Computer Program Modification Detection By Cryptography Patents (Class 713/187)
-
Patent number: 8839440Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.Type: GrantFiled: April 15, 2008Date of Patent: September 16, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: JooBeom Yun, Seung-Hyun Paek, InSung Park, Eun Young Lee, Ki Wook Sohn
-
Patent number: 8838994Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.Type: GrantFiled: July 8, 2013Date of Patent: September 16, 2014Assignee: Trustware International LimitedInventor: Eyal Dotan
-
Patent number: 8832434Abstract: Methods for generating data for describing scalable media are disclosed. Data is associated with the scalable media that identifies portions of the scalable media to combine in order to produce media that is scaled to possess a desired scalable attribute without decoding. Portions of the scalable media are encrypted. Data is associated with the portions of the scalable media that identifies protection attributes of the encryption scheme used to encrypt the portions of the scalable media.Type: GrantFiled: February 13, 2004Date of Patent: September 9, 2014Assignee: Hewlett-Packard Development Company, L.P.Inventors: John G. Apostolopoulos, Susie J. Wee
-
Patent number: 8832457Abstract: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.Type: GrantFiled: June 25, 2012Date of Patent: September 9, 2014Assignee: Intel CorporationInventors: Mohan J. Kumar, Shay Gueron
-
Patent number: 8832837Abstract: Disclosed are systems and methods to utilize two different processing units (e.g., CPUs) to monitor each other. The processing units may have limited visibility and/or read only access to each other to reduce the possibility that one affected processing unit could compromise the second processing unit. Devices containing multiple processing units of different architectures could be configured so that one type of processing unit monitors another type of processing unit. When the processing units are different architectures a single piece of malicious software (malware) is unlikely to affect both processing units. Each processing unit can be configured to detect rootkits and other types of malware on the other processor(s) of the system/device.Type: GrantFiled: June 29, 2012Date of Patent: September 9, 2014Assignee: McAfee Inc.Inventor: Igor Muttik
-
Patent number: 8832455Abstract: Configurations providing a non-zero threshold for verifying a root file system of an operating system stored on blocks of a boot storage are disclosed. In particular, the root file system is verified during a boot sequence for the operating system. For each block of the root file system of the boot storage, the subject technology verifies a respective block of the boot storage. A counter tracking a number of verification failures is incremented if the block fails verification. In some configurations, the subject technology determines whether the counter meets a predetermined non-zero threshold. If the counter meets the predetermined non-zero threshold, the root file system is marked as corrupted. A recovery mode for the operating system is then initiated. If the counter does not meet the predetermined non-zero threshold, the operating system is reset in order to verify the root file system during a subsequent boot sequence.Type: GrantFiled: September 21, 2011Date of Patent: September 9, 2014Assignee: Google Inc.Inventors: William A. Drewry, William F. Richardson, Randall R. Spangler
-
Patent number: 8832456Abstract: A data leakage prevention system, method, and computer program product are provided for preventing a predefined type of operation on predetermined data. In use, an attempt to perform an operation on predetermined data that is protected using a data leakage prevention system is identified. Additionally, it is determined whether a type of the operation attempted includes a predefined type of operation. Furthermore, the operation on the predetermined data is conditionally prevented based on the determination to prevent circumvention of the protection of the data leakage prevention system.Type: GrantFiled: April 13, 2012Date of Patent: September 9, 2014Assignee: McAfee, Inc.Inventors: Manabendra Paul, Abhilash Chandran
-
Patent number: 8832856Abstract: A method relates to authority checks governing user access to business object attachments in a store of business object attachments. The business object attachments are semantically associated with business objects of one or more remote computer systems. The method includes, at a content management interface layer that is communicatively coupled to the store of business object attachments, sending a request for user authority checks on a parent business object of a business object attachment to an originating computer system and receiving results of the user authority checks from the originating computer system.Type: GrantFiled: May 9, 2012Date of Patent: September 9, 2014Assignee: SAP AGInventor: Martin Fischer
-
