The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
H04W 40/12 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court sur la base de la qualité d'émission ou de la qualité des canaux
H04W 40/24 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité
2.
Providing Access to Data in a Secure Communication
The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.
Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources when different processes are performed in a virtual computing environment. Methods consistent with the present disclosure may be used to provide a form of redundancy that does not require two physically distinct computers. Such methods may use a set of physical hardware components and two or more sets of synchronized virtual gateway software. Architectural features of physical hardware components included in an apparatus consistent with the present disclosure may be abstracted from sets of virtual program code when one virtual software process backs up another virtual software process at the apparatus.
The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
5.
METHOD FOR PROVIDING AN ELASTIC CONTENT FILTERING SECURITY SERVICE IN A MESH NETWORK
The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.
The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
8.
REAL-TIME PREVENTION OF MALICIOUS CONTENT VIA DYNAMIC ANALYSIS
This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.
Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
10.
FIREWALL ACCESS RULE AUTHENTICATED BY SECURITY ASSERTION MARKUP LANGUAGE (SAML)
Disclosed are systems, apparatuses, methods, computer readable medium, and circuits for providing access to a network. According to at least one example, a method includes: intercepting a request at a firewall the request sent from a computing device regarding establishment of a secure communication session with a network; in response to determining that the request is unauthenticated, notifying a service provider node of the request, wherein the service provider node is configured to: generating a communication session between the computing device and a RBI server; receiving at the firewall authentication information pertaining to authorization for the computing device to establish the secure communication session with the network; identifying that the secure communication session is allowed to be established based on the authentication information; and providing access at the firewall to the computing device to establish the secure communication session with the network.
Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.
Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.
H04L 67/125 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance en impliquant la commande des applications des terminaux par un réseau
H04L 67/141 - Configuration des sessions d'application
The present disclosure relates to securely setting up mesh networks in a secure manner that does not require a physical network cable being attached to a wireless device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may use different communication interfaces and different types of channels to ensure that devices included in or being added to a wireless mesh network always communicate securely. Methods and apparatus consistent with the present disclosure may use a combination of conventional secure communication methods, such as secure hypertext transfer protocol (HTTPS) communications, low power signals that travel over short distances, and other types of communications to create a system that only uses secure communications when setting up or expanding a wireless mesh network.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 12/00 - Dispositions de sécuritéAuthentificationProtection de la confidentialité ou de l'anonymat
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.
Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.
The present disclosure relates to methods and apparatus that registers and configures mesh node devices to operate as part of a wireless mesh network as part of a process that may be referred to as an onboarding process that streamlines. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes when mesh node devices are added to a wireless mesh network.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 12/55 - Appariement sécurisé de dispositifs faisant intervenir trois dispositifs ou plus, p. ex. appariement de groupes
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
H04W 76/11 - Attribution ou utilisation d'identifiants de connexion
H04W 80/10 - Protocoles de couche supérieure adaptés à la gestion de sessions, p. ex. protocole d'initiation de session [SIP Session Initiation Protocol]
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
17.
Detecting profile-based wireless mesh node failover in communication networks
Apparatuses, methods, and non-transitory computer-readable storage media are described for detecting profile-based wireless mesh node failover in communication networks. An apparatus can receive authentication information sent from a first wireless mesh node of a plurality of wireless mesh nodes in a wireless communication network, generate a profile for configuring wireless mesh nodes according to the authentication information, establish a communication session with the first wireless mesh node and a second wireless mesh node based on the profile, detect a failure at the first wireless mesh node that triggers to probe the profile for a communication policy that specifies one or more available wireless mesh nodes that includes the second wireless mesh node, and switch a communication connection to the second wireless mesh node in accordance with the communication policy.
H04W 60/04 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement utilisant des événements déclenchés
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation électromagnétique, p. ex. lecture optiqueMéthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation électromagnétique, p. ex. lecture optiqueMéthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p. ex. lecture de la lumière blanche réfléchie
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 12/03 - Protection de la confidentialité, p. ex. par chiffrement
Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.
G06F 9/48 - Lancement de programmes Commutation de programmes, p. ex. par interruption
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/46 - Dispositions pour la multiprogrammation
G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
19.
Method for providing an elastic content filtering security service in a mesh network
The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.
Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
H04W 40/12 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court sur la base de la qualité d'émission ou de la qualité des canaux
H04W 40/24 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité
22.
Cloud based just in time memory analysis for malware detection
Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
23.
Elastic security services load balancing in a wireless mesh network
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.
The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.
The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
H04W 80/10 - Protocoles de couche supérieure adaptés à la gestion de sessions, p. ex. protocole d'initiation de session [SIP Session Initiation Protocol]
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
26.
Reassembly free deep packet inspection for peer to peer networks
The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.
The present disclosure is directed to protecting data stored at a database in a manner that increases data protection minimizing performance reductions. Apparatus and methods consistent with the present disclosure may collect information from user devices from which user inputs are received when collecting data that may be used to protect database data. Methods consistent with the present disclosure may identify code paths traversed, pages of program code where actions were initiated, and functions associated with those actions. This information may be cross-referenced with a set of data, constraints, rules, or command parameters when data associated with a database query is initially associated with an “allow” action or a “deny” action. This information may also be used to evaluate whether newly generated database queries should be allowed to be sent to a database server or to identify whether a database request should be blocked.
Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.
The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.
The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
32.
Real-time prevention of malicious content via dynamic analysis
This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.
The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
34.
Method for providing an elastic content filtering security service in a mesh network
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
H04W 40/24 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité
H04W 40/12 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court sur la base de la qualité d'émission ou de la qualité des canaux
35.
Elastic security services and load balancing in a wireless mesh network
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.
Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
37.
Just in time memory analysis for malware detection
Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
38.
Adaptive CPU usage mechanism for networking system in a virtual environment
Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources. These methods may allow actions associated with a first set of virtual software to be paused to allow a second set of virtual software to be executed by the shared computing resources. In certain instances, methods and apparatus consistent with the present disclosure may manage the operation of one or more sets of virtual software at a point in time. Apparatus consistent with the present disclosure may include a memory and one or more processors that execute instructions out of the memory. At certain points in time, a processors of a computing system may pause a virtual process while allowing instructions associated with another virtual process to be executed.
G06F 9/48 - Lancement de programmes Commutation de programmes, p. ex. par interruption
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/46 - Dispositions pour la multiprogrammation
G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
39.
Method of creating high availability for single point network gateway using containers
Methods and apparatus consistent with the present disclosure may be used in environments where multiple different virtual sets of program instructions are executed by shared computing resources when different processes are performed in a virtual computing environment. Methods consistent with the present disclosure may be used to provide a form of redundancy that does not require two physically distinct computers. Such methods may use a set of physical hardware components and two or more sets of synchronized virtual gateway software. Architectural features of physical hardware components included in an apparatus consistent with the present disclosure may be abstracted from sets of virtual program code when one virtual software process backs up another virtual software process at the apparatus.
The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.
The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.
The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.
H04W 80/10 - Protocoles de couche supérieure adaptés à la gestion de sessions, p. ex. protocole d'initiation de session [SIP Session Initiation Protocol]
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.
This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.
The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.
Methods and apparatus consistent with the present disclosure may be used after a computer network has been successfully attacked by new malicious program code. Such methods may include collecting data from computers that have been affected by the new malicious program code and this data may be used to identify a type of damage performed by the new malicious code. The collected data may also include a copy of the new malicious program code. Methods consistent with the present disclosure may also include allowing the new malicious program code to execute at an isolated computer while actions and instructions that cause the damage are identified. Signatures may be generated from the identified instructions after which the signatures or data that describes the damaging actions are provided to computing resources such that those resources can detect the new malware program code.
The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
48.
Call location based access control of query to database
The present disclosure is directed to protecting data stored at a database in a manner that increases data protection minimizing performance reductions. Apparatus and methods consistent with the present disclosure may collect information from user devices from which user inputs are received when collecting data that may be used to protect database data. Methods consistent with the present disclosure may identify code paths traversed, pages of program code where actions were initiated, and functions associated with those actions. This information may be cross-referenced with a set of data, constraints, rules, or command parameters when data associated with a database query is initially associated with an “allow” action or a “deny” action. This information may also be used to evaluate whether newly generated database queries should be allowed to be sent to a database server or to identify whether a database request should be blocked.
The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.
