Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: EP1168141A2
Filed: 2000-06-23
Issued: 2002-01-02
Patent Holder: (Original Assignee) Franklin Electronic Publishers Inc     (Current Assignee) Franklin Electronic Publishers Inc
Inventor(s): Peter Yianilos, Joseph Kilian

Title: A secure and open computer platform
[FEATURE ID: 1] system, computing device ', new program, operating system kernel, pre-execution module, computer, method, step, new program attempts, readable mediumdevice, program, software, server, process, platform, processor[FEATURE ID: 1] data control system, computer platform operable, operating system, memory, application program, station capable, computer platform, system, secret signature key, station
[FEATURE ID: 2] security, validation data, authorization data, steps, executable instructionscomponents, software, instructions, content, code, data, functionality[FEATURE ID: 2] object files, hardware
[FEATURE ID: 3] computing device, programsoftware, application, user, memory, code, file, process[FEATURE ID: 3] application programs, private decryption key, public signature key
[TRANSITIVE ID: 4] comprisingincluding, compromising, using, by, with, incorporating, involving[TRANSITIVE ID: 4] comprising
[FEATURE ID: 5] pre-execution module operableport, interface, transmitter, transceiver[FEATURE ID: 5] output interface
[FEATURE ID: 6] noticeinput, information, data, content, output, user data, electronic data[FEATURE ID: 6] input data, output data
[FEATURE ID: 7] operating systemprocessor, device, system, computer[FEATURE ID: 7] platform
[TRANSITIVE ID: 8] loaded, intercepted, further operableimplemented, executed, provided, installed, used, downloaded, run[TRANSITIVE ID: 8] loaded, stored
[FEATURE ID: 9] validation modulecertificate, filter, database, parser[FEATURE ID: 9] hash function
[TRANSITIVE ID: 10] coupled, operableaccessible, adapted, configured, capable, effective, arranged, further[TRANSITIVE ID: 10] operable, pertaining
[FEATURE ID: 11] pre-execution monitor operableinterface, apparatus, application, receiver, input[FEATURE ID: 11] input interface
[FEATURE ID: 12] validvalidated, approved, allowed, permitted, available, present, appropriate[FEATURE ID: 12] authenticated
[FEATURE ID: 13] execution moduleinterface, interceptor, instruction, engine, interpreter, agent, application[FEATURE ID: 13] object handler
[FEATURE ID: 14] claimclair, claimed, requirement, figure, item[FEATURE ID: 14] claim
[FEATURE ID: 15] loadingtransmission, communication, entry, writing[FEATURE ID: 15] access
[FEATURE ID: 16] checksumcertificate, key, password, pin, reference, parameter, cookie[FEATURE ID: 16] digital signature, private decryption key unique
[FEATURE ID: 17] characteristicsmemory, information, the, files, portions[FEATURE ID: 17] data
[FEATURE ID: 18] filesprocesses, applications, addresses, objects, routines, programs[FEATURE ID: 18] handler programs
1 . A system [FEATURE ID: 1]

for managing security [FEATURE ID: 2]

of a computing device [FEATURE ID: 3]

comprising [TRANSITIVE ID: 4]

: a pre-execution module operable [FEATURE ID: 5]

for receiving notice [FEATURE ID: 6]

from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 7]

that a new program [FEATURE ID: 1]

is being loaded [TRANSITIVE ID: 8]

onto the computing device ; a validation module [FEATURE ID: 9]

coupled [TRANSITIVE ID: 10]

to the pre-execution monitor operable [FEATURE ID: 11]

for determining whether the program [FEATURE ID: 3]

is valid [FEATURE ID: 12]

; a detection module coupled to the pre-execution monitor operable for intercepting a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 13]

coupled to the detection module and operable [FEATURE ID: 10]

for monitoring , at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted [TRANSITIVE ID: 8]

by the detection module . 2 . The system of claim [FEATURE ID: 14]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable [FEATURE ID: 8]

for suspending loading [FEATURE ID: 15]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 2]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 2]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps [FEATURE ID: 2]

of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 16]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 17]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 18]

the new program attempts [FEATURE ID: 1]

to access during execution of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

having computer - executable instructions [FEATURE ID: 2]

1 A data control system [FEATURE ID: 1]

comprising [TRANSITIVE ID: 4]

: a computer platform operable [FEATURE ID: 1]

to authenticate an operating system [FEATURE ID: 1]

to be loaded [TRANSITIVE ID: 8]

on the platform [FEATURE ID: 7]

and preventing the operating system from being loaded onto the platform when the operating system is not authenticated [TRANSITIVE ID: 12]

; a memory [FEATURE ID: 1]

in which application programs [FEATURE ID: 3]

and object files [FEATURE ID: 2]

can be stored [TRANSITIVE ID: 8]

, the operating system being operable [FEATURE ID: 10]

to create a firewall around data [FEATURE ID: 17]

in memory pertaining [TRANSITIVE ID: 10]

to application programs and object files to control access [FEATURE ID: 15]

to the application programs and object files ; an input interface [FEATURE ID: 11]

connected with the platform to allow input data [FEATURE ID: 6]

to be received by the platform , the operating system being capable of decrypting the input data and of authenticating the input data , and the firewalls around the data in memory being capable of allowing the application programs to access the data in memory when approval of access is obtained from the application program [FEATURE ID: 1]

and from the data in memory ; and an output interface [FEATURE ID: 5]

connected to the platform to allow the platform to transmit output data [FEATURE ID: 6]

out of the platform , which output data is encrypted when transmitted . 2 A data control system as claimed in claim [FEATURE ID: 14]

1 , wherein the platform authenticates the operating system by verifying a digital signature [FEATURE ID: 16]

associated with the operating system . 3 A data control system as claimed in claim 1 or 2 , wherein the operating system decrypts the input data with a private decryption key unique [FEATURE ID: 16]

to the platform . 4 A data control system as claimed in claim 3 , further comprising a sending station capable [FEATURE ID: 1]

of encrypting data with a public encryption key ; said public encryption key being directly related to said private decryption key [FEATURE ID: 3]

of said computer platform [FEATURE ID: 1]

. 5 A data control system as claimed in any of claims 1 to 4 , wherein the operating system authenticates the input data by verifying a digital signature associated with the input data with a public signature key [FEATURE ID: 3]

and input data that is not authenticated by said operating system [FEATURE ID: 1]

is classified as insecure data . 6 A data control system as claimed in any of claims 1 to 5 , wherein the output interface encrypts the output data when the output data includes at least a portion of data that has been authenticated by the operating system . 7 A data control system as claimed in claim 5 , further comprising a sending station capable of creating a digital signature with a secret signature key [FEATURE ID: 1]

; the secret signature key being distinctively associated with the sending station [FEATURE ID: 1]

. 8 A data control system as claimed in any of claims 1 to 4 , wherein the operating system is capable of authenticating the input data by using a hash function [FEATURE ID: 9]

. 9 A data control system as claimed in any of claims 1 to 8 , wherein the data in memory gives approval for access through an object handler [FEATURE ID: 13]

associated with each of the object files when the data in memory pertains to the object files . 10 A data control system as claimed in any of claims 1 to 9 , wherein the output data is encrypted with a public encryption key unique to the platform . 11 A data control system as claimed in claim 10 , wherein the output data is decrypted with a private decryption key associated with the public encryption key . 12 A data control system as claimed in any of claims 1 to 11 in which the computer platform includes hardware [FEATURE ID: 2]

for authenticating the operating system and preventing the operating system being loaded when it is not authenticated . 13 A data control system comprising : a sending station , including : ( a ) a plurality of application programs , ( b ) a plurality of object files , ( c ) a plurality of handler programs [FEATURE ID: 18]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US20010056533A1
Filed: 2000-06-23
Issued: 2001-12-27
Patent Holder: (Original Assignee) Franklin Electronic Publishers Inc     (Current Assignee) Franklin Electronic Publishers Inc
Inventor(s): Peter Yianilos, Joseph Kilian

Title: Secure and open computer platform
[FEATURE ID: 1] system, validation module, operating system kernel, pre-execution module, computer, method, step, readable mediumserver, device, software, hardware, user, processor, controller[FEATURE ID: 1] data control system, computer platform, system, platform, application program, public signature key, station capable, secret signature key, station
[TRANSITIVE ID: 2] managing, receiving, determining, intercepting, monitoring, suspendingdetecting, controlling, enabling, requesting, initiating, verifying, accepting[TRANSITIVE ID: 2] authenticating
[FEATURE ID: 3] security, validation data, authorization data, executable instructionssoftware, firmware, content, data, resources, code, components[FEATURE ID: 3] hardware, memory, object files
[FEATURE ID: 4] computing device, computing device ', new program, program, loading, operation, new program attemptsapplication, software, system, file, computer, process, user[FEATURE ID: 4] operating system, operating, application programs, firewalls, private decryption key
[TRANSITIVE ID: 5] comprisingincluding, with, using, containing, featuring, incorporating, possessing[TRANSITIVE ID: 5] comprising, having
[FEATURE ID: 6] pre-execution module operablemeans, method, step, system[FEATURE ID: 6] hardware capable
[FEATURE ID: 7] noticeinput, data, information, content, messages, user data, an[FEATURE ID: 7] input data, output data
[FEATURE ID: 8] operating systembios, processor, firmware, network[FEATURE ID: 8] hash function
[TRANSITIVE ID: 9] beingbeen, becoming, getting, successfully[TRANSITIVE ID: 9] being
[TRANSITIVE ID: 10] loaded, intercepted, further operableimplemented, executed, processed, placed, run, used, downloaded[TRANSITIVE ID: 10] loaded, stored
[FEATURE ID: 11] pre-execution monitor operableinput, output, interface, instruction, apparatus, application, api[FEATURE ID: 11] input interface, encryption key unique, decryption key
[FEATURE ID: 12] validapproved, loaded, present, available, trustworthy, validated, legitimate[FEATURE ID: 12] authenticated
[FEATURE ID: 13] execution moduleoperator, indicator, interpreter, agent, application, interface, adapter[FEATURE ID: 13] output interface, object handler
[FEATURE ID: 14] claimfigure, clair, statement, embodiment, requirement, clause, paragraph[FEATURE ID: 14] claim
[FEATURE ID: 15] checksumkey, hash, version, certificate, password, program, fingerprint[FEATURE ID: 15] digital signature, private decryption key unique, portion
[FEATURE ID: 16] characteristicsmemory, information, the, files, portions[FEATURE ID: 16] data
[FEATURE ID: 17] filesports, applications, programs, parameters[FEATURE ID: 17] platforms
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 6]

for receiving [TRANSITIVE ID: 2]

notice [FEATURE ID: 7]

from the computing device ' [FEATURE ID: 4]

s operating system [FEATURE ID: 8]

that a new program [FEATURE ID: 4]

is being [TRANSITIVE ID: 9]

loaded [TRANSITIVE ID: 10]

onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 11]

for determining [TRANSITIVE ID: 2]

whether the program [FEATURE ID: 4]

is valid [FEATURE ID: 12]

; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 2]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 13]

coupled to the detection module and operable for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted [TRANSITIVE ID: 10]

by the detection module . 2 . The system of claim [FEATURE ID: 14]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable [FEATURE ID: 10]

for suspending [TRANSITIVE ID: 2]

loading [FEATURE ID: 4]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 3]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 3]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation [FEATURE ID: 4]

with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 15]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 16]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 17]

the new program attempts [FEATURE ID: 4]

to access during execution of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

having computer - executable instructions [FEATURE ID: 3]

1 . A data control system [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

: a computer platform [FEATURE ID: 1]

having [TRANSITIVE ID: 5]

hardware [FEATURE ID: 3]

; said hardware capable [FEATURE ID: 6]

of authenticating [TRANSITIVE ID: 2]

an operating system [FEATURE ID: 4]

to be loaded [TRANSITIVE ID: 10]

on said hardware and preventing said operating [TRANSITIVE ID: 4]

system [FEATURE ID: 1]

from being [TRANSITIVE ID: 9]

loaded onto said hardware when said operating system is not authenticated [TRANSITIVE ID: 12]

; said hardware having memory [FEATURE ID: 3]

in which application programs [FEATURE ID: 4]

and object files [FEATURE ID: 3]

can be stored [TRANSITIVE ID: 10]

; said operating system capable of creating a firewall around data [FEATURE ID: 16]

in memory pertaining to application programs and object files to control access to said application programs and object files ; an input interface [FEATURE ID: 11]

connected to said platform [FEATURE ID: 1]

to allow input data [FEATURE ID: 7]

to be received by said platform ; said operating system capable of decrypting said input data and of authenticating said input data ; said firewalls [FEATURE ID: 4]

around said data in memory being capable of allowing said application programs to access said data in memory when approval of access is obtained from said application program [FEATURE ID: 1]

and from said data in memory ; and an output interface [FEATURE ID: 13]

connected to said platform to allow said platform to transmit output data [FEATURE ID: 7]

out of said platform ; said output data being encrypted when transmitted . 2 . A data control system as claimed in claim [FEATURE ID: 14]

1 , wherein said hardware authenticates said operating system by verifying a digital signature [FEATURE ID: 15]

associated with said operating system . 3 . A data control system as claimed in claim 1 , wherein said operating system decrypts said input data with a private decryption key unique [FEATURE ID: 15]

to said platform . 4 . A data control system as claimed in claim 1 , wherein said operating system authenticates said input data by verifying a digital signature associated with said input data with a public signature key [FEATURE ID: 1]

and input data that is not authenticated by said operating system is classified as insecure data . 5 . A data control system as claimed in claim 3 , further comprising a sending station capable [FEATURE ID: 1]

of encrypting data with a public encryption key ; said public encryption key being directly related to said private decryption key [FEATURE ID: 4]

of said computer platform . 6 . A data control system as claimed in claim 4 , further comprising a sending station capable of creating a digital signature with a secret signature key [FEATURE ID: 1]

; said secret signature key being distinctively associated with said sending station [FEATURE ID: 1]

. 7 . A data control system as claimed in claim 1 , wherein said data in memory gives approval for access through an object handler [FEATURE ID: 13]

associated with each of said object files when said data in memory pertains to said object files . 8 . A data control system as claimed in claim 1 , wherein said output data is encrypted with an encryption key unique [FEATURE ID: 11]

to said platform . 9 . A data control system as claimed in claim 8 , wherein said output data is decrypted with an decryption key [FEATURE ID: 11]

associated with said public encryption key . 10 . A data control system as claimed in claim 4 , wherein said output interface encrypts said output data when said output data includes at least a portion [FEATURE ID: 15]

of data that has been authenticated by said operating system . 11 . A data control system as claimed in claim 1 , wherein said operating system is capable of authenticating said input data by using a hash function [FEATURE ID: 8]

. 12 . A data control system comprising : a sending station , a plurality of receiving platforms [FEATURE ID: 17]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6334213B1
Filed: 1998-01-20
Issued: 2001-12-25
Patent Holder: (Original Assignee) Preview Systems     (Current Assignee) SafeNet Data Security Israel Ltd ; Motorola Solutions Inc
Inventor(s): Weijun Li

Title: Merging of separate executable computer programs to form a single executable computer program
[FEATURE ID: 1] system, computing device, pre-execution module operable, validation module, stepdevice, server, process, mechanism, network, memory, controller[FEATURE ID: 1] method, computer, readable medium
[TRANSITIVE ID: 2] managing, monitoring, executionexecuting, implementing, performing, running, controlling, processing, installing[TRANSITIVE ID: 2] modifying, comprising, writing
[FEATURE ID: 3] security, operating system kernel, validation data, authorization data, characteristics, executable instructionsmemory, information, software, data, the, functionality, content[FEATURE ID: 3] execution, prior execution, code, injection executable controls execution, multiple sections, computer memory, instructions, memory space
[TRANSITIVE ID: 4] comprisingby, having, includes, containing, involving, using, with[TRANSITIVE ID: 4] including
[TRANSITIVE ID: 5] receiving, determining, interceptingobtaining, identifying, examining, storing, monitoring, capturing, checking[TRANSITIVE ID: 5] specifying, reading, analyzing
[FEATURE ID: 6] operating system, computerhardware, software, firmware, controller, computing, device, data[FEATURE ID: 6] memory
[FEATURE ID: 7] new programprogram, routine, command, code, new[FEATURE ID: 7] new executable
[TRANSITIVE ID: 8] beingsubsequently, automatically, initially, previously[TRANSITIVE ID: 8] first
[FEATURE ID: 9] pre-execution monitor operableoperable, instruction, application, program[FEATURE ID: 9] original executable
[FEATURE ID: 10] program, filesfile, code, data, instruction, memory, software, area[FEATURE ID: 10] name, section, information, injection executable information, program instructions
[FEATURE ID: 11] execution moduleexecution, output, element, instruction, implementation[FEATURE ID: 11] export table
[FEATURE ID: 12] claimaspect, requirement, item, paragraph, figure, clause, embodiment[FEATURE ID: 12] claim
[FEATURE ID: 13] loadingprogramming, copying, writing, loads[FEATURE ID: 13] injection executable loading
[FEATURE ID: 14] methodprocess, step, procedure, methods[FEATURE ID: 14] steps
[FEATURE ID: 15] stepselements, process, step, step further, further, method, added step[FEATURE ID: 15] further step, further steps
[FEATURE ID: 16] operationlinking, processing, coupling, using[FEATURE ID: 16] injecting
[FEATURE ID: 17] checksumcontent, version, source, payload[FEATURE ID: 17] different section
[FEATURE ID: 18] readable mediummedia, memory, product, code, executable, medium, rom[FEATURE ID: 18] readable meadium
[FEATURE ID: 19] samespecified, first, single, different[FEATURE ID: 19] corresponding
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 1]

comprising [TRANSITIVE ID: 4]

: a pre-execution module operable [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 5]

notice from the computing device ' s operating system [FEATURE ID: 6]

that a new program [FEATURE ID: 7]

is being [TRANSITIVE ID: 8]

loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 9]

for determining [TRANSITIVE ID: 5]

whether the program [FEATURE ID: 10]

is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 5]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 11]

coupled to the detection module and operable for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 3]

of the computing device , the program in response to the trigger intercepted by the detection module . 2 . The system of claim [FEATURE ID: 12]

1 , wherein the pre-execution module is further operable for suspending loading [FEATURE ID: 13]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 3]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 3]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 6]

implemented method [FEATURE ID: 14]

for implementing security for a computing device comprising the steps [FEATURE ID: 15]

of : interrupting the loading of a new program for operation [FEATURE ID: 16]

with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 17]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 3]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 10]

the new program attempts to access during execution [FEATURE ID: 2]

of the new program . 13 . A computer - readable medium [FEATURE ID: 18]

having computer - executable instructions [FEATURE ID: 3]

for performing the steps recited in claim 6 . 14 . A computer - implemented method for implementing security for a computing device , comprising the steps of : identifying an allowed program that is permitted to execute on the computing device ; receiving a signal that a new program is going to be executed on the computing device ; suspending the execution of the new program on the computing device ; determining whether the new program is the same [FEATURE ID: 19]

1 . A method [FEATURE ID: 1]

of modifying [TRANSITIVE ID: 2]

an original executable [FEATURE ID: 9]

including [TRANSITIVE ID: 4]

a code section , a data section and a resource section by injecting [TRANSITIVE ID: 16]

it with an injection executable also including a code section , a data section and a resource section so as to control execution [FEATURE ID: 3]

of the original executable through prior execution [FEATURE ID: 3]

of the injection executable , the method comprising [TRANSITIVE ID: 2]

the steps [FEATURE ID: 14]

of : specifying [TRANSITIVE ID: 5]

the name [FEATURE ID: 10]

of the original executable ; specifying the name of the injection executable ; reading [FEATURE ID: 5]

and analyzing [TRANSITIVE ID: 5]

at least the original executable ; combining at least one section [FEATURE ID: 10]

of the original executable with a corresponding [TRANSITIVE ID: 19]

section of the injection executable ; writing [TRANSITIVE ID: 2]

a new executable [FEATURE ID: 7]

including code [FEATURE ID: 3]

of the original executable and code of the injection executable , and including a placeholder section corresponding to a section of the original executable , and including a modified header , the modified header causing code of the injection executable to be executed prior to execution of any code of the original executable ; and writing information [FEATURE ID: 10]

from said section of the original executable in a different section [FEATURE ID: 17]

of the new executable ; wherein the injection executable controls execution [FEATURE ID: 3]

of the new executable . 2 . The method of claim [FEATURE ID: 12]

