The SMM firmware configured to control switching subsequent to boot between at least: a first memory and second isolated memory; and a first and second isolated non-volatile storage device. The first memory including a first operating system and the second memory including a second operating system. The first non-volatile storage device configured to be used by the first operating system and the second non-volatile storage device configured to be used by the second operating system. The trusted platform module (TPSM) configured to check the integrity of the CPU system Management Mode (SMM) during the boot process.

    摘要翻译: 包含基本输入输出系统(BIOS)和信任平台模块(TPSM)的可互操作的固件存储器。 BIOS包括在启动时配置为只读的CPU系统管理模式(SMM)固件。 所述SMM固件被配置为在至少第一存储器和第二隔离存储器之间控制在引导之后的切换; 以及第一和第二隔离的非易失性存储装置。 所述第一存储器包括第一操作系统,所述第二存储器包括第二操作系统。 所述第一非易失性存储设备被配置为由所述第一操作系统和所述第二非易失性存储设备使用,所述第二非易失性存储设备被配置为被所述第二操作系统使用 可信平台模块(TPSM)被配置为在引导过程中检查CPU系统管理模式(SMM)的完整性。

    Hardware-Assisted Integrity Monitor
    6.
    发明申请
    Hardware-Assisted Integrity Monitor 有权
    硬件辅助完整性监视器

    公开(公告)号:US20120297057A1

    公开(公告)日:2012-11-22

    申请号:US13296312

    申请日:2011-11-15

    IPC分类号: G06F15/173

    摘要: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.

    摘要翻译: 硬件辅助完整性监视器可以包括一个或多个目标机器和/或监视器机器。 目标机器可以包括一个或多个处理器,其可以包括一个或多个系统管理模式(SMM)。 SMM可以包括一个或多个寄存器检查模块,其可以被配置为确定一个或多个当前CPU寄存器状态。 SMM可以包括一个或多个获取模块,其可以被配置为确定一个或多个当前存储器状态。 SMM可以包括一个或多个网络模块,其可以被配置为将一个或多个通信(例如一个或多个当前CPU寄存器状态和/或当前存储器状态)引导到监视器机器。 监视器机器可以包括一个或多个网络模块和/或分析模块。 分析模块可以被配置为确定存储器状态差异和/或确定CPU寄存器状态差异。

    Distributed Sensor for Detecting Malicious Software
    7.
    发明申请
    Distributed Sensor for Detecting Malicious Software 有权
    用于检测恶意软件的分布式传感器

    公开(公告)号:US20100122343A1

    公开(公告)日:2010-05-13

    申请号:US12558841

    申请日:2009-09-14

    IPC分类号: G06F11/00

    摘要: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

    摘要翻译: 用于检测恶意软件的处理器。 硬件虚拟机监视器(HVMM)在主机操作系统下运行。 使用网络应用程序模板初始化的容器在客户机操作系统VM下运行。 检测模块在客户机OS下运行,包括触发检测模块,记录模块和容器命令模块。 触发检测模块监视触发事件的容器上的活动。 记录模块响应于触发事件写入活动报告。 容器命令模块响应于触发事件发出命令。 该命令包括一个容器启动,停止和还原命令。 虚拟机控制台在主机操作系统下运行,并启动/停止HVMM。 容器控制模块在客户端OSVM下运行,并根据命令控制容器。 服务器通信模块将活动报告发送到中央收集网络设备,该设备维护受感染设备的活动存储库。

    Methods and apparatus for application isolation
    8.
    发明授权
    Methods and apparatus for application isolation 有权
    应用隔离的方法和设备

    公开(公告)号:US09098698B2

    公开(公告)日:2015-08-04

    申请号:US12558841

    申请日:2009-09-14

    IPC分类号: H04L29/06 G06F21/55

    摘要: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

    摘要翻译: 用于检测恶意软件的处理器。 硬件虚拟机监视器(HVMM)在主机操作系统下运行。 使用网络应用程序模板初始化的容器在客户机操作系统VM下运行。 检测模块在客户机OS下运行,包括触发检测模块,记录模块和容器命令模块。 触发检测模块监视触发事件的容器上的活动。 记录模块响应于触发事件写入活动报告。 容器命令模块响应于触发事件发出命令。 该命令包括一个容器启动,停止和还原命令。 虚拟机控制台在主机操作系统下运行,并启动/停止HVMM。 容器控制模块在客户端OSVM下运行,并根据命令控制容器。 服务器通信模块将活动报告发送到中央收集网络设备,该设备维护受感染设备的活动存储库。

    Health-regain device and system thereof

    公开(公告)号:US11077012B2

    公开(公告)日:2021-08-03

    申请号:US17111458

    申请日:2020-12-03

    申请人: Jiang Wang

    发明人: Jiang Wang

    IPC分类号: A61H9/00 A61H1/02

    摘要: A health-regain device, includes a driving portion, a health portion disposed on one side of the driving portion, and a control module communicably connected to the driving portion, wherein the control module controls the driving portion driving the health portion in rhythmic reciprocating motion.