Patent number: 8832454Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a code block, and code which is executable by the processor-based system to cause the processor-based system to generate integrity information for the code block upon a restart of the processor-based system, securely store the integrity information, and validate the integrity of the code block during a runtime of the processor-based system using the securely stored integrity information. Other embodiments are disclosed and claimed.Type: GrantFiled: December 30, 2008Date of Patent: September 9, 2014Assignee: Intel CorporationInventors: Hormuzd M. Khosravi, Vincent J. Zimmer, Divya Naidu Kolar Sunder
-
Patent number: 8826424Abstract: In embodiments of the present invention improved capabilities are described for runtime additive disinfection of malware. Runtime additive disinfection of malware may include performing the steps of identifying, based at least in part on its type, an executable software application that is suspected of being infected with malware, wherein the malware is adapted to perform a function during the execution of the executable software application, predicting the malware function based on known patterns of malware infection relating to the type of the executable software application, and in response to the prediction, adding a remediation software component to the executable software application that disables the executable software component from executing code that performs the predicted malware function.Type: GrantFiled: March 27, 2009Date of Patent: September 2, 2014Assignee: Sophos LimitedInventors: James I. G. Lyne, Paul B. Ducklin
-
Patent number: 8826033Abstract: A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.Type: GrantFiled: December 22, 2009Date of Patent: September 2, 2014Assignee: EMC CorporationInventors: Ajay Venkateshan Krishnaprasad, Parasuraman Narasimhan, Robert Polansky, Magnus Nyström
-
Patent number: 8826032Abstract: The systems and methods described herein include processes for efficiently detecting relevant state changes in storage network environments and for resolving the name of hosts in storage networks. A subset of states for each component in the storage network is tracked, state information consisting of the values of the selected states with an associated timestamp and a component identifier (ID) for the storage network components is periodically received, a hash function value of the received state using a pre-selected hash function is computed, the most-recent locally-stored hash function value associated with that component ID is retrieved, and in case the hash function value is different from the most-recently locally-stored value, the new hash function value and the timestamp associated with that new value and component ID are stored and this state information is forwarded to a global analyzer service.Type: GrantFiled: December 27, 2007Date of Patent: September 2, 2014Assignee: NetApp, Inc.Inventors: Raphael Yahalom, Assaf Levy, Gadi Oren
-
Patent number: 8819835Abstract: Method and computer program product for signature testing used in anti-malware processing. Silent signatures, after being tested, are not updated into a white list and are sent directly to users instead. If the silent signature coincides with malware signature, a user is not informed. A checksum (e.g., hash value) of a suspected file is sent to a server, where statistics are kept and analyzed. Based on collected false positive statistics of the silent-signature, the silent-signature is either valid or invalid. Use of the silent signatures provides for effective signature testing and reduces response time to new malware-related threats. The silent signature method is used for turning off a signature upon first false positive occurrence. Use of silent signatures allows improving heuristic algorithms for detection of unknown malware.Type: GrantFiled: January 14, 2013Date of Patent: August 26, 2014Assignee: Kaspersky Lab, ZAOInventor: Denis A. Nazarov
-
Patent number: 8819361Abstract: The objects of an archive may be verified with a cryptographic signature stored in the archive. However, when an object is extracted, the authentication involves re-authenticating the entire archive, re-extracting the object, and comparing the extracted object with the current object, which is inefficient or unachievable if the archive is unavailable. Instead, the archive may include a block map signed with the signature and comprising hashcodes for respective blocks of the objects of the archive. When an object is extracted, the signature and block map may also be extracted and stored as objects outside of the archive. The extracted signature and block map may later be verified by authenticating the signature, verifying the block map with the signature, and matching the hashcodes of the block map with those of the blocks of the extracted objects, thus enabling a more efficient and portable verification of extracted object with extracted authentication credentials.Type: GrantFiled: September 12, 2011Date of Patent: August 26, 2014Assignee: Microsoft CorporationInventors: Simon Wai Leong Leet, Sarjana Bharat Sheth, Patrick T. O'Brien, Jr., Jack R. Davis
