Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 8938799
    Abstract: A unified security management system and related apparatus and methods for protecting endpoint computing systems and managing, providing, and obtaining security functions is described. Various forms of the system, apparatus and methods may be used for improved security, security provisioning, security management, and security infrastructure.
    Type: Grant
    Filed: June 15, 2005
    Date of Patent: January 20, 2015
    Inventor: Jen-Wei Kuo
  • Patent number: 8935758
    Abstract: A data processing system (100) comprises: a database (4); a host computer (3) and a user computer (1) capable of communicating with each other over a network (2); wherein the user computer sends a data request message (RQ) to the host computer (3), the request message containing Data information (RD), Identity information (RI), and Authenticity information (A; VI), wherein the host computer (3) checks the authentication information and only sends the required data if the Identity information (RI) defines an authorized user and the authentication information (A; VI) authenticates the user identification information. The request message further contains secondary information (RT) and the host computer (3) calculates, from the secondary-information, a reliability value (R), compares the calculated reliability value with a predefined reliability threshold, and sends the required data only if the reliability value is at least as high as the reliability threshold.
    Type: Grant
    Filed: March 18, 2011
    Date of Patent: January 13, 2015
    Assignee: Authasas BV
    Inventors: Rik Peters, Reinier Maria Van Der Drift, Menno Stijl
  • Patent number: 8930710
    Abstract: A system and method for verifying that operating software and calibration files are present and valid after a bootloader flashes the files into the memory on a vehicle ECU before allowing the operating software to execute. The ECU memory defines a memory segment for the operating software and the calibration files. A software manifest is provided in a memory slot before the operating software segment in the memory. Likewise, a calibration manifest is provided in a memory slot before the calibration segment in the ECU memory. After the software has been flashed into the ECU memory, a software flag is set in the software manifest memory slot and each time a calibration file is flashed, a calibration flag for the particular calibration file is set in the calibration manifest.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: January 6, 2015
    Assignee: GM Global Technology Operations LLC
    Inventors: Kevin M. Baltes, James T. Kurnik, Ronald J. Gaynier, Thomas M. Forest, Ansaf I. Alrabady
  • Patent number: 8924699
    Abstract: A boot program held in a BIOS memory device of a processing system is authenticated. At system start-up, a BIOS protection device temporarily prevents execution of the boot program by the central processor of the processing system by control of address and data paths. The BIOS protection device interrogates the contents of the BIOS memory device to establish authentication. If the contents of the BIOS memory device are not authentic, execution of the boot program is prevented.
    Type: Grant
    Filed: August 27, 2013
    Date of Patent: December 30, 2014
    Assignee: Aristocrat Technologies Australia Pty Ltd
    Inventor: Robert Linley Muir
  • Patent number: 8924737
    Abstract: In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
    Type: Grant
    Filed: August 25, 2011
    Date of Patent: December 30, 2014
    Assignee: Microsoft Corporation
    Inventors: Stefan Thom, Robert Karl Spiger, Magnus Bo Gustaf Nyström, David R. Wooten
  • Patent number: 8925099
    Abstract: Techniques for privacy scoring are disclosed. In some embodiments, privacy scoring includes collecting information associated with an entity; and generating a privacy score based on the private information that was collected that is associated with the entity. In some embodiments, privacy scoring further includes outputting the privacy score. In some embodiments, privacy scoring further includes determining private information that was collected that is associated with the entity.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: December 30, 2014
    Assignee: Reputation.com, Inc.
    Inventors: James Andrew Saxe, Thomas Gerardo Dignan
  • Patent number: 8925101
    Abstract: A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status.
    Type: Grant
    Filed: July 28, 2010
    Date of Patent: December 30, 2014
    Assignee: McAfee, Inc.
    Inventors: Rishi Bhargava, David P. Reese, Jr.
