公开(公告)号：US11165811B2

公开(公告)日：2021-11-02

申请号：US16780674

申请日：2020-02-03

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Ali Rezafard ,  David Matthew Patt

IPC分类号： H04L29/06 ,  G06F21/57 ,  G06F16/21

摘要： Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.

公开(公告)号：US10242189B1

公开(公告)日：2019-03-26

申请号：US16148003

申请日：2018-10-01

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Yiyi Miao ,  Jianpeng Mo

IPC分类号： G06F21/56 ,  G06F16/11 ,  G06F21/62 ,  H04L29/06 ,  G06F17/30

摘要： A method for securely validating the file format type including receiving a file having a file format type, a header and a content block. The header has a header block with a description representing attributes of the actual content in the file. The content block has leading bytes representing attributes of the actual content, and actual content. Data is parsed from the description of the header block, the leading bytes and the actual content. Data from the description is compared to the data from the leading bytes, data from the leading bytes is compared to the data from the actual content, and data from the description is compared to the data from the actual content. The file format type is validated and trustable when the data from the description, the data from the leading bytes and the data from the actual content are consistent with one another.

公开(公告)号：US09749349B1

公开(公告)日：2017-08-29

申请号：US15275123

申请日：2016-09-23

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Ali Rezafard ,  David Matthew Patt

IPC分类号： H04L29/06 ,  G06F17/30 ,  G06F21/57

CPC分类号： H04L63/1433 ,  G06F17/30289 ,  G06F21/577 ,  H04L63/1425

摘要： Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.

公开(公告)号：US10554681B2

公开(公告)日：2020-02-04

申请号：US16174139

申请日：2018-10-29

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Ali Rezafard ,  David Matthew Patt

IPC分类号： H04L29/06 ,  G06F21/57 ,  G06F16/21

摘要： Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.

公开(公告)号：US20180293180A1

公开(公告)日：2018-10-11

申请号：US16009512

申请日：2018-06-15

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Boris Dynin

IPC分类号： G06F12/14 ,  G06F17/30 ,  G06F3/06 ,  G06F7/02 ,  G06F21/85 ,  G06F21/62 ,  G06F21/60 ,  G06F3/12 ,  G06F21/00

CPC分类号： G06F12/1408 ,  G06F3/0623 ,  G06F3/0635 ,  G06F3/0673 ,  G06F3/1226 ,  G06F7/02 ,  G06F17/3007 ,  G06F17/30135 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/30386 ,  G06F17/30864 ,  G06F21/00 ,  G06F21/60 ,  G06F21/602 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2221/2107

摘要： A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.

公开(公告)号：US09471794B2

公开(公告)日：2016-10-18

申请号：US15015084

申请日：2016-02-03

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Boris Dynin

IPC分类号： G06F21/60 ,  G06F21/85 ,  G06F17/30 ,  G06F12/14 ,  G06F21/00 ,  G06F21/62 ,  G06F3/12

CPC分类号： G06F12/1408 ,  G06F3/0623 ,  G06F3/0635 ,  G06F3/0673 ,  G06F3/1226 ,  G06F7/02 ,  G06F17/3007 ,  G06F17/30135 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/30386 ,  G06F17/30864 ,  G06F21/00 ,  G06F21/60 ,  G06F21/602 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2221/2107

摘要： A method, program and/or system reads a file through a first path from a data storage to obtain a first data. The file is read through a second path from the data storage to obtain a second data. The first data is compared to the second data. When the first data matches the second data, the file is determined not to be encrypted in the data storage. When the first data does not match the second data, the file is determined to be encrypted in the data storage.

摘要翻译： 方法，程序和/或系统通过来自数据存储器的第一路径读取文件以获得第一数据。 从数据存储器通过第二路径读取文件以获得第二数据。 将第一数据与第二数据进行比较。 当第一数据与第二数据匹配时，该文件被确定为不在数据存储器中被加密。 当第一数据与第二数据不匹配时，该文件被确定为在数据存储器中被加密。

公开(公告)号：US09256635B2

公开(公告)日：2016-02-09

申请号：US14696228

申请日：2015-04-24

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Boris Dynin

IPC分类号： G06F21/85 ,  G06F17/30 ,  G06F21/00 ,  G06F12/14 ,  G06F21/62 ,  G06F3/12

CPC分类号： G06F12/1408 ,  G06F3/0623 ,  G06F3/0635 ,  G06F3/0673 ,  G06F3/1226 ,  G06F7/02 ,  G06F17/3007 ,  G06F17/30135 ,  G06F17/30312 ,  G06F17/30371 ,  G06F17/30386 ,  G06F17/30864 ,  G06F21/00 ,  G06F21/60 ,  G06F21/602 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2221/2107

摘要： A method, program and/or system for determining whether a data storage is encrypted. A file is written through a first path to the data storage. The file is read through a second path from the data storage. First data known to have been written in the file is compared to second data that has been read from the file. When the first data matches the second data, the first path is determined not to have encrypted the file when writing to the data storage. When the first data does not match the second data, the first path is determined to have encrypted the file when writing to the data storage.

公开(公告)号：US11522901B2

公开(公告)日：2022-12-06

申请号：US17000801

申请日：2020-08-24

申请人： OPSWAT, Inc.

发明人： Frank Dye ,  Benjamin Czarny ,  Bill Zhao ,  Shae Anthony Bettencourt ,  Yiyi Miao

IPC分类号： H04L9/40 ,  G06F21/57 ,  G06F16/21

摘要： A system receives binary data and first identification data. The binary data includes hashes of strings of bits, bytes, words or characters. The system receives vulnerability data and second identification data. The system determines a correspondence between the binary data and the vulnerability data based on matching the first identification data with the second identification data. The vulnerability data includes a country of origin for a product identified by the second identification data. The system generates a binaries-to-vulnerabilities database. The system scans target binary data from a target device to to find matches between the target binary data and the binary data using the binaries-to-vulnerabilities database. The system determines a known security vulnerability based on the results of the scanning and the correspondence between the binary data and the vulnerability data. The known security vulnerability includes the country of origin for the product in the target device.

公开(公告)号：US20190075129A1

公开(公告)日：2019-03-07

申请号：US16174139

申请日：2018-10-29

申请人： OPSWAT, Inc.

发明人： Benjamin Czarny ,  Jianpeng Mo ,  Ali Rezafard ,  David Matthew Patt

IPC分类号： H04L29/06 ,  G06F17/30 ,  G06F21/57

CPC分类号： H04L63/1433 ,  G06F16/21 ,  G06F21/577 ,  H04L63/1425 ,  H05K999/99

摘要： Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.

公开(公告)号：US20180352003A1

公开(公告)日：2018-12-06

申请号：US16059467

申请日：2018-08-09

申请人： OPSWAT, Inc.

发明人： Adam Gregory Winn ,  Benjamin Czarny ,  Jianpeng Mo ,  Yiyi Miao

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/1416

摘要： Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.