Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 8839440
    Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.
    Type: Grant
    Filed: April 15, 2008
    Date of Patent: September 16, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: JooBeom Yun, Seung-Hyun Paek, InSung Park, Eun Young Lee, Ki Wook Sohn
  • Patent number: 8838994
    Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.
    Type: Grant
    Filed: July 8, 2013
    Date of Patent: September 16, 2014
    Assignee: Trustware International Limited
    Inventor: Eyal Dotan
  • Patent number: 8832434
    Abstract: Methods for generating data for describing scalable media are disclosed. Data is associated with the scalable media that identifies portions of the scalable media to combine in order to produce media that is scaled to possess a desired scalable attribute without decoding. Portions of the scalable media are encrypted. Data is associated with the portions of the scalable media that identifies protection attributes of the encryption scheme used to encrypt the portions of the scalable media.
    Type: Grant
    Filed: February 13, 2004
    Date of Patent: September 9, 2014
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: John G. Apostolopoulos, Susie J. Wee
  • Patent number: 8832457
    Abstract: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 25, 2012
    Date of Patent: September 9, 2014
    Assignee: Intel Corporation
    Inventors: Mohan J. Kumar, Shay Gueron
  • Patent number: 8832837
    Abstract: Disclosed are systems and methods to utilize two different processing units (e.g., CPUs) to monitor each other. The processing units may have limited visibility and/or read only access to each other to reduce the possibility that one affected processing unit could compromise the second processing unit. Devices containing multiple processing units of different architectures could be configured so that one type of processing unit monitors another type of processing unit. When the processing units are different architectures a single piece of malicious software (malware) is unlikely to affect both processing units. Each processing unit can be configured to detect rootkits and other types of malware on the other processor(s) of the system/device.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: September 9, 2014
    Assignee: McAfee Inc.
    Inventor: Igor Muttik
  • Patent number: 8832455
    Abstract: Configurations providing a non-zero threshold for verifying a root file system of an operating system stored on blocks of a boot storage are disclosed. In particular, the root file system is verified during a boot sequence for the operating system. For each block of the root file system of the boot storage, the subject technology verifies a respective block of the boot storage. A counter tracking a number of verification failures is incremented if the block fails verification. In some configurations, the subject technology determines whether the counter meets a predetermined non-zero threshold. If the counter meets the predetermined non-zero threshold, the root file system is marked as corrupted. A recovery mode for the operating system is then initiated. If the counter does not meet the predetermined non-zero threshold, the operating system is reset in order to verify the root file system during a subsequent boot sequence.
    Type: Grant
    Filed: September 21, 2011
    Date of Patent: September 9, 2014
    Assignee: Google Inc.
    Inventors: William A. Drewry, William F. Richardson, Randall R. Spangler
  • Patent number: 8832456
    Abstract: A data leakage prevention system, method, and computer program product are provided for preventing a predefined type of operation on predetermined data. In use, an attempt to perform an operation on predetermined data that is protected using a data leakage prevention system is identified. Additionally, it is determined whether a type of the operation attempted includes a predefined type of operation. Furthermore, the operation on the predetermined data is conditionally prevented based on the determination to prevent circumvention of the protection of the data leakage prevention system.
    Type: Grant
    Filed: April 13, 2012
    Date of Patent: September 9, 2014
    Assignee: McAfee, Inc.
    Inventors: Manabendra Paul, Abhilash Chandran
  • Patent number: 8832856
    Abstract: A method relates to authority checks governing user access to business object attachments in a store of business object attachments. The business object attachments are semantically associated with business objects of one or more remote computer systems. The method includes, at a content management interface layer that is communicatively coupled to the store of business object attachments, sending a request for user authority checks on a parent business object of a business object attachment to an originating computer system and receiving results of the user authority checks from the originating computer system.
    Type: Grant
    Filed: May 9, 2012
    Date of Patent: September 9, 2014
    Assignee: SAP AG
    Inventor: Martin Fischer
  • Patent number: 8832454
    Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a code block, and code which is executable by the processor-based system to cause the processor-based system to generate integrity information for the code block upon a restart of the processor-based system, securely store the integrity information, and validate the integrity of the code block during a runtime of the processor-based system using the securely stored integrity information. Other embodiments are disclosed and claimed.