  • Patent number: 8924725
    Abstract: One or more file sharing computers receives a client request including an IP address and port number used by the client (computer). The one or more computers respond by creating an enhanced file handle from a hash on a combination of the IP address, port number, restricted key, and a standard file handle, and concatenating the hash with the standard file handle. The enhanced file handle is sent to the client and used by the client in a second request. The one or more computers uncouple the standard file handle and hash combination. Using the client IP address, port number, restricted key and standard file handle from the client second request, the one or more computers create a second combination. The second combination hash is compared to the first combination hash and in response to determining a match, the second request is accepted, and otherwise denied.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: December 30, 2014
    Assignee: International Business Machines Corporation
    Inventors: Paul F. Russell, Leif R. Sahlberg
  • Patent number: 8918906
    Abstract: A communication service system includes a SNS server 1 that manages contents, and client terminals 10 to 30 that can make access to the SNS server 1 via a network 40. Each of the client terminals 10 to 30 includes a portion with which the client terminal can obtain an object. The SNS server 1 manages objects input by the client terminals 10 to 30, and allows a plurality of client terminals that are connected to the network 40 and browse the same content to share objects.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: December 23, 2014
    Assignee: Panasonic Corporation
    Inventors: Shuhei Sasakura, Katsuyuki Morita, Eiji Fukumiya
  • Patent number: 8918649
    Abstract: Apparatuses and methods are disclosed for accessing and distributing data that includes a portable first device and a second device wherein both devices have unconscious capture capability. The first device has a first memory wherein at least one document is stored in the first memory of the first device. The first device has a transceiver, an identifier, and a public key to access a second device.
    Type: Grant
    Filed: February 20, 2007
    Date of Patent: December 23, 2014
    Assignee: Ricoh Co., Ltd.
    Inventor: Jonathan J. Hull
  • Patent number: 8918866
    Abstract: Mechanisms are provided for handling client computing device requests with adaptive rule loading and session control. The mechanisms partition a set of rules, into a plurality of filter sets with each filter set having a different subset of the set of rules and being directed to identifying a different type of attack on a backend application or service. A subset of filter sets is selected to be used to validate client computing device requests received from client computing devices. The selected filter sets are applied to requests and/or responses to requests. The mechanisms dynamically modify which filter sets are included in the subset of filter sets based on an adaptive reinforcement learning operation on results of applying the selected filter sets to the requests and/or responses to requests.
    Type: Grant
    Filed: June 29, 2009
    Date of Patent: December 23, 2014
    Assignee: International Business Machines Corporation
    Inventors: Lin Luo, Vugranam C. Sreedhar, Shun X. Yang, Yu Zhang
  • Patent number: 8914890
    Abstract: Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.
    Type: Grant
    Filed: January 31, 2011
    Date of Patent: December 16, 2014
    Assignee: International Business Machines Corporation
    Inventors: Marco Pistoia, Ori Segal, Omer Tripp
  • Patent number: 8914895
    Abstract: A method is used in managing verification of input data. A first set of input information is received at a first logical object, and a second set of input information is received at a second logical object. The first and second sets of input information are indicated as having a same origin. Based on the first and second sets of input information, it is determined whether the first set of input information is valid.
    Type: Grant
    Filed: September 25, 2012
    Date of Patent: December 16, 2014
    Assignee: EMC Corporation
    Inventors: Aaron T. Katz, Daniel V. Bailey, Yavir Amar
  • Patent number: 8910306
    Abstract: When a content write unit records a content on a medium, a control unit controls to record a dummy license which is generated by a dummy license generation unit and an expiration time limit is set into a past time, into the medium. When a recording of the content on the medium is completed, the control unit controls to delete the dummy license recorded on the medium and to record a normal license into the medium.
    Type: Grant
    Filed: October 16, 2012
    Date of Patent: December 9, 2014
    Assignee: Panasonic Corporation
    Inventor: Hisashi Tsuji
  • Patent number: 8910293
    Abstract: Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.
