公开(公告)号：US12107896B2

公开(公告)日：2024-10-01

申请号：US17560599

申请日：2021-12-23

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey G. Schutt ,  Max Pritikin

IPC: H04L9/40 ,  G06F8/65 ,  G06F21/56 ,  G06F21/57 ,  G06N3/09 ,  G06N20/00 ,  G06F8/71 ,  G06F21/51

CPC classification number: H04L63/20 ,  G06F8/65 ,  G06F21/563 ,  G06F21/566 ,  G06F21/577 ,  G06N3/09 ,  G06N20/00 ,  G06F8/71 ,  G06F21/51

Abstract: A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components. The first hierarchy is compared to a second hierarchy, the second hierarchy corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy. The degree of difference is compared to one or more threshold values. A security policy is applied with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.

公开(公告)号：US20240320339A1

公开(公告)日：2024-09-26

申请号：US18735835

申请日：2024-06-06

Applicant: Commvault Systems, Inc.

Inventor： Oleg GOLDSHMIDT ,  Mori BENECH

IPC: G06F21/56 ,  G06F21/51 ,  G06F21/55 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F21/51 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/034 ,  G06F2221/2125

Abstract: A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

公开(公告)号：US12099596B2

公开(公告)日：2024-09-24

申请号：US17371948

申请日：2021-07-09

Applicant: Sophos Limited

Inventor： Michael Shannon

IPC: G06F21/51 ,  G06F21/55 ,  H04L9/08 ,  H04L9/40 ,  H04W12/082 ,  H04W12/10 ,  H04W12/128 ,  G06F8/61

CPC classification number: G06F21/51 ,  G06F21/554 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/20 ,  H04W12/082 ,  H04W12/10 ,  H04W12/128 ,  G06F8/61 ,  G06F2221/033 ,  H04L9/08 ,  H04L63/06 ,  H04L63/1433 ,  H04L2209/80

Abstract: In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

公开(公告)号：US20240273181A1

公开(公告)日：2024-08-15

申请号：US18646114

申请日：2024-04-25

Applicant: Cisco Technology, Inc.

Inventor： Ashutosh Kulshreshtha ,  Andy Sloane ,  Hiral Shashikant Patel ,  Uday Krishnaswamy Chettiar ,  Oliver Kempe ,  Bharathwaj Sankara Viswanathan ,  Navindra Yadav

IPC: G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/57 ,  G06N20/00

CPC classification number: G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/577 ,  G06N20/00

Abstract: The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

公开(公告)号：US20240248966A1

公开(公告)日：2024-07-25

申请号：US18428697

申请日：2024-01-31

Applicant: nChain Licensing AG

Inventor： Craig Steven WRIGHT ,  Stephane SAVANAH

IPC: G06F21/12 ,  G06F8/65 ,  G06F16/14 ,  G06F16/182 ,  G06F21/10 ,  G06F21/51 ,  G06F21/57 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L67/104 ,  H04L67/1061

CPC classification number: G06F21/121 ,  G06F8/65 ,  G06F16/152 ,  G06F16/1834 ,  G06F21/105 ,  G06F21/12 ,  G06F21/51 ,  G06F21/57 ,  G06F21/602 ,  G06F21/6281 ,  G06F21/64 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/0841 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3265 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0823 ,  H04L67/104 ,  G06F21/107 ,  G06F2221/2107 ,  H04L9/50 ,  H04L67/1065 ,  H04L2209/56

Abstract: A computer-implemented method (900) and system (1) for verifying the integrity of a computer software for installation using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This may be the Bitcoin blockchain or an alternative implementation. The method includes determining (910) a metadata associated with a transaction record stored on the peer-to-peer distributed ledger (14). An indication of an entry stored on the distributed hash table (13) may be determined (920) from the metadata. The method further includes determining (930) a third hash value based on the computer software and determining (940) a fourth hash value from the entry on the distributed hash table (13). The method further includes comparing (950) the third hash value and the fourth hash value and verifying (960) the integrity of the computer software based on the comparing of the third hash value and the fourth hash value.

公开(公告)号：US20240220637A1

公开(公告)日：2024-07-04

申请号：US18608098

申请日：2024-03-18

Applicant: Open Text Inc.

Inventor： John R. Shaw, II ,  Andrew L. Sandoval

IPC: G06F21/57 ,  G06F21/51 ,  G06F21/55 ,  G06F21/60

CPC classification number: G06F21/577 ,  G06F21/51 ,  G06F21/552 ,  G06F21/604

Abstract: The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.