    Type: Grant
    Filed: December 30, 2008
    Date of Patent: September 9, 2014
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Vincent J. Zimmer, Divya Naidu Kolar Sunder
  • Patent number: 8826424
    Abstract: In embodiments of the present invention improved capabilities are described for runtime additive disinfection of malware. Runtime additive disinfection of malware may include performing the steps of identifying, based at least in part on its type, an executable software application that is suspected of being infected with malware, wherein the malware is adapted to perform a function during the execution of the executable software application, predicting the malware function based on known patterns of malware infection relating to the type of the executable software application, and in response to the prediction, adding a remediation software component to the executable software application that disables the executable software component from executing code that performs the predicted malware function.
    Type: Grant
    Filed: March 27, 2009
    Date of Patent: September 2, 2014
    Assignee: Sophos Limited
    Inventors: James I. G. Lyne, Paul B. Ducklin
  • Patent number: 8826033
    Abstract: A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.
    Type: Grant
    Filed: December 22, 2009
    Date of Patent: September 2, 2014
    Assignee: EMC Corporation
    Inventors: Ajay Venkateshan Krishnaprasad, Parasuraman Narasimhan, Robert Polansky, Magnus Nyström
  • Patent number: 8826032
    Abstract: The systems and methods described herein include processes for efficiently detecting relevant state changes in storage network environments and for resolving the name of hosts in storage networks. A subset of states for each component in the storage network is tracked, state information consisting of the values of the selected states with an associated timestamp and a component identifier (ID) for the storage network components is periodically received, a hash function value of the received state using a pre-selected hash function is computed, the most-recent locally-stored hash function value associated with that component ID is retrieved, and in case the hash function value is different from the most-recently locally-stored value, the new hash function value and the timestamp associated with that new value and component ID are stored and this state information is forwarded to a global analyzer service.
    Type: Grant
    Filed: December 27, 2007
    Date of Patent: September 2, 2014
    Assignee: NetApp, Inc.
    Inventors: Raphael Yahalom, Assaf Levy, Gadi Oren
  • Patent number: 8819835
    Abstract: Method and computer program product for signature testing used in anti-malware processing. Silent signatures, after being tested, are not updated into a white list and are sent directly to users instead. If the silent signature coincides with malware signature, a user is not informed. A checksum (e.g., hash value) of a suspected file is sent to a server, where statistics are kept and analyzed. Based on collected false positive statistics of the silent-signature, the silent-signature is either valid or invalid. Use of the silent signatures provides for effective signature testing and reduces response time to new malware-related threats. The silent signature method is used for turning off a signature upon first false positive occurrence. Use of silent signatures allows improving heuristic algorithms for detection of unknown malware.
    Type: Grant
    Filed: January 14, 2013
    Date of Patent: August 26, 2014
    Assignee: Kaspersky Lab, ZAO
    Inventor: Denis A. Nazarov
  • Patent number: 8819361
    Abstract: The objects of an archive may be verified with a cryptographic signature stored in the archive. However, when an object is extracted, the authentication involves re-authenticating the entire archive, re-extracting the object, and comparing the extracted object with the current object, which is inefficient or unachievable if the archive is unavailable. Instead, the archive may include a block map signed with the signature and comprising hashcodes for respective blocks of the objects of the archive. When an object is extracted, the signature and block map may also be extracted and stored as objects outside of the archive. The extracted signature and block map may later be verified by authenticating the signature, verifying the block map with the signature, and matching the hashcodes of the block map with those of the blocks of the extracted objects, thus enabling a more efficient and portable verification of extracted object with extracted authentication credentials.
    Type: Grant
    Filed: September 12, 2011
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventors: Simon Wai Leong Leet, Sarjana Bharat Sheth, Patrick T. O'Brien, Jr., Jack R. Davis
  • Patent number: 8819854
    Abstract: In an information processing apparatus, software is installed to build a system providing a predetermined function. The information processing apparatus includes a generating unit configured to generate system identification information for identifying the system built by installing the software, the system identification information being generated from authentication information obtained by performing license authentication on the software; and a registering unit configured to send the system identification information generated by the generating unit to a management device that manages a plurality of the systems via a predetermined data transmission line, to register the system identification information in the management device as management information.
