公开(公告)号：WO2018004891A1

公开(公告)日：2018-01-04

申请号：PCT/US2017/034279

申请日：2017-05-24

Applicant: MCAFEE, INC.

Inventor： HUNT, Simon ,  TIERNAN, Sean

IPC: G06F21/56 ,  H04L29/06

Abstract: A cloud storage server-based approach allows detection of ransomware activity in cloud storage systems caused by ransomware infections on an endpoint device. A heuristic or rule- based technique is employed for recognizing sequences of file operations that may indicate ransomware activity. In some embodiments, users may be offered an opportunity to approve or disapprove of the possible ransomware activity. In others, cloud system file activity may be suspended or halted for the affected user upon recognition of possible ransomware actions. Enhanced recovery of files affected prior to recognition of the ransomware activity may be performed in some embodiments.

Abstract translation: 基于云存储服务器的方法可以检测由端点设备上的勒索软件感染引起的云存储系统中的勒索软件活动。 启发式或基于规则的技术用于识别可能指示勒索软件活动的文件操作序列。 在一些实施例中，可以向用户提供批准或不批准可能的勒索软件活动的机会。 在其他情况下，一旦识别到可能的勒索软件操作，云系统文件活动可能会暂停或暂停。 在一些实施例中，可以在识别勒索软件活动之前增强对受影响文件的恢复。

公开(公告)号：WO2017052745A1

公开(公告)日：2017-03-30

申请号：PCT/US2016/043829

申请日：2016-07-25

Applicant: MCAFEE, INC.

Inventor： HUNT, Simon ,  SAMBANDAM, Venkata Ramanan

IPC: H04N21/2389 ,  H04N21/266 ,  H04N21/435

CPC classification number: H04L9/14 ,  G06F21/10 ,  G06F21/16 ,  G06F21/53 ,  G06F2221/0755 ,  G06Q20/3829 ,  G06Q2220/00 ,  G09C5/00 ,  H04L9/3242 ,  H04L9/3247 ,  H04L2209/60 ,  H04L2209/76

Abstract: This disclosure describes systems and methods related to utilizing hardware assisted protection for media content. In some embodiments, a provided method comprises: receiving, from a content server and by a computing device processor of a secure enclave of a device, first encrypted media content; decrypting, by the computing device processor, the first encrypted media content using a first decryption key; generating, by the computing device processor, a second decryption key; encrypting, by the computing device processor, the first decrypted media content using the second key, thereby resulting in second encrypted media content; and sending, by the computing device processor and to one or more graphical processing units (GPUs) comprised in a graphics component of the device, the second encrypted media content and the second decryption key.

Abstract translation: 本公开描述了与利用媒体内容的硬件辅助保护有关的系统和方法。 在一些实施例中，所提供的方法包括：从内容服务器和设备的安全飞地的计算设备处理器接收第一加密的媒体内容; 由计算设备处理器使用第一解密密钥解密第一加密媒体内容; 由所述计算设备处理器生成第二解密密钥; 由计算设备处理器使用第二密钥对第一解密的媒体内容进行加密，从而产生第二加密的媒体内容; 以及由所述计算设备处理器和包括在所述设备的图形组件中的一个或多个图形处理单元（GPU）发送所述第二加密的媒体内容和所述第二解密密钥。

公开(公告)号：WO2014105308A1

公开(公告)日：2014-07-03

申请号：PCT/US2013/071327

申请日：2013-11-21

Applicant: MCAFEE, INC. ,  RAMANAN, Venkata ,  HUNT, Simon

Inventor： RAMANAN, Venkata ,  HUNT, Simon

IPC: G06F21/00 ,  G06F15/16

CPC classification number: H04L67/2842 ,  G06F21/56 ,  G06F21/567 ,  G06F2221/2115 ,  H04L63/145 ,  H04L67/1095

Abstract: A method in one example embodiment includes generating a signature for an object in a compute node in a network, searching a memory element for the signature, and responsive to determining the memory element does not contain the signature, scanning the object. The method also includes updating the memory element with a scan result, and synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. In specific embodiments, the scan result includes the signature of the object and a threat level of the object. In further embodiments, the synchronizing includes sending the scan result to one or more other compute nodes in the network. In more specific embodiments, the scan result is sent with one or more other scan results after a predetermined interval of time from a previous synchronization.