1 , wherein the different section of the new executable is a resource section . 3 . The method of claim 2 , wherein information from multiple sections [FEATURE ID: 3]

of the original executable is stored in the resource section of the new executable . 4 . The method of claim 3 , wherein said multiple sections include a code section and a resource section . 5 . The method of claim 4 , wherein said multiple sections further include a data section . 6 . The method of claim 1 , comprising the further step [FEATURE ID: 15]

of compressing or encrypting information from said section of the original executable . 7 . The method of claim 1 , wherein the new executable includes code from the injection executable for loading information from said section of the original executable into computer memory [FEATURE ID: 3]

at a location indicated by said placeholder section . 8 . A method of modifying an original executable including a code section , a data section and a resource section by injecting it with an injection executable also including a code section , a data section and a resource section so as to control execution of the original executable through prior execution of the injection executable , the method comprising the steps of : writing a new executable in which at least one section of the original executable is stored within a different , non-corresponding section of the new executable ; including instructions [FEATURE ID: 3]

to reserve within memory space [FEATURE ID: 3]

for said one section of the original executable ; and upon executing the new executable , first [FEATURE ID: 8]

executing code from the injection executable , said code from the injection executable loading [FEATURE ID: 13]

said one section of the original executable into memory [FEATURE ID: 6]

and causing execution of said one section of the original executable . 9 . The method of claim 8 , wherein said non-corresponding section of the new executable is a resource section . 10 . The method of claim 9 , wherein information from multiple sections of the original executable is stored in the resource section of the new executable . 11 . The method of claim 10 , wherein said multiple sections include a code section and a resource section . 12 . The method of claim 11 , wherein said multiple sections further include a data section . 13 . The method of claim 8 , comprising the further step of compressing or encrypting information from said at least one section of the original executable . 14 . The method of claim 13 , wherein the new executable includes code from the injection executable for loading information from said section of the original executable into computer memory . 15 . The method of claim 8 , comprising the further steps [FEATURE ID: 15]

of including within a section from the injection executable information [FEATURE ID: 10]

corresponding to an export table [FEATURE ID: 11]

of the original executable , and modifying an export table of the new executable to point to a section of the original executable . 16 . A computer [FEATURE ID: 1]

- readable medium [FEATURE ID: 1]

including program instructions [FEATURE ID: 10]

for modifying an original executable including a code section , a data section and a resource section by injecting it with an injection executable also including a code section , a data section and a resource section so as to control execution of the original executable through prior execution of the injection executable , said instructions including instructions for : inputting the name of the original executable ; inputting the name of the injection executable ; reading and analyzing at least the original executable ; combining at least one section of the original executable with a corresponding section of the injection executable ; writing a new executable including code of the original executable and code of the injection executable , and including a placeholder section corresponding to a section of the original executable , and including a modified header , the modified header causing code of the injection executable to be executed prior to execution of any code of the original executable ; and writing information from said section of the original executable in a different section of the new executable ; wherein the injection executable controls execution of the new executable . 17 . A computer - readable meadium [FEATURE ID: 18]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6330670B1
Filed: 1998-10-26
Issued: 2001-12-11
Patent Holder: (Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC
Inventor(s): Paul England, John D. DeTreville, Butler W. Lampson

Title: Digital rights management operating system
[FEATURE ID: 1] system, pre-execution module operable, computing device ', new program, validation module, pre-execution monitor operable, operating system kernel, pre-execution module, method, step, new program attemptsdevice, computer, memory, process, controller, cpu, server[FEATURE ID: 1] computerized method, digital rights management operating system, program, operating system level, user, computer system, system memory, system bus, processor, digital rights management operating system further, application prior, computer processor
[TRANSITIVE ID: 2] managing, receiving, determining, intercepting, monitoring, executionprocessing, providing, detecting, registering, identifying, establishing, checking[TRANSITIVE ID: 2] assuming, executing, protecting
[FEATURE ID: 3] security, executable instructionsfunctionality, commands, operations, components, information, steps, privileges[FEATURE ID: 3] available functions, functions available, executable instructions
[FEATURE ID: 4] computing devicesystem, device, user, interface, program, browser, platform[FEATURE ID: 4] trusted, identity, application, page file, time server
[TRANSITIVE ID: 5] comprisingincluding, comprises, having, includes, containing, involving, compromising[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] operating system, characteristicscode, the, user, computer, data, processor, hardware[FEATURE ID: 6] memory, untrusted program
[FEATURE ID: 7] programinstruction, application, loading, process[FEATURE ID: 7] execution
[FEATURE ID: 8] execution module, operationapplication, execution, implementation, use, usage, administrator, environment[FEATURE ID: 8] access, untrusted process
[FEATURE ID: 9] claimaspect, clair, claimed, statement, embodiment, requirement, clause[FEATURE ID: 9] claim
[TRANSITIVE ID: 10] suspendingstarting, pausing, beginning, requesting, prohibiting, continuing, preventing[TRANSITIVE ID: 10] refusing
[FEATURE ID: 11] loadingprocessing, execution, activation, writing, loads, transfer, download[FEATURE ID: 11] load, modification
[FEATURE ID: 12] authorization dataresults, commands, data, preferences[FEATURE ID: 12] rights
[FEATURE ID: 13] computercontroller, computing, computerized, user, machine[FEATURE ID: 13] computer
[FEATURE ID: 14] stepsfunctions, blocks, instructions, features, activities, following, tasks[FEATURE ID: 14] elements
[FEATURE ID: 15] checksumrequest, data, parameter, key[FEATURE ID: 15] first value
[FEATURE ID: 16] filesstorage, content, memory, data[FEATURE ID: 16] raw access
[FEATURE ID: 17] readable mediummedia, memory, rom, medium, recorded medium[FEATURE ID: 17] readable medium
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 2]

notice from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 6]

that a new program [FEATURE ID: 1]

is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 1]

for determining [TRANSITIVE ID: 2]

whether the program [FEATURE ID: 7]

is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 2]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 8]

coupled to the detection module and operable for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted by the detection module . 2 . The system of claim [FEATURE ID: 9]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable for suspending [TRANSITIVE ID: 10]

loading [FEATURE ID: 11]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data . 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 12]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 13]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps [FEATURE ID: 14]

of : interrupting the loading of a new program for operation [FEATURE ID: 8]

with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 15]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 6]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 16]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 2]

of the new program . 13 . A computer - readable medium [FEATURE ID: 17]

having computer - executable instructions [FEATURE ID: 3]

1 . A computerized method [FEATURE ID: 1]

for a digital rights management operating system [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

: assuming [TRANSITIVE ID: 2]

a trusted [TRANSITIVE ID: 4]

identity [FEATURE ID: 4]

; executing [TRANSITIVE ID: 2]

a trusted application [FEATURE ID: 4]

; loading rights - managed data into memory [FEATURE ID: 6]

for access [FEATURE ID: 8]

by the trusted application ; and protecting [TRANSITIVE ID: 2]

the rights [FEATURE ID: 12]

- managed data from access by an untrusted program [FEATURE ID: 6]

while the trusted application is executing . 2 . The computerized method of claim [FEATURE ID: 9]

1 , wherein protecting the rights - managed data comprises : refusing [TRANSITIVE ID: 10]

to load [TRANSITIVE ID: 11]

the untrusted program into memory . 3 . The computerized method of claim 1 , wherein protecting the rights - managed data comprises : removing the rights - managed data from memory before loading the untrusted program . 4 . The computerized method of claim 3 , further comprising : terminating the execution [FEATURE ID: 7]

of the trusted program [FEATURE ID: 1]

. 5 . The computerized method of claim 3 , further comprising : renouncing the trusted identity before loading the untrusted program when the untrusted program executes at the operating system level [FEATURE ID: 1]

. 6 . The computerized method of claim 1 , wherein protecting the rights - managed data comprises : securing the rights - managed data written to a page file [FEATURE ID: 4]

by the digital rights management operating system . 7 . The computerized method of claim 6 , wherein securing the rights - managed data written to a page file comprises : prohibiting raw access [FEATURE ID: 16]

to the page file while the trusted application is executing . 8 . The computerized method of claim 6 , wherein securing the rights - managed data written to a page file comprises : erasing the page file before allowing raw access to the page file . 9 . The computerized method of claim 8 , further comprising : terminating the execution of the trusted application . 10 . The computerized method of claim 6 , wherein securing the rights - managed data written to a page file comprises : encrypting the rights - managed data prior to writing it to the page file . 11 . The computerized method of claim 1 , further comprising : protecting the trusted application from modification [FEATURE ID: 11]

by an untrusted process [FEATURE ID: 8]

while the trusted application is executing . 12 . The computerized method of claim 11 , wherein protecting the trusted application comprises : refusing to attach the untrusted process to the trusted application . 13 . The computerized method of claim 11 , wherein protecting the trusted application comprises : preventing the untrusted process from accessing memory allocated to the trusted application . 14 . The computerized method of claim 1 , further comprising : restricting a user [FEATURE ID: 1]

to a subset of available functions [FEATURE ID: 3]

for manipulating the rights - managed data . 15 . The computerized method of claim 1 , further comprising : restricting a user to a subset of functions available [FEATURE ID: 3]

for modifying the trusted application during execution . 16 . The computerized method of claim 1 wherein the elements [FEATURE ID: 14]

are performed in the order recited . 17 . A computer system [FEATURE ID: 1]

comprising : a processing unit ; a system memory [FEATURE ID: 1]

coupled to the processing unit through a system bus [FEATURE ID: 1]

; a computer [FEATURE ID: 13]

- readable medium [FEATURE ID: 17]

coupled to the processing unit through a system bus ; and a digital rights management operating system executed from the computer - readable medium by the processing unit , wherein the digital rights management operating system causes the processor [FEATURE ID: 1]

to create a trusted identity for the digital rights management operating system . 18 . The computer system of claim 17 , further comprising : a trusted application executed from the computer - readable medium by the processing unit , wherein the trusted application causes the processor to load rights - managed data into the system memory , and wherein the digital rights management operating system further [FEATURE ID: 1]

causes the processor to protect the rights - managed data while the trusted application is executing . 19 . The computer system of claim 18 , wherein the digital rights management operating system further causes the processor to write the rights - managed data into a page file on the computer - readable medium and causes the processor to secure the rights - managed data on the page file from access by an untrusted program . 20 . The computer system of claim 19 , wherein the digital rights management operating system further causes the processor to erase the rights - managed data from the page file before allowing access to the page file by the untrusted program . 21 . The computer system of claim 18 , wherein digital rights management operating system further causes the processor to revoke the trusted identity and terminate the trusted application prior [FEATURE ID: 1]

to loading an untrusted program . 22 . A computer - readable medium having computer - executable instructions [FEATURE ID: 3]

for a digital rights management operating system stored thereon comprising : obtaining , from a computer processor [FEATURE ID: 1]

, a first value [FEATURE ID: 15]

for a monotonic counter ; presenting , to a trusted time server [FEATURE ID: 4]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6324656B1
Filed: 1998-06-30
Issued: 2001-11-27
Patent Holder: (Original Assignee) Cisco Technology Inc     (Current Assignee) Cisco Technology Inc
Inventor(s): Robert Gleichauf, Steven Shanklin, Scott Waddell, Kevin Ziese