    Type: Grant
    Filed: June 29, 2010
    Date of Patent: August 26, 2014
    Assignee: Ricoh Company, Ltd.
    Inventor: Noriaki Nakagawa
  • Patent number: 8813229
    Abstract: The invention relates to an apparatus for preventing infection by malicious code, comprising: a database in which files installed in an agent system, DNA values for each part of the files, and index information for indicating whether each file is normal or malicious are stored; a calculation unit which calculates a DNA value for a part of a file for which an execution is requested in the agent system; and a file inspection unit which searches the database to extract, in a group, files having the DNA value calculated by the calculation unit, inspects whether an object file is normal or malicious on the basis of the index information on the files extracted in a group, and allows the execution of the object file or makes a request for the calculation of DNA values of other parts which selectively include one part of the object file.
    Type: Grant
    Filed: January 20, 2011
    Date of Patent: August 19, 2014
    Assignee: Ahnlab, Inc.
    Inventors: Jae Han Lee, Jeong Hun Kim, Sung Hyun Kim
  • Patent number: 8812683
    Abstract: Receiving and executing at a server a script provided by a client, e.g., in a service request sent by a web services or other service client and/or consumer, is disclosed. In various embodiments, the script is configured to cause the server to do one or more of the following: pre-process at least a portion of the services request; post-process a response data associated with the services request; and replace an operation comprising the service at least in part with a replacement operation defined or identified at least in part in the script.
    Type: Grant
    Filed: January 28, 2013
    Date of Patent: August 19, 2014
    Assignee: EMC Corporation
    Inventors: Alex Rankov, Victor Spivak, Donald Peter Robertson
  • Patent number: 8812868
    Abstract: Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient.
    Type: Grant
    Filed: December 1, 2011
    Date of Patent: August 19, 2014
    Assignee: Mocana Corporation
    Inventors: James Blaisdell, Jean-Max Vally
  • Patent number: 8812865
    Abstract: A client-server type computer system for graphical applications is provided, that is to say, for displaying data in the form of software units called “widgets” on display screens called “display units”, said system being intended to control the operation of a machine, the machine including at least one human-machine interface allowing interaction with the widgets, said system managing critical data or functions. The computer system includes a securing engine controlling the integrity of the display of the critical widgets, the sending of commands which is performed by means of the human-machine interface, the input and display of the critical data. The main provisions of this securing engine are the use of computer “signatures”, the provision of “feedback” circuits and the use of guard mechanisms or dedicated confirmation dialog boxes. Preferably, the machine is an aircraft, the computer system is the avionics on board said aircraft and the display screens are the cockpit display systems.
    Type: Grant
    Filed: August 5, 2011
    Date of Patent: August 19, 2014
    Assignee: Thales
    Inventors: Thierry Ganille, Patrice Capircio, Pierre-Jean Turpeau
  • Patent number: 8813228
    Abstract: Threat intelligence is collected from a variety of different sources. The threat intelligence information is aggregated, normalized, filtered and scored to identify threats to an information network. Threats are categorized by type, maliciousness and confidence level. Threats are reported to network administrators in a plurality of threat feeds, including for example malicious domains, malicious IP addresses, malicious e-mail addresses, malicious URLs and malicious software files.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: August 19, 2014
    Assignee: Deloitte Development LLC
    Inventors: Joseph C. Magee, Alison M. Andrews, Mark W. Nicholson, Jonathon Lance James, Henry C. Li, Christopher L. Stevenson, Joel Lathrop
  • Patent number: 8813226
    Abstract: A defense method and device against intelligent bots using masqueraded virtual machine information are provided. The method includes performing global hooking on a virtual machine detection request transmitted by a process, determining, on the basis of pre-stored malicious process information, whether or not the process transmitting the virtual machine detection request corresponds to a malicious process, and when the process is found to correspond to the malicious process as a result of the determination, determining that the process is generated by the intelligent bot, and returning the masqueraded virtual machine information to the process.
    Type: Grant
    Filed: September 10, 2010
    Date of Patent: August 19, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Yoon Jung Chung, Yo Sik Kim, Won Ho Kim, Dong Soo Kim, Sang Kyun Noh, Young Tae Yun, Cheol Won Lee
  • Patent number: 8812854
    Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.
