Patents Assigned to Networks Associates
-
Patent number: 6871279Abstract: One embodiment of the present invention provides a system for managing user attributes that determines access rights in a distributed computing system. The system modifies an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users. Next, for a given user the system obtains an identity certificate from a certificate authority. This identity certificate is associated with a user from the attribute database. The system also assigns an attribute to the user from the possible user attributes, whereby the user is granted access rights based on the attribute and the identity certificate. This attribute is stored in the attribute database. Finally, modifications to the attribute database are distributed to a plurality of hosts coupled together by a network.Type: GrantFiled: March 20, 2001Date of Patent: March 22, 2005Assignee: Networks Associates Technology, Inc.Inventors: David L. Sames, Gregg W. Tally
-
Patent number: 6868069Abstract: A device that passively monitors arriving and departing data packets on one or more networks, correlates arriving data packets with departing data packets, and calculates a latency estimate based on the confidence of the correlation. The device detects and copies data packets arriving at a network device and the data packets departing from the same network device. A timestamp is stored for each arriving or departing data packet. Latency across a network device can be determined based on the timestamps for correlating data packets. Additionally, latency across a network device per protocol layer can also be calculated. Varying levels of confidence of a latency estimation depend on the operation necessarily performed on the data packet by the network device and the protocol level at which correlation between the arriving and departing data packets can be achieved.Type: GrantFiled: January 16, 2001Date of Patent: March 15, 2005Assignee: Networks Associates Technology, Inc.Inventors: Roger Knobbe, Stephen Schwab, Andrew Purtell
-
Patent number: 6868413Abstract: Systems and methods for customizing business logic rules within a business process automation system and for processing business logic rules in a business process automation system are disclosed. The method for customizing business rules of a business logic application generally comprises serving a content page to a client browser of a client by a server that allows entering and modifying of data relating to a business logic rule, generating data by the server according to a predefined format such as a predefined XML format from information received via the content page, and automatically committing the generated data in the predefined format into a database. Preferably, a verification process such as by using DTDs (Document Type Definitions) is performed by the server prior to committing the data. The database stores data including data relating to business logic rules for implementing business logic as entries in the database and the generated data is committed into a corresponding entry in the database.Type: GrantFiled: May 10, 2001Date of Patent: March 15, 2005Assignee: Networks Associates Technology, Inc.Inventors: Geoff Grindrod, Oto Slavos, Saigiridhar Kodali, Clinton Hallman
-
Patent number: 6862581Abstract: A system, method, and computer program product are provided for distributing software patches utilizing a network. Initially, information relating to at least one application program is collected from a plurality of computer utilizing a network. It is then determined whether the application program has been altered on the computers based on the information. Patches are then distributed to the computers, if it is determined that the application program has been altered on the computers.Type: GrantFiled: December 20, 2002Date of Patent: March 1, 2005Assignee: Networks Associates Technology, Inc.Inventor: Serena Lambiase
-
Patent number: 6859793Abstract: A system, method, and computer program product are provided for managing licenses associated with an application program utilizing a network. Initially, information is collected relating to at least one application program from a plurality of computers utilizing a network. Next, the information is reported to a user. Such information is then used to manage licenses associated with the application program.Type: GrantFiled: December 19, 2002Date of Patent: February 22, 2005Assignee: Networks Associates Technology, Inc.Inventor: Serena Lambiase
-
System and method for intrusion detection data collection using a network protocol stack multiplexor
Patent number: 6851061Abstract: A system and method for detecting network intrusions using a protocol stack multiplexor is described. A network protocol stack includes a plurality of hierarchically structured protocol layers. Each such protocol layer includes a read queue and a write queue for staging transitory data packets and a set of procedures for processing the transitory data packets in accordance with the associated protocol. A protocol stack multiplexor is interfaced directly to at least one such protocol layer through a set of redirected pointers to the processing procedures of the interfaced protocol layer. A data packet collector references at least one of the read queue and the write queue for the associated protocol layer. A data packet exchanger communicates a memory reference to each transitory data packet from the referenced at least one of the read queue and the write queue for the associated protocol layer. An analysis module receives the communicated memory reference and performs intrusion detection based thereon.Type: GrantFiled: August 24, 2000Date of Patent: February 1, 2005Assignee: Networks Associates, Inc.Inventors: Daniel T. Holland, III, Roark B. Hilomen, Steven P. Lang -