Title: System and method for rules-driven multi-phase network vulnerability assessment
[FEATURE ID: 1] system, computing device, pre-execution module operable, new program, validation module, operating system kernel, pre-execution module, computer, new program attempts, readable mediumdevice, server, process, software, platform, controller, machine[FEATURE ID: 1] computer, network, service, potential vulnerability, system
[TRANSITIVE ID: 2] managing, monitoring, suspendinginitiating, implementing, starting, completing, executing, enabling, controlling[TRANSITIVE ID: 2] performing
[TRANSITIVE ID: 3] comprisingincluding, comprises, having, includes, containing, involving, compromising[TRANSITIVE ID: 3] comprising
[TRANSITIVE ID: 4] receivingcapturing, registering, recording, processing, catching, compiling, logging[TRANSITIVE ID: 4] collecting, storing
[FEATURE ID: 5] operating systemapplication, controller, agent, processor, computer[FEATURE ID: 5] execution module
[FEATURE ID: 6] pre-execution monitor operableinstruction, operable, module, system, processor[FEATURE ID: 6] execution module operable
[TRANSITIVE ID: 7] determining, interceptingtracking, examining, monitoring, analyzing, detecting, identifying, recognizing[TRANSITIVE ID: 7] pinging
[FEATURE ID: 8] execution moduleapplication, action, event, element, environment, agent[FEATURE ID: 8] operating system
[FEATURE ID: 9] operable, further operableenabled, capable, configured, adapted, further, selectable, arranged[FEATURE ID: 9] operable
[TRANSITIVE ID: 10] intercepteddetermined, received, obtained, transmitted, provided, observed, generated[TRANSITIVE ID: 10] sent
[FEATURE ID: 11] claimparagraph, clair, claimed, statement, embodiment, requirement, clause[FEATURE ID: 11] claim
[FEATURE ID: 12] validation datafiles, events, parameters, statistics, keys, content, logs[FEATURE ID: 12] banners, entries
[FEATURE ID: 13] authorization datarules, criteria, commands, settings, results, standards, policy[FEATURE ID: 13] multi-phase rules, data, rule sets
[FEATURE ID: 14] methodcommunication method, methods, based method, system method, automated method, security method, management method[FEATURE ID: 14] method
[FEATURE ID: 15] characteristicsthe, portions, parameters, data, properties, information[FEATURE ID: 15] results
[FEATURE ID: 16] filesfile, storage, memory, data, network[FEATURE ID: 16] first database
[FEATURE ID: 17] executionmonitoring, verification, testing, operations, processing, inspection, detection[FEATURE ID: 17] network vulnerability assessment, comparison
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security of a computing device [FEATURE ID: 1]

comprising [TRANSITIVE ID: 3]

: a pre-execution module operable [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 4]

notice from the computing device ' s operating system [FEATURE ID: 5]

that a new program [FEATURE ID: 1]

is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 6]

for determining [TRANSITIVE ID: 7]

whether the program is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 7]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 8]

coupled to the detection module and operable [FEATURE ID: 9]

for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted [TRANSITIVE ID: 10]

by the detection module . 2 . The system of claim [FEATURE ID: 11]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable [FEATURE ID: 9]

for suspending [TRANSITIVE ID: 2]

loading of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 12]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 13]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 14]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 15]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 16]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 17]

of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

1 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 14]

for multi-phase rules [FEATURE ID: 13]

- driven network vulnerability assessment [FEATURE ID: 17]

, the method comprising [TRANSITIVE ID: 3]

: pinging [TRANSITIVE ID: 7]

devices on a network [FEATURE ID: 1]

to discover devices with a connection to the network ; performing [TRANSITIVE ID: 2]

port scans on the discovered devices and collecting [TRANSITIVE ID: 4]

banners [FEATURE ID: 12]

sent [TRANSITIVE ID: 10]

as a result of the port scans ; storing [TRANSITIVE ID: 4]

information from the collected banners as entries [FEATURE ID: 12]

in a first database [FEATURE ID: 16]

to establish a network configuration ; comparing the entries in the network configuration with more than one rule set to determine potential vulnerabilities ; and storing results [FEATURE ID: 15]

of the comparison [FEATURE ID: 17]

in a second database . 2 . The method of claim [FEATURE ID: 11]

1 , further comprising performing host nudges on the devices and storing information from data [FEATURE ID: 13]

received as entries in the first database . 3 . The method of claim 1 , further comprising performing active data collection and storing information from data received as entries in the first database . 4 . The method of claim 1 , wherein comparing comprises : comparing an entry in the network configuration to a rule to determine an operating system [FEATURE ID: 8]

represented by the entry ; comparing the entry to a second rule to determine a service [FEATURE ID: 1]

; and comparing the entry to a third rule to determine a potential vulnerability [FEATURE ID: 1]

. 5 . The method of claim 1 , wherein the rule sets [FEATURE ID: 13]

comprise a text based prepositional logic language . 6 . The method of claim 1 , further comprising confirming a potential vulnerability by performing an active exploit . 7 . A system [FEATURE ID: 1]

for multi-phase rules - driven network vulnerability assessment , the system comprising : a first database for storing information from collected banners as entries ; a plurality of rule sets ; a second database for storing results of a comparison ; and an execution module [FEATURE ID: 5]

coupled to the first database , the rule set , and the second database , the execution module operable [FEATURE ID: 6]

to ping devices on a network to discover devices with a connection to the network , the execution module further operable [FEATURE ID: 9]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6324647B1
Filed: 1999-08-31
Issued: 2001-11-27
Patent Holder: (Original Assignee) Accenture LLP     (Current Assignee) Accenture Global Services Ltd
Inventor(s): Michel K. Bowman-Amuah

Title: System, method and article of manufacture for security management in a development architecture framework
[FEATURE ID: 1] system, operating system, new program, validation module, execution module, operating system kernel, pre-execution module, new program attemptsprogram, computer, process, platform, manager, application, device[FEATURE ID: 1] development architecture framework, separate wide area network, system administrator, security system, planning component
[TRANSITIVE ID: 2] managing, suspendingenabling, securing, allowing, monitoring, controlling, facilitating, protecting[TRANSITIVE ID: 2] providing, restricting, verifying
[FEATURE ID: 3] security, loadingresources, access, content, applications, the, performance, operations[FEATURE ID: 3] security management, credit cards, transmittal, user access, security logs, threats
[FEATURE ID: 4] computing device, pre-execution monitor operablesystem, notification, processor, application, database, client, memory[FEATURE ID: 4] user
[TRANSITIVE ID: 5] comprisingincluding, compromising, encompassing, using, by, with, incorporating[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] pre-execution module operable, method, stepsstep, process, means, mechanism, methods, system, procedure[FEATURE ID: 6] method, steps
[TRANSITIVE ID: 7] receiving, interceptingrecording, tracking, monitoring, processing, registering, capturing, detection[TRANSITIVE ID: 7] detecting, monitoring content
[TRANSITIVE ID: 8] determiningtracking, verifying, recognizing, identifying[TRANSITIVE ID: 8] notifying
[FEATURE ID: 9] monitoringterminating, initiating, modifying, enabling[FEATURE ID: 9] preventing
[FEATURE ID: 10] claimparagraph, clair, claimed, statement, embodiment, requirement, clause[FEATURE ID: 10] claim
[FEATURE ID: 11] validation data, characteristics, executable instructionsfiles, information, documents, parameters, media, content, commands[FEATURE ID: 11] information transmittal, standards, electronic mail
[FEATURE ID: 12] authorization datascripts, policy, commands, diagnostics, policies[FEATURE ID: 12] tools
[FEATURE ID: 13] computeruser, system, data, network[FEATURE ID: 13] content
[FEATURE ID: 14] stepphase, stage, steps, method, preceding step, first step, means[FEATURE ID: 14] step
[FEATURE ID: 15] signalsignals, communication, file, message[FEATURE ID: 15] information
[FEATURE ID: 16] filesprocesses, applications, services, communications, operations, activities, information[FEATURE ID: 16] transactions, security violations
[FEATURE ID: 17] executionaccess, processing, use, authentication[FEATURE ID: 17] transmission
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 6]

for receiving [TRANSITIVE ID: 7]

notice from the computing device ' s operating system [FEATURE ID: 1]

that a new program [FEATURE ID: 1]

is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 4]

for determining [TRANSITIVE ID: 8]

whether the program is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 7]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 1]

coupled to the detection module and operable for monitoring [FEATURE ID: 9]

, at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted by the detection module . 2 . The system of claim [FEATURE ID: 10]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable for suspending [TRANSITIVE ID: 2]

loading [FEATURE ID: 3]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 11]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 12]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 13]

implemented method [FEATURE ID: 6]

for implementing security for a computing device comprising the steps [FEATURE ID: 6]

of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 14]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 15]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 11]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 16]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 17]

of the new program . 13 . A computer - readable medium having computer - executable instructions [FEATURE ID: 11]

1 . A method [FEATURE ID: 6]

for providing [TRANSITIVE ID: 2]

security management [FEATURE ID: 3]

in a development architecture framework [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : ( a ) detecting [TRANSITIVE ID: 7]

unauthorized attempts to access a network ; ( b ) notifying [TRANSITIVE ID: 8]

a user [FEATURE ID: 4]

upon detection of at least one of the unauthorized attempts to access the network ; ( c ) restricting [TRANSITIVE ID: 2]

access from the network to a separate wide area network [FEATURE ID: 1]

; ( d ) verifying [TRANSITIVE ID: 2]

identities of users of credit cards [FEATURE ID: 3]

during transactions [FEATURE ID: 16]

carried out over the network ; ( e ) monitoring content [FEATURE ID: 7]

of information transmittal [FEATURE ID: 11]

; ( f ) preventing [TRANSITIVE ID: 9]

transmittal [FEATURE ID: 3]

of information [FEATURE ID: 15]

if the content [FEATURE ID: 13]

does not adhere to standards [FEATURE ID: 11]

; and ( g ) encrypting electronic mail [FEATURE ID: 11]

before transmission [FEATURE ID: 17]

utilizing a network . 2 . A method as recited in claim [FEATURE ID: 10]

1 , and further comprising the step [FEATURE ID: 14]

of providing a system administrator [FEATURE ID: 1]

which performs at least one of the duties consisting of : maintaining user access [FEATURE ID: 3]

to the network , implementing tools [FEATURE ID: 12]

on the network , analyzing security logs [FEATURE ID: 3]

, investigating security violations [FEATURE ID: 16]

over the network , and configuring a security system [FEATURE ID: 1]

on a plurality of technology platforms . 3 . A method as recited in claim 1 , and further comprising the step of providing a security project and planning component [FEATURE ID: 1]

which performs at least one of the duties consisting of : assessing threats [FEATURE ID: 3]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6321338B1
Filed: 1998-11-09
Issued: 2001-11-20
Patent Holder: (Original Assignee) SRI International Inc     (Current Assignee) SRI International Inc
Inventor(s): Phillip A. Porras, Alfonso Valdes