    Type: Grant
    Filed: July 5, 2012
    Date of Patent: December 9, 2014
    Assignee: International Business Machines Corporation
    Inventors: Marco Pistoia, Ori Segal, Omer Tripp
  • Patent number: 8904544
    Abstract: Data received at, or created on, a device may be tagged as corporate dependent upon a service over which the data is received or an application in which the data is created. When a user attempts to insert tagged data into a data item that is to be transmitted by the device, the insertion may be prevented. Similarly, the transmission of tagged data may be restricted to only occur on a secure service.
    Type: Grant
    Filed: April 13, 2011
    Date of Patent: December 2, 2014
    Assignee: BlackBerry Limited
    Inventors: Van Quy Tu, Adrian Michael Logan, Andrew John Ewanchuk, Imtiaz Nadaf
  • Patent number: 8904558
    Abstract: The detection of web browser-based attacks using browser tests launched from a remote source is described. In one example, a digest is computed based on the content of an HTTP response message. The message is modified and sent to a client device that also computes a digest. The digests are compared to determine whether content has been modified by malware on the HTTP client. The results of the test are analyzed and defensive measures are taken.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: December 2, 2014
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Tal Arieh Be'ery
  • Patent number: 8893276
    Abstract: An intrusion prevention/detection system filter (IPS filter) performance evaluation is provided. The performance evaluation is performed at both the security center and at the customer sites to derive a base confidence score and local confidence scores. Existence of new vulnerability is disclosed and its attributes are used in the generation of new IPS filter or updates. The generated IPS filter is first tested to determine its base confidence score from test confidence attributes prior to deploying it to a customer site. A deep security manager and deep security agent, at the customer site, collect local confidence attributes that are used for determining the local confidence score. The local confidence score and the base confidence score are aggregated to form a global confidence score. The local and global confidence scores are then compared to deployment thresholds to determine whether the IPS filter should be deployed in prevention or detection mode or sent back to the security center for improvement.
    Type: Grant
    Filed: October 27, 2012
    Date of Patent: November 18, 2014
    Assignee: Trend Micro Incorporated
    Inventors: Blake Stanton Sutherland, William G. McGee
  • Patent number: 8892865
    Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
    Type: Grant
    Filed: March 27, 2012
    Date of Patent: November 18, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Marc R. Barbour, Bradley Jeffery Behm, Cristian M. Ilac, Eric Jason Brandwine
  • Patent number: 8892900
    Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).
    Type: Grant
    Filed: September 2, 2012
    Date of Patent: November 18, 2014
    Assignee: International Business Machines Corporation
    Inventors: Endre-Feliz F. Bangerter, Matthias Schunter, Michael P. Waidner, Jan L. Camenisch
  • Patent number: 8880901
    Abstract: An embodiment generally pertains to a method of secure address handling in a processor. The method includes detecting an instruction that implicitly designates a target address and retrieving an encoded location associated with the target address. The method also includes decoding the encoded location to determine the target address. Another embodiment generally relates to detecting an instruction having an operand designating an encoded target address and determining a location of a target instruction associated with the target address. The method also includes determining a location of a subsequent instruction and encoding the location of the subsequent instruction. The method further includes storing the encoded location of the subsequent instruction.
    Type: Grant
    Filed: May 25, 2006
    Date of Patent: November 4, 2014
    Assignee: Red Hat, Inc.
    Inventor: Ulrich Drepper
  • Patent number: 8881271
    Abstract: A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory.
    Type: Grant
    Filed: August 1, 2008
    Date of Patent: November 4, 2014
    Assignee: Mandiant, LLC
    Inventor: James Robert Butler, II
  • Patent number: 8880897
    Abstract: The present invention discloses a method for quickly and easily authenticating large computer program. The system operates by first sealing the computer program with digital signature in an incremental manner. Specifically, the computer program is divided into a set of pages and a hash value is calculated for each page. The set of hash values is formed into a hash value array and then the hash value array is then sealed with a digital signature. The computer program is then distributed along with the hash value array and the digital signature. To authenticate the computer program, a recipient first verifies the authenticity of the hash value array with the digital signature and a public key. Once the hash value array has been authenticated, the recipient can then verify the authenticity of each page of the computer program by calculating a hash of a page to be loaded and then comparing with an associated hash value in the authenticated hash value array.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: November 4, 2014
    Assignee: Apple Inc.
