专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07831677B1 Bulk electronic message detection by header similarity analysis 有权
标题翻译：通过标题相似性分析进行大量电子消息检测
公开(公告)号：US07831677B1
公开(公告)日：2010-11-09
申请号：US12413287
申请日：2009-03-27
申请人： Alfred C. Hartman , Carey S. Nachenberg
发明人： Alfred C. Hartman , Carey S. Nachenberg
IPC分类号： G06F15/16
CPC分类号： G06Q10/107 , H04L51/12
摘要： Methods, apparatuses, and computer-readable media for detecting bulk electronic messages using header similarity analysis. Bulk electronic messages can be detected by parsing (115) header fields of an electronic message; associating (120) at least one constituent unit with each header field defining a set of constituent units for each header field; ascertaining (230) a feature vector for each set of constituent units; forming (240) a collection of feature vectors; and computing (250) an inner product from a set of constituent units from an additional electronic message and the collection of feature vectors from the initial electronic message resulting in a measure of similarity between the initial electronic message and the additional electronic message.
摘要翻译：用于使用标题相似性分析检测批量电子消息的方法，装置和计算机可读介质。可以通过解析（115）电子消息的报头字段来检测批量电子消息; 将至少一个构成单元与每个头字段相关联（120），每个头字段为每个头字段定义一组组成单元; 确定（230）每组构成单元的特征向量; 形成（240）特征向量的集合; 以及从附加电子消息从一组构成单元计算（250）内积，以及来自初始电子消息的特征向量的收集导致初始电子消息和附加电子消息之间的相似性度量。

2. 发明授权

US08671449B1 Systems and methods for identifying potential malware 有权
标题翻译：用于识别潜在恶意软件的系统和方法
公开(公告)号：US08671449B1
公开(公告)日：2014-03-11
申请号：US12943923
申请日：2010-11-10
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06F11/00 , G06F12/14 , G06F13/00 , G06F17/30 , G11C7/00 , G08C23/00
CPC分类号： G06F21/56 , H04L63/145
摘要： A computer-implemented method for identifying potential malware may include (1) identifying a file that is subject to a reputation evaluation, (2) identifying at least one client submission received from at least one computing system that identifies (a) an instance of the file created on the computing system and (b) at least one additional file created on the computing system at substantially the same time as the instance of the file and within the same file path as the instance of the file, (3) identifying a reputation associated with the additional file(s), and then (4) generating a reputation rating for the file based at least in part on the reputation associated with the additional file(s). Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于识别潜在恶意软件的计算机实现的方法可以包括（1）识别经受信誉评估的文件，（2）识别从至少一个计算系统接收的至少一个客户端提交，所述至少一个客户端提交标识（a）文件在计算系统上创建，并且（b）在与文件实例基本上相同的时间在与该文件的实例相同的文件路径内在计算系统上创建的至少一个附加文件，（3）识别信誉与所述附加文件相关联，然后（4）至少部分地基于与所述附加文件相关联的信誉来生成所述文件的信誉评级。还公开了各种其它方法，系统和计算机可读介质。

3. 发明授权

US08225406B1 Systems and methods for using reputation data to detect shared-object-based security threats 有权
标题翻译：使用信誉数据检测基于共享对象的安全威胁的系统和方法
公开(公告)号：US08225406B1
公开(公告)日：2012-07-17
申请号：US12415834
申请日：2009-03-31
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06F11/00
CPC分类号： G06F21/577
摘要： Computer-implemented methods and systems for using reputation data to detect shared-object-based security threats are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) identifying a process, 2) identifying an executable file associated with the process, 3) identifying at least one shared object loaded by the process, 4) obtaining reputation data for both the executable file and the shared object from a reputation service, 5) determining that the shared object represents a potential security risk by comparing the reputation data for the executable file with the reputation data for the shared object and determining that the reputation data for the shared object is significantly different from the reputation data for the executable file, and then 6) performing a security operation on the shared object. Corresponding server-side methods and systems for identifying malicious shared objects based on reputation data are also disclosed.
摘要翻译：公开了用于使用信誉数据来检测基于共享对象的安全威胁的计算机实现的方法和系统。在一个示例中，用于执行这样的任务的示例性方法可以包括：1）识别过程，2）识别与该过程相关联的可执行文件，3）识别由该过程加载的至少一个共享对象，4）获得信誉数据对于来自信誉服务的可执行文件和共享对象，5）通过将可执行文件的信誉数据与共享对象的信誉数据进行比较来确定共享对象表示潜在的安全风险，并且确定用于共享对象与可执行文件的信誉数据显着不同，然后6）对共享对象执行安全操作。还公开了用于基于信誉数据识别恶意共享对象的相应的服务器端方法和系统。