Title: Network surveillance
[FEATURE ID: 1] system, pre-execution module operable, computing device ', operating system, new program, validation module, pre-execution monitor operable, detection module, operating system kernel, computer, method, step, new program attempts, readable mediumcontroller, device, process, mechanism, user, program, software[FEATURE ID: 1] method, network entity, network monitor, monitor
[TRANSITIVE ID: 2] managingmaintaining, determining, monitoring, providing, updating, analyzing, storing[TRANSITIVE ID: 2] building, comparing
[FEATURE ID: 3] securityactivity, access, content, applications[FEATURE ID: 3] network connections
[FEATURE ID: 4] computing deviceprocess, network, device, resource, user[FEATURE ID: 4] packet
[TRANSITIVE ID: 5] comprisingincluding, comprises, having, includes, containing, involving, with[TRANSITIVE ID: 5] comprising, monitoring
[TRANSITIVE ID: 6] receivingcollecting, capturing, reading, recording, processing, obtaining, providing[TRANSITIVE ID: 6] receiving
[FEATURE ID: 7] notice, validation datadata, information, content, input, logs, communications, messages[FEATURE ID: 7] event record, event records
[TRANSITIVE ID: 8] loadedcarried, written, placed, inserted[TRANSITIVE ID: 8] included
[TRANSITIVE ID: 9] determining, intercepting, executionmonitoring, checking, analyzing, detecting, computing, processing, recognizing[TRANSITIVE ID: 9] network surveillance, determining
[FEATURE ID: 10] program, checksumrequest, file, parameter, content, payload, header, metric[FEATURE ID: 10] network packet
[FEATURE ID: 11] triggernotification, message, prompt, trap[FEATURE ID: 11] communication channel
[FEATURE ID: 12] execution module, pre-execution moduleinstruction, event, module, action, output, interceptor, indication[FEATURE ID: 12] error code
[TRANSITIVE ID: 13] interceptedprocessed, initiated, transmitted, received, captured, sent, monitored[TRANSITIVE ID: 13] handled
[FEATURE ID: 14] claimaspect, requirement, item, paragraph, figure, clause, to claim[FEATURE ID: 14] claim
[FEATURE ID: 15] loadingcommunication, transmission, the, performance, movement, processing, delivery[FEATURE ID: 15] data transfers, analysis
[FEATURE ID: 16] authorization datalogs, events, results, conditions, data[FEATURE ID: 16] activity
[FEATURE ID: 17] signalwarning, packet, flag, message[FEATURE ID: 17] privilege error code
[FEATURE ID: 18] characteristicsinstructions, comments, parameters, metadata, information[FEATURE ID: 18] error codes
[FEATURE ID: 19] filesports, content, addresses, network[FEATURE ID: 19] network packet data transfer errors
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 6]

notice [FEATURE ID: 7]

from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 1]

that a new program [FEATURE ID: 1]

is being loaded [TRANSITIVE ID: 8]

onto the computing device ; a validation module [FEATURE ID: 1]

coupled to the pre-execution monitor operable [FEATURE ID: 1]

for determining [TRANSITIVE ID: 9]

whether the program [FEATURE ID: 10]

is valid ; a detection module [FEATURE ID: 1]

coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 9]

a trigger [FEATURE ID: 11]

from the computing device ' s operating system ; and an execution module [FEATURE ID: 12]

coupled to the detection module and operable for monitoring , at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted [TRANSITIVE ID: 13]

by the detection module . 2 . The system of claim [FEATURE ID: 14]

1 , wherein the pre-execution module [FEATURE ID: 12]

is further operable for suspending loading [FEATURE ID: 15]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 7]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 16]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 17]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 10]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 18]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 19]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 9]

of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

1 . A method [FEATURE ID: 1]

of network surveillance [FEATURE ID: 9]

, comprising [TRANSITIVE ID: 5]

: receiving [TRANSITIVE ID: 6]

network packets handled [TRANSITIVE ID: 13]

by a network entity [FEATURE ID: 1]

; building [FEATURE ID: 2]

at least one long - term and at least one short - term statistical profile from at least one measure of the network packets , the at least one measure monitoring [TRANSITIVE ID: 5]

data transfers [FEATURE ID: 15]

, errors , or network connections [FEATURE ID: 3]

; comparing [TRANSITIVE ID: 2]

at least one long - term and at least one short - term statistical profile ; and determining [TRANSITIVE ID: 9]

whether the difference between the short - term statistical profile and the long - term statistical profile indicates suspicious network activity . 2 . The method of claim [FEATURE ID: 14]

1 , wherein the measure monitors data transfers by monitoring network packet data transfer commands . 3 . The method of claim 1 , wherein the measure monitors data transfers by monitoring network packet data transfer errors [FEATURE ID: 19]

. 4 . The method of claim 1 , wherein the measure monitors data transfers by monitoring network packet data transfer volume . 5 . The method of claim 1 , wherein the measure monitors network connections by monitoring network connection requests . 6 . The method of claim 1 , wherein the measure monitors network connections by monitoring network connection denials . 7 . The method of claim 1 , wherein the measure monitors network connections by monitoring a correlation of network connections requests and network connection denials . 8 . The method of claim 1 , wherein the measure monitors errors by monitoring error codes [FEATURE ID: 18]

included [TRANSITIVE ID: 8]

in a network packet [FEATURE ID: 10]

. 9 . The method of claim 8 , wherein an error code [FEATURE ID: 12]

comprises a privilege error code [FEATURE ID: 17]

. 10 . The method of claim 8 , wherein an error code comprises an error code indicating a reason a packet [FEATURE ID: 4]

was rejected . 11 . The method of claim 1 , further comprising responding based on the determining whether the difference between the short - term statistical profile and the long - term statistical profile indicates suspicious network activity . 12 . The method of claim 11 , wherein responding comprises transmitting an event record [FEATURE ID: 7]

to a network monitor [FEATURE ID: 1]

. 13 . The method of claim 12 , wherein transmitting the event record to a network monitor comprises transmitting the event record to a hierarchically higher network monitor . 14 . The method of claim 13 , wherein transmitting the event record to a network monitor comprises transmitting the event record to a network monitor that receives event records [FEATURE ID: 7]

from multiple network monitors . 15 . The method of claim 14 , wherein the monitor [FEATURE ID: 1]

that receives event records from multiple network monitors comprises a network monitor that correlates activity [FEATURE ID: 16]

in the multiple network monitors based on the received event records . 16 . The method of claim 11 , wherein responding comprises altering analysis [FEATURE ID: 15]

of the network packets . 17 . The method of claim 11 , wherein responding comprises severing a communication channel [FEATURE ID: 11]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6314525B1
Filed: 1997-05-13
Issued: 2001-11-06
Patent Holder: (Original Assignee) 3Com Corp     (Current Assignee) HP Inc ; Hewlett Packard Enterprise Development LP
Inventor(s): Mallikarjunan Mahalingham, Walter A. Wallach

Title: Means for allowing two or more network interface controller cards to appear as one card to an operating system
[FEATURE ID: 1] system, computing device, computing device ', validation module, pre-execution monitor operable, detection module, pre-execution module, computer, method, new program attempts, readable mediumdevice, controller, host, network, server, switch, process[FEATURE ID: 1] transport protocol stack, computer network, mechanism, second network interface, primary network adapter, virtual adapter, protocol stack, virtual transport protocol stack, same physical address, MAC layer, prescan protocol stack, manner, method
[TRANSITIVE ID: 2] managingimplementing, supporting, determining, performing, providing, using, executing[TRANSITIVE ID: 2] including, method operating
[FEATURE ID: 3] securityapplications, software, configuration, performance, memory[FEATURE ID: 3] network adapter hardware
[TRANSITIVE ID: 4] comprisingincluding, containing, with, involving, by, includes, having[TRANSITIVE ID: 4] comprising
[FEATURE ID: 5] pre-execution module operableport, device, interface, switch, disk, mechanism, client[FEATURE ID: 5] network adapter, first interface, secondary network adapter
[TRANSITIVE ID: 6] receiving, intercepting, monitoringprocessing, handling, sending, requesting, interpreting, transmitting, managing[TRANSITIVE ID: 6] transferring
[FEATURE ID: 7] operating systemhardware, application, agent, network, object, architecture, infrastructure[FEATURE ID: 7] apparatus, first MAC, protocol stacks, operating system
[TRANSITIVE ID: 8] coupled, operable, further operableadapted, configured, accessible, tied, joined, associated, attached[TRANSITIVE ID: 8] coupled, bound
[FEATURE ID: 9] program, checksumdata, request, content, information, payload, header, message[FEATURE ID: 9] first packet
[FEATURE ID: 10] triggersignal, response, message, request[FEATURE ID: 10] second packet
[FEATURE ID: 11] execution moduleinterceptor, agent, orchestrator, interface, emulator, engine, interpreter[FEATURE ID: 11] NDIS intermediate driver
[FEATURE ID: 12] operating system kernelkernel, background, driver, context[FEATURE ID: 12] independent manner
[FEATURE ID: 13] claimaspect, requirement, item, figure, clause, paragraph, embodiment[FEATURE ID: 13] claim
[FEATURE ID: 14] signaltransmission, communication, signals, packet[FEATURE ID: 14] packets
[FEATURE ID: 15] filesports, applications, memory, network[FEATURE ID: 15] drivers
[FEATURE ID: 16] executable instructionsmedia, information, commands, software[FEATURE ID: 16] data
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 1]

comprising [TRANSITIVE ID: 4]

: a pre-execution module operable [FEATURE ID: 5]

for receiving [TRANSITIVE ID: 6]

notice from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 7]

that a new program is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled [TRANSITIVE ID: 8]

to the pre-execution monitor operable [FEATURE ID: 1]

for determining whether the program [FEATURE ID: 9]

is valid ; a detection module [FEATURE ID: 1]

coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 6]

a trigger [FEATURE ID: 10]

from the computing device ' s operating system ; and an execution module [FEATURE ID: 11]

coupled to the detection module and operable [FEATURE ID: 8]

for monitoring [FEATURE ID: 6]

, at the operating system kernel [FEATURE ID: 12]

of the computing device , the program in response to the trigger intercepted by the detection module . 2 . The system of claim [FEATURE ID: 13]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable [FEATURE ID: 8]

for suspending loading of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data . 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 14]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 9]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 15]

the new program attempts [FEATURE ID: 1]

to access during execution of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

having computer - executable instructions [FEATURE ID: 16]

1 . An apparatus [FEATURE ID: 7]

for transferring [TRANSITIVE ID: 6]

data [FEATURE ID: 16]

between at least one transport protocol stack [FEATURE ID: 1]

and a plurality of network adaptors coupled [TRANSITIVE ID: 8]

to a computer network [FEATURE ID: 1]

that supports recovery from network adapter [FEATURE ID: 5]

and connection failure , comprising [TRANSITIVE ID: 4]