    Inventors: Peter Kiehtreiber, Michael Brouwer
  • Patent number: 8874927
    Abstract: An application execution system and a method for executing applications, at a terminal, with security check on the application package are provided. The system includes an application creator including an enabler, for creating an application package including a plurality of binary codes and content files, and for adding a checksum file generated by ciphering, at the enabler, information on a main binary of the application package, and a terminal storing the application, for determining a validity of the application package, and for executing an application according to the validity of the application package, and a subsystem including a checker, for ciphering the main binary of the application package using the checker added to the open function in response to the call, for notifying, when the result of the ciphering and the checksum file match with each other, the operating system of the successful validation.
    Type: Grant
    Filed: October 26, 2012
    Date of Patent: October 28, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sunghyun Park
  • Patent number: 8869283
    Abstract: A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: October 21, 2014
    Assignee: Glasswall (IP) Limited
    Inventor: Nicholas John Scales
  • Patent number: 8868924
    Abstract: Disclosed are systems, methods and computer program products for modifying a software distribution package. In one aspect, the system receives a software distribution package including one or more compressed files and one or more digital signatures of the one or more files; determines whether it is necessary to modify the software distribution package; determines a size of modifications to the software distribution package; if the size of the modifications does not exceed a size threshold, modifies a commentary section of the software distribution package without recalculating of the digital signatures for the files included in the software distribution package; and if the size of the modifications exceeds the size threshold, modifies an offset region between a file structure of the software distribution package and the compressed files of the software distribution package without recalculating the digital signatures of the files included in the software distribution package.
    Type: Grant
    Filed: March 4, 2014
    Date of Patent: October 21, 2014
    Assignee: Kaspersky Lab ZAO
    Inventors: Konstantin M. Filatov, Victor V. Yablokov
  • Patent number: 8869292
    Abstract: A 3D object is protected by a first device that receives the 3D object, generates translation vectors that are added to the points of the 3D object to obtain a protected 3D object, and outputs the protected 3D object. The protected 3D object is unprotected by a second device by receiving the protected 3D object, generating translation vectors that are subtracted from the points of the protected 3D object to obtain an unprotected 3D object, and outputting the unprotected 3D object. Also provided are the first device, the second device and computer readable storage media.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: October 21, 2014
    Assignee: Thomson Licensing
    Inventors: Marc Eluard, Yves Maetz, Sylvain Lelievre
  • Patent number: 8868904
    Abstract: A configuration is provided wherein usage restrictions of an application are determined in accordance with timestamps. A certificate revocation list (CRL) in which the revocation information of a content owner who is a providing entity of an application program recorded in a disc is recorded is referred to verify whether or not a content owner identifier recorded in an application certificate is included in the CRL, and in the case that the content owner identifier is included in the CRL, comparison between a timestamp stored in a content certificate and a CRL timestamp is executed, and in the case that the content certificate timestamp has date data equal to or later than the CRL timestamp, utilization processing of the application program is prohibited or restricted. According to the present configuration, a configuration is realized wherein an unrevoked application is not subjected to utilization restriction, and only a revoked application is subjected to utilization restriction.
    Type: Grant
    Filed: January 20, 2009
    Date of Patent: October 21, 2014
    Assignee: Sony Corporation
    Inventors: Kenjiro Ueda, Tateo Oishi, Katsumi Muramatsu, Motoki Kato, Yoshiyuki Kobayashi
  • Patent number: 8862892
    Abstract: Embodiments of a system and method for detecting a security compromise on a device are described. Embodiments may be implemented by a content consumption application configured to protect content decryption keys on a device, such as a computer system (e.g., a desktop or notebook computer) or a mobile device (e.g., a smartphone or tablet). For instance, the content consumption application may be configured to provide decryption keys for respective content to a media component (or another component of the operating system) if multiple conditions have been met. For instance, in various embodiments, the content consumption application may pass the key to the media component after ensuring that i) one or more security mechanisms of the device operating system have not been compromised and ii) one or more executable instructions of the content consumption application have not been tampered (e.g., instructions corresponding to a function that handles the decryption key(s)).
