Patents Assigned to Check Point Software Technologies, Inc.
-
Patent number: 7340770Abstract: A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.Type: GrantFiled: May 14, 2003Date of Patent: March 4, 2008Assignee: Check Point Software Technologies, Inc.Inventor: Gregor Freund
-
Publication number: 20070240212Abstract: System and methodology protecting against key logger software (spyware) is described. In one embodiment, for example, a method is described for protecting a computer system from security breaches that include unauthorized logging of user input, the method comprises steps of: specifying a particular application to be protected from unauthorized logging of user input; identifying additional system processes that may serve as a source of unauthorized logging of user input; injecting into the particular application and each identified system process an engine capable of detecting and blocking attempts at unauthorized logging of user input; and upon detection of an attempt at unauthorized logging of user input, blocking the attempt so that user input for the particular application remains protected from unauthorized logging.Type: ApplicationFiled: March 30, 2006Publication date: October 11, 2007Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Siarhei Matalytski
-
Patent number: 7222359Abstract: A system providing methodologies for automatically detecting when a computing device is plugged into a new network is described. The system includes methods for detecting a connection to a new network by receiving notice of, and evaluating, changes to an existing network configuration. The system profiles and generates an identity for the new network. This includes collecting information about the network to uniquely identify it and generating a unique identifier for the network. Once a network has been profiled, a user may decide whether or not to include it as part of a trusted zone. Alternatively, this decision may be guided by policy established by a system administrator or user. The system automatically reconfigures a firewall to include or exclude the network from the trusted zone based upon this decision. The profile of each network is stored so that the next time the device is connected to the same network it remembers the network and applies the same security settings previously adopted.Type: GrantFiled: November 14, 2001Date of Patent: May 22, 2007Assignee: Check Point Software Technologies, Inc.Inventors: Gregor Freund, Keith Haycock, Conrad Hermann
-
Publication number: 20070101435Abstract: System and methodology providing a secure workspace environment is described. In one embodiment, for example, in a computer system, a method is described for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprises steps of: creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.Type: ApplicationFiled: October 14, 2005Publication date: May 3, 2007Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventors: Dzmitry Konanka, Andrei Liahuski
-
Patent number: 7165076Abstract: A security system with methodology for computing a machine independent unique identifier for an executable file across different machines is described. In response to a request to uniquely identify an executable file that has been installed on a given machine, portions of the executable file modified as a result of installation of the executable file on the given machine are identified. A machine independent unique identifier is determined by performing a calculation on the executable file. The calculation is performed by excluding at least the identified portions of the executable file modified as a result of installation of the executable file on the given machine.Type: GrantFiled: May 9, 2003Date of Patent: January 16, 2007Assignee: Check Point Software Technologies, Inc.Inventor: Joseph Bentley
-
Publication number: 20060143700Abstract: A security system providing methodology for cooperative enforcement of security policies during SSL sessions is described. In one embodiment, for example, a method is described for controlling SSL (Secure Sockets Layer) communication, the method comprises steps of: defining rules indicating conditions under which a machine is permitted to participate in an SSL session; trapping an attempt by a particular application running on the machine to participate in an SSL session, by intercepting the particular application's attempt to provide authentication; determining whether the machine complies with the rules; allowing the attempt to succeed when the machine complies with the rules; and otherwise blocking the attempt when the machine does not comply with the rules.Type: ApplicationFiled: April 25, 2005Publication date: June 29, 2006Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Conrad Herrmann
-
Publication number: 20050273857Abstract: System and methodology for intrusion detection and prevention is described. In one embodiment, for example, a method is described for detecting and preventing network intrusion, the method comprises steps of: defining intrusion descriptions specifying exploits that may be attempted by malicious network traffic, the intrusion descriptions indicating specific applications that may be targeted by individual exploits; for a particular application participating in network communication, deriving a subset of the intrusion descriptions specifically applicable to that particular application; using the subset of the intrusion descriptions specifically applicable to that application, monitoring network traffic destined for the particular application for detecting an attempted network intrusion; and if a network intrusion is detected, blocking network traffic destined for the particular application determined to comprise an exploit.Type: ApplicationFiled: March 29, 2005Publication date: December 8, 2005Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Gregor Freund
-
Publication number: 20050273841Abstract: A system and methodology for protecting new computers by applying a preconfigured security update policy is described. In one embodiment, for example, a method is described for controlling connections to a computer upon its initial deployment, the method comprises steps of: upon initial deployment of the computer, applying a preconfigured security policy that establishes a restricted zone of preapproved hosts that the computer may connect to upon its initial deployment; receiving a request for a connection from the computer to a particular host; based on the preconfigured security policy, determining whether the particular host is within the restricted zone of preapproved hosts; and blocking the connection if the particular host is not within the restricted zone of preapproved hosts.Type: ApplicationFiled: August 2, 2004Publication date: December 8, 2005Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Gregor Freund
-
Publication number: 20050273850Abstract: A security system with methodology providing verified secured individual end points is described.Type: ApplicationFiled: March 29, 2005Publication date: December 8, 2005Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Gregor Freund
-
Publication number: 20050071633Abstract: A system providing methodology for securing interfaces of executable files is described. In one embodiment, for example, a method is described for securing a program comprised of a plurality of interoperable components, the method comprises steps of: extracting information about a function of a first component of the program that is callable by at least one other component of the program; securing the extracted information; in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and if the second component is validated, providing access to the function of the first component using the secured extracted information.Type: ApplicationFiled: September 21, 2004Publication date: March 31, 2005Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, INC.Inventor: Arthur Rothstein
-
Patent number: 6873988Abstract: A system providing methods for anti-virus cooperative enforcement is described. In response to a request from a device for access to protected resources, such as a network or protected data, a determination is made as to whether an anti-virus policy applies to the request for access made by the device. If an anti-virus policy is applicable, information pertaining to virus protection available on the device is collected. The virus protection information that is collected is evaluated to determine whether the device is in compliance with the anti-virus policy. If the device is determined to be in compliance with the anti-virus policy, the device is allowed to access the protected resources.Type: GrantFiled: July 9, 2002Date of Patent: March 29, 2005Assignee: Check Point Software Technologies, Inc.Inventors: Conrad K. Herrmann, Kaveh Baharestan, Joseph E. Bentley, Jess A. Leroy
-
Patent number: 6850943Abstract: A system providing methods for indirect access control is described. When an attempt to access a network by a first application is detected, a determination is made as to whether at least one other application is attempting indirect network access through the first application. If at least one other application is determined to be attempting indirect network access, each such other application is evaluated to determine if it is approved for network access. If each such other application is approved for network access, access to the network is permitted. Otherwise, access to the network is denied.Type: GrantFiled: May 8, 2003Date of Patent: February 1, 2005Assignee: Check Point Software Technologies, Inc.Inventors: Steven L. Teixeira, Christopher Carr