Patents Assigned to Symantec
  • Patent number: 8051478
    Abstract: A secure browsing manager intercepts load calls, and determines whether intercepted load calls are attempting to load code into the browser. When the secure browsing manager detects that a load call is attempting to load code into the browser, it determines whether that code is trusted. The secure browsing manager processes the attempt to load the code into the browser according to whether or not the code is trusted. If the secure browsing manager determines that the code is trusted, it allows the code to be loaded into the browser, thereby securely allowing the benefits of loaded code. If the secure browsing manager determines that the code is not trusted, it blocks the attempt to load the code into the browser, or alternatively takes other actions, such as allowing the code to be loaded into the browser, but blocking certain user initiated activity.
    Type: Grant
    Filed: November 7, 2005
    Date of Patent: November 1, 2011
    Assignee: Symantec Corporation
    Inventors: Archana S. Rajan, Edward Bonver, Mark Kennedy
  • Patent number: 8051246
    Abstract: A method and apparatus for utilizing a semiconductor memory of a node as disk cache is described. In one embodiment, a method of utilizing a semiconductor memory of a second server for a first server, comprising generating a storage access request at a first server, routing the storage access request through a communication link to a second server and performing the storage access request using a semiconductor memory of the second server.
    Type: Grant
    Filed: December 21, 2007
    Date of Patent: November 1, 2011
    Assignee: Symantec Corporation
    Inventor: Nenad Caklovic
  • Publication number: 20110264833
    Abstract: A storage method, a storage system, and a controller are disclosed. The method is applicable to a system that includes at least one controller, at least two Peripheral Component Interconnection Express (PCIE) Input/Output (IO) modules, and at least two storage devices. The at least two storage devices are connected through a PCIE switch chip of the at least one controller, and the at least two PCIE IO modules are connected through a PCIE switch chip of the at least one controller. The method includes: receiving a request message from a server through the at least two PCIE IO modules; and accessing the at least two storage devices according to the request message. The at least two PCIE IO modules are shared between controllers, thereby saving resources; and the storage devices access the controllers without the need of a hard disk controller or a hard disk extension chip, thereby saving costs.
    Type: Application
    Filed: June 24, 2011
    Publication date: October 27, 2011
    Applicant: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.
    Inventors: Wei ZHANG, Xianhong LV, Qi WANG, Ruiqi FAN
  • Publication number: 20110264865
    Abstract: Techniques for directory server integration are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory server integration comprising setting one or more parameters determining a range of permissible expiration times for a plurality of cached directory entries, creating, in electronic storage, a cached directory entry from a directory server, assigning a creation time to the cached directory entry, and assigning at least one random value to the cached directory entry, the random value determining an expiration time for the cached directory entry within the range of permissible expiration times, wherein randomizing the expiration time for the cached directory entry among the range of permissible expiration times for a plurality of cached directory entries reduces an amount of synchronization required between cache memory and the directory server at a point in time.
    Type: Application
    Filed: April 27, 2010
    Publication date: October 27, 2011
    Applicant: Symantec Corporation
    Inventors: Ayman MOBARAK, Nathan Moser, Chad Jamart
  • Publication number: 20110265181
    Abstract: A method, a system and a gateway for protection against network attacks are provided. The method includes: receiving source request information and destination request information that are sent by a client, where the destination request information is notified by a Domain Name System (DNS) to the client sending the source request information; checking the source request information and the destination request information; and discarding the source request information and the destination request information when the checking result is undesirable. Through the technical solution, the DNS selects the destination request information according to the source request information sent by the client, and establishes a corresponding relation between the client and a server according to a matching relation between the source request information and the destination request information, so as to prevent DDOS attacks.
    Type: Application
    Filed: April 28, 2011
    Publication date: October 27, 2011
    Applicant: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.
    Inventor: Wu JIANG
  • Publication number: 20110264908
    Abstract: A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured.
    Type: Application
    Filed: April 29, 2011
    Publication date: October 27, 2011
    Applicant: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.
    Inventors: Hongyan Feng, Lifeng Liu
  • Publication number: 20110264781
    Abstract: Techniques for directory data resolution are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for directory data resolution comprising receiving data identifying one or more groups of interest of a directory server, traversing, using a processor, one or more directory entries contained in hierarchical directory data, the traversal starting at a directory entry corresponding to a current group of interest, reading a first directory entry to identify a member contained in the first directory entry, adding, in the event a member is contained in the first directory entry, the current group of interest to a mapping for the member. The method may also include use of caching and recursion.