-
Patent number: 8819854Abstract: In an information processing apparatus, software is installed to build a system providing a predetermined function. The information processing apparatus includes a generating unit configured to generate system identification information for identifying the system built by installing the software, the system identification information being generated from authentication information obtained by performing license authentication on the software; and a registering unit configured to send the system identification information generated by the generating unit to a management device that manages a plurality of the systems via a predetermined data transmission line, to register the system identification information in the management device as management information.Type: GrantFiled: June 29, 2010Date of Patent: August 26, 2014Assignee: Ricoh Company, Ltd.Inventor: Noriaki Nakagawa
-
Patent number: 8813229Abstract: The invention relates to an apparatus for preventing infection by malicious code, comprising: a database in which files installed in an agent system, DNA values for each part of the files, and index information for indicating whether each file is normal or malicious are stored; a calculation unit which calculates a DNA value for a part of a file for which an execution is requested in the agent system; and a file inspection unit which searches the database to extract, in a group, files having the DNA value calculated by the calculation unit, inspects whether an object file is normal or malicious on the basis of the index information on the files extracted in a group, and allows the execution of the object file or makes a request for the calculation of DNA values of other parts which selectively include one part of the object file.Type: GrantFiled: January 20, 2011Date of Patent: August 19, 2014Assignee: Ahnlab, Inc.Inventors: Jae Han Lee, Jeong Hun Kim, Sung Hyun Kim
-
Patent number: 8812683Abstract: Receiving and executing at a server a script provided by a client, e.g., in a service request sent by a web services or other service client and/or consumer, is disclosed. In various embodiments, the script is configured to cause the server to do one or more of the following: pre-process at least a portion of the services request; post-process a response data associated with the services request; and replace an operation comprising the service at least in part with a replacement operation defined or identified at least in part in the script.Type: GrantFiled: January 28, 2013Date of Patent: August 19, 2014Assignee: EMC CorporationInventors: Alex Rankov, Victor Spivak, Donald Peter Robertson
-
Patent number: 8812868Abstract: Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient.Type: GrantFiled: December 1, 2011Date of Patent: August 19, 2014Assignee: Mocana CorporationInventors: James Blaisdell, Jean-Max Vally
-
Patent number: 8812865Abstract: A client-server type computer system for graphical applications is provided, that is to say, for displaying data in the form of software units called “widgets” on display screens called “display units”, said system being intended to control the operation of a machine, the machine including at least one human-machine interface allowing interaction with the widgets, said system managing critical data or functions. The computer system includes a securing engine controlling the integrity of the display of the critical widgets, the sending of commands which is performed by means of the human-machine interface, the input and display of the critical data. The main provisions of this securing engine are the use of computer “signatures”, the provision of “feedback” circuits and the use of guard mechanisms or dedicated confirmation dialog boxes. Preferably, the machine is an aircraft, the computer system is the avionics on board said aircraft and the display screens are the cockpit display systems.Type: GrantFiled: August 5, 2011Date of Patent: August 19, 2014Assignee: ThalesInventors: Thierry Ganille, Patrice Capircio, Pierre-Jean Turpeau
-
Patent number: 8813228Abstract: Threat intelligence is collected from a variety of different sources. The threat intelligence information is aggregated, normalized, filtered and scored to identify threats to an information network. Threats are categorized by type, maliciousness and confidence level. Threats are reported to network administrators in a plurality of threat feeds, including for example malicious domains, malicious IP addresses, malicious e-mail addresses, malicious URLs and malicious software files.Type: GrantFiled: June 29, 2012Date of Patent: August 19, 2014Assignee: Deloitte Development LLCInventors: Joseph C. Magee, Alison M. Andrews, Mark W. Nicholson, Jonathon Lance James, Henry C. Li, Christopher L. Stevenson, Joel Lathrop
-