    Type: Grant
    Filed: October 12, 2010
    Date of Patent: August 19, 2014
    Assignee: Google Inc.
    Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
  • Patent number: 8806647
    Abstract: Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.
    Type: Grant
    Filed: April 27, 2012
    Date of Patent: August 12, 2014
    Assignee: Twitter, Inc.
    Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
  • Patent number: 8806649
    Abstract: A method for generating vulnerability reports based on application binary interface/application programming interface usage may include extracting, by a processing device, a binary file and a security report relating to a software program executed by the processing device, the security report having a vulnerability list of pending vulnerabilities relating to the software program, detecting, from the binary file, interface usage details associated with interfaces used by the software program and associated with shared libraries used by the software program, wherein the interfaces comprise application programming interfaces (APIs) corresponding to rules that the software program follows to access and use services and resources provided by another software program, matching the interface usage details with the pending vulnerabilities of the vulnerability list, and generating a vulnerability report based on the matching, wherein the vulnerability report comprises a list of the pending vulnerabilities based on the
    Type: Grant
    Filed: July 8, 2013
    Date of Patent: August 12, 2014
    Assignee: Red Hat, Inc.
    Inventor: Kushal Das
  • Patent number: 8806661
    Abstract: Embodiments provide a method and device for distributing an electronic document. The electronic document possesses first authorized copies information used to record a first number of authorized copies for the electronic document a local user may distribute. Every time the electronic document is distributed to a user, second authorized copies information is sent to the user, which second authorized copies information is used to record a second number of authorized copies for the electronic document the user may distribute, and the second number of authorized copies is less than or equal to the first number of authorized copies currently recorded in the first authorized copies information.
    Type: Grant
    Filed: February 17, 2010
    Date of Patent: August 12, 2014
    Assignee: Sursen Corp.
    Inventors: Donglin Wang, Kaihong Zou
  • Patent number: 8806643
    Abstract: Trojanized apps for mobile environments are identified. Multiple apps for a specific mobile environment are obtained from one or more external sources. Code and digital signers are extracted from the apps and stored. For each given specific one of the obtained apps, the code of the specific app is compared to the code of other obtained apps, to determine whether the specific app 1) contains at least a predetermined threshold amount of code in common with one of the other apps, and 2) contains additional code not contained therein. If so, the digital signer of the specific app is compared to the digital signer of the other app. If it is also the case that the digital signer of the specific app is not the same as the digital signer of the other app, the specific app is identified as being trojanized.
    Type: Grant
    Filed: January 25, 2012
    Date of Patent: August 12, 2014
    Assignee: Symantec Corporation
    Inventor: Carey Nachenberg
  • Patent number: 8806221
    Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
    Type: Grant
    Filed: August 3, 2012
    Date of Patent: August 12, 2014
    Assignee: Apple Inc.
    Inventors: Dallas De Atley, Joshua de Cesare, Michael Smith, Matthew Reda, Shantonu Sen, John Andrew Wright
  • Patent number: 8806646
    Abstract: Behavioral analysis of a mobile webpage is performed to determine whether the webpage is malicious. During analysis, the webpage is visited by an emulated mobile device to cause behaviors to occur which may be malicious. The behaviors occurring after accessing the webpage are stored. The behaviors are classified as hard or soft signals. A probability of the webpage being malicious is determined through combining soft signals, and the webpage is classified as malicious or non-malicious. Users of the webpage, the developer of the webpage, or a distributor of the webpage are notified of the webpage classification to enable responsive action.
    Type: Grant
    Filed: April 27, 2012
    Date of Patent: August 12, 2014
    Assignee: Twitter, Inc.
    Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
  • Patent number: 8806639
    Abstract: Described are embodiments that provide for the use of multiple quarantine partitions and/or multi-partition spaces (e.g., virtual machines) for initially installing and running downloaded content. The downloaded content can be run securely in the quarantine partitions and/or multi-partition spaces. Each quarantine partition and/or multi-partition space can be configured differently with different capabilities. Based on the configuration and capabilities of the quarantine partitions and/or multi-partition spaces, the downloaded content may have limited capabilities to access secure data, applications, or other code limiting the damage that the content can potentially cause.