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: October 14, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Viswanathan Swaminathan, Sheng Wei
  • Patent number: 8863285
    Abstract: An apparatus, device, methods, computer program product, and system are described that determine a virus associated with communication data on a communications network, the communications network associated with at least one network policy device, associate an anti-viral agent with at least one identifier, prioritize transmission of the at least one identifier through the at least one network policy device, relative to the communication data, and provide the anti-viral agent on the communications network, in response to the prioritizing transmission of the at least one identifier through the at least one network policy device.
    Type: Grant
    Filed: September 22, 2006
    Date of Patent: October 14, 2014
    Assignee: The Invention Science Fund I, LLC
    Inventors: Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, John D. Rinaldo, Jr., Lowell L. Wood, Jr.
  • Patent number: 8863280
    Abstract: A method of testing a web application, wherein a web application is a program that operates on a server and interacts with clients that access the program over a network, wherein further the web application accepts parameters that define results generated from the web application, the method comprising determining which web application uniform resource identifiers (URIs) are used to access various web applications on a system, determining if more than a threshold of the URIs are for a common web application, selecting a subset of less than all of the URIs for the common web application when the threshold is exceeded for that common web application, wherein the subset is selected at least in part independently of the order generated and performing a security scan on the selected subset.
    Type: Grant
    Filed: January 2, 2013
    Date of Patent: October 14, 2014
    Assignee: Whitehat Security, Inc.
    Inventors: William Pennington, Jeremiah Grossman, Robert Stone, Siamak Pazirandeh
  • Patent number: 8863282
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for monitoring the generation of link files by processes on a computer and performing protection processes based on whether the link files target malicious objects or are generated by malicious processes.
    Type: Grant
    Filed: October 15, 2009
    Date of Patent: October 14, 2014
    Assignee: McAfee Inc.
    Inventors: Lokesh Kumar, Harinath Vishwanath Ramchetty, Girish R. Kulkarni
  • Patent number: 8862891
    Abstract: A system controlling online access to a study course verifies the identity of an individual taking a study course over a global computer network from a first computer at a node of the network. The first computer has a biometric identification program and communicates over the network with a second computer that is at a network node other than a node of the first computer. The second computer includes study program material. The first computer operates a biometric reader, which obtains a first set of biometric data from the individual and a second set of biometric data from the individual while access is granted to course material. The biometric identification program compares the first set of data with the second set of data to make a verification of the identity of the individual and communicates the verification to the second computer.
    Type: Grant
    Filed: November 5, 2013
    Date of Patent: October 14, 2014
    Assignee: Completelyonline.com, Inc.
    Inventor: Armen Geosimonian
  • Publication number: 20140304520
    Abstract: A firmware-based mechanism for protecting against physical attacks on ROM areas holding Authenticated Variables. A first hash of contents of at least one Authenticated Variable is created by a computing device's UEFI-compliant firmware and stored in a non-volatile storage location. Subsequently a second hash of contents of the at least one Authenticated Variable is created by the firmware and compared by the firmware to the stored hash to identify unauthorized modifications of the at least one Authenticated Variable occurring after the creation of the first hash.
    Type: Application
    Filed: April 4, 2014
    Publication date: October 9, 2014
    Applicant: Insyde Software Corp.
    Inventors: Jeffery Jay BOBZIN, Martin O. NICHOLES
  • Patent number: 8856542
    Abstract: System and method for detecting ransomware. A current user behavior pattern is monitored based on user input via a user input device. The user behavior is compared against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module. A current status pattern of the operating system is also monitored. The current status pattern is compared against a reference set of operating system status patterns associated with predefined ransomware behavior. In response to indicia of current user frustration with non-responsiveness of the user interface, and further in response to indicia of the current status pattern having a correlation to the predefined ransomware behavior, an indication of a positive detection of ransomware executing on the computer system is provided.