Abstract translation: 一个示例实施例中的方法包括为网络中的计算节点中的对象生成签名，在存储元件中搜索签名，并且响应于确定存储器元素不包含签名，扫描对象。 该方法还包括用扫描结果来更新存储元件，以及使计算节点的存储元件与网络中一个或多个其他计算节点的一个或多个存储元件同步。 在具体实施例中，扫描结果包括对象的签名和对象的威胁级别。 在另外的实施例中，同步包括将扫描结果发送到网络中的一个或多个其他计算节点。 在更具体的实施例中，在从先前同步起的预定时间间隔之后，用一个或多个其他扫描结果发送扫描结果。

公开(公告)号：WO2017172349A2

公开(公告)日：2017-10-05

申请号：PCT/US2017/022323

申请日：2017-03-14

Applicant: MCAFEE, INC.

Inventor： TIERNAN, Sean ,  HUNT, Simon

IPC: G06F21/56

Abstract: Providing security to a device includes detecting, in a first device, a first function call, determining whether the first function call is forbidden for the first device, and in response to determining that the particular function is forbidden for the first device, preventing the function call from executing.

Abstract translation: 向设备提供安全性包括在第一设备中检测第一功能调用，确定第一设备是否禁止第一功能调用，并且响应于确定特定功能被禁止 对于第一个设备，阻止函数调用执行。

公开(公告)号：WO2016209443A1

公开(公告)日：2016-12-29

申请号：PCT/US2016/033505

申请日：2016-05-20

Applicant: MCAFEE, INC.

Inventor： TATOURIAN, Igor, Alan ,  NAYSHTUT, Alex ,  POGORELIK, Oleg ,  HUNT, Simon

IPC: G06F21/55 ,  G06F21/57 ,  H04L29/06

CPC classification number: G06F9/442 ,  H04L63/1425

Abstract: A technique for cognitive protection of a system can include digital and analog sensors to measure or calculate operational parameters of a system. Digital sensors may be used to determine measured or primary operational parameters. The analog sensors are used to measure analog sensor information related to operation of the system. Analog sensor information that is measured may be used to calculate secondary operational parameters that includes the same operating parameters as the primary operational parameters. Lockstep analysis may be used to compare the primary operational parameters with the secondary operational parameters so as to determine a discrepancy in the operational parameters in the system.

Abstract translation: 用于系统的认知保护的技术可以包括用于测量或计算系统的操作参数的数字和模拟传感器。 数字传感器可用于确定测量或主要操作参数。 模拟传感器用于测量与系统操作相关的模拟传感器信息。 测量的模拟传感器信息可用于计算包括与主要操作参数相同的操作参数的次要操作参数。 锁步分析可用于将主要操作参数与次要操作参数进行比较，以确定系统中操作参数的差异。

公开(公告)号：WO2017112137A1

公开(公告)日：2017-06-29

申请号：PCT/US2016/062160

申请日：2016-11-16

Applicant: MCAFEE, INC.

Inventor： MEHTA, Kunal ,  WOODWARD, Carl D. ,  GROBMAN, Steven ,  DURAND, Ryan ,  HUNT, Simon

IPC: H04L9/32 ,  G06Q50/00

CPC classification number: G06Q50/01 ,  A61B5/00 ,  G06F21/316 ,  G06F21/53 ,  G06F21/552 ,  G06F2221/2133 ,  G06Q10/06395 ,  H04L63/0861 ,  H04L67/10 ,  H04W12/06

Abstract: In an example, there is disclosed a computing apparatus, comprising: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, comprising a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

Abstract translation: 在一个示例中，公开了一种计算设备，包括：心理状态数据接口，用于接收心理状态数据; 包括至少一个硬件元件的一个或多个逻辑元件，所述逻辑元件包括验证引擎以：接收所请求的用户动作; 通过心理状态数据接口接收心理状态输入; 分析心理状态输入; 并至少部分地响应于分析而禁止所请求的用户动作。

公开(公告)号：WO2016209511A1

公开(公告)日：2016-12-29

申请号：PCT/US2016/034139

申请日：2016-05-25

Applicant: MCAFEE, INC.

Inventor： DHANDAYUTHAPANI, Sumithra ,  GOUNDER, Sumithira, Rasappa ,  JAIN, Rohit ,  HUNT, Simon

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L67/2852 ,  H04L63/083 ,  H04L63/102

Abstract: A system provides a way for a person to control access to digital assets, including financial accounts, through a common gateway that can interact on the person's behalf with service providers that manage the digital assets. Brokers may act as intermediaries between the gateway and the service providers, providing a common interface to the gateway and a specific interface to a service provider. Trigger events can cause the gateway to interact with the service providers, causing the service providers to take a desired action. The trigger events may include notification sent by the person, timed events, and other detected events.

