公开(公告)号：US11469904B1

公开(公告)日：2022-10-11

申请号：US16360515

申请日：2019-03-21

Applicant: Symantec Corporation

Inventor： Daniel Kats ,  Christopher Gates ,  Acar Tamersoy ,  Daniel Marino

IPC: H04L9/32 ,  G06F21/10 ,  G06F21/60 ,  H04L9/00

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US11190488B1

公开(公告)日：2021-11-30

申请号：US16296178

申请日：2019-03-07

Applicant: SYMANTEC CORPORATION

Inventor： Daniel Marino ,  Daniel Kats ,  Brian Schlatter

IPC: H04L29/06 ,  H04L12/26 ,  G06F21/55 ,  H04L12/851

Abstract: Adaptive security filtering on a client device. A method may include applying a data filter to a client device to obtain a first set of data associated with the client device, determining a risk level of a datum of the first set of data, determining a resource level associated with obtaining the first set of data, adjusting the data filter to an adjusted filter based on the determined risk level of the datum and the determined resource level, and applying the adjusted filter to the client device.

公开(公告)号：US11030342B1

公开(公告)日：2021-06-08

申请号：US16230727

申请日：2018-12-21

Applicant: Symantec Corporation

Inventor： Daniel Kats ,  David Silva ,  Petros Efstathopoulos ,  Daniel Marino

IPC: G06F9/44 ,  G06F21/62 ,  H04L29/06 ,  H04L29/08

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US10447663B2

公开(公告)日：2019-10-15

申请号：US16021950

申请日：2018-06-28

Applicant: SYMANTEC CORPORATION

Inventor： Yuqiong Sun ,  Daniel Marino ,  Susanta K. Nanda ,  Saurabh Shintre ,  Brian T. Witten ,  Ronald A. Frederick ,  Qing Li

IPC: H04L29/06 ,  G06F21/62

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.

公开(公告)号：US09729579B1

公开(公告)日：2017-08-08

申请号：US14697016

申请日：2015-04-27

Applicant: Symantec Corporation

Inventor： Daniel Marino ,  Petros Efstathopoulos ,  Mingwei Zhang

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/08 ,  H04L63/101 ,  H04L63/123

Abstract: A computer-implemented method for increasing security on computing systems that launch application containers may include (1) authenticating an application container that facilitates launching at least one application on a host computing system by verifying that the application container meets a certain trustworthiness threshold, (2) intercepting, via a policy-enforcement proxy, a command to perform a deployment action on the host computing system in connection with the authenticated application container, (3) determining that the deployment action potentially violates a security policy applied to the authenticated application container, and then in response to determining that the deployment action potentially violates the security policy, (4) modifying, via the policy-enforcement proxy, the command to prevent the potential violation of the security policy. Various other methods, systems, and computer-readable media are also disclosed.