Patent number: 6851058Abstract: Anti-virus scanners can be deliberately disabled, inadvertently disabled, or simply slowed down to a point where the scanner becomes ineffective and the primary function of the scanning host device is disrupted when a suitably complex file is received by the scanning system for scanning. Archive files pose particular problems for scanners, since archives may contain very complex data structures, and require time consuming analysis. Virus scanners typically scan each element of an archive. Some virus scanners decompress each archive component for scanning. Virus developers have taken advantage of this scanning approach by creating complex archives designed to overwhelm a scanner, leaving a system unprotected or in a denial of service state. To counter such measures, when an archive (or other file) is passed to a scanner, various heuristics are applied to the archive so as to determine a risk-based scanning priority for the archive.Type: GrantFiled: July 26, 2000Date of Patent: February 1, 2005Assignee: Networks Associates Technology, Inc.Inventor: Paul Gartside
-
Patent number: 6845449Abstract: A system and method for detecting and correcting errors using an authentication mechanism is described. In particular, a reversible inner function is used in a nested message authentication code configuration to provide both error detection and error correction in high performance applications.Type: GrantFiled: July 21, 2000Date of Patent: January 18, 2005Assignee: Networks Associates Technology, Inc.Inventors: David W. Carman, Michael D. Heyman, Alan T. Sherman
-
Patent number: 6842861Abstract: A method and system for detecting viruses on handheld computers. The handheld computer is in communication with a computer system having a virus detection program. The method includes reading data from the handheld computer and writing the data at least temporarily to a database on the computer system. The data is scanned for viruses with the virus detection program. The method further includes updating data on the handheld computer based on results of the scanning.Type: GrantFiled: March 24, 2000Date of Patent: January 11, 2005Assignee: Networks Associates Technology, Inc.Inventors: Brian R. Cox, Do Kim, Brandt Haagensen
-
Patent number: 6842860Abstract: A high-speed, low-strength authentication mechanism is disclosed. This mechanism is based on a partial message authentication code, wherein a message authentication code is applied only to some portion of the message. By applying an authentication algorithm only to selected parts of the message, significant time can be saved while maintaining acceptable security.Type: GrantFiled: July 21, 2000Date of Patent: January 11, 2005Assignee: Networks Associates Technology, Inc.Inventors: Dennis K. Branstad, David W. Carman
-
Patent number: 6839852Abstract: A system, method and computer program product are provided for tracing a traffic event utilizing a firewall. Initially, a firewall is executed on a local computer. Next, traffic events between the local computer and a remote computer over a network are monitored utilizing the firewall. Further, the traffic events are displayed utilizing the firewall. In use, at least one of the traffic events is traced utilizing the firewall. Moreover, a map of the trace is displayed for effectively conveying information about the traffic event.Type: GrantFiled: February 8, 2002Date of Patent: January 4, 2005Assignee: Networks Associates Technology, Inc.Inventors: Joseph J. Pantuso, Shawn L. Brown
-
Patent number: 6836860Abstract: A scan of computer files for predefined properties indicative of such things as viruses is disclosed. The scan is performed in a circular manner, such that when all of the files to be scanned have been scanned it starts again from the first file. The ability to update the data defining the properties to be scanned for during a scan is provided.Type: GrantFiled: September 4, 2001Date of Patent: December 28, 2004Assignee: Networks Associates Technology, Inc.Inventors: Igor Muttik, Daniel Joseph Wolff, Lee Codel Lawson Tarbotton
-
Patent number: 6834301Abstract: A system and method using inheritance for the configuration, management, and/or monitoring of computer applications and devices via a computer network are disclosed. The method generally comprises calculating control settings to be enforced by an end node corresponding to a device of the network of devices, the control settings being calculated by the corresponding device. The control settings to be enforced by the end node are applicable to the device and the resources of the device. The calculation is performed by the end node or device by accessing data stored in a network directory defining a hierarchical tree structure containing nodes corresponding to the network of devices and defining control settings corresponding to and to be enforced upon the resources available to the devices. The control settings corresponding to the resources of each device are selectively inherited down the hierarchical tree structure of the network directory.Type: GrantFiled: November 8, 2000Date of Patent: December 21, 2004Assignee: Networks Associates Technology, Inc.Inventor: Paul F. Hanchett
