| Patent application number | Description | Published |
|---|
| 20100287620 | COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts a request to create a process associated with a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values. | 11-11-2010 |
| 20110029772 | CLOUD-BASED APPLICATION WHITELISTING - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After authenticating a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is authenticated with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The authentication includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be loaded and executed if its hash value matches a hash value of an approved code modules within the global whitelist. | 02-03-2011 |
| 20110167050 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, file or operating system activity relating to a code module is intercepted. A cryptographic hash value of the code module is authenticated with reference to a multi-level whitelist, which includes a remote global whitelist and a local whitelist. The remote global whitelist is maintained by a trusted service provider and contains cryptographic hash values of approved code modules known not to contain malicious code. The local whitelist is accessible by computer systems within the LAN and contains cryptographic hash values of a subset of the approved code modules. The cryptographic hash value is checked against the local whitelist. If no match is found, it is checked against the global whitelist. The code module is allowed to be loaded and executed if the cryptographic hash value corresponds to an approved code module. | 07-07-2011 |
| 20110167259 | SOFTWARE LICENSE ENFORCEMENT - Systems and methods for performing software license enforcement are provided. According to one embodiment, file or operating system activity relating to a code module are intercepted by a kernel mode driver of a computer system. The kernel mode driver causes a cryptographic hash value of the code module to be authenticated with reference to a local whitelist containing cryptographic hash values of approved code modules known not to contain malicious code. The local whitelist also contains licensing control information. If the cryptographic hash value matches a cryptographic hash value of an approved code module, then (i) authority to execute the code module is further validated if the licensing control information so indicates by performing a license check regarding the code module; and (ii) the code module is allowed to be loaded and executed within the computer system if the authority is affirmed by the license check. | 07-07-2011 |
| 20110167260 | COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts file system or operating system activity relating to a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values. | 07-07-2011 |
| 20110167261 | SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, file system or operating system activity relating to a first code module is initiated by a running process associated with a second code module. The file system or operating system activity is intercepted by a kernel mode driver of a computer system. The kernel mode driver selectively authorizes loading of the first code module by the running process based at least in part on one or more attributes of the second code module. | 07-07-2011 |