Patent number: 8813226Abstract: A defense method and device against intelligent bots using masqueraded virtual machine information are provided. The method includes performing global hooking on a virtual machine detection request transmitted by a process, determining, on the basis of pre-stored malicious process information, whether or not the process transmitting the virtual machine detection request corresponds to a malicious process, and when the process is found to correspond to the malicious process as a result of the determination, determining that the process is generated by the intelligent bot, and returning the masqueraded virtual machine information to the process.Type: GrantFiled: September 10, 2010Date of Patent: August 19, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Yoon Jung Chung, Yo Sik Kim, Won Ho Kim, Dong Soo Kim, Sang Kyun Noh, Young Tae Yun, Cheol Won Lee
-
Patent number: 8812854Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.Type: GrantFiled: October 12, 2010Date of Patent: August 19, 2014Assignee: Google Inc.Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 8806647Abstract: Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.Type: GrantFiled: April 27, 2012Date of Patent: August 12, 2014Assignee: Twitter, Inc.Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
-
Patent number: 8806649Abstract: A method for generating vulnerability reports based on application binary interface/application programming interface usage may include extracting, by a processing device, a binary file and a security report relating to a software program executed by the processing device, the security report having a vulnerability list of pending vulnerabilities relating to the software program, detecting, from the binary file, interface usage details associated with interfaces used by the software program and associated with shared libraries used by the software program, wherein the interfaces comprise application programming interfaces (APIs) corresponding to rules that the software program follows to access and use services and resources provided by another software program, matching the interface usage details with the pending vulnerabilities of the vulnerability list, and generating a vulnerability report based on the matching, wherein the vulnerability report comprises a list of the pending vulnerabilities based on theType: GrantFiled: July 8, 2013Date of Patent: August 12, 2014Assignee: Red Hat, Inc.Inventor: Kushal Das
-
Patent number: 8806661Abstract: Embodiments provide a method and device for distributing an electronic document. The electronic document possesses first authorized copies information used to record a first number of authorized copies for the electronic document a local user may distribute. Every time the electronic document is distributed to a user, second authorized copies information is sent to the user, which second authorized copies information is used to record a second number of authorized copies for the electronic document the user may distribute, and the second number of authorized copies is less than or equal to the first number of authorized copies currently recorded in the first authorized copies information.Type: GrantFiled: February 17, 2010Date of Patent: August 12, 2014Assignee: Sursen Corp.Inventors: Donglin Wang, Kaihong Zou
-
Patent number: 8806643Abstract: Trojanized apps for mobile environments are identified. Multiple apps for a specific mobile environment are obtained from one or more external sources. Code and digital signers are extracted from the apps and stored. For each given specific one of the obtained apps, the code of the specific app is compared to the code of other obtained apps, to determine whether the specific app 1) contains at least a predetermined threshold amount of code in common with one of the other apps, and 2) contains additional code not contained therein. If so, the digital signer of the specific app is compared to the digital signer of the other app. If it is also the case that the digital signer of the specific app is not the same as the digital signer of the other app, the specific app is identified as being trojanized.Type: GrantFiled: January 25, 2012Date of Patent: August 12, 2014Assignee: Symantec CorporationInventor: Carey Nachenberg
-
Patent number: 8806221Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.Type: GrantFiled: August 3, 2012Date of Patent: August 12, 2014Assignee: Apple Inc.Inventors: Dallas De Atley, Joshua de Cesare, Michael Smith, Matthew Reda, Shantonu Sen, John Andrew Wright
-
Patent number: 8806646Abstract: Behavioral analysis of a mobile webpage is performed to determine whether the webpage is malicious. During analysis, the webpage is visited by an emulated mobile device to cause behaviors to occur which may be malicious. The behaviors occurring after accessing the webpage are stored. The behaviors are classified as hard or soft signals. A probability of the webpage being malicious is determined through combining soft signals, and the webpage is classified as malicious or non-malicious. Users of the webpage, the developer of the webpage, or a distributor of the webpage are notified of the webpage classification to enable responsive action.Type: GrantFiled: April 27, 2012Date of Patent: August 12, 2014Assignee: Twitter, Inc.Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
