公开(公告)号：US12107896B2

公开(公告)日：2024-10-01

申请号：US17560599

申请日：2021-12-23

申请人： Cisco Technology, Inc.

发明人： Jeffrey G. Schutt ,  Max Pritikin

IPC分类号： H04L9/40 ,  G06F8/65 ,  G06F21/56 ,  G06F21/57 ,  G06N3/09 ,  G06N20/00 ,  G06F8/71 ,  G06F21/51

CPC分类号： H04L63/20 ,  G06F8/65 ,  G06F21/563 ,  G06F21/566 ,  G06F21/577 ,  G06N3/09 ,  G06N20/00 ,  G06F8/71 ,  G06F21/51

摘要： A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components. The first hierarchy is compared to a second hierarchy, the second hierarchy corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy. The degree of difference is compared to one or more threshold values. A security policy is applied with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.

公开(公告)号：US20240320339A1

公开(公告)日：2024-09-26

申请号：US18735835

申请日：2024-06-06

申请人： Commvault Systems, Inc.

发明人： Oleg GOLDSHMIDT ,  Mori BENECH

IPC分类号： G06F21/56 ,  G06F21/51 ,  G06F21/55 ,  G06F21/57

CPC分类号： G06F21/566 ,  G06F21/51 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/034 ,  G06F2221/2125

摘要： A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

公开(公告)号：US12099596B2

公开(公告)日：2024-09-24

申请号：US17371948

申请日：2021-07-09

申请人： Sophos Limited

发明人： Michael Shannon

IPC分类号： G06F21/51 ,  G06F21/55 ,  H04L9/08 ,  H04L9/40 ,  H04W12/082 ,  H04W12/10 ,  H04W12/128 ,  G06F8/61

CPC分类号： G06F21/51 ,  G06F21/554 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894 ,  H04L63/20 ,  H04W12/082 ,  H04W12/10 ,  H04W12/128 ,  G06F8/61 ,  G06F2221/033 ,  H04L9/08 ,  H04L63/06 ,  H04L63/1433 ,  H04L2209/80

摘要： In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

公开(公告)号：US12086237B2

公开(公告)日：2024-09-10

申请号：US17557643

申请日：2021-12-21

申请人： Microsoft Technology Licensing, LLC

发明人： Haim Cohen ,  Graham John Harper ,  Mehmet Iyigun ,  Kenneth D. Johnson

IPC分类号： G06F21/51 ,  G06F21/31 ,  G06F21/52 ,  G06F21/53 ,  G06F21/54 ,  G06F21/57 ,  G06F21/64 ,  G06F21/79

CPC分类号： G06F21/54 ,  G06F21/31 ,  G06F21/64 ,  G06F21/79

摘要： Securely redirecting a system service routine via a provider service table. A service call provider is loaded within an operating system executing in a lower trust security zone. The service call provider comprises metadata indicating a system service routine to be redirected to the service call provider. Based on the metadata, a provider service table is built within a higher trust security zone. The service table redirects the system service routine to the service call provider. Memory page(s) associated with the provider service table are hardware protected, and a read-only view is exposed to the operating system. The provider service table is associated with a user-mode process. A service call for a particular system service routine is received by the operation system from the user-mode process and, based on the provider service table being associated with the user-mode process, the service call is directed to the service call provider.

公开(公告)号：US20240273181A1

公开(公告)日：2024-08-15

申请号：US18646114

申请日：2024-04-25

申请人： Cisco Technology, Inc.

发明人： Ashutosh Kulshreshtha ,  Andy Sloane ,  Hiral Shashikant Patel ,  Uday Krishnaswamy Chettiar ,  Oliver Kempe ,  Bharathwaj Sankara Viswanathan ,  Navindra Yadav

IPC分类号： G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/57 ,  G06N20/00

CPC分类号： G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/577 ,  G06N20/00

摘要： The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.

公开(公告)号：US20240248966A1

公开(公告)日：2024-07-25

申请号：US18428697

申请日：2024-01-31

申请人： nChain Licensing AG

发明人： Craig Steven WRIGHT ,  Stephane SAVANAH

IPC分类号： G06F21/12 ,  G06F8/65 ,  G06F16/14 ,  G06F16/182 ,  G06F21/10 ,  G06F21/51 ,  G06F21/57 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40 ,  H04L67/104 ,  H04L67/1061

CPC分类号： G06F21/121 ,  G06F8/65 ,  G06F16/152 ,  G06F16/1834 ,  G06F21/105 ,  G06F21/12 ,  G06F21/51 ,  G06F21/57 ,  G06F21/602 ,  G06F21/6281 ,  G06F21/64 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/0841 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3265 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0823 ,  H04L67/104 ,  G06F21/107 ,  G06F2221/2107 ,  H04L9/50 ,  H04L67/1065 ,  H04L2209/56

摘要： A computer-implemented method (900) and system (1) for verifying the integrity of a computer software for installation using a distributed hash table (13) and a peer-to-peer distributed ledger (14). This may be the Bitcoin blockchain or an alternative implementation. The method includes determining (910) a metadata associated with a transaction record stored on the peer-to-peer distributed ledger (14). An indication of an entry stored on the distributed hash table (13) may be determined (920) from the metadata. The method further includes determining (930) a third hash value based on the computer software and determining (940) a fourth hash value from the entry on the distributed hash table (13). The method further includes comparing (950) the third hash value and the fourth hash value and verifying (960) the integrity of the computer software based on the comparing of the third hash value and the fourth hash value.

