公开(公告)号：US11329936B1

公开(公告)日：2022-05-10

申请号：US16852015

申请日：2020-04-17

Applicant: Trend Micro Inc.

Inventor： Jing Cao ,  Quan Yuan ,  Bo Liu

IPC: H04L51/10 ,  H04L51/234 ,  H04L9/40 ,  H04L29/06

Abstract: The system executes online on corporate premises or in a cloud service, or offline. An e-mail message is received at a server within a corporate network or cloud service. A header of the e-mail message is parsed to determine locations of server computers through which the e-mail message has traveled. Geographic locations are placed into a routing map. A banner is inserted into the e-mail message that includes the routing map or a link to the routing map. The routing map is stored by the e-mail gateway server at a storage location identified by the link. The modified e-mail message is delivered or downloaded from the e-mail server to a user computer in real time. The sender Web site is parsed to identify sender domain information to be inserted into the banner. If offline, a product fetches and modifies the e-mail message using an API of the e-mail server.

公开(公告)号：US10454921B1

公开(公告)日：2019-10-22

申请号：US14490297

申请日：2014-09-18

Applicant: Yifen Chen ,  Shen-Nan Huang ,  Chi-Chang Kung

Inventor： Yifen Chen ,  Shen-Nan Huang ,  Chi-Chang Kung

IPC: H04L29/06 ,  G06F16/22

Abstract: A proxy server is implemented between a user computer and the Web. The user accesses an IAM service and selects a cloud service. The proxy server intercepts the login form from the user, stores the identifier and password, and replaces the identifier and password. The proxy server allows the form to continue to the IAM service which registers the cloud service. Later, the user accesses the IAM service and selects the cloud service. The IAM service returns a login form for the cloud service with the identifier and password and redirects the user's computer to the cloud service. The proxy server intercepts the form and replaces the identifier and password with the correct identifier and password. The proxy server then allows the form to continue to the cloud service. The user is then authenticated by the cloud service and receives a Web page from the cloud service indicating logged in.

公开(公告)号：US10203973B2

公开(公告)日：2019-02-12

申请号：US15460516

申请日：2017-03-16

Applicant: Hao Liu ,  Zhen Liu

Inventor： Hao Liu ,  Zhen Liu

IPC: G06F9/455 ,  G06F12/00 ,  G06F9/46 ,  G06F11/07 ,  G06F21/55 ,  G06F21/60

Abstract: A service virtual machine provides service to any number of virtual machines on a hypervisor over a first communication channel. When an anomaly is detected within the provided service, any virtual machine using the first communication channel switches to a second communication channel and receives service from a second virtual machine. The second virtual machine may execute upon the same computer or on a different computer. Hooking points within the hypervisor provide a means for the service virtual machines to monitor traffic and provide service to the protected virtual machines. When a service virtual machine is suspended, it is repopulated, upgraded or rebooted, and then restored to service. Once restored, any protected virtual machine may be switched back to the restored service virtual machine. Virtual machines may be switched to a different communication channel by modifying a configuration file. Both communication channels may be in use at the same time.

公开(公告)号：US09473505B1

公开(公告)日：2016-10-18

申请号：US14542421

申请日：2014-11-14

Applicant: Shoichiro Asano ,  Koji Suzuki ,  Kenji Kase

Inventor： Shoichiro Asano ,  Koji Suzuki ,  Kenji Kase

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/102 ,  H04L63/0807

Abstract: A user clicks on a link on a third-party Web site from his computer in order to utilize a third-party application with a Web service with which the user has an account. The application contacts the Web service and requests permissions from the user's account. The Web service sends the request to the user's computer asking to grant these permissions to the application. A software module on the user's computer intercepts this request, retrieves a user profile for this Web service, and compares the permissions requested with the permissions allowed from the profile. If any requested permissions are not allowed then the module automatically denies granting permissions and the user is not presented with an option of granting the request. A warning screen may be displayed. If all requested permissions are allowed then the request is presented to the user. A profile may apply to more than one Web service.