公开(公告)号：US20240220602A1

公开(公告)日：2024-07-04

申请号：US18603700

申请日：2024-03-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Tushar Suresh SUGANDHI ,  Amber Tianqi GUO ,  Balaji BALASUBRAMANYAN ,  Abhijat SINGH ,  Ahmed Saruhan KARADEMIR ,  Benjamin M. SCHULTZ ,  Hari R. PULAPAKA ,  Gupta SHUBHAM ,  Chase THOMAS ,  Carlos Ernesto Peza RAMIREZ

IPC: G06F21/51 ,  G06F9/455 ,  G06F21/57 ,  H04L9/32

CPC classification number: G06F21/51 ,  G06F9/45558 ,  G06F21/57 ,  H04L9/3236 ,  H04L9/3263 ,  G06F2009/4557 ,  H04L2209/127

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

公开(公告)号：US12026700B2

公开(公告)日：2024-07-02

申请号：US18170986

申请日：2023-02-17

Applicant: Enrico Maim

Inventor： Enrico Maim

IPC: G06Q20/36 ,  G06F21/51 ,  G06Q20/06 ,  G06Q20/38 ,  H04L9/00 ,  H04L9/32 ,  G09C1/00 ,  H04L9/40

CPC classification number: G06Q20/3674 ,  G06F21/51 ,  G06Q20/065 ,  G06Q20/3678 ,  G06Q20/3823 ,  G06Q20/389 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/50 ,  H04L2209/56

Abstract: Method for the secure execution of programs (smart contracts) implemented between a first wallet node (WN) (WN1) and a second wallet node (WN2), at least the second WN being implemented in an enclave of a processor, and the WNs being capable of executing programs designated in the messages that reach them, the method comprising the following steps: a) sending by WN1 to WN2 of a pre-message; b1) in response to this pre-message, execution in the enclave of a first program (WNRoT); b2) generation by the enclave of a certificate of authenticity of said first program and of the integrity of its execution; b3) sending said certificate to WN1; c) verification by WN1 of said certificate; d) in the event of successful verification, sending by WN1 to WN2 of a message intended to trigger the execution of a given program in WN2, and e) execution of said program in WN2.

公开(公告)号：US12026271B2

公开(公告)日：2024-07-02

申请号：US18103458

申请日：2023-01-30

Applicant: DEKA Products Limited Partnership

Inventor： Todd A. Ballantyne ,  Jon H. Cook ,  Benjamin E. Colburn ,  Andrew E. Harner ,  Corey Christous ,  Shane Whalen

IPC: G06F21/62 ,  G05B15/02 ,  G06F21/00 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G16H20/17 ,  G16H20/40 ,  G16H40/40 ,  G16H40/60 ,  G16H40/63 ,  G16H40/67 ,  G16H70/40 ,  A61M1/16 ,  A61M1/34 ,  A61M1/36 ,  A61M60/113 ,  A61M60/268 ,  A61M60/37 ,  A61M60/43 ,  A61M60/50 ,  A61M60/515 ,  A61M60/538 ,  A61M60/892 ,  A61M60/894

CPC classification number: G06F21/6218 ,  G05B15/02 ,  G06F21/00 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F21/565 ,  G06F21/568 ,  G06F21/57 ,  G06F21/575 ,  G06F21/62 ,  G06F21/6227 ,  G06F21/6245 ,  G16H20/17 ,  G16H20/40 ,  G16H40/40 ,  G16H40/60 ,  G16H40/63 ,  G16H40/67 ,  G16H70/40 ,  A61M1/16 ,  A61M1/1601 ,  A61M1/1605 ,  A61M1/1613 ,  A61M1/1619 ,  A61M1/1654 ,  A61M1/1656 ,  A61M1/1658 ,  A61M1/166 ,  A61M1/1664 ,  A61M1/1692 ,  A61M1/34 ,  A61M1/3413 ,  A61M1/3609 ,  A61M1/3621 ,  A61M1/3627 ,  A61M60/113 ,  A61M60/268 ,  A61M60/37 ,  A61M60/43 ,  A61M60/50 ,  A61M60/515 ,  A61M60/538 ,  A61M60/892 ,  A61M60/894 ,  A61M2202/0498 ,  A61M2205/12 ,  A61M2205/15 ,  A61M2205/16 ,  A61M2205/17 ,  A61M2205/18 ,  A61M2205/3313 ,  A61M2205/3317 ,  A61M2205/3324 ,  A61M2205/3331 ,  A61M2205/3334 ,  A61M2205/3368 ,  A61M2205/3379 ,  A61M2205/3393 ,  A61M2205/50 ,  A61M2205/502 ,  A61M2230/65 ,  G06F2206/1008 ,  G06F2221/2143

Abstract: A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

公开(公告)号：US12026248B2

公开(公告)日：2024-07-02

申请号：US17344294

申请日：2021-06-10

Applicant: Armis Security LTD.

Inventor： Ron Shoham ,  Tom Hanetz ,  Yuval Friedlander ,  Gil Ben Zvi

IPC: G06F21/51 ,  G06F21/55

CPC classification number: G06F21/51 ,  G06F21/552 ,  G06F2221/2141

Abstract: A system and method for identifying device attributes based on string field conventions. A method includes applying at least one machine learning model to an application data set extracted based on a string indicated in a field of device data corresponding to a device, wherein each of the at least one machine learning model is trained based on a training data set including a plurality of second strings and a plurality of device attribute labels, wherein each device attribute label corresponds to a respective second string of the plurality of second strings, wherein each of the at least one machine learning model is configured to output a predicted device attribute for the device based on the first string; and identifying, based on the output of the at least one machine learning model, a device attribute of the device.