公开(公告)号：US20060185017A1

公开(公告)日：2006-08-17

申请号：US11319329

申请日：2005-12-28

申请人： David Challener ,  Daryl Cromer ,  Howard Locker ,  David Safford ,  Randall Springfield

发明人： David Challener ,  Daryl Cromer ,  Howard Locker ,  David Safford ,  Randall Springfield

IPC分类号： G06F12/14

CPC分类号： G06F21/565 ,  G06F2221/2151

摘要： The present invention adds a procedure to the operating system file subsystem of a processing system that significantly reduces the amount of time necessary to verify the validity of executable files. Each executable is extended with a file signature containing a header containing validation data. This header may be added to an existing ELF header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.

摘要翻译： 本发明向处理系统的操作系统文件子系统添加了一个过程，其显着地减少了验证可执行文件的有效性所需的时间量。 每个可执行文件使用包含包含验证数据的标题的文件签名进行扩展。 该标题可以被添加到现有的ELF标题中，作为新的部分添加，或者被放置在文件的扩展属性存储中。 标题包含已执行的所有先前验证检查的结果。 将文件签名带有日期戳插入到文件属性中。 执行时，系统会根据当前文件签名检查先前创建的文件签名，而不是在执行过程中为每个文件创建文件签名。 检查以确保文件签名是安全的，并且是有效的和最新的，也被实现。 只有当文件签名无效且最新的执行程序在执行时才会创建新的文件签名。

公开(公告)号：US20060143713A1

公开(公告)日：2006-06-29

申请号：US11024914

申请日：2004-12-28

申请人： David Challener ,  Daryl Cromer ,  Howard Locker ,  David Safford ,  Randall Springfield

发明人： David Challener ,  Daryl Cromer ,  Howard Locker ,  David Safford ,  Randall Springfield

IPC分类号： G06F11/00 ,  G06F11/22 ,  G06F12/14

CPC分类号： G06F21/565 ,  G06F2221/2151

摘要： A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.

摘要翻译： 公开了显着地减少进行病毒扫描所需的时间量的过程和实施方式。 每次修改文件（即每个“文件写入”文件）时都会创建文件签名。 将文件签名带有日期戳插入到文件属性中。 病毒扫描程序根据病毒签名文件检查先前创建的文件签名，而不是在病毒扫描期间为每个文件创建文件签名。 检查以确保文件签名是安全的，并且是有效的和最新的，也被实现。 只有当病毒扫描程序在病毒扫描运行时病毒扫描程序创建新的文件签名时，文件签名无效并且是最新的。

公开(公告)号：US20050114649A1

公开(公告)日：2005-05-26

申请号：US10507546

申请日：2002-11-20

申请人： David Challener ,  Garry Kump ,  Francis Noel ,  David Safford ,  Douglas Schales ,  Leendert Van Doorn

发明人： David Challener ,  Garry Kump ,  Francis Noel ,  David Safford ,  Douglas Schales ,  Leendert Van Doorn

IPC分类号： H04L12/26 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04M1/68 ,  H04W12/12 ,  H04L9/00

CPC分类号： H04L63/02 ,  H04L41/12 ,  H04L63/1408 ,  H04M1/68 ,  H04W12/12

摘要： Methods, apparatus and program products which monitor wireless access points (12,16) through which data can be exchanged with a network (10), identify an unauthorized access point (16), and respond to monitored data flow in a variety of manners including determining the location of the identified unauthorized access point, establishing filtering, and controlling accounting for access services.

摘要翻译： 监视可与网络（10）进行数据交换的无线接入点（12,16）的方法，装置和程序产品识别未经授权的接入点（16），并以各种方式响应受监控的数据流，包括 确定所识别的未授权接入点的位置，建立过滤和控制对接入业务的计费。

公开(公告)号：US20070169195A1

公开(公告)日：2007-07-19

申请号：US11334672

申请日：2006-01-18

申请人： Vaijayanthimala Anand ,  Sandra Johnson ,  David Safford ,  Kimberly Simon

发明人： Vaijayanthimala Anand ,  Sandra Johnson ,  David Safford ,  Kimberly Simon

IPC分类号： G06F12/14 ,  G08B19/00

CPC分类号： H04L63/1416 ,  G06F21/55

摘要： An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.

摘要翻译： 提供入侵检测机制，用于在异构环境中进行灵活，自动，彻底，一致的安全检查和漏洞解决。 该机制可以提供预定义数量的默认入侵分析方法，例如基于签名的，基于异常的，基于扫描的和危险理论。 入侵检测机制还允许在飞行中添加无限数量的入侵分析方法。 使用入侵检测皮肤，该机制允许将各种权重分配给特定的入侵分析方法。 该机制可以动态地调整这些权重。 可以定制分数比例以确定入侵是否发生并动态调整。 此外，可以强制执行用于任何类型的计算元件的多个安全策略。

公开(公告)号：US20050257073A1

公开(公告)日：2005-11-17

申请号：US10835498

申请日：2004-04-29

申请人： Steven Bade ,  Linda Betz ,  Andrew Kegel ,  David Safford ,  Leendert Doorn

发明人： Steven Bade ,  Linda Betz ,  Andrew Kegel ,  David Safford ,  Leendert Doorn

IPC分类号： G06F21/24 ,  G06F1/00 ,  G06F3/06 ,  G06F12/14 ,  G06F12/16 ,  G06F21/00 ,  H04L9/32

CPC分类号： G06F21/575

摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.

摘要翻译： 以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。 在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密其先前加密的值 。

公开(公告)号：US20080025212A1

公开(公告)日：2008-01-31

申请号：US11495915

申请日：2006-07-28

申请人： David A. George ,  Hani T. Jamjoom ,  Raymond B. Jennings ,  David Safford

发明人： David A. George ,  Hani T. Jamjoom ,  Raymond B. Jennings ,  David Safford

IPC分类号： H04L12/26

CPC分类号： H04L12/66

摘要： One embodiment of the present method and apparatus for providing access to a resource over a network includes receiving a series of packets from a sender, assessing a validity of the series of packets in accordance with expected contents of the packets and at least one expected time difference between the packets, and providing access to the resource if the series of packets is determined to be valid.

摘要翻译： 用于通过网络提供对资源的访问的本方法和装置的一个实施例包括从发送者接收一系列分组，根据分组的预期内容和至少一个预期时间差来评估一系列分组的有效性 在分组之间，并且如果一系列分组被确定为有效，则提供对资源的访问。