| Secure Computing Corporation Patent applications |
| Patent application number | Title | Published |
|---|
| 20100115620 | STRUCTURAL RECOGNITION OF MALICIOUS CODE PATTERNS - Various embodiments include an apparatus comprising a detection database including a tree structure of descriptor parts including one or more root nodes and one or more child nodes linked to from one or more parent descriptor parts chains, each of the root nodes representing a descriptor part, and each root node linked to at least one of the child nodes, each root node and each child node linked to any possible additional child nodes, wherein the possible additional child nodes include any possible successor child nodes and a descriptor comparator coupled to the detection database, the descriptor comparator operable to receive data including a plurality of logic entities, once or successively, and to continuously compare logic entities provided to the tree structure of descriptor parts stored in detection database, and to provide an output based on the comparison. | 05-06-2010 |
| 20100037289 | MERGE RULE WIZARD - Various embodiments include a system comprising an interface coupled to a computer network, the interface operable to provide a merge rule wizard operable to generate one or more displayable dialog boxes that include selectable criteria for merging a plurality of sets of security rules into a single security rule base. | 02-11-2010 |
| 20100031359 | PROBABILISTIC SHELLCODE DETECTION - Various embodiments include a method of detecting shell code in an arbitrary file comprising determining where one or more candidate areas exist within an arbitrary file, searching at least one nearby area surrounding each of the one or more candidate areas within the arbitrary file for an instruction candidate, and calculating for any such instruction candidate a statistical probability based on a disassembly of instructions starting at a found offset for the instruction candidate that the disassembled instructions are shellcode. | 02-04-2010 |
| 20090300748 | RULE COMBINATION IN A FIREWALL - A firewall system comprises a rule management tool that is operable to evaluate a rule set for rules that may be merged, present selected rules that can be merged to an administrator, along with an indication of any change in function of the resulting merged rule, and receive input from the administrator indicating whether to merge the selected rules. | 12-03-2009 |
| 20090282471 | NAMED SOCKETS IN A FIREWALL - A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections. | 11-12-2009 |
| 20090254663 | Prioritizing Network Traffic - Methods and systems for operation upon one or more data processors for prioritizing transmission of communications associated with an entity based upon reputation information associated with the entity. | 10-08-2009 |
| 20090222812 | AUTOMATED CLUSTERED COMPUTING APPLIANCE DISASTER RECOVERY AND SYNCHRONIZATION - A system and method for automatic disaster recovery and synchronization of computing appliances configured for operation in a cluster. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover or duplicate the computing appliance's operation state. Upon entering a clustered configuration, the primary node creates a clustered configuration bundle from individual configuration bundles for the registered nodes in the cluster. The clustered configuration bundle can then be used for disaster recovery or synchronization of any of the registered nodes. | 09-03-2009 |
| 20090222690 | AUTOMATED COMPUTING APPLIANCE DISASTER RECOVERY - A system and method for automatic disaster recovery of a computing appliance including reconstruction of its previous operational state. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover the device's operation state. The system and method can also be utilized to recover a not fully functional member of a clustered computing system from the configuration information stored on other members of the cluster. | 09-03-2009 |
| 20090222466 | AUTOMATED COMPUTING APPLIANCE CLONING OR MIGRATION - A system and method for automatically cloning or migrating a computing appliance while maintaining its operational state. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover or duplicate a device's operation state. The system and method can also be utilized to migrate a computing appliance between different operating system while maintaining or replicating the previous operational state. | 09-03-2009 |
| 20090199290 | VIRTUAL PRIVATE NETWORK SYSTEM AND METHOD - One embodiment of the application provides a method and system for receiving at a gateway device a plurality of virtual private network tunnels to be routed to a Local Area Network (LAN), routing a first portion of the plurality of virtual private network tunnels to at least one slave device coupled to the gateway device, performing IPsec processing of the first portion of the plurality of virtual private network tunnels using at least one slave device, forwarding the first portion of the plurality of virtual private network tunnels after IPsec processing to at the gateway device and routing the plurality of virtual private network tunnels to the LAN. | 08-06-2009 |
| 20090192955 | GRANULAR SUPPORT VECTOR MACHINE WITH RANDOM GRANULARITY - Methods and systems for granular support vector machines. Granular support vector machines can randomly select samples of datapoints and project the samples of datapoints into a randomly selected subspaces to derive granules. A support vector machine can then be used to identify hyperplane classifiers respectively associated with the granules. The hyperplane classifiers can be used on an unknown datapoint to provide a plurality of predictions which can be aggregated to provide a final prediction associated with the datapoint. | 07-30-2009 |
| 20090125980 | NETWORK RATING - Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity by analyzing the attributes of the entity, correlating the attributes with known attributes to define relationships between entities sharing attributes, and attributing a portion of the reputation of one related entity to the reputation of the other related entity. | 05-14-2009 |
| 20090122699 | PRIORITIZING NETWORK TRAFFIC - Methods and systems for operation upon one or more data processors for prioritizing transmission among a plurality of data streams based upon a classification associated with the data packets associated with each of the plurality of data streams, respectively. Systems and methods can operate to allocate bandwidth to priority data streams first and recursively allocate remaining bandwidth to lesser priority data streams based upon the priority associated with those respective lesser priority data streams. | 05-14-2009 |
| 20090119740 | ADJUSTING FILTER OR CLASSIFICATION CONTROL SETTINGS - Methods and systems for adjusting control settings associated with filtering or classifying communications to a computer or a network. The adjustment of the control settings can include adjustment of policy and/or security settings associated with the computer or network. Ranges associated with the control settings can also be provided in some implementations. | 05-07-2009 |
| 20080263669 | SYSTEMS, APPARATUS, AND METHODS FOR DETECTING MALWARE - Various embodiments, including a method comprising creating a first fuzzy fingerprint of a known malware file, the first fuzzy fingerprint including a first set of calculated complexity approximations and weightings for each of a plurality of blocks within the known malware file, creating a second fuzzy fingerprint of a file to be checked, the second fuzzy fingerprint including a second set of calculated complexity approximations and weightings for each of a plurality of blocks within the file to be checked, comparing the second fuzzy fingerprint to the first fuzzy fingerprint, calculating a similarity probability for each of the block-wise comparisons, the calculation including a respective weightings for each of the plurality of blocks within the known malware file and for each of the plurality of blocks within the file to be checked, and the calculation including a distance between the compared blocks; and calculating an overall similarity probability for the plurality of blocks compared. | 10-23-2008 |