Abstract translation: 用户从计算机点击第三方网站上的链接，以便利用第三方应用程序与用户拥有帐户的Web服务。 该应用程序与Web服务联系并请求用户帐户的权限。 Web服务将请求发送给用户的计算机，要求向应用程序授予这些权限。 用户计算机上的软件模块拦截此请求，检索此Web服务的用户配置文件，并将所请求的权限与配置文件允许的权限进行比较。 如果不允许任何请求的权限，则模块将自动拒绝授予权限，并且用户没有呈现授予请求的选项。 可能会显示警告屏幕。 如果允许所有请求的权限，那么请求将被呈现给用户。 配置文件可能适用于多个Web服务。

公开(公告)号：US09305514B1

公开(公告)日：2016-04-05

申请号：US13563319

申请日：2012-07-31

Applicant: Xiaochuan Wan ,  Xuewen Zhu ,  Xinfeng Liu ,  Qiang Huang

Inventor： Xiaochuan Wan ,  Xuewen Zhu ,  Xinfeng Liu ,  Qiang Huang

IPC: G09G5/00

CPC classification number: G09G5/00 ,  G06F3/1446 ,  G09G2356/00

Abstract: Tablet computers send relevant geographic and identification data to an application server (one of the tablets, or a local or remote server) which groups them to form a video wall. Once placed next to one another in substantially the same plane, the tablets snap photographs at more or less the same time and these images are transmitted to the application server. The server determines the relative positions of the tablets and then streams a portion of a video or digital image to each of the tablets in order that all tablets display the video or image in an integrated fashion. The tablets may operate independently or may rely upon the remote application server. Relative positions are determined by analyzing features and determining an up-down or left-right relationship between pairs of images, sorting images into vertical and horizontal rows, and placing the images into a grid.

Abstract translation: 平板电脑将相关的地理和标识数据发送到应用服务器（其中一个平板电脑或本地或远程服务器），将其组合成一个视频墙。 一旦在基本相同的平面上彼此相邻放置，片剂或多或少相同地拍摄照片，并将这些图像发送到应用服务器。 服务器确定平板电脑的相对位置，然后将视频或数字图像的一部分流式传输到每个平板电脑，以便所有平板电脑以集成的方式显示视频或图像。 平板电脑可以独立运行，也可以依赖于远程应用服务器。 通过分析特征并确定图像对之间的上下左右关系，将图像排列成垂直和水平行以及将图像放置在网格中来确定相对位置。

公开(公告)号：US08949978B1

公开(公告)日：2015-02-03

申请号：US12683066

申请日：2010-01-06

Applicant: Ssu-Yuan Lin ,  Tzun-Liang Wang

Inventor： Ssu-Yuan Lin ,  Tzun-Liang Wang

IPC: G06F11/00

CPC classification number: G06F21/51 ,  G06F2221/2119 ,  H04L63/0227 ,  H04L63/123 ,  H04L63/145 ,  H04L67/02

Abstract: A computing device in a network is protected from malware originating from Web sites, referred to as Web threats, by having only one domain reputation database check performed before a URL is sent to a target Web site. The computing device performs a URL check using an external reputation database and generates a pass token if the URL is considered safe. The pass token is inserted into the header of the HTTP request containing the URL. When the gateway device in the network (the device that receives HTTP requests in the network and transmits them over the Internet) receives the HTTP request, it validates the pass token and allows the request to proceed to the target Web site without having to perform its own URL check using the same reputation database. Instead, it can rely on the pass token and assume that the URL will not pose a potential Web threat.