Abstract translation: 系统为人们提供了一种方法，通过通用网关来控制数字资产（包括金融账户）的访问，该通用网关可以代表与代理数字资产的服务提供商进行交互。 经纪人可以充当网关和服务提供商之间的中介，为网关提供通用接口和与服务提供商的特定接口。 触发事件可能导致网关与服务提供商进行交互，导致服务提供商采取所需的操作。 触发事件可以包括由人发送的通知，定时事件和其他检测到的事件。

公开(公告)号：WO2016048541A1

公开(公告)日：2016-03-31

申请号：PCT/US2015/046822

申请日：2015-08-25

Applicant: MCAFEE, INC.

Inventor： HUNT, Simon ,  MANKIN, Jennifer ,  ZIMMERMAN, Jeffrey

IPC: G06F21/56 ,  G06F21/50

CPC classification number: H04L63/1416 ,  G06F21/56 ,  G06F21/566 ,  H04L63/145 ,  H04L63/1491

Abstract: In an example, a cross-view detection engine is disclosed for detecting malware behavior. Malware may attempt to avoid detection by remaining in volatile memory for as long as possible, and writing to disk only when necessary. To avoid detection, the malware may also provide a pseudo-driver at a file system level that performs legitimate-looking dummy operations. A firmware-level driver may simultaneously perform malicious operations. The cross-view detection engine detects this behavior by deconstructing call traces from the file system-level operations, and reconstructing call traces from firmware-level operations. If the traces do not match, the object may be flagged as suspicious.

Abstract translation: 在一个示例中，公开了用于检测恶意软件行为的横视检测引擎。 恶意软件可能会尽可能长时间地尝试保留在易失性存储器中进行检测，并在必要时只写入磁盘。 为了避免检测，恶意软件还可以在执行合法的虚拟操作的文件系统级别提供伪驱动程序。 固件级驱动程序可能会同时执行恶意操作。 交叉视图检测引擎通过从文件系统级操作中解构呼叫跟踪并从固件级操作重建呼叫跟踪来检测此行为。 如果跟踪不匹配，则该对象可能被标记为可疑。

公开(公告)号：WO2015199835A1

公开(公告)日：2015-12-30

申请号：PCT/US2015/030922

申请日：2015-05-15

Applicant: MCAFEE, INC.

Inventor： NAIR, Jayakrishnan ,  VENKATEWARAN, Prasanna ,  HUNT, Simon

IPC: G06F21/00 ,  G06F21/10 ,  G06Q50/30

CPC classification number: H04L63/205 ,  H04L63/20

Abstract: Systems, devices and methods are disclosed to assist in configuring devices and policies to protect a regional network (e.g., home network) and its users. Users on the network are monitored to determine appropriate configuration settings and preferences by utilizing a combination of internally configured information and externally gathered information for each user. For example, externally gathered information may include information obtained about a user from one or more social media Internet sites. Automatically obtained information may be used to provide or augment policy information such that a user's preference relative to internet content (e.g., content blocking software configuration) may be achieved without requiring an administrator to individually prepare each users security profile and configuration.

Abstract translation: 公开了系统，设备和方法，以帮助配置设备和策略来保护区域网络（例如，家庭网络）及其用户。 通过利用内部配置的信息和每个用户的外部收集的信息的组合来监视网络上的用户以确定适当的配置设置和偏好。 例如，外部收集的信息可以包括关于来自一个或多个社交媒体互联网站点的用户的信息。 可以使用自动获得的信息来提供或增加策略信息，使得可以实现用户对互联网内容的偏好（例如，内容阻止软件配置），而不需要管理员单独准备每个用户的安全配置文件和配置。

公开(公告)号：WO2015094368A1

公开(公告)日：2015-06-25

申请号：PCT/US2013/077220

申请日：2013-12-20

Applicant: MCAFEE, INC.

Inventor： GUPTA, Bikram Kumar ,  HUNT, Simon ,  ANAND, Vinay

IPC: H04L12/26 ,  H04L12/66

CPC classification number: H04W12/06 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/20 ,  H04W12/08 ,  H04W76/18 ,  H04W88/06

Abstract: Systems, devices and methods to protect a regional network (e.g., home network) by monitoring devices connected to and attempting to connect to the regional network. Monitoring includes assessing and addressing security concerns regarding devices attempting to or available to connect to the regional network as well as monitoring configurations and activity of connected devices. Devices to monitor include: computers, Personal Digital Assistants (PDAs), laptops, tablets, home appliances, smartphones, smart televisions, and any other type of device in the logical proximity of the regional network.

Abstract translation: 通过监视连接到并试图连接到区域网络的设备来保护区域网络（例如，家庭网络）的系统，设备和方法。 监控包括评估和解决有关尝试或可用于连接到区域网络的设备的安全性问题，以及监视连接设备的配置和活动。 监控设备包括：计算机，个人数字助理（PDA），笔记本电脑，平板电脑，家用电器，智能手机，智能电视以及区域网络逻辑接近的任何其他类型的设备。