: a first interface [FEATURE ID: 5]

bound [TRANSITIVE ID: 8]

to the at least one transport protocol stack ; a second interface bound to the plurality of network adapters ; and a mechanism [FEATURE ID: 1]

coupled to the first interface and the second interface that receives a first MAC [FEATURE ID: 7]

- level packet from a transport protocol stack through the first interface , and forwards the first packet [FEATURE ID: 9]

through the second interface to a network adapter in the plurality of network adapters ; and a mechanism coupled to the first interface and the second interface that receives a second packet [FEATURE ID: 10]

from a network adapter in the plurality of network adapters through the second interface and forwards the second packet through the first interface to a transport protocol stack . 2 . The apparatus of claim [FEATURE ID: 13]

1 , including [TRANSITIVE ID: 2]

a mechanism coupled to the second interface that detects a failed network adapter in the plurality of network adapters and reroutes packets [FEATURE ID: 14]

to another network adapter in the plurality of network adapters . 3 . The apparatus of claim 1 , including a mechanism coupled to the second network interface [FEATURE ID: 1]

that detects a failed primary network adapter [FEATURE ID: 1]

in the plurality of network adapters and reroutes packets to a secondary network adapter [FEATURE ID: 5]

in the plurality of network adapters . 4 . The apparatus of claim 1 , wherein the mechanism that receives the first MAC - level packet from a transport protocol stack through the first interface , and forwards the first packet through the second interface to the network adapter performs load sharing by selectively routing packets to network adapters in the plurality of network adapters . 5 . The apparatus of claim 1 , wherein the apparatus can function as an NDIS intermediate driver [FEATURE ID: 11]

, wherein : the first interface presents a virtual adapter [FEATURE ID: 1]

for binding to at least one protocol stack [FEATURE ID: 1]

; and the second interface presents a virtual transport protocol stack [FEATURE ID: 1]

for binding to a network adapter in the plurality of network adapters . 6 . The apparatus of claim 1 , wherein all adapters in the plurality of adapters bound to the second interface are configured to the same physical address [FEATURE ID: 1]

. 7 . The apparatus of claim 1 , wherein the apparatus is implemented at the MAC layer [FEATURE ID: 1]

and below . 8 . The apparatus of claim 1 , wherein the apparatus can function as a prescan protocol stack [FEATURE ID: 1]

for examining packets flowing between protocol stacks [FEATURE ID: 7]

and drivers [FEATURE ID: 15]

. 9 . The apparatus of claim 1 , including a mechanism that detects a failed network adapter in the plurality of network adapters in an operating system [FEATURE ID: 7]

- independent manner [FEATURE ID: 12]

. 10 . The apparatus of claim 1 , including a mechanism that detects a failed network adapter in the plurality of network adapters in a manner [FEATURE ID: 1]

that is independent of network adapter hardware [FEATURE ID: 3]

. 11 . A method [FEATURE ID: 1]

for supporting recovery from network adapter and connection failure , the method operating [FEATURE ID: 2]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6314409B2
Filed: 1996-01-11
Issued: 2001-11-06
Patent Holder: (Original Assignee) Veridian Information Solutions Inc     (Current Assignee) Hanger Solutions LLC
Inventor(s): Paul B. Schneck, Marshall D. Abrams

Title: System for controlling access and distribution of digital property
[TRANSITIVE ID: 1] managing, monitoringcontrolling, providing, protecting, securing, enabling, enforcing, implementing[TRANSITIVE ID: 1] distributing, defining, encrypting
[FEATURE ID: 2] securitythe, access, privileges, behavior[FEATURE ID: 2] access rights
[TRANSITIVE ID: 3] comprisingincluding, involving, encompassing, incorporating, compromising, by, containing[TRANSITIVE ID: 3] comprising
[FEATURE ID: 4] pre-execution module operable, computer, methodsystem, process, step, device, means, business method, system method[FEATURE ID: 4] method, user
[TRANSITIVE ID: 5] receiving, determining, interceptingmonitoring, recording, detecting, tracking, obtaining, identifying, analyzing[TRANSITIVE ID: 5] protecting
[FEATURE ID: 6] operating systemoperator, application, agent, user[FEATURE ID: 6] access mechanism
[FEATURE ID: 7] program, new program attemptsdata, content, application, process, information, users, access[FEATURE ID: 7] user access, data portions
[FEATURE ID: 8] response, connectioncorrespondence, coordination, parallel, real time, line, relationship, association[FEATURE ID: 8] accordance
[TRANSITIVE ID: 9] interceptedidentified, established, implemented, detected, determined, provided[TRANSITIVE ID: 9] enforced
[FEATURE ID: 10] claimitem, clair, claimed, statement, embodiment, clause, figure[FEATURE ID: 10] claim
[FEATURE ID: 11] loadingcommunication, transfer, dissemination, delivery, the, use, download[FEATURE ID: 11] access, distribution
[FEATURE ID: 12] validation data, characteristicsdata, files, information, documents, images, parameters, symbols[FEATURE ID: 12] rules, software, text, numbers, audio, access control quantities
[FEATURE ID: 13] authorization datacommands, rules, conditions, data[FEATURE ID: 13] rights
[FEATURE ID: 14] checksumhash, certificate, key, value, password, cipher, source[FEATURE ID: 14] un-encrypted form, decrypting key
[FEATURE ID: 15] filesparameters, applications, data, objects, programs[FEATURE ID: 15] users
1 . A system for managing [TRANSITIVE ID: 1]

security [FEATURE ID: 2]

of a computing device comprising [TRANSITIVE ID: 3]

: a pre-execution module operable [FEATURE ID: 4]

for receiving [TRANSITIVE ID: 5]

notice from the computing device ' s operating system [FEATURE ID: 6]

that a new program is being loaded onto the computing device ; a validation module coupled to the pre-execution monitor operable for determining [TRANSITIVE ID: 5]

whether the program [FEATURE ID: 7]

is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 5]

a trigger from the computing device ' s operating system ; and an execution module coupled to the detection module and operable for monitoring [FEATURE ID: 1]

, at the operating system kernel of the computing device , the program in response [FEATURE ID: 8]

to the trigger intercepted [TRANSITIVE ID: 9]

by the detection module . 2 . The system of claim [FEATURE ID: 10]

1 , wherein the pre-execution module is further operable for suspending loading [FEATURE ID: 11]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 12]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 13]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 4]

implemented method [FEATURE ID: 4]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection [FEATURE ID: 8]

with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 14]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 12]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 15]

the new program attempts [FEATURE ID: 7]

1 . A method [FEATURE ID: 4]

of distributing [TRANSITIVE ID: 1]

data , the method comprising [TRANSITIVE ID: 3]

: protecting [TRANSITIVE ID: 5]

portions of the data ; and openly distributing the protected portions of the data , whereby each and every access [FEATURE ID: 11]

to an unprotected form of the protected portions of the data is limited in accordance [FEATURE ID: 8]

with rules [FEATURE ID: 12]

defining [TRANSITIVE ID: 1]

access rights [FEATURE ID: 2]

to the data as enforced [TRANSITIVE ID: 9]

by an access mechanism [FEATURE ID: 6]

, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data . 2 . A method as in claim [FEATURE ID: 10]

1 , wherein the protecting of portions of the data comprises encrypting [TRANSITIVE ID: 1]

the portions of the data , whereby unauthorized access to the protected data is not to the un-encrypted form [FEATURE ID: 14]

of the protected data . 3 . A method as in claim 2 , wherein the encrypting of portions of the data encrypts the portions of the data with a data encrypting key , the data encrypting key having a corresponding data decrypting key , the method further comprising : encrypting the data encrypting key . 4 . A method as in claim 3 , further comprising : providing a decrypting key [FEATURE ID: 14]

corresponding to the key encrypting key . 5 . A method as in claim 1 , wherein the data represent at least one of software [FEATURE ID: 12]

, text [FEATURE ID: 12]

, numbers [FEATURE ID: 12]

, graphics , audio [FEATURE ID: 12]

, and video . 6 . A method as in claim 1 , wherein the rules indicate which users [FEATURE ID: 15]

are allowed to access the protected portions of the data , the method further comprising allowing the user access [FEATURE ID: 7]

to the unprotected form of a protected portion of the data only if the rules indicate that the user [FEATURE ID: 4]

is allowed to access that portion of the data . 7 . A method as in claim 1 wherein the rules indicate distribution rights of the data , the method further comprising : allowing distribution [FEATURE ID: 11]

of the unprotected form of the protected data portions [FEATURE ID: 7]

only in accordance with the distribution rights indicated in the rules . 8 . A method as in claim 1 , wherein the rules indicate access control rights of the user , the method further comprising : allowing the user to access the unprotected form of the protected data portions only in accordance with the access control rights indicated in the rules . 9 . A method as in claim 8 , wherein the access control rights include at least one of : local display rights , printing rights [FEATURE ID: 13]

, copying rights , execution rights , transmission rights , and modification rights . 10 . A method as in claim 1 , wherein the rules indicate access control quantities [FEATURE ID: 12]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US20010032188A1
Filed: 2000-02-25
Issued: 2001-10-18
Patent Holder: (Original Assignee) Individual     (Current Assignee) Panasonic Holdings Corp
Inventor(s): Yoshiyuki Miyabe, Shigeshi Arai