-
Patent number: 8806639Abstract: Described are embodiments that provide for the use of multiple quarantine partitions and/or multi-partition spaces (e.g., virtual machines) for initially installing and running downloaded content. The downloaded content can be run securely in the quarantine partitions and/or multi-partition spaces. Each quarantine partition and/or multi-partition space can be configured differently with different capabilities. Based on the configuration and capabilities of the quarantine partitions and/or multi-partition spaces, the downloaded content may have limited capabilities to access secure data, applications, or other code limiting the damage that the content can potentially cause.Type: GrantFiled: September 30, 2011Date of Patent: August 12, 2014Assignee: Avaya Inc.Inventor: David S. Mohler
-
Patent number: 8806212Abstract: Provided are methods of generating and verifying an electronic signature of software data, wherein software data is split into a plurality of blocks, electronic signatures corresponding to each of the blocks are generated, and some of the electronic signatures are randomly selected for verification. Accordingly, a time required for verifying an electronic signature can be reduced while maintaining the advantages of an electronic signature system.Type: GrantFiled: August 14, 2008Date of Patent: August 12, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Jun-Bum Shin, Choong-hoon Lee, Su-hyun Nam, Yang-lim Choi, Ji-soon Park
-
Patent number: 8806220Abstract: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.Type: GrantFiled: January 7, 2009Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: David Abzarian, Todd L. Carpenter, Harish S. Kulkarni, Salahuddin J. Khan
-
Patent number: 8800053Abstract: A executable content message stream filter applies a plurality of executable content filters to a stream of parsed elements of a network message. Each of the plurality of executable content filters targets executable content and is instantiated based on a set of one or more rule sets selected based, at least in part, on a type of the network message. For each of the plurality of executable content filters, it is determined if one or more of the stream of parsed elements includes executable content targeted by the executable content filter. The executable content message stream filter modifies those of the stream of parsed elements that include the executable content targeted by the plurality of executable content filters to disable the executable content.Type: GrantFiled: July 2, 2012Date of Patent: August 5, 2014Assignee: International Business Machines CorporationInventors: Ai Ishida, Todd E. Kaplinger, Satoshi Makino, Masayoshi Teraguchi, Naohiko Uramoto
-
Patent number: 8800052Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. Execution of the VMM runtime integrity watcher is triggered by a timer event generated based on multiple frequency bands.Type: GrantFiled: June 29, 2012Date of Patent: August 5, 2014Assignee: Intel CorporationInventors: Brent Thomas, Shamanna Datta, Scott Durrant, Alberto Munoz
-
Patent number: 8793360Abstract: A system (130) for monitoring a denial of service attack upon a target network resource includes a memory (210) and a processor (205). The memory (210) stores instructions. The processor (205) executes the instructions in the memory (210) to receive one of a plurality of denial of service attack profiles, each profile identifying the target network resource and to execute a denial of service attack against the target network resource in accordance with the received profile. The processor (205) further executes the instructions in the memory (210) to scan one or more ports of the target network resource to determine an effect of the executed denial of service attack.Type: GrantFiled: May 23, 2003Date of Patent: July 29, 2014Assignee: Verizon Laboratories Inc.Inventors: Scott Andrew Belgard, Edward James Norris, David Kenneth Dumas
-
Publication number: 20140208100Abstract: A keystore is installed on a mobile app where the keystore is created and provisioned on a server, such as an app wrapping server, under the control of an enterprise. A generic (non-provisioned) wrapped app is installed on a device. The app prompts the user to enter a passphrase. When the user does this, an app keystore is created. It has a user section and a table of contents. The keystore files are hashed, creating “first” keystore hash values. The first keystore hash values are stored in the TOC. The TOC is then hashed, creating a TOC hash value. The passphrase entered by the user is then combined with the TOC hash value. This creates a “first” master passphrase for the keystore. The keystore is then transmitted to the device where it is installed in the generic (non-provisioned) wrapped app.Type: ApplicationFiled: January 29, 2014Publication date: July 24, 2014Inventor: H. Richard KENDALL
-
Patent number: 8788840Abstract: A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus.Type: GrantFiled: March 8, 2013Date of Patent: July 22, 2014Assignee: Fujitsu Semiconductor LimitedInventor: Seiji Goto