    Type: Application
    Filed: April 27, 2010
    Publication date: October 27, 2011
    Applicant: Symantec Corporation
    Inventors: Nathan Moser, Ayman Mobarak, Chad Jamart
  • Patent number: 8046446
    Abstract: A system for ensuring availability using volume server sets in a storage environment employing distributed block virtualization includes a plurality of volume servers, one or more volume clients, one or more physical block devices and a volume server manager. The volume server manager may be configured to designate the plurality of volume servers as a volume server set with an associated volume server set management policy, and to verify each volume server in the volume server set has access to storage within each block device. In addition, the volume server manager may be configured to designate a first volume server of the volume server set to aggregate storage within the block devices into a logical volume, to make the logical volume accessible to the volume clients, and to share configuration information about the volume with the other volume servers of the volume server set.
    Type: Grant
    Filed: October 18, 2004
    Date of Patent: October 25, 2011
    Assignee: Symantec Operating Corporation
    Inventors: Ronald S. Karr, Chio Fai Aglaia Kong, Gopal Sharma, Robert Baird, Santosh Rao
  • Patent number: 8046553
    Abstract: An apparatus and method for faster recovery of validated continuous data protection time images. In one embodiment of the method, an image validation process is initiated. In response, a first write transaction is generated for writing first new data to a first image of a data object that existed at prior time T1. The first new data is written to a first storage. Thereafter data contents of the first storage are copied to a first memory object. Finally, the first memory object is linked with the first image.
    Type: Grant
    Filed: October 30, 2009
    Date of Patent: October 25, 2011
    Assignee: Symantec Operating Corporation
    Inventor: Raghu Krishnamurthy
  • Patent number: 8046331
    Abstract: A method and apparatus for recreating placeholders comprising selecting at least one object of information in an archive, determining a source location for the selected at least one object of information, accessing the selected at least one object of information, and recreating a placeholder from the selected at least one object of information.
    Type: Grant
    Filed: May 25, 2007
    Date of Patent: October 25, 2011
    Assignee: Symantec Corporation
    Inventors: Mugdha Sanghavi, Kishor S. Ghait, Andrew Nash, Laxmikant Vithal Gunda
  • Patent number: 8046329
    Abstract: Systems and methods for computer system data backup. A computer system includes an application server operating on a first host and a backup application configured to create new target database images for a sequence of backup datasets. The backup datasets include data from source databases associated with the application server. At least one of the source databases is hosted on a remote source host separate from the first host. The computer system includes a client registered with the application server and installed on a backup host. The client stores a seed document in each of the new target database images and modifies each seed document to specify which portions of a backup dataset in the sequence are to be stored in each new target database image. The backup application updates each new target database image based on the contents of a seed document.
    Type: Grant
    Filed: June 30, 2008
    Date of Patent: October 25, 2011
    Assignee: Symantec Operating Corporation
    Inventors: Amrish Shah, Udayan Majumdar
  • Patent number: 8045457
    Abstract: Intentionally dropping packets to prevent unauthorized transfer of data through multimedia tunnels is disclosed. A stream of media transport protocol packets is received. One or more packets are dropped intentionally from the stream to render unusable at the destination a file or other data transported through the multimedia tunnel without authorization.
    Type: Grant
    Filed: June 29, 2006
    Date of Patent: October 25, 2011
    Assignee: Symantec Corporation
    Inventors: Sourabh Satish, Brian Hernacki
  • Patent number: 8046374
    Abstract: A database intrusion detection system (DIDS) automatically trains itself to account for changes to the database. The DIDS monitors upstream queries sent to the database and downstream data provided in response to the queries. The DIDS classifies an upstream query as legitimate or anomalous. If the query is anomalous, the DIDS determines whether the anomaly resulted from a change in the database by performing one or more tests. One test determines whether the query references new fields or tables. Another test determines the frequency at which the query is received, and/or whether the query is received from multiple sources. A third test determines whether the query accesses sensitive information. Together, the results of these tests describe whether the query should be classified as anomalous or legitimate.
    Type: Grant
    Filed: May 6, 2005
    Date of Patent: October 25, 2011
    Assignee: Symantec Corporation
    Inventor: Adam Bromwich
  • Publication number: 20110258255
    Abstract: A method and an apparatus for accessing a network file system (NFS) are disclosed. The method includes: receiving a first request message, which is sent by a user equipment (UE) to the NFS according to an available first file type; converting, according to a preset mapping relation, the first request message into a second request message capable of driving a second file type in the NFS, and sending the second request message to the NFS; receiving a first response message, which is based on the second file type and is sent by the NFS to the UE in response to the second request message; and converting, according to the preset mapping relation, the first response message into a second response message which is based on the first file type, and sending the second response message to the UE. With the present invention, the file system protocol can be converted, and the NFS is compatible with multiple operating systems.