Title: Information distribution system
[FEATURE ID: 1] system, computing device ', operating system, validation module, pre-execution module, computer, method, step, checksum, files, new program attempts, readable medium, executable instructionsserver, software, network, means, data, user, processor[FEATURE ID: 1] terminal, management device, utilization program, terminal device, device, data storage medium, program, computer, medium, system, transfer program, media
[TRANSITIVE ID: 2] managing, receiving, monitoringprocessing, handling, executing, providing, controlling, facilitating, operating[TRANSITIVE ID: 2] managing, performing
[FEATURE ID: 3] security, stepsthe, execution, instructions, access, operation, operations, process[FEATURE ID: 3] processing, use
[FEATURE ID: 4] computing device, operating system kernel, operation, characteristicsapplication, execution, usage, system, memory, user, software[FEATURE ID: 4] utilization processing, data
[TRANSITIVE ID: 5] comprisingincluding, with, using, incorporating, by, featuring, involving[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] pre-execution module operablemeans, trigger, process, basis, source, target, point[FEATURE ID: 6] result, destination
[FEATURE ID: 7] new programprogram, file, procedure, new[FEATURE ID: 7] new history
[TRANSITIVE ID: 8] coupled, further operableprovided, adapted, responsive, attached, joined, mounted, configured[TRANSITIVE ID: 8] connected
[FEATURE ID: 9] pre-execution monitor operable, execution moduleinterface, application, agent, instruction, apparatus, module, environment[FEATURE ID: 9] information distribution system
[FEATURE ID: 10] program, signalrequest, notification, confirmation, content, information, update, the[FEATURE ID: 10] receipt, previous history
[FEATURE ID: 11] triggercall, notice, signal, request, response[FEATURE ID: 11] demand
[FEATURE ID: 12] operabledesigned, suitable, adapted, intended, effective, used[FEATURE ID: 12] required
[FEATURE ID: 13] response, connectionparallel, sequence, correspondence, advance, respect, reference, order[FEATURE ID: 13] accordance, response, addition
[TRANSITIVE ID: 14] interceptedobtained, acquired, transmitted, sent, received, provided[TRANSITIVE ID: 14] distributed
[FEATURE ID: 15] claimaspect, embodiment, claim number, paragraph, clause, item, statement[FEATURE ID: 15] claim
[TRANSITIVE ID: 16] suspendingallowing, beginning, starting, enabling[TRANSITIVE ID: 16] permission
[FEATURE ID: 17] loading, executionprocessing, the, transmission, delivery, management, reception, provision[FEATURE ID: 17] distribution, utilization, beginning, communication, transfer
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 6]

for receiving [TRANSITIVE ID: 2]

notice from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 1]

that a new program [FEATURE ID: 7]

is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled [TRANSITIVE ID: 8]

to the pre-execution monitor operable [FEATURE ID: 9]

for determining whether the program [FEATURE ID: 10]

is valid ; a detection module coupled to the pre-execution monitor operable for intercepting a trigger [FEATURE ID: 11]

from the computing device ' s operating system ; and an execution module [FEATURE ID: 9]

coupled to the detection module and operable [FEATURE ID: 12]

for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 4]

of the computing device , the program in response [FEATURE ID: 13]

to the trigger intercepted [TRANSITIVE ID: 14]

by the detection module . 2 . The system of claim [FEATURE ID: 15]

1 , wherein the pre-execution module [FEATURE ID: 1]

is further operable [FEATURE ID: 8]

for suspending [TRANSITIVE ID: 16]

loading [FEATURE ID: 17]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data . 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps [FEATURE ID: 3]

of : interrupting the loading of a new program for operation [FEATURE ID: 4]

with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection [FEATURE ID: 13]

with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 1]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 10]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 1]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 4]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 1]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 17]

of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

having computer - executable instructions [FEATURE ID: 1]

1 . An information distribution system [FEATURE ID: 9]

comprising [TRANSITIVE ID: 5]

an information distribution management device managing [TRANSITIVE ID: 2]

distribution [FEATURE ID: 17]

of information and a terminal [FEATURE ID: 1]

connected [TRANSITIVE ID: 8]

to the management device [FEATURE ID: 1]

so as to communicate with each other , wherein the information to be distributed [TRANSITIVE ID: 14]

is distributed to the terminal with a utilization program [FEATURE ID: 1]

for performing [TRANSITIVE ID: 2]

processing [FEATURE ID: 3]

required [TRANSITIVE ID: 12]

to use the information , wherein the terminal device [FEATURE ID: 1]

performs processing for utilization [FEATURE ID: 17]

of the information in accordance [FEATURE ID: 13]

with processing of the utilization program , and wherein at beginning [FEATURE ID: 17]

of the utilization processing [FEATURE ID: 4]

, the utilization program asks the device [FEATURE ID: 1]

for permission [FEATURE ID: 16]

of the utilization processing as a result [FEATURE ID: 6]

of communication [FEATURE ID: 17]

therewith and performs the utilization processing on receipt [FEATURE ID: 10]

of the permission from the device . 2 . An information distribution management device in an information distribution system , managing distribution of information , wherein the device is connected to a terminal device so as to communicate with each other , and wherein the device returns permission of processing for utilization of the distributed information in response [FEATURE ID: 13]

to a demand [FEATURE ID: 11]

for the permission which is transmitted by the terminal device at beginning of use [FEATURE ID: 3]

of the distributed information in accordance with a utilization program distributed with the information . 3 . A data storage medium [FEATURE ID: 1]

, storing a program [FEATURE ID: 1]

for managing distribution of information by which a computer [FEATURE ID: 1]

functions as an information distribution management device , wherein the program controls the computer to return permission of processing for utilization of the distributed information in response to a demand for permission which is transmitted by a terminal device at beginning of use of the distributed information in accordance with a utilization program distributed with the information . 4 . A program for managing distribution of information by which a computer functions as an information distribution management device , wherein the program performs processing in which permission of processing for utilization is returned in response to a demand for permission which is transmitted by the terminal device at beginning of use of the distributed information in accordance with a utilization program distributed with the information . 5 . A terminal device , in an information distribution system , connected to an information distribution management device so as to communicate with each other , wherein the terminal device performs processing for utilization of information in accordance with processing of a utilization program distributed with the information , and wherein at beginning of the utilization processing , the utilization program asks the device for permission of processing of the utilization processing as a result of communication therewith and performs the utilization processing on receipt of the permission of the processing from the device . 6 . A data storage medium , storing a utilization program for performing processing required to use distributed information with a computer , wherein the program asks for permission of processing for utilization of the information as a result of communication with an information distribution management device and wherein the program makes the computer to perform the utilization processing on receipt of the permission from the device . 7 . The data storage medium of claim [FEATURE ID: 15]

6 wherein the medium [FEATURE ID: 1]

also stores information together with the program . 8 . A utilization program for performing processing required to use distributed information with a computer , wherein the program asks for permission of processing for utilization of the information as a result of communication with an information distribution management device and wherein the program makes the computer to perform the utilization processing on receipt of the permission from the device . 9 . The system [FEATURE ID: 1]

of claim 1 wherein the information to be distributed is a program . 10 . The system of claim 1 wherein the information to be distributed is data [FEATURE ID: 4]

. 11 . The system of claim 1 wherein the utilization processing performed by the terminal device is processing for transfer [FEATURE ID: 17]

of the distributed information , and wherein the utilization program includes a program for transferring the information to another device . 12 . The system of claim 11 wherein history of transfer is added to the information to be distributed , and wherein the transfer program [FEATURE ID: 1]

transfers the history of transfer in addition [FEATURE ID: 13]

to the information , 13 . The system of claim 12 wherein the transfer program transfers the history of transfer with update thereof . 14 . The system of claim 13 wherein the transfer program updates the history of transfer with addition of information on a media [FEATURE ID: 1]

used for the transfer . 15 . The system of claim 13 wherein the transfer program updates the history of transfer with addition of information on a terminal to be a destination [FEATURE ID: 6]

of the transfer . 16 . The system of claim 13 wherein the transfer program add a new history [FEATURE ID: 7]

of transfer with delete of previous history [FEATURE ID: 10]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6301668B1
Filed: 1998-12-29
Issued: 2001-10-09
Patent Holder: (Original Assignee) Cisco Technology Inc     (Current Assignee) Cisco Technology Inc
Inventor(s): Robert E. Gleichauf, William A. Randall, Daniel M. Teal, Scott V. Waddell, Kevin J. Ziese

Title: Method and system for adaptive network security using network vulnerability assessment
[FEATURE ID: 1] system, operating system, detection module, computercontroller, monitor, server, platform, module, network, software[FEATURE ID: 1] device
[TRANSITIVE ID: 2] managing, monitoringimplementing, initiating, performing, controlling, enabling, modifying, activating[TRANSITIVE ID: 2] prioritizing
[FEATURE ID: 3] security, operating system kernel, loading, validation data, steps, filessoftware, memory, operation, content, hardware, components, resources[FEATURE ID: 3] network data traffic, memory utilization, systems, services available, potential vulnerabilities
[FEATURE ID: 4] computing device, readable mediumsystem, memory, processor, device, server, controller, terminal[FEATURE ID: 4] network, processor utilization
[TRANSITIVE ID: 5] comprisingincluding, comprises, having, includes, involving, compromising, by[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] pre-execution module operableprocess, request, method, step, device[FEATURE ID: 6] directing step
[TRANSITIVE ID: 7] receivingsoliciting, acquiring, reading, processing, monitoring, detecting, capturing[TRANSITIVE ID: 7] assessing
[FEATURE ID: 8] validation modulesystem, filter, computer, scanner, processor[FEATURE ID: 8] particular analysis task
[TRANSITIVE ID: 9] coupledaccessible, linked, associated, related, bound, coupling, couple[TRANSITIVE ID: 9] coupled
[TRANSITIVE ID: 10] determining, intercepting, executionmonitoring, detecting, testing, identifying, processing, analyzing, sniffing[TRANSITIVE ID: 10] adaptive network security, determining
[FEATURE ID: 11] trigger, signalmessage, call, response, query, load, detection, file[FEATURE ID: 11] request
[FEATURE ID: 12] responseanswer, reply, connection, relationship, subject, correspondence[FEATURE ID: 12] response
[TRANSITIVE ID: 13] interceptedtriggered, initiated, implemented, invoked, processed[TRANSITIVE ID: 13] performed
[FEATURE ID: 14] claimaspect, requirement, paragraph, figure, clause, item, embodiment[FEATURE ID: 14] claim
[FEATURE ID: 15] authorization data, characteristicsmetadata, results, data, statistics, properties, conditions, metrics[FEATURE ID: 15] network information
[FEATURE ID: 16] methodtechnology, technique, mechanism, system method, automated method, security method, methodology[FEATURE ID: 16] method
[FEATURE ID: 17] stepphase, stage, process, operation, steps, method, action[FEATURE ID: 17] step
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 6]

for receiving [TRANSITIVE ID: 7]

notice from the computing device ' s operating system [FEATURE ID: 1]

that a new program is being loaded onto the computing device ; a validation module [FEATURE ID: 8]

coupled [TRANSITIVE ID: 9]

to the pre-execution monitor operable for determining [TRANSITIVE ID: 10]

whether the program is valid ; a detection module [FEATURE ID: 1]

coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 10]

a trigger [FEATURE ID: 11]

from the computing device ' s operating system ; and an execution module coupled to the detection module and operable for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 3]

of the computing device , the program in response [FEATURE ID: 12]

to the trigger intercepted [TRANSITIVE ID: 13]

by the detection module . 2 . The system of claim [FEATURE ID: 14]

1 , wherein the pre-execution module is further operable for suspending loading [FEATURE ID: 3]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 3]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 15]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 16]

for implementing security for a computing device comprising the steps [FEATURE ID: 3]

of : interrupting the loading of a new program for operation with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step [FEATURE ID: 17]

of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 11]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 15]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 3]

the new program attempts to access during execution [FEATURE ID: 10]

of the new program . 13 . A computer - readable medium [FEATURE ID: 4]

1 . A method [FEATURE ID: 16]

for adaptive network security [FEATURE ID: 10]

comprising [TRANSITIVE ID: 5]

: directing , by a device [FEATURE ID: 1]

coupled [TRANSITIVE ID: 9]

to a network [FEATURE ID: 4]