Abstract translation: 通过在将URL发送到目标网站之前只执行一个域名信誉数据库检查来保护网络中的计算设备免受源自Web站点的恶意软件（称为Web威胁）。 计算设备使用外部信誉数据库执行URL检查，如果URL被认为是安全的，则会生成通过令牌。 传递令牌插入到包含该URL的HTTP请求的标题中。 当网络中的网关设备（在网络中接收HTTP请求并通过Internet发送的设备）接收到HTTP请求时，它会验证通过令牌，并允许请求进行到目标网站，而无需执行其 自己的URL检查使用相同的信誉数据库。 相反，它可以依赖于传递令牌，并假设URL不会构成潜在的Web威胁。

公开(公告)号：US08935788B1

公开(公告)日：2015-01-13

申请号：US12252205

申请日：2008-10-15

Applicant: Lili Diao ,  Vincent Chan ,  Patrick Mg Lu

Inventor： Lili Diao ,  Vincent Chan ,  Patrick Mg Lu

IPC: G06F11/30 ,  G06F21/56

CPC classification number: G06F21/564 ,  G06F21/561

Abstract: A two stage virus detection system detects viruses in target files. In the first stage, a training application receives a master virus pattern file recording all known virus patterns and generates a features list containing fundamental virus signatures from the virus patterns, a novelty detection model, a classification model, and a set of segmented virus pattern files. In the second stage, a detection application scans a target file for viruses using the generated outputs from the first stage rather than using the master virus pattern file directly to do traditional pattern matching. The results of the scan can vary in detail depending on a fuzzy scan level. For fuzzy scan level “1,” the existence of a virus is returned. For fuzzy scan level “2,” the grant virus type found is returned. For fuzzy scan level “3,” the exact virus name is returned. This invention provides a solution for the problems caused by traditional virus detection solution: slow scanning speed, big pattern file, big burden on computation resource (CPU, RAM etc.), as well as heavy pattern updating traffic via networks.

Abstract translation: 两级病毒检测系统检测目标文件中的病毒。 在第一阶段，训练应用程序接收记录所有已知病毒模式的主病毒模式文件，并生成包含病毒模式的基本病毒签名的功能列表，新颖性检测模型，分类模型和一组分段病毒模式文件 。 在第二阶段，检测应用程序使用来自第一阶段的生成输出来扫描目标文件以获取病毒，而不是直接使用主病毒码文件来进行传统的模式匹配。 根据模糊扫描级别，扫描结果可能会有详细的变化。 对于模糊扫描级别“1”，返回病毒的存在。 对于模糊扫描级别“2”，返回发现的授权病毒类型。 对于模糊扫描级别“3”，返回确切的病毒名称。 本发明为传统病毒检测解决方案提供了一个解决方案：扫描速度慢，格式文件大，计算资源负担大（CPU，RAM等），以及通过网络大量更新流量。

公开(公告)号：US08918879B1

公开(公告)日：2014-12-23

申请号：US13470551

申请日：2012-05-14

Applicant: Yuefeng Li ,  Hongbo Gan ,  Hua Ye

Inventor： Yuefeng Li ,  Hongbo Gan ,  Hua Ye

IPC: G06F21/00 ,  G06F9/00 ,  G06F12/14 ,  G06F21/57 ,  G06F21/56

CPC classification number: G06F21/575 ,  G06F21/568

Abstract: During a bootstrapping process, path names of necessary bootstrap modules are collected and stored into a file. When an infected bootstrap component is detected, the method initiates emulation of the bootstrapping process within a virtual machine rather than directly cleaning malware from the infected bootstrap component. A settings file is copied into the virtual machine indicating the necessary bootstrap components in the host computer (including the infected component). Alternatively, the actual components are copied into the virtual machine. A clean version of the infected bootstrap component is made available to the virtual machine. The virtual machine is launched using the bootstrap components (including the clean version of the infected bootstrap component) and it emulates the bootstrapping process of the operating system. A successful bootstrap indicates the infected bootstrap component may be cleaned on the host computer. An unsuccessful bootstrap indicates the infected bootstrap component should not be cleaned of malware.