    Type: Grant
    Filed: September 30, 2011
    Date of Patent: August 12, 2014
    Assignee: Avaya Inc.
    Inventor: David S. Mohler
  • Patent number: 8806212
    Abstract: Provided are methods of generating and verifying an electronic signature of software data, wherein software data is split into a plurality of blocks, electronic signatures corresponding to each of the blocks are generated, and some of the electronic signatures are randomly selected for verification. Accordingly, a time required for verifying an electronic signature can be reduced while maintaining the advantages of an electronic signature system.
    Type: Grant
    Filed: August 14, 2008
    Date of Patent: August 12, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jun-Bum Shin, Choong-hoon Lee, Su-hyun Nam, Yang-lim Choi, Ji-soon Park
  • Patent number: 8806220
    Abstract: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.
    Type: Grant
    Filed: January 7, 2009
    Date of Patent: August 12, 2014
    Assignee: Microsoft Corporation
    Inventors: David Abzarian, Todd L. Carpenter, Harish S. Kulkarni, Salahuddin J. Khan
  • Patent number: 8800053
    Abstract: A executable content message stream filter applies a plurality of executable content filters to a stream of parsed elements of a network message. Each of the plurality of executable content filters targets executable content and is instantiated based on a set of one or more rule sets selected based, at least in part, on a type of the network message. For each of the plurality of executable content filters, it is determined if one or more of the stream of parsed elements includes executable content targeted by the executable content filter. The executable content message stream filter modifies those of the stream of parsed elements that include the executable content targeted by the plurality of executable content filters to disable the executable content.
    Type: Grant
    Filed: July 2, 2012
    Date of Patent: August 5, 2014
    Assignee: International Business Machines Corporation
    Inventors: Ai Ishida, Todd E. Kaplinger, Satoshi Makino, Masayoshi Teraguchi, Naohiko Uramoto
  • Patent number: 8800052
    Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM. Execution of the VMM runtime integrity watcher is triggered by a timer event generated based on multiple frequency bands.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: August 5, 2014
    Assignee: Intel Corporation
    Inventors: Brent Thomas, Shamanna Datta, Scott Durrant, Alberto Munoz
  • Patent number: 8793360
    Abstract: A system (130) for monitoring a denial of service attack upon a target network resource includes a memory (210) and a processor (205). The memory (210) stores instructions. The processor (205) executes the instructions in the memory (210) to receive one of a plurality of denial of service attack profiles, each profile identifying the target network resource and to execute a denial of service attack against the target network resource in accordance with the received profile. The processor (205) further executes the instructions in the memory (210) to scan one or more ports of the target network resource to determine an effect of the executed denial of service attack.
    Type: Grant
    Filed: May 23, 2003
    Date of Patent: July 29, 2014
    Assignee: Verizon Laboratories Inc.
    Inventors: Scott Andrew Belgard, Edward James Norris, David Kenneth Dumas
  • Publication number: 20140208100
    Abstract: A keystore is installed on a mobile app where the keystore is created and provisioned on a server, such as an app wrapping server, under the control of an enterprise. A generic (non-provisioned) wrapped app is installed on a device. The app prompts the user to enter a passphrase. When the user does this, an app keystore is created. It has a user section and a table of contents. The keystore files are hashed, creating “first” keystore hash values. The first keystore hash values are stored in the TOC. The TOC is then hashed, creating a TOC hash value. The passphrase entered by the user is then combined with the TOC hash value. This creates a “first” master passphrase for the keystore. The keystore is then transmitted to the device where it is installed in the generic (non-provisioned) wrapped app.
    Type: Application
    Filed: January 29, 2014
    Publication date: July 24, 2014
    Inventor: H. Richard KENDALL
  • Patent number: 8788840
    Abstract: A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus.
    Type: Grant
    Filed: March 8, 2013
    Date of Patent: July 22, 2014
    Assignee: Fujitsu Semiconductor Limited
    Inventor: Seiji Goto
  • Patent number: 8788809
    Abstract: Devices and methods use digital certificates and digital signatures to enable computing devices, such as mobile devices, to trust a server attempting to access a resource on the computing device. The server may present the computing device with a digital certificate issued by a trusted third party which includes information so that the computing device can determine which resources the server should be trusted to access. The computing device can determine that the digital certificate was issued by a trusted third party by examining the chain of digital certificates that may link the server with an inherently trusted authority.
