Patent application number | Description | Published |
20080250471 | PARENTAL CONTROL USING SOCIAL METRICS SYSTEM AND METHOD - A parent defines friend rules for on-line association with their child. Upon a request of an on-line stranger to be a new friend of the child, stranger information about the on-line stranger is retrieved and compared to the friend rules to determine whether the stranger is allowed, blocked or restricted from being a friend with the child. Accordingly, the parent only has to use a minimal amount of time in establishing the friend rules to protect the parent's child from on-line strangers. | 10-09-2008 |
20090037997 | METHOD FOR DETECTING DNS REDIRECTS OR FRAUDULENT LOCAL CERTIFICATES FOR SSL SITES IN PHARMING/PHISHING SCHEMES BY REMOTE VALIDATION AND USING A CREDENTIAL MANAGER AND RECORDED CERTIFICATE ATTRIBUTES - Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site. | 02-05-2009 |
20090158399 | Method and apparatus for processing a multi-step authentication sequence - A method of automating an authentication sequence for accessing a computer resource comprising processing form information associated with the authentication sequence, wherein the authentication sequence comprises a plurality of queries associated with a plurality of web pages; and communicating a response to a portion of the authentication sequence using form information that corresponds to a query upon recognition of indicia of the portion of the plurality of web pages where the portion comprises the query. | 06-18-2009 |
20100058431 | Agentless Enforcement of Application Management through Virtualized Block I/O Redirection - Application authorization management is provided without installation of an agent at an operating system level. A component runs outside of the operating system, in an AMT environment. AMT is utilized to examine the operating system for applications. Identified applications are checked against a whitelist or a blacklist. Responsive to determining that an identified application is not authorized, AMT is used to redirect input/output requests targeting the application to an alternative image, which can, for example, warn the user that the application is not authorized. | 03-04-2010 |
20100064340 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO DATA THROUGH APPLICATION VIRTUALIZATION LAYERS - A computer-implemented method for controlling access to data is. A request to access data is received. A determination is made that an access-control policy of the data is satisfied. A virtualization layer is activated to allow access to the data after determining that the access-control policy is satisfied. Various other methods, systems, and computer-readable media are also disclosed. | 03-11-2010 |
20100077445 | Graduated Enforcement of Restrictions According to an Application's Reputation - Security software on a client observes a request for a resource from an application on the client and then determines the application's reputation. The application's reputation may be measured by a reputation score obtained from a remote reputation server. The security software determines an access policy from a graduated set of possible access policies for the application based on the application's reputation. The security software applies the access policy to the application's request for the resource. In this way, the reputation-based system uses a graduated trust scale and a policy enforcement mechanism that restricts or grants application functionality for resource interactivity along a graduated scale. | 03-25-2010 |
20100191784 | Extending Secure Management of File Attribute Information to Virtual Hard Disks - File attribute information is shared between processes running on a virtual machine and processes accessing a virtual hard disk from a host level. When a host level process accesses files on a virtual hard disk, that process updates the relevant file attribute information, and stores the updated file attribute information on the virtual hard disk. When a virtual machine level process subsequently accesses files on the virtual hard disk, that process reads the updated file attribute information, and omits unnecessary operations. When a virtual machine level process accesses files on the virtual hard disk and updates the corresponding file attribute information, that process communicates the updated file attribute information to the host. When a host level process subsequently accesses files on the virtual hard disk, the host level process reads the updated file attribute information. | 07-29-2010 |
20100268644 | DATA SUBMISSION FOR ANTI-FRAUD CONTEXT EVALUATION - Contextual data is gathered about a user's known location and/or about a user's expected location and generates contextual indicators based on at least a portion of the gathered contextual data. The contextual indicators are provided to one or more relying parties, such as an anti-fraud system to allow the anti-fraud system to more effectively determine the validity of transactions associated with the user, such as credit card transactions associated with the user's credit card. | 10-21-2010 |
20110191341 | Systems and Methods for Sharing the Results of Computing Operations Among Related Computing Systems - A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed. | 08-04-2011 |
20110321040 | Systems and Methods for Sharing the Results of Analyses Among Virtual Machines - A computer-implemented method may include performing a first analysis on at least one file of a master virtual machine and inserting, into the master virtual machine, information that indicates at least one result of the first analysis. The computer-implemented method may also include maintaining at least one additional virtual machine that is based on the master virtual machine. The computer-implemented method may further include directing the additional virtual machine to reference the information in the master virtual machine instead of performing a second analysis on at least one file of the additional virtual machine. Various other systems, methods, and computer-readable media are also disclosed. | 12-29-2011 |
20120011499 | TECHNIQUES FOR INTERACTION WITH A GUEST VIRTUAL MACHINE - Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure. | 01-12-2012 |
20120240181 | TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE - Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out. | 09-20-2012 |
20120254380 | Enabling Selective Policy Driven Propagation of Configuration Elements Between and Among a Host and a Plurality of Guests - Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest. | 10-04-2012 |
20130091570 | SHORT-RANGE MOBILE HONEYPOT FOR SAMPLING AND TRACKING THREATS - Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server. The method can also include, responsive to a request from the security server for more information about one of the files, providing a copy of that file to the security server for malware analysis and for updating a reputation system tracking mobile device malware. | 04-11-2013 |
20140068273 | Secure App Ecosystem with Key and Data Exchange According to Enterprise Information Control Policy - Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise. | 03-06-2014 |
20140068767 | SYSTEMS AND METHODS FOR DETECTING ILLEGITIMATE APPLICATIONS - A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed. | 03-06-2014 |
20140189784 | SYSTEMS AND METHODS FOR ENFORCING DATA-LOSS-PREVENTION POLICIES USING MOBILE SENSORS - A computer-implemented method for enforcing data-loss-prevention policies using mobile sensors may include (1) detecting an attempt by a user to access sensitive data on a mobile computing device, (2) collecting, via at least one sensor of the mobile computing device, sensor data that indicates an environment in which the user is attempting to access the sensitive data, (3) determining, based at least in part on the sensor data, a privacy level of the environment, and (4) restricting, based at least in part on the privacy level of the environment, the attempt by the user to access the sensitive data according to a DLP policy. Various other methods, systems, and computer-readable media are also disclosed. | 07-03-2014 |
20150026455 | SYSTEMS AND METHODS FOR SECURING EMAIL IN MOBILE DEVICES - A computer-implemented method for providing secure mobile email communications is described. At least one application programming interface (API) of a native email client is hooked in order to transmit data securely via email. The native email client is native to an operating system of the mobile device. An email originating from a registered application is detected, via the hooked API. The email includes the data to transmit securely. The registered application is registered in a registry according to a mobile application authentication procedure. The registry includes a plurality of registered applications authenticated according to the mobile application authentication procedure. | 01-22-2015 |