G06F 11/00 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 12/16 - Protection contre la perte de contenus de mémoire
50.
Method for providing an elastic content filtering security service in a mesh network
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network. Apparatus and methods consistent with the present disclosure perform a function of elastic content filtering because rating information may be stored in different memories of different mesh nodes according to rules or profiles associated with a wireless mesh network as responses to requests are sent back along a route in a wireless mesh network in a manner that may not increase an amount of network traffic. When, however, network traffic dips below a threshold level, additional messages may be sent to certain mesh nodes that update rating information stored at those certain mesh nodes.
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
H04W 40/24 - Gestion d'informations sur la connectabilité, p. ex. exploration de connectabilité ou mise à jour de connectabilité
H04W 40/12 - Sélection d'itinéraire ou de voie de communication, p. ex. routage basé sur l'énergie disponible ou le chemin le plus court sur la base de la qualité d'émission ou de la qualité des canaux
Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.
H04L 67/125 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance en impliquant la commande des applications des terminaux par un réseau
H04L 67/141 - Configuration des sessions d'application
Securely setting up mesh networks in a secure manner that does not require a physical network cable being attached to a wireless device and that do not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus may use different communication interfaces and different types of channels to ensure that devices included in or being added to a wireless mesh network always communicate securely. Methods and apparatus may use a combination of conventional secure communication methods, such as secure hypertext transfer protocol (HTTPS) communications, low power signals that travel over short distances, and other types of communications to create a system that only uses secure communications when setting up or expanding a wireless mesh network.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 12/00 - Dispositions de sécuritéAuthentificationProtection de la confidentialité ou de l'anonymat
The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
Methods and apparatus that registers a plurality of mesh node devices to operate as part of a wireless mesh network after a user device scans encoded information that is unique to each mesh node of a plurality of different mesh nodes. After codes associated with different respective mesh nodes are scanned by a user device, that user device may communicate with these different mesh nodes via a low power communication interface and the user device may send registration information to a registration computer via a secure communication channel. Apparatus may also receive a validation code from the registration computer via a communication channel that is different from the secure communication channel and these apparatus may then send the validation code to the registration computer via the secure communication channel when the user device is validated by the registration computer.
H04W 60/04 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement utilisant des événements déclenchés
G06K 7/10 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation électromagnétique, p. ex. lecture optiqueMéthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire
G06K 7/14 - Méthodes ou dispositions pour la lecture de supports d'enregistrement par radiation électromagnétique, p. ex. lecture optiqueMéthodes ou dispositions pour la lecture de supports d'enregistrement par radiation corpusculaire utilisant la lumière sans sélection des longueurs d'onde, p. ex. lecture de la lumière blanche réfléchie
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 12/03 - Protection de la confidentialité, p. ex. par chiffrement
The present disclosure relates to securely setting up mesh networks in a manner that does not require a physical network cable being attached to a wireless mesh device and that does not require transmitting unencrypted information wirelessly when a mesh network is setup. Methods and apparatus consistent with the present disclosure may allow a user to choose which mesh nodes can join a network and that user may specificity a custom profile that may include rules that may identify how mesh network identifiers are used, that identify passcodes/passphrases assigned to a particular network, may identify types of traffic that may be passed through particular 802.11 radio channels, or other parameters that may control how traffic is switched between devices in a particular wireless mesh network. This combined with dual factor verification and the use of different types of communication channels make wireless mesh networks easy to deploy and expand.
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
H04W 80/10 - Protocoles de couche supérieure adaptés à la gestion de sessions, p. ex. protocole d'initiation de session [SIP Session Initiation Protocol]
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
56.
Elastic security services and load balancing in a wireless mesh network
The present disclosure distributes processing capabilities throughout different nodes in a wireless network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless network because they help minimize the need to forward communications to other nodes in the network by allowing different wireless nodes to receive and store content ratings regarding requested content in caches associated with respective wireless nodes. Apparatus and methods consistent with the present disclosure perform a load balancing function because they distribute content ratings to different nodes in a wireless network without increasing messaging traffic. As response messages regarding access requests are passed back to a requestor, cache memories at nodes along a communication path are updated to include information that cross-references data identifiers with received content ratings. The cross-referenced data identifiers and content ratings allow each respective wireless node along the communication path to block requests to bad content.