    Type: Grant
    Filed: April 27, 2009
    Date of Patent: July 22, 2014
    Assignee: QUALCOMM Incorporated
    Inventor: Brian H. Kelley
  • Patent number: 8788839
    Abstract: A method of booting an electronic device includes verifying communicable connection of a sender input/output terminal of the electronic device to a receiver input/output terminal of the electronic device, using a first boot loader executing on a computing processor of the electronic device. The method further includes reading a signature of a unique identifier of the electronic device from a removable storage device received by the electronic device, verifying the signature of the unique identifier of the electronic device, and allowing installation of a second boot loader on the electronic device when the signature is valid.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: July 22, 2014
    Assignee: Google Inc.
    Inventors: Ke Dong, Michael Daniel Fuller, Shawn M. Ledbetter
  • Patent number: 8784195
    Abstract: Disclosed is a system and method that uses digital signature technology to authenticate the contents of one or more manifests located on a storage device. Each manifest contains a list of file records, where each record contains the name of a file stored on the storage device, and a SHA1 hash value derived from the contents of the file. At boot time, the gaming machine first authenticates the contents of the manifest and then verifies the contents of the files using the SHA1 value stored in the manifest. Files are verified using the SHA1, as they are needed, during the boot up of the operating system and throughout normal operation. This method reduces the boot time of the gaming machine and eliminates the need to check digital signatures for each individual file or over the entire contents of a non-secure media.
    Type: Grant
    Filed: June 9, 2006
    Date of Patent: July 22, 2014
    Assignee: Bally Gaming, Inc.
    Inventor: Robert W. Crowder, Jr.
  • Patent number: 8789179
    Abstract: Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.
    Type: Grant
    Filed: October 28, 2011
    Date of Patent: July 22, 2014
    Assignee: Novell, Inc.
    Inventor: Jason Allen Sabin
  • Patent number: 8789174
    Abstract: A method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer is described. In one embodiment, the method includes examining network traffic that is directed to at least one endpoint computer, accessing profile information associated with the at least one endpoint computer to determine confidence indicia associated with each portion of the network traffic, comparing the confidence indicia with heuristic information to identify anomalous activity for the at least one endpoint computer and communicating indicia of detection as to the anomalous activity to the at least one endpoint computer.
    Type: Grant
    Filed: April 13, 2010
    Date of Patent: July 22, 2014
    Assignee: Symantec Corporation
    Inventor: Prashant Gupta
  • Patent number: 8782792
    Abstract: A computer-implemented method for detecting malware on mobile platforms may include (1) identifying an application on a mobile computing platform subject to a malware evaluation, (2) transmitting the application to a security server, (3) providing emulation information to the security server, the emulation information relating to emulating the mobile computing platform, (4) receiving a result of the malware evaluation as performed by the security server, the malware evaluation including the security server using the emulation information to execute the application within an emulation of the mobile computing platform, and (5) performing a security action based on the result of the malware evaluation. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 27, 2011
    Date of Patent: July 15, 2014
    Assignee: Symantec Corporation
    Inventor: Anand Bodke
  • Patent number: 8782429
    Abstract: Controlling access to computational features includes: preparing a computational resource for execution by an execution system that has been provided a primary descriptor containing an identity value and that has associated a feature indicator with the primary descriptor; accessing a secondary descriptor containing the identity value and cryptographically assigned to the computational resource; and granting the computational resource access to a computational feature of the execution system based on the feature indicator.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: July 15, 2014
    Assignee: Ab Initio Technology LLC
    Inventors: Brond Larson, Richard A. Shapiro
  • Patent number: 8782809
    Abstract: Techniques for detecting a cloned virtual machine instance. A method includes transmitting an identifier associated a virtual machine from an agent embedded in the virtual machine akin to a malware to a detection entity in a network, determining whether the identifier is a unique identifier or whether the identifier is a clone of an identifier associated with a separate virtual machine in the network, and initiating at least one remedial action with the agent embedded in the virtual machine if the identifier is determined to be a clone of an identifier associated with a separate virtual machine in the network.