, a request [FEATURE ID: 11]

onto the network ; assessing [TRANSITIVE ID: 7]

a response [FEATURE ID: 12]

to the request to discover network information [FEATURE ID: 15]

associated with determining [TRANSITIVE ID: 10]

at least one potential network vulnerability ; and prioritizing [TRANSITIVE ID: 2]

a plurality of analysis tasks based upon the network information , the plurality of analysis tasks to be performed [TRANSITIVE ID: 13]

on network data traffic [FEATURE ID: 3]

which is monitored in order to identify attacks upon the network . 2 . The method of claim [FEATURE ID: 14]

1 , wherein the directing step [FEATURE ID: 6]

comprises scanning a plurality of devices on the network . 3 . The method of claim 1 , further comprising disabling a particular analysis task [FEATURE ID: 8]

based upon an assigned priority of the particular analysis task . 4 . The method of claim 3 , further comprising : monitoring a processor utilization [FEATURE ID: 4]

; and performing the disabling step [FEATURE ID: 17]

if the processor utilization exceeds a first defined threshold . 5 . The method of claim 4 , further comprising re-enabling the particular analysis task if the processor utilization drops below a second defined threshold . 6 . The method of claim 3 , further comprising : monitoring memory utilization [FEATURE ID: 3]

; and performing the disabling step if the memory utilization exceeds a third defined threshold . 7 . The method of claim 6 , further comprising re-enabling the particular analysis task if the memory utilization drops below a fourth defined threshold . 8 . The method of claim 1 , wherein the prioritizing step comprises : determining a probable success of a particular attack upon the network based upon the network information ; and assigning a priority to the particular analysis task intended to detect the particular attack . 9 . The method of claim 1 , wherein network information comprises : devices coupled to the network ; operating systems [FEATURE ID: 3]

running on the devices ; and services available [FEATURE ID: 3]

on the devices . 10 . The method of claim 9 , further comprising identifying potential vulnerabilities [FEATURE ID: 3]







Targeted Patent:

Patent: US7673137B2
Filed: 2002-01-04
Issued: 2010-03-02
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) Taasera Licensing LLC
Inventor(s): Thomas James Satterlee, William Frank Hackenberger

Title: System and method for the managed security control of processes on a computer system

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6298445B1
Filed: 1998-04-30
Issued: 2001-10-02
Patent Holder: (Original Assignee) Netect Ltd     (Current Assignee) Netect Ltd ; NortonLifeLock Inc
Inventor(s): Adam Shostack, David Allouch

Title: Computer security
[FEATURE ID: 1] system, pre-execution module operable, computing device ', new program, validation module, operating system kernel, computer, method, new program attempts, readable mediumdevice, client, user, network, controller, database, server[FEATURE ID: 1] computer, computer network, remote computer, fifth module, network service, service, cryptographic technique, communications module, similar system
[TRANSITIVE ID: 2] managing, receiving, determining, intercepting, monitoring, suspending, executionprocessing, controlling, detecting, examining, checking, analyzing, initiating[TRANSITIVE ID: 2] assessing, accessing, receiving, updating
[FEATURE ID: 3] security, loading, operation, executable instructionssoftware, performance, the, execution, information, processing, installation[FEATURE ID: 3] vulnerabilities, passwords, permissions
[FEATURE ID: 4] computing devicesystem, client, processor, device, application, server, machine[FEATURE ID: 4] network, sixth module
[TRANSITIVE ID: 5] comprisingincluding, with, featuring, encompassing, incorporating, using, by[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] operating system, pre-execution monitor operableapplication, system, operating, monitor, interface, operator, processor[FEATURE ID: 6] operating system
[TRANSITIVE ID: 7] coupled, operable, further operableconfigured, adapted, designed, accessible, provided, assigned, selectable[TRANSITIVE ID: 7] used, connected
[FEATURE ID: 8] programrequest, content, update, data[FEATURE ID: 8] information
[FEATURE ID: 9] execution module, pre-execution moduleapplication, event, interface, agent, instruction, alert, method[FEATURE ID: 9] integrated system, update
[FEATURE ID: 10] claimembodiment, statement, requirement, clause, figure, paragraph, item[FEATURE ID: 10] claim
[FEATURE ID: 11] validation data, authorization data, characteristicsdata, parameters, instructions, policies, credentials, content, rules[FEATURE ID: 11] security vulnerabilities, words
[FEATURE ID: 12] signalquery, prompt, determination, confirmation, command, notification[FEATURE ID: 12] request
[FEATURE ID: 13] checksumkey, verification, counter, hash, certificate, password[FEATURE ID: 13] digital signature
[FEATURE ID: 14] filesfile, storage, memory, data[FEATURE ID: 14] database
1 . A system [FEATURE ID: 1]

for managing [TRANSITIVE ID: 2]

security [FEATURE ID: 3]

of a computing device [FEATURE ID: 4]

comprising [TRANSITIVE ID: 5]

: a pre-execution module operable [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 2]

notice from the computing device ' [FEATURE ID: 1]

s operating system [FEATURE ID: 6]

that a new program [FEATURE ID: 1]

is being loaded onto the computing device ; a validation module [FEATURE ID: 1]

coupled [TRANSITIVE ID: 7]

to the pre-execution monitor operable [FEATURE ID: 6]

for determining [TRANSITIVE ID: 2]

whether the program [FEATURE ID: 8]

is valid ; a detection module coupled to the pre-execution monitor operable for intercepting [TRANSITIVE ID: 2]

a trigger from the computing device ' s operating system ; and an execution module [FEATURE ID: 9]

coupled to the detection module and operable [FEATURE ID: 7]

for monitoring [FEATURE ID: 2]

, at the operating system kernel [FEATURE ID: 1]

of the computing device , the program in response to the trigger intercepted by the detection module . 2 . The system of claim [FEATURE ID: 10]

1 , wherein the pre-execution module [FEATURE ID: 9]

is further operable [FEATURE ID: 7]

for suspending [TRANSITIVE ID: 2]

loading [FEATURE ID: 3]

of the program onto the computing device . 3 . The system of claim 1 , wherein the pre-execution module is further operable for retrieving validation data [FEATURE ID: 11]

. 4 . The system of claim 1 , wherein the execution module is further operable for deciding whether to terminate the trigger intercepted by the detection module . 5 . The system of claim 1 , wherein the execution module is further operable for retrieving authorization data [FEATURE ID: 11]

and deciding how to respond to the trigger intercepted by the detection module . 6 . A computer [FEATURE ID: 1]

implemented method [FEATURE ID: 1]

for implementing security for a computing device comprising the steps of : interrupting the loading of a new program for operation [FEATURE ID: 3]

with the computing device ; validating the new program ; if the new program is validated , permitting the new program to continue loading and to execute in connection with the computing device ; if the new program is not validated , monitoring the new program while it loads and executes in connection with the computing device , wherein the step of monitoring the new program while it executes is performed at the operating system kernel of the computing device . 7 . The method of claim 6 , wherein the step of interrupting the loading of a new program comprises : intercepting a signal [FEATURE ID: 12]

from the computing device ' s operating system that the new program is loading , and suspending the loading of the new program . 8 . The method of claim 6 , wherein the step of monitoring the new program comprises intercepting a signal from the computing device ' s operating system . 9 . The method of claim 6 , wherein the step of validating the new program comprises determining whether the new program corresponds with an approved program . 10 . The method of claim 6 , wherein the step of validating the new program comprises comparing a checksum [FEATURE ID: 13]

for the new program with a previously determined checksum . 11 . The method of claim 6 , wherein the step of validating the new program comprises analyzing characteristics [FEATURE ID: 11]

of the new program . 12 . The method of claim 6 , wherein the step of monitoring the new program comprises controlling the files [FEATURE ID: 14]

the new program attempts [FEATURE ID: 1]

to access during execution [FEATURE ID: 2]

of the new program . 13 . A computer - readable medium [FEATURE ID: 1]

having computer - executable instructions [FEATURE ID: 3]

1 . An integrated system [FEATURE ID: 9]

for assessing [TRANSITIVE ID: 2]

vulnerabilities [FEATURE ID: 3]

, comprising [TRANSITIVE ID: 5]

: a database [FEATURE ID: 14]

of security vulnerabilities [FEATURE ID: 11]

; a first module for accessing [TRANSITIVE ID: 2]

the database and for assessing security vulnerabilities of an operating system [FEATURE ID: 6]

of a computer [FEATURE ID: 1]

; a second module for accessing the database and for assessing security vulnerabilities of a computer network [FEATURE ID: 1]

that includes the computer ; a third module for accessing the database and for assessing security vulnerabilities in passwords [FEATURE ID: 3]

used [TRANSITIVE ID: 7]

to access the computer or the network [FEATURE ID: 4]

; a fourth module for accessing the database and for assessing security vulnerabilities of a remote computer [FEATURE ID: 1]

connected [TRANSITIVE ID: 7]

to the network ; and a fifth module [FEATURE ID: 1]

for receiving [TRANSITIVE ID: 2]

an update [FEATURE ID: 9]

to the database and updating [TRANSITIVE ID: 2]

the database . 2 . The integrated system of claim [FEATURE ID: 10]

1 wherein the first module determines permissions [FEATURE ID: 3]

of the operating system . 3 . The integrated system of claim 1 wherein the first module determines whether predetermined changes have been made to the operating system . 4 . The integrated system of claim 1 wherein the second module connects to a network service [FEATURE ID: 1]

and accepts information [FEATURE ID: 8]

from the service [FEATURE ID: 1]

. 5 . The integrated system of claim 1 wherein the second module connects to a network service and interrogates the service . 6 . The integrated system of claim 1 wherein the third module checks whether the words [FEATURE ID: 11]

in a list have been used as passwords . 7 . The integrated system of claim 1 wherein the fourth module allows the remote computer to connect to a network service and accepts information from the service . 8 . The integrated system of claim 1 wherein the fourth module allows the remote computer to connect to a network service and interrogate the service . 9 . The integrated system of claim 1 wherein the fifth module also checks the authenticity and integrity of the update . 10 . The integrated system of claim 9 wherein the fifth module employs a cryptographic technique [FEATURE ID: 1]

to check the authenticity and integrity of the update . 11 . The integrated system of claim 10 wherein the cryptographic technique comprises a digital signature [FEATURE ID: 13]

. 12 . The integrated system of claim 1 wherein the fifth module receives the update after a request [FEATURE ID: 12]

is made for the update . 13 . The integrated system of claim 1 wherein the fifth module receives the update automatically whenever the update becomes available . 14 . The integrated system of claim 1 wherein a sixth module [FEATURE ID: 4]

is a communications module [FEATURE ID: 1]

for communicating with a similar system [FEATURE ID: 1]