4. 发明授权

US08019689B1 Deriving reputation scores for web sites that accept personally identifiable information 有权
标题翻译：获取接受个人身份信息的网站的信誉评分
公开(公告)号：US08019689B1
公开(公告)日：2011-09-13
申请号：US11863110
申请日：2007-09-27
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06Q99/00
CPC分类号： H04L63/126 , G06Q10/063 , G06Q20/027 , G06Q20/0855 , G06Q20/382 , G06Q30/06
摘要： A reputation server is coupled to multiple clients. Each client has a security module that detects submissions of personally identifiable information (PII) from the client to a web site. The security module reports the identity of the web site and the type of submitted PII to the reputation server. The reputation server computes a reputation score for the web site based on the number and type of PII submissions to it. The reputation score represents an assessment of whether the web site is trustworthy. The reputation server provides the reputation scores for the web site to a client. The security module at the client evaluates the reputation score of the web site and optionally generates an alert advising the user not to submit PII to the web site because the site is untrustworthy.
摘要翻译：信誉服务器耦合到多个客户端。每个客户端都有一个安全模块，用于检测从客户端到网站的个人身份信息（PII）的提交。安全模块向信誉服务器报告网站的身份和提交的PII的类型。信誉服务器根据提交的PII的数量和类型计算网站的信誉分数。信誉评分代表网站是否值得信赖的评估。信誉服务器为客户端提供网站的信誉分数。客户端的安全模块评估网站的信誉分数，并可选地生成警报，建议用户不要将PII提交到网站，因为该网站是不可信赖的。

5. 发明申请

US20090328209A1 Simplified Communication of a Reputation Score for an Entity 有权
标题翻译：实体声誉评分简化通讯
公开(公告)号：US20090328209A1
公开(公告)日：2009-12-31
申请号：US12165599
申请日：2008-06-30
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06F21/00
CPC分类号： H04L63/145 , G06F21/552 , G06F21/562 , G06F21/577 , G06F2221/034 , G06F2221/2115 , G06Q10/10 , H04L63/1408
摘要： A reputation server is coupled to multiple clients via a network. A security module in each client monitors client encounters with entities such as files, programs, and websites, and then computes a hygiene score based on the monitoring. The hygiene scores are then provided to the reputation server, which computes reputation scores for the entities based on the clients' hygiene scores and the interactions between the clients and the entity. When a particular client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The reputation score may comprises a statistical measure based on a number of other trustworthy or “good hygiene” clients that have a hygiene score above a threshold. The client communicates this reputation score to a user with a message indicating that the reputation score is based on other clients deemed trustworthy.
摘要翻译：信誉服务器通过网络耦合到多个客户端。每个客户端中的安全模块监视客户端与文件，程序和网站等实体的相遇，然后根据监控计算卫生评分。然后将卫生评分提供给信誉服务器，信誉服务器根据客户的卫生评分以及客户与实体之间的交互来计算实体的信誉评分。当特定客户端遇到实体时，安全模块从信誉服务器获取实体的信誉分数。信誉分数可以包括基于卫生评分高于阈值的其他值得信赖的或“良好的卫生”客户端的数量的统计量度。客户端将该信誉分数传达给具有指示信誉分数基于其他被认为可信赖的客户端的消息的消息。

6. 发明授权

US6167407A Backtracked incremental updating 失效
标题翻译：回溯增量更新
公开(公告)号：US6167407A
公开(公告)日：2000-12-26
申请号：US89930
申请日：1998-06-03
申请人： Carey S. Nachenberg , William E. Sobel
发明人： Carey S. Nachenberg , William E. Sobel
IPC分类号： G06F9/445 , G06F17/00
CPC分类号： G06F8/658 , Y10S707/99942 , Y10S707/99943 , Y10S707/99953 , Y10S707/99954
摘要： A computer readable file of an original state is updated to a final state. The original state and the final state are both states within a sequence (100) of states, which sequence (100) includes at least one hub state and one non-hub state. A first hub version, which corresponds to a hub state which is at least as early in the sequence as the original state, is stored locally. A hub incremental update (110) is retrieved (314) and used to update (316) the hub version to a second hub version, which second hub version corresponds to a hub state which is at least as early in the sequence (100) as the final state. A final incremental update (112) is retrieved (320) and used with the file of the final hub version to produce (322) a file of the final state. The files corresponding to both the second hub state and the final state are retained (324).
摘要翻译：原始状态的计算机可读文件被更新为最终状态。原始状态和最终状态都是状态序列（100）中的状态，该序列（100）包括至少一个集线器状态和一个非集线器状态。对应于至少与原始状态相同的序列的集线器状态的第一集线器版本被本地存储。检索到集线器增量更新（110）（314）并用于将集线器版本更新（316）到第二集线器版本，该第二集线器版本对应于至少与序列（100）中早期相似的集线器状态，最后的状态。检索最终增量更新（112）（320）并与最终中心版本的文件一起使用以产生（322）最终状态的文件。与第二集线器状态和最终状态对应的文件被保留（324）。