公开(公告)号：US20240220637A1

公开(公告)日：2024-07-04

申请号：US18608098

申请日：2024-03-18

申请人： Open Text Inc.

发明人： John R. Shaw, II ,  Andrew L. Sandoval

IPC分类号： G06F21/57 ,  G06F21/51 ,  G06F21/55 ,  G06F21/60

CPC分类号： G06F21/577 ,  G06F21/51 ,  G06F21/552 ,  G06F21/604

摘要： The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.

公开(公告)号：US20240220602A1

公开(公告)日：2024-07-04

申请号：US18603700

申请日：2024-03-13

申请人： Microsoft Technology Licensing, LLC

发明人： Tushar Suresh SUGANDHI ,  Amber Tianqi GUO ,  Balaji BALASUBRAMANYAN ,  Abhijat SINGH ,  Ahmed Saruhan KARADEMIR ,  Benjamin M. SCHULTZ ,  Hari R. PULAPAKA ,  Gupta SHUBHAM ,  Chase THOMAS ,  Carlos Ernesto Peza RAMIREZ

IPC分类号： G06F21/51 ,  G06F9/455 ,  G06F21/57 ,  H04L9/32

CPC分类号： G06F21/51 ,  G06F9/45558 ,  G06F21/57 ,  H04L9/3236 ,  H04L9/3263 ,  G06F2009/4557 ,  H04L2209/127

摘要： Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

公开(公告)号：US12026700B2

公开(公告)日：2024-07-02

申请号：US18170986

申请日：2023-02-17

申请人： Enrico Maim

发明人： Enrico Maim

IPC分类号： G06Q20/36 ,  G06F21/51 ,  G06Q20/06 ,  G06Q20/38 ,  H04L9/00 ,  H04L9/32 ,  G09C1/00 ,  H04L9/40

CPC分类号： G06Q20/3674 ,  G06F21/51 ,  G06Q20/065 ,  G06Q20/3678 ,  G06Q20/3823 ,  G06Q20/389 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/50 ,  H04L2209/56

摘要： Method for the secure execution of programs (smart contracts) implemented between a first wallet node (WN) (WN1) and a second wallet node (WN2), at least the second WN being implemented in an enclave of a processor, and the WNs being capable of executing programs designated in the messages that reach them, the method comprising the following steps: a) sending by WN1 to WN2 of a pre-message; b1) in response to this pre-message, execution in the enclave of a first program (WNRoT); b2) generation by the enclave of a certificate of authenticity of said first program and of the integrity of its execution; b3) sending said certificate to WN1; c) verification by WN1 of said certificate; d) in the event of successful verification, sending by WN1 to WN2 of a message intended to trigger the execution of a given program in WN2, and e) execution of said program in WN2.

公开(公告)号：US12026271B2

公开(公告)日：2024-07-02

申请号：US18103458

申请日：2023-01-30

申请人： DEKA Products Limited Partnership

发明人： Todd A. Ballantyne ,  Jon H. Cook ,  Benjamin E. Colburn ,  Andrew E. Harner ,  Corey Christous ,  Shane Whalen

IPC分类号： G06F21/62 ,  G05B15/02 ,  G06F21/00 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57 ,  G16H20/17 ,  G16H20/40 ,  G16H40/40 ,  G16H40/60 ,  G16H40/63 ,  G16H40/67 ,  G16H70/40 ,  A61M1/16 ,  A61M1/34 ,  A61M1/36 ,  A61M60/113 ,  A61M60/268 ,  A61M60/37 ,  A61M60/43 ,  A61M60/50 ,  A61M60/515 ,  A61M60/538 ,  A61M60/892 ,  A61M60/894

CPC分类号： G06F21/6218 ,  G05B15/02 ,  G06F21/00 ,  G06F21/50 ,  G06F21/51 ,  G06F21/55 ,  G06F21/56 ,  G06F21/565 ,  G06F21/568 ,  G06F21/57 ,  G06F21/575 ,  G06F21/62 ,  G06F21/6227 ,  G06F21/6245 ,  G16H20/17 ,  G16H20/40 ,  G16H40/40 ,  G16H40/60 ,  G16H40/63 ,  G16H40/67 ,  G16H70/40 ,  A61M1/16 ,  A61M1/1601 ,  A61M1/1605 ,  A61M1/1613 ,  A61M1/1619 ,  A61M1/1654 ,  A61M1/1656 ,  A61M1/1658 ,  A61M1/166 ,  A61M1/1664 ,  A61M1/1692 ,  A61M1/34 ,  A61M1/3413 ,  A61M1/3609 ,  A61M1/3621 ,  A61M1/3627 ,  A61M60/113 ,  A61M60/268 ,  A61M60/37 ,  A61M60/43 ,  A61M60/50 ,  A61M60/515 ,  A61M60/538 ,  A61M60/892 ,  A61M60/894 ,  A61M2202/0498 ,  A61M2205/12 ,  A61M2205/15 ,  A61M2205/16 ,  A61M2205/17 ,  A61M2205/18 ,  A61M2205/3313 ,  A61M2205/3317 ,  A61M2205/3324 ,  A61M2205/3331 ,  A61M2205/3334 ,  A61M2205/3368 ,  A61M2205/3379 ,  A61M2205/3393 ,  A61M2205/50 ,  A61M2205/502 ,  A61M2230/65 ,  G06F2206/1008 ,  G06F2221/2143

摘要： A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.