    Type: Grant
    Filed: November 9, 2012
    Date of Patent: July 15, 2014
    Assignee: International Business Machines Corporation
    Inventors: Salman A. Baset, Ashish Kundu, Sambit Sahu
  • Patent number: 8782793
    Abstract: Disclosed are systems and methods for detection and repair of malware on data storage devices. The system includes a controller, a communication interface for connecting an external data storage device, and a memory for storing antivirus software. The antivirus software is configured to scan the data contained in the data storage device, perform repair or removal of malicious files or programs found on the data storage device, identify suspicious files or programs on the data storage device and malicious files or programs that cannot be repaired or removed from the data storage device, send information about these files or programs to the antivirus software provider, receive updates for the antivirus software from the antivirus software provider, and rescan the suspicious files or programs and malicious files or programs that cannot be repaired or removed using updated antivirus software.
    Type: Grant
    Filed: May 22, 2012
    Date of Patent: July 15, 2014
    Assignee: Kaspersky Lab ZAO
    Inventor: Oleg V. Zaitsev
  • Patent number: 8782807
    Abstract: A code authentication architecture is used to sign code by adding one or more digital signatures to it. The digital signatures identify what authority signed the code, what the code contains, what type of program the code is, or other identifying information. When the signed code is later executed on a computer system, its identity is obtained by accessing encrypted information of the code stored on disk. The architecture then determines whether the identity satisfies at least one requirement imposed on the code for some purpose. If the code has been altered from when it was signed or it fails to satisfy a requirement imposed, the code will not have a valid identity. In addition to verifying the identity of the code, the architecture also validates executing code immediately responsible for managing the code and additional executing code in a chain of hosts responsible for managing one another.
    Type: Grant
    Filed: February 4, 2013
    Date of Patent: July 15, 2014
    Assignee: Apple Inc.
    Inventor: Peter Kiehtreiber
  • Patent number: 8775822
    Abstract: A computer-implemented system and method for protecting a software installation after certification are disclosed. The system includes components to determine if a cryptographic value of a digital content set matches with a stored cryptographic value of a validated digital content set, to determine if a cryptographic value of a validation rule set matches with a stored cryptographic value corresponding to a validation requirement, and to display a certification message if the cryptographic value of the digital content set matches with a stored cryptographic value of a validated digital content set and the cryptographic value of the validation rule set matches with a stored cryptographic value corresponding to a validation requirement.
    Type: Grant
    Filed: August 31, 2007
    Date of Patent: July 8, 2014
    Assignee: Flexera Software, LLC
    Inventors: Michael G. Marino, Andres M. Torrubia
  • Patent number: 8776233
    Abstract: A system, method, and computer program product are provided for removing malware from a system while the system is offline. In use, a system is identified as being infected with malware. Additionally, it is determined whether the malware can be fully removed from the system while the system is online. Further, at least part of the malware is conditionally removed from the system while the system is offline, based on the determining.
    Type: Grant
    Filed: October 1, 2010
    Date of Patent: July 8, 2014
    Assignee: McAfee, Inc.
    Inventors: Gregory William Dalcher, Joel R. Spurlock
  • Patent number: 8776248
    Abstract: Machine-readable media, methods, apparatus and system for booting a processing system are described. In an embodiment, whether to launch an open operating system or a closed operating system to boot a processing system may be determined. A key may be retrieved from a processor register of the processing system and used to decrypt an encrypted version of the closed operating system based at least in part on a determination of booting the processing system with the closed operating system. In another embodiment, the processor register stored with the key may be flushed based at least in part on a determination of booting the processing system with the open operating system.
    Type: Grant
    Filed: January 24, 2012
    Date of Patent: July 8, 2014
    Assignee: Intel Corporation
    Inventors: Shay Gueron, Konstantin Levit-Gurevich, Boaz Ouriel, Israel Hirsh
  • Patent number: 8775826
    Abstract: Method and apparatus for obfuscating computer software code, to protect against reverse-engineering of the code. The obfuscation here is on the part of the code that accesses buffers (memory locations). Further, the obfuscation process copies or replaces parts of the buffer contents with local variables. This obfuscation is typically carried out by suitably annotating (modifying) the original source code.
    Type: Grant
    Filed: February 9, 2011
    Date of Patent: July 8, 2014
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Mathieu Ciet, Pierre Betouin