    Type: Application
    Filed: June 29, 2011
    Publication date: October 20, 2011
    Applicant: Chengdu Huawei Symantec Technologies Co., Ltd.
    Inventor: Jiaolin LUO
  • Publication number: 20110258389
    Abstract: A virtual storage method and a device are disclosed. The virtual storage method includes: obtaining a volume management mode of a Logical Unit Number (LUN) from a storage array and recording the volume management mode into stitch data; and constructing a virtual LUN according to the LUN and the stitch data, and mapping the virtual LUN to a host to enable read/write access; and modifying a destination address of an Input/Output (I/O) data packet delivered by the host according to the stitch data after receiving the I/O data packet, delivering the I/O data packet to the virtual LUN, and delivering the I/O data packet which has been delivered to the virtual LUN to the storage array according to the stitch data, where an address of the storage array to which the I/O data packet is delivered is the same as the destination address of the I/O data packet before the destination address of the I/O data packet is modified.
    Type: Application
    Filed: June 29, 2011
    Publication date: October 20, 2011
    Applicant: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.
    Inventors: Yibin LI, Qingchao LUO, Xiaohua LI
  • Patent number: 8041641
    Abstract: One implementation of a method for providing backup storage services for encrypted data includes receiving signatures of convergently encrypted portions of data from client computers, determining whether the encrypted portions are already present on a backup storage, and obtaining only the needed portions. Users unassociated with a particular user account are denied access to information backed up in that account. The backup storage also stores password protected key files holding signatures of the unencrypted portions of data. One implementation of a system includes a memory, a single-instance storage circuit, a user account management circuit, and a signature index. The memory holds a user-account database and backup copies of convergently encrypted portions of data. The single-instance storage circuit uses the signature index to prevent duplicative backup copies. The user account management circuit responds to download requests after authenticating the user information associated with the requested data.
    Type: Grant
    Filed: December 19, 2006
    Date of Patent: October 18, 2011
    Assignee: Symantec Operating Corporation
    Inventors: Ankur P. Panchbudhe, Srineet Sridharan
  • Patent number: 8041719
    Abstract: A method and apparatus for detecting pre-selected data stored on a personal computing device is described. In one embodiment, contents of data storage media of a personal computing device are searched for pre-selected sensitive data. In one embodiment, if at least a portion of the pre-selected sensitive data is detected, a notification of the detection of the pre-selected data is sent to a system via a network. In another embodiment, if at least a portion of pre-selected sensitive data is detected, the access to this data is blocked.
    Type: Grant
    Filed: June 27, 2003
    Date of Patent: October 18, 2011
    Assignee: Symantec Corporation
    Inventors: Kevin T. Rowney, Michael R. Wolfe, Mythili Gopalakrishnan, Vitali A. Fridman, Joseph Ansanelli
  • Patent number: 8042161
    Abstract: Whitelists are automatically shared between users and/or domains without compromising user/domain privacy. Potential trust partners with whom to share whitelist data are automatically identified. A handshaking procedure is carried out to confirm the trust relationship and verify the partner's identity. Once a trust partner is confirmed, the parties can exchange acceptance criteria specifying the types of whitelist data they want to receive. Each party can provide the other with the appropriate entries from its own whitelist. The parties keep each other updated, as their own whitelists change.
    Type: Grant
    Filed: March 29, 2007
    Date of Patent: October 18, 2011
    Assignee: Symantec Corporation
    Inventors: Shaun Cooley, Bruce McCorkendale
  • Patent number: 8041679
    Abstract: Creating a synthetic database backup using binary logs. A full backup of a database may be stored, followed by one or more incremental backups. The one or more incremental backups may include first binary log files. A first synthetic differential backup may be created using the first binary log files. Creating the first synthetic differential backup may include translating the first binary log files into a first plurality of SQL statements. The first plurality of SQL statements may be executable to recreate the changes in the database since the full backup. Translating each of the first binary log files into the first plurality of SQL statements may be performed before performing a recovery process to decrease recovery time.
    Type: Grant
    Filed: June 4, 2008
    Date of Patent: October 18, 2011
    Assignee: Symantec Operating Corporation
    Inventor: Priyesh Narayanan
  • Patent number: 8041675
    Abstract: A method and apparatus for incrementally backing up database files is described. In one embodiment, the present invention replicates an original database file for the purpose of creating a backup database file. The backup database file is subsequently stored in a data store and the original database file is monitored for at least one change (i.e., new e-mail message). In response to a detected change, the change to the original database file is copied to the backup database file so that the two database files are replicas of each other.
    Type: Grant
    Filed: September 20, 2004
    Date of Patent: October 18, 2011
    Assignee: Symantec Operating Corporation
    Inventor: Greg McCain