Abstract translation: 在引导过程中，必需的引导模块的路径名被收集并存储到一个文件中。 当检测到受感染的引导组件时，该方法将启动虚拟机中的引导过程的仿真，而不是直接从受感染的引导组件清除恶意软件。 将设置文件复制到虚拟机中，指示主机中必需的引导组件（包括受感染的组件）。 或者，将实际组件复制到虚拟机中。 感染引导组件的干净版本可用于虚拟机。 使用引导组件（包括受感染引导组件的干净版本）启动虚拟机，并且会模拟操作系统的引导过程。 一个成功的引导指示受感染的引导组件可能在主机上清理。 不成功的引导表示感染的引导组件不应该被清除恶意软件。

公开(公告)号：US08739283B1

公开(公告)日：2014-05-27

申请号：US12632158

申请日：2009-12-07

Applicant: Zhihe Zhang ,  Mingyan Sun ,  Zhengmao Lin

Inventor： Zhihe Zhang ,  Mingyan Sun ,  Zhengmao Lin

IPC: G06F11/00 ,  G06F21/56 ,  G06F21/36 ,  H04L29/06

CPC classification number: G06F21/566 ,  G06F21/36 ,  G06F21/56 ,  G06F21/568 ,  H04L63/1416 ,  H04L63/1441

Abstract: A computing device is capable of automatically detecting malware execution and cleaning the effects of malware execution using a malware repair module that is customized to the operating features and characteristics of the computing device. The computing device has software modules, hardware components, and network interfaces for accessing remote sources which, collectively, enable the device to restore itself after malware has executed on it. These modules, components, and interfaces may also enable the apparatus to delete the malware, if not entirely, at least partially so that it can no longer execute and cause further harm. The malware repair module is created from a detailed malware behavior data set retrieved from a remote malware behavior database and then modified to take into account specific operating features of the computing device. The repair module executes on a repair module execution engine and the effects of the malware on the device are minimized.

Abstract translation: 计算设备能够使用根据计算设备的操作特征和特征定制的恶意软件修复模块来自动检测恶意软件执行并清除恶意软件执行的影响。 计算设备具有用于访问远程源的软件模块，硬件组件和网络接口，这些远程源共同地使设备在恶意软件执行之后恢复自身。 这些模块，组件和接口还可以使设备至少部分地删除恶意软件（如果不是完全），使其不再能够执行并造成进一步的伤害。 从远程恶意软件行为数据库检索的详细的恶意软件行为数据集创建恶意软件修复模块，然后修改以考虑计算设备的特定操作功能。 修复模块在修复模块执行引擎上执行，恶意软件对设备的影响最小化。

公开(公告)号：US08634808B1

公开(公告)日：2014-01-21

申请号：US13683899

申请日：2012-11-21

Applicant: Anthony Zhong ,  Jing Cao ,  Hunk Shi

Inventor： Anthony Zhong ,  Jing Cao ,  Hunk Shi

IPC: H04M1/66 ,  G06F7/04

CPC classification number: H04M1/66 ,  H04M2250/12

Abstract: Collected information is analyzed by the mobile device to determine whether the device is displaced from the owner. The mobile device monitors and detects a reduction of ambient light to automatically enter into protection mode without manual activation. If an increase of ambient light and movement of the mobile device are both detected, then the device enters into authentication mode. Various techniques to verify the user's identity may be implemented in authentication mode. The user must correctly match an input key code, button combination, or an image recognition photograph against the stored information according to the method of verification chosen in each respective process. An alarm is activated if the device determines authentication is not received but may be disabled when the user's identity is verified after another authentication attempt.

Abstract translation: 收集的信息由移动设备进行分析，以确定设备是否从业主流离失所。 移动设备监视和检测环境光的减少，以自动进入保护模式，而无需手动激活。 如果检测到环境光的增加和移动设备的移动，则设备进入认证模式。 用于验证用户身份的各种技术可以在认证模式中实现。 用户必须根据每个相应过程中选择的验证方法，将所输入的密码，按钮组合或图像识别照片与存储的信息进行正确匹配。 如果设备确定未接收到身份验证，但在另一次验证尝试后验证用户身份时可能会禁用警报。