The present disclosure relates to methods and apparatus that registers and configures mesh node devices to operate as part of a wireless mesh network as part of a process that may be referred to as an onboarding process that streamlines. Such an onboarding process may store registration information and configuration information in a database at a computer in the cloud or that is accessible via the Internet. This stored information may be used to easily create or expand a wireless mesh network. This registration information may be cross-referenced with a profile associated with a network configuration, with a customer license, and with an identifier that identifies a wireless mesh network. Profiles consistent with the present disclosure may identify configuration preferences of a wireless mesh network and may identify software components that may be installed at particular mesh nodes when mesh node devices are added to a wireless mesh network.
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 60/00 - Rattachement à un réseau, p. ex. enregistrementSuppression du rattachement à un réseau, p. ex. annulation de l'enregistrement
H04W 76/11 - Attribution ou utilisation d'identifiants de connexion
H04W 80/10 - Protocoles de couche supérieure adaptés à la gestion de sessions, p. ex. protocole d'initiation de session [SIP Session Initiation Protocol]
H04W 12/55 - Appariement sécurisé de dispositifs faisant intervenir trois dispositifs ou plus, p. ex. appariement de groupes
H04W 84/18 - Réseaux auto-organisés, p. ex. réseaux ad hoc ou réseaux de détection
Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.
An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.
Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.
Methods and apparatus consistent with the present disclosure may be performed by a Cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (DPI) on computer data, or identify a content rating associated with computer data. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set. Furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
62.
Just in time memory analysis for malware detection
Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set.
The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.
Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.
Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
68.
JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION
Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows a processor executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware may be detected by scanning suspect program code with a malware scanner, malware may be detected by identifying suspicious actions performed by a set of program code, or malware may be detected by a combination of such techniques.
This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.
This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.
The presently claimed invention manages memory in a multi-processor system. The presently claimed invention may use a combination of global and local locks when allocating memory and de-allocating memory in a multi-processor system. A method consistent with the presently claimed invention may first receive an allocation of a first memory space in the system memory of a multi-core processing system. The allocation of the first memory space may globally locks the first memory space where the memory space may administered by a software module using one or more local locks.
Systems and methods for management of persistent cookies in a corporate web portal are described. A plurality of zones may be defined and stored in memory. Each zone may be associated with a zone property indicative of whether cookies are allowed. A resource request may be received from a user device over a network where access to the requested resource may require a cookie. The user device may be classified into a zone from the plurality of zones based on the attributes of the user device. The cookie may be automatically installed on the user device based on a zone property for the zone and for those resources that have been configured to require installation of a cookie installed without requiring further user interaction following the request.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 12/911 - Contrôle d’admission au réseau et allocation de ressources, p.ex. allocation de bande passante ou renégociation en cours de communication
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
Systems and methods are directed towards network data leakage prevention (DLP). More specifically, the systems and methods are directed towards using TCP (Transmission Control Protocol) data packets in conjunction with the DLP monitor. The network DLP utilizes TCP data packets to carry source user identity. With the source user identity, the DLP monitor can determine if sensitive data can be transmitted based on the provided user information and corresponding DLP policies for each user. Furthermore, the DLP monitor can determine if sensitive data can also be transmitted for particular users in situations where multiple users share the same IP address.
The present invention relates to a system, method, and non-transitory storage medium executable by one or more processors at a multi-processor system that improves load monitoring and processor-core assignments as compared to conventional approaches. A method consistent with the present invention includes a first data packet being received at a multi-processor system. After the first packet is received it may be sent to a first processor where the first processor identifies a first processing task associated with the first data packet. The first data packet may then be forwarded to a second processor that is optimized for processing the first processing task of the first data packet. The second processor may then process the first processing task of the first data packet. Program code associated with the first processing task may be stored in a level one (L1) cache at the first processor.
G06F 9/30 - Dispositions pour exécuter des instructions machines, p. ex. décodage d'instructions
G06F 12/0875 - Adressage d’un niveau de mémoire dans lequel l’accès aux données ou aux blocs de données désirés nécessite des moyens d’adressage associatif, p. ex. mémoires cache avec mémoire cache dédiée, p. ex. instruction ou pile
75.
Mobile device identify factor for access control policies
A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.
brevets