-
Patent number: 8788809Abstract: Devices and methods use digital certificates and digital signatures to enable computing devices, such as mobile devices, to trust a server attempting to access a resource on the computing device. The server may present the computing device with a digital certificate issued by a trusted third party which includes information so that the computing device can determine which resources the server should be trusted to access. The computing device can determine that the digital certificate was issued by a trusted third party by examining the chain of digital certificates that may link the server with an inherently trusted authority.Type: GrantFiled: April 27, 2009Date of Patent: July 22, 2014Assignee: QUALCOMM IncorporatedInventor: Brian H. Kelley
-
Patent number: 8788839Abstract: A method of booting an electronic device includes verifying communicable connection of a sender input/output terminal of the electronic device to a receiver input/output terminal of the electronic device, using a first boot loader executing on a computing processor of the electronic device. The method further includes reading a signature of a unique identifier of the electronic device from a removable storage device received by the electronic device, verifying the signature of the unique identifier of the electronic device, and allowing installation of a second boot loader on the electronic device when the signature is valid.Type: GrantFiled: October 10, 2012Date of Patent: July 22, 2014Assignee: Google Inc.Inventors: Ke Dong, Michael Daniel Fuller, Shawn M. Ledbetter
-
Patent number: 8784195Abstract: Disclosed is a system and method that uses digital signature technology to authenticate the contents of one or more manifests located on a storage device. Each manifest contains a list of file records, where each record contains the name of a file stored on the storage device, and a SHA1 hash value derived from the contents of the file. At boot time, the gaming machine first authenticates the contents of the manifest and then verifies the contents of the files using the SHA1 value stored in the manifest. Files are verified using the SHA1, as they are needed, during the boot up of the operating system and throughout normal operation. This method reduces the boot time of the gaming machine and eliminates the need to check digital signatures for each individual file or over the entire contents of a non-secure media.Type: GrantFiled: June 9, 2006Date of Patent: July 22, 2014Assignee: Bally Gaming, Inc.Inventor: Robert W. Crowder, Jr.
-
Patent number: 8789179Abstract: Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.Type: GrantFiled: October 28, 2011Date of Patent: July 22, 2014Assignee: Novell, Inc.Inventor: Jason Allen Sabin
-
Patent number: 8789174Abstract: A method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer is described. In one embodiment, the method includes examining network traffic that is directed to at least one endpoint computer, accessing profile information associated with the at least one endpoint computer to determine confidence indicia associated with each portion of the network traffic, comparing the confidence indicia with heuristic information to identify anomalous activity for the at least one endpoint computer and communicating indicia of detection as to the anomalous activity to the at least one endpoint computer.Type: GrantFiled: April 13, 2010Date of Patent: July 22, 2014Assignee: Symantec CorporationInventor: Prashant Gupta
-
Patent number: 8782792Abstract: A computer-implemented method for detecting malware on mobile platforms may include (1) identifying an application on a mobile computing platform subject to a malware evaluation, (2) transmitting the application to a security server, (3) providing emulation information to the security server, the emulation information relating to emulating the mobile computing platform, (4) receiving a result of the malware evaluation as performed by the security server, the malware evaluation including the security server using the emulation information to execute the application within an emulation of the mobile computing platform, and (5) performing a security action based on the result of the malware evaluation. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: October 27, 2011Date of Patent: July 15, 2014Assignee: Symantec CorporationInventor: Anand Bodke
-
Patent number: 8782429Abstract: Controlling access to computational features includes: preparing a computational resource for execution by an execution system that has been provided a primary descriptor containing an identity value and that has associated a feature indicator with the primary descriptor; accessing a secondary descriptor containing the identity value and cryptographically assigned to the computational resource; and granting the computational resource access to a computational feature of the execution system based on the feature indicator.Type: GrantFiled: December 23, 2009Date of Patent: July 15, 2014Assignee: Ab Initio Technology LLCInventors: Brond Larson, Richard A. Shapiro