    Type: Grant
    Filed: March 29, 2013
    Date of Patent: October 7, 2014
    Assignee: Kaspersky Lab ZAO
    Inventors: Ivan I. Tatarinov, Vladislav V. Martynenko, Alexey V. Monastyrsky, Mikhail A. Pavlyushchik, Konstantin V. Sapronov, Yuri G. Slobodyanuk
  • Patent number: 8856544
    Abstract: The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed.
    Type: Grant
    Filed: July 16, 2010
    Date of Patent: October 7, 2014
    Assignee: Alcatel Lucent
    Inventors: Peter Bosch, Vladimir Kolesnikov, Sape Mullender, Jim McKie, Philippe Dobbelaere, Hubert McLellan
  • Patent number: 8856932
    Abstract: An approach for detecting a kernel-level rootkit is presented. A changed entry in a System Service Descriptor Table (SSDT) or an Interrupt Descriptor Table (IDT) is detected. The changed entry results from an installation of suspect software. The changed entry is determined to be not referenced by a white list. A black list is updated to reference the changed entry to indicate the changed entry results from an installation of the kernel-level rootkit. The suspect software is determined to be the kernel-level rootkit based on the changed entry not being referenced by the white list. The changed entry is restored to an entry included in a first state of an operating system kernel. The first state is based on the SSDT and IDT referencing hooks indicated in the white list, where the hooks are not the result of an installation of any kernel-level rootkit.
    Type: Grant
    Filed: August 5, 2013
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventor: Jayakrishnan Ramalingam
  • Patent number: 8856536
    Abstract: A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller.
    Type: Grant
    Filed: December 15, 2011
    Date of Patent: October 7, 2014
    Assignee: GM Global Technology Operations LLC
    Inventors: Nader M. Rabadi, Kevin M. Baltes
  • Patent number: 8856921
    Abstract: Threat emergence dates as well as file modification and scanning history are tracked to determine which files need to be scanned for possible infection by various attacking agents. Information concerning which scan engines are used to scan for the presence of different attacking agents is also tracked. Where given files only need to be scanned for a subset of all possible threats and the relevant scanning code resides in only a subset of all the scan engines, only the required scan engines are initialized, loaded or called in order to scan those files.
    Type: Grant
    Filed: September 28, 2007
    Date of Patent: October 7, 2014
    Assignee: Symantec Corporation
    Inventors: Bruce McCorkendale, William E. Sobel, Mark Spiegel, Shaun Cooley
  • Patent number: 8856938
    Abstract: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.
    Type: Grant
    Filed: July 30, 2008
    Date of Patent: October 7, 2014
    Assignee: Oracle America, Inc.
    Inventors: Casper H. Dik, John E. Zolnowsky, Scott A. Rotondo, Joep J Vesseur
  • Patent number: 8848917
    Abstract: A method for verifying the integrity of a key implemented in a symmetrical ciphering or deciphering algorithm, including the steps of complementing to one at least the key; and verifying the coherence between two executions of the algorithm, respectively with the key and with the key complemented to one.
    Type: Grant
    Filed: May 14, 2009
    Date of Patent: September 30, 2014
    Assignee: STMicroelectronics (Rousset) SAS
    Inventors: Pierre-Yvan Liardet, Yannick Teglia
  • Patent number: 8850221
    Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.
    Type: Grant
    Filed: April 22, 2013
    Date of Patent: September 30, 2014
    Assignee: Gemalto SA
    Inventors: Stephanie Salgado, David Vigilant, Guillaume Fumaroli
  • Patent number: 8850570
    Abstract: A candidate suspicious website is identified. A plurality of lightweight features associated with the candidate suspicious website is identified. A filter score is determined based on the plurality of lightweight features, wherein the filter score indicates a likelihood that the candidate suspicious website is a malicious website. Whether the filter score exceeds a threshold is determined. Responsive at least in part to the filter score exceeding the threshold it is determined that the candidate suspicious website is a suspicious website. Whether the suspicious website is a malicious website is determined by identifying software downloaded to the computing system responsive to accessing the suspicious website and determining whether the software downloaded to the computing system is malware based on characteristics associated with the downloaded software.