-
Patent number: 6826608Abstract: A system, method and computer program product are provided for translating protocol decode objects. Initially, a plurality of frames is received. Next, the frames are decoded in order to generate protocol decode objects each with a numerical identifier associated therewith. Still yet, the numerical identifier is translated to a textual identifier. The textual identifier associated with the protocol decode objects are then displayed for facilitating the use of the protocol decode objects during network analysis.Type: GrantFiled: March 1, 2002Date of Patent: November 30, 2004Assignee: Networks Associates Technology, Inc.Inventors: Chintan H. Sheth, Jeffrey Y. Sternin
-
Patent number: 6826698Abstract: A system, method and computer program product are provided for affording network security features. A plurality of network objects are identified. Rule sets associated with one or more of the identified network objects are retrieved. Each rule set includes a plurality of policy rules that govern actions relating to the identified network objects. Overlapping policy rules of the rule sets are reconciled amongst the network objects. The reconciled rule sets are executed. A computer program product and a method are also provided for establishing network security. A plurality of network objects of a network and a plurality of rule sets are provided. The network objects are associated with the rule sets. The rule sets include a plurality of policy rules that govern actions relating to the identified network objects during operation of the network.Type: GrantFiled: September 15, 2000Date of Patent: November 30, 2004Assignee: Networks Associates Technology, Inc.Inventors: Ilya Minkin, Igor V. Balabine, Gerhard Eschelbeck
-
Publication number: 20040237079Abstract: A method and system are provided for updating software on a handheld computer in communication with a client computer system operable to connect to a network. Software installed on the handheld computer is identified with the client computer. Moreover, information on the identified software is transmitted from the client computer to a server connected to the network. Further, updated versions of the software installed on the handheld computer are transferred from the server to the client computer based on the identified software that is installed on the handheld computer. Still yet, the software installed on the handheld computer is updated with the updated versions transferred to the client computer.Type: ApplicationFiled: June 22, 2004Publication date: November 25, 2004Applicant: Networks Associates Technology, Inc.Inventors: Brian R. Cox, Do Kim, Brandt Haagensen
-
Patent number: 6823460Abstract: A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module.Type: GrantFiled: April 28, 2000Date of Patent: November 23, 2004Assignee: Networks Associates Technology, Inc.Inventors: Yona Hollander, Ophir Rachman, Oded Horovitz
-
Patent number: 6814842Abstract: A system, method and computer program product are provided for organizing objects associated with a voice application call in a tree representation. Initially, a voice application call is identified. Next, a plurality of connection objects is generated associated with the voice application call. Further, a plurality of session objects associated with the voice application call is identified, along with a plurality of application objects associated with the voice application call. In use, the connection objects, the session objects, and the application objects are organized in a tree representation.Type: GrantFiled: December 14, 2001Date of Patent: November 9, 2004Assignee: Networks Associates Technology, Inc.Inventors: Paul C. Yago, Miles Wu, Kaiwang Zhang
-
Patent number: 6810017Abstract: A graphical user interface is provided for displaying network analysis. Included is a plurality of tabs selectable by a user. Also included is a plurality of windows each associated with one of the tabs and adapted for displaying a different aspect of a network analysis. In use, the windows are each displayed upon the selection of the associated tab.Type: GrantFiled: August 19, 2002Date of Patent: October 26, 2004Assignee: Networks Associates Technology Inc.Inventors: Pak-Tak Patrick Leong, King L. Won
-
Publication number: 20040210645Abstract: A system, method and computer program product are provided for scanning application program data utilizing a mobile communication device. Included is an application program installed on a mobile communication device capable of communicating via a wireless network. Such application program is adapted for performing tasks utilizing the mobile communication device. Associated therewith is a scanning subsystem in communication with the application program for scanning application data relating to the tasks performed by the application program. In use, the application program communicates information relating to the application data to the scanning subsystem to facilitate the scanning by the scanning subsystem.Type: ApplicationFiled: August 11, 2003Publication date: October 21, 2004Applicants: NTT DoCoMo, INC., NETWORKS ASSOCIATES TECHNOLOGY, INC.Inventors: Victor Kouznetsov, Davide Libenzi, Michael C. Pak, Yasutaka Urakawa, Kenji Ishii, Masanori Fujita