-
Patent number: 8782809Abstract: Techniques for detecting a cloned virtual machine instance. A method includes transmitting an identifier associated a virtual machine from an agent embedded in the virtual machine akin to a malware to a detection entity in a network, determining whether the identifier is a unique identifier or whether the identifier is a clone of an identifier associated with a separate virtual machine in the network, and initiating at least one remedial action with the agent embedded in the virtual machine if the identifier is determined to be a clone of an identifier associated with a separate virtual machine in the network.Type: GrantFiled: November 9, 2012Date of Patent: July 15, 2014Assignee: International Business Machines CorporationInventors: Salman A. Baset, Ashish Kundu, Sambit Sahu
-
Patent number: 8782793Abstract: Disclosed are systems and methods for detection and repair of malware on data storage devices. The system includes a controller, a communication interface for connecting an external data storage device, and a memory for storing antivirus software. The antivirus software is configured to scan the data contained in the data storage device, perform repair or removal of malicious files or programs found on the data storage device, identify suspicious files or programs on the data storage device and malicious files or programs that cannot be repaired or removed from the data storage device, send information about these files or programs to the antivirus software provider, receive updates for the antivirus software from the antivirus software provider, and rescan the suspicious files or programs and malicious files or programs that cannot be repaired or removed using updated antivirus software.Type: GrantFiled: May 22, 2012Date of Patent: July 15, 2014Assignee: Kaspersky Lab ZAOInventor: Oleg V. Zaitsev
-
Patent number: 8782807Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.Type: GrantFiled: February 4, 2013Date of Patent: July 15, 2014Assignee: Apple Inc.Inventor: Peter Kiehtreiber
-
Patent number: 8775822Abstract: A computer-implemented system and method for protecting a software installation after certification are disclosed. The system includes components to determine if a cryptographic value of a digital content set matches with a stored cryptographic value of a validated digital content set, to determine if a cryptographic value of a validation rule set matches with a stored cryptographic value corresponding to a validation requirement, and to display a certification message if the cryptographic value of the digital content set matches with a stored cryptographic value of a validated digital content set and the cryptographic value of the validation rule set matches with a stored cryptographic value corresponding to a validation requirement.Type: GrantFiled: August 31, 2007Date of Patent: July 8, 2014Assignee: Flexera Software, LLCInventors: Michael G. Marino, Andres M. Torrubia
-
Patent number: 8776233Abstract: A system, method, and computer program product are provided for removing malware from a system while the system is offline. In use, a system is identified as being infected with malware. Additionally, it is determined whether the malware can be fully removed from the system while the system is online. Further, at least part of the malware is conditionally removed from the system while the system is offline, based on the determining.Type: GrantFiled: October 1, 2010Date of Patent: July 8, 2014Assignee: McAfee, Inc.Inventors: Gregory William Dalcher, Joel R. Spurlock
-
Patent number: 8776248Abstract: Machine-readable media, methods, apparatus and system for booting a processing system are described. In an embodiment, whether to launch an open operating system or a closed operating system to boot a processing system may be determined. A key may be retrieved from a processor register of the processing system and used to decrypt an encrypted version of the closed operating system based at least in part on a determination of booting the processing system with the closed operating system. In another embodiment, the processor register stored with the key may be flushed based at least in part on a determination of booting the processing system with the open operating system.Type: GrantFiled: January 24, 2012Date of Patent: July 8, 2014Assignee: Intel CorporationInventors: Shay Gueron, Konstantin Levit-Gurevich, Boaz Ouriel, Israel Hirsh
-
Patent number: 8775826Abstract: Method and apparatus for obfuscating computer software code, to protect against reverse-engineering of the code. The obfuscation here is on the part of the code that accesses buffers (memory locations). Further, the obfuscation process copies or replaces parts of the buffer contents with local variables. This obfuscation is typically carried out by suitably annotating (modifying) the original source code.Type: GrantFiled: February 9, 2011Date of Patent: July 8, 2014Assignee: Apple Inc.Inventors: Augustin J. Farrugia, Mathieu Ciet, Pierre Betouin