    Type: Grant
    Filed: June 30, 2008
    Date of Patent: September 30, 2014
    Assignee: Symantec Corporation
    Inventor: Zulfikar Ramzan
  • Patent number: 8850571
    Abstract: A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.
    Type: Grant
    Filed: November 3, 2008
    Date of Patent: September 30, 2014
    Assignee: FireEye, Inc.
    Inventors: Stuart Gresley Staniford, Ashar Aziz
  • Patent number: 8844044
    Abstract: A process for facilitating a client system defense training exercise implemented over a client-server architecture includes designated modules and hardware for protocol version identification message; registration; profiling; health reporting; vulnerability status messaging; storage; access and scoring. More particularly, the server identifies a rule-based vulnerability profile to the client and scores client responses in accordance with established scoring rules for various defensive and offensive asset training scenarios.
    Type: Grant
    Filed: July 20, 2012
    Date of Patent: September 23, 2014
    Assignee: Leidos, Inc.
    Inventors: Scott Cruickshanks Kennedy, Carleton Royse Ayers, II, Javier Godinez, Susan Fichera Banks, Myoki Elizabeth Spencer
  • Patent number: 8844042
    Abstract: In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.
    Type: Grant
    Filed: June 16, 2010
    Date of Patent: September 23, 2014
    Assignee: Microsoft Corporation
    Inventors: Randal P. Treit, Joseph J. Johnson, Adrian Marinescu, Nitin Sood, Marc E. Seinfeld
  • Patent number: 8843761
    Abstract: Protection program commands are inserted into at least one program command sequence of program commands in a program, to produce and check a monitoring flow marking sequence.
    Type: Grant
    Filed: July 10, 2008
    Date of Patent: September 23, 2014
    Assignee: Siemens Aktiengesellschaft
    Inventors: Bernd Meyer, Marcus Schafheutle, Hermann Seuschek
  • Patent number: 8843742
    Abstract: Methods, systems, apparatuses and program products are disclosed for protecting computers and similar equipment from undesirable occurrences, especially attacks by malware. Invariant information, such as pure code and some data tables may be enrolled for later revalidation by code operating outside the normal context. For example, a periodic interrupt may invoked a system management mode interrupt service routine to discover whether code regions accessible to Protected Mode programs have become corrupted or otherwise changed, such as by tampering from untrusted or untrustworthy programs that have easy access only to protected mode operation.
    Type: Grant
    Filed: August 26, 2008
    Date of Patent: September 23, 2014
    Assignee: Hewlett-Packard Company
    Inventor: Kaushik C. Barde
  • Patent number: 8844051
    Abstract: An approach is provided for relaying media and creating new content from the media via a social network. Audio content is caused to be received from one of a plurality of devices. The one device is associated with a member of a first list of contacts. New audio content is generated based on the received audio content. The new audio content is caused, at least in part, to be transmitted to another one of the devices. The other one device is associated with a member of a second list of contacts.
    Type: Grant
    Filed: September 9, 2009
    Date of Patent: September 23, 2014
    Assignee: Nokia Corporation
    Inventors: Juha Henrik Arrasvuori, Hannu J. Korhonen, Markus Montola
  • Patent number: 8844038
    Abstract: According to a first aspect of the present invention there is provided a method of detecting malware in a mobile telecommunications device 101. In the method, maintaining a database 109 of legitimate applications and their respective expected behaviors, identifying legitimate applications running on the device 101, monitoring the behavior of the device 101, comparing this monitored behavior with that expected according to the database 109 for those legitimate applications identified as running on the device 101, and analyzing deviations from the expected behavior of the device 101 to identify the potential presence of malware.
    Type: Grant
    Filed: July 9, 2009
    Date of Patent: September 23, 2014
    Assignee: F-Secure Oyj
    Inventor: Jarno Niemelä