7. 发明授权

US5826013A Polymorphic virus detection module 失效
标题翻译：多形态病毒检测模块
公开(公告)号：US5826013A
公开(公告)日：1998-10-20
申请号：US780985
申请日：1997-01-08
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06F1/00 , G06F21/00 , H04L9/00 , G06F3/00 , H04K3/00
CPC分类号： G06F21/564 , G06F21/566
摘要： A Polymorphic Anti-virus Module (PAM) (200) comprises a CPU emulator (210) for emulating the target program, a virus signature scanning module (250) for scanning decrypted virus code, and an emulation control module (220), including a static exclusion module (230), a dynamic exclusion module (240), instruction/interrupt usage profiles (224) for the mutation engines (162) of the known polymorphic viruses (150), size and target file types (226) for these viruses, and a table (228) having an entry for each known polymorphic virus (150). During emulation, the emulation control module (220) may observe use of a register-indirect memory write instruction using a register that has not been initialized. Such a random write can be used as an indication that the file is probably a data file and so is unlikely to harbor a virus.
摘要翻译：多形态防病毒模块（200）包括用于模拟目标程序的CPU模拟器（210），用于扫描解密的病毒代码的病毒签名扫描模块（250），以及仿真控制模块（220），包括：静态排除模块（230），动态排除模块（240），用于已知多态性病毒（150）的突变引擎（162）的指令/中断使用简档（224），用于这些病毒的大小和目标文件类型（226），以及具有每个已知多态病毒（150）的入口的表（228）。在仿真期间，仿真控制模块（220）可以观察使用尚未被初始化的寄存器的寄存器 - 间接存储器写指令。这样的随机写入可以用作指示文件可能是数据文件，因此不太可能存在病毒。

8. 发明授权

US08756691B2 IP-based blocking of malware 有权
标题翻译：基于IP的阻止恶意软件
公开(公告)号：US08756691B2
公开(公告)日：2014-06-17
申请号：US12943705
申请日：2010-11-10
申请人： Carey S. Nachenberg
发明人： Carey S. Nachenberg
IPC分类号： G06F12/14
CPC分类号： G06F21/51 , G06F21/562
摘要： A security module on a client monitors file download activities at the client and reports hosting website data to a security server. A download analysis module at the security server receives a hosting website data report from the client, where the hosting website data report describes a domain name and an IP address of a website hosting a file the client is attempting to download. The download analysis module analyzes the domain name and IP address of the website to generate file download control data indicating whether to allow downloading of the file to the client. The download analysis module reports the file download control data to the security module of the client. The security module uses the file download control data to selectively block downloading of the file.
摘要翻译：客户端上的一个安全模块监视客户端的文件下载活动，并向安全服务器报告托管网站数据。安全服务器的下载分析模块从客户端接收主机网站数据报告，其中主机网站数据报告描述了托管客户端尝试下载的文件的网站的域名和IP地址。下载分析模块分析网站的域名和IP地址，生成表示是否允许将文件下载到客户端的文件下载控制数据。下载分析模块将文件下载控制数据报告给客户端的安全模块。安全模块使用文件下载控制数据来选择性地阻止文件的下载。

9. 发明授权

US08250657B1 Web site hygiene-based computer security 有权
标题翻译：网站卫生计算机安全
公开(公告)号：US08250657B1
公开(公告)日：2012-08-21
申请号：US11692469
申请日：2007-03-28
申请人： Carey S. Nachenberg , Michael P. Spertus
发明人： Carey S. Nachenberg , Michael P. Spertus
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/577 , G06F21/51
摘要： A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.
摘要翻译：信誉服务器通过网络耦合到多个客户端。每个客户端都有一个安全模块来检测客户端的恶意软件。安全模块根据检测到的恶意软件计算卫生评分。安全模块将信誉服务器的卫生评分和访问网站的标识符提供给信誉服务器。安全模块还提供在指定网站上遇到的文件的标识符到信誉服务器。信誉服务器根据访问网站的客户的卫生得分计算网站的二级卫生评分。信誉服务器还根据托管文件的站点的二级卫生得分进一步计算文件的信誉分数。信誉服务器为客户提供声誉分数。信誉评分代表关联文件是否是恶意的评估。

10. 发明授权

US07904573B1 Temporal access control for computer virus prevention 有权
标题翻译：计算机病毒预防的时间访问控制
公开(公告)号：US07904573B1
公开(公告)日：2011-03-08
申请号：US12249737
申请日：2008-10-10
申请人： Carey S. Nachenberg , William E. Sobel
发明人： Carey S. Nachenberg , William E. Sobel
IPC分类号： G06F15/16 , G06F12/14
CPC分类号： H04L63/0227 , G06F21/56 , H04L63/145
摘要： An access control system (200) enables a computer network (1) to prevent execution of computer code that may contain computer viruses. An access control console (201) generates an access control message (260) including control parameters such as a time limit (255). Said time limit (255) is disseminated to computers (2, 3) on the network (1). Said computers (2, 3) use the time limit (255) to determine the executability of computer code. Access control system (200) also enables blocking data communications with suspicious or susceptible programs in network (1) during virus outbreaks.
摘要翻译：访问控制系统（200）使得计算机网络（1）能够防止可能包含计算机病毒的计算机代码的执行。访问控制台（201）生成包括诸如时间限制（255）的控制参数的访问控制消息（260）。所述时间限制（255）被传播到网络（1）上的计算机（2,3）。所述计算机（2,3）使用时间限制（255）来确定计算机代码的可执行性。访问控制系统（200）还可以在病毒爆发期间阻止与网络（1）中的可疑或易感程序的数据通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式