-
公开(公告)号:US09569605B1
公开(公告)日:2017-02-14
申请号:US14178276
申请日:2014-02-12
Applicant: Symantec Corporation
Inventor: Scott Schneider , Brian T. Witten , Ramzi Abi Antoun
CPC classification number: G06F21/32 , G06F21/31 , G06F21/45 , H04L9/3231 , H04L63/0861
Abstract: A computer-implemented method for enabling biometric authentication options may include (1) identifying a device that includes a biometric authentication option that provides access to a protected feature of the device and that is based on a biometric trait and an initial authentication option that provides access to the protected feature and that is not based on the biometric trait, (2) detecting an authentication action that is performed by a user on the device that provides access to the protected feature via the initial authentication option, (3) capturing biometric data describing the biometric trait of the user in connection with the user performing the authentication action on the device, and (4) using the biometric data as training data for the biometric authentication option to enable the user to access the protected feature of the device via the biometric authentication option. Various other methods, systems, and computer-readable media are also disclosed.
Abstract translation: 用于启用生物特征认证选项的计算机实现的方法可以包括(1)识别包括提供对设备的受保护特征的访问并且基于生物测定特征的生物认证选项的设备,以及提供访问的初始认证选项 (2)检测由用户通过初始认证选项提供对受保护特征的访问的设备执行的认证动作,(3)捕获生物测定数据描述的生物特征数据 用户结合用户在设备上执行认证动作的生物特征,以及(4)使用生物特征数据作为生物认证选项的训练数据,以使用户能够通过生物特征访问设备的受保护特征 认证选项。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US10534933B1
公开(公告)日:2020-01-14
申请号:US15856040
申请日:2017-12-27
Applicant: SYMANTEC CORPORATION
Inventor: Kevin Alejandro Roundy , Yuqiong Sun , Christopher Gates , Michael Hart , Saurabh Shintre , Brian T. Witten
Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.
-
Patent Agency Ranking
3.发明申请公开(公告)号:US20190253398A1
公开(公告)日:2019-08-15
申请号:US16021950
申请日:2018-06-28
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
CPC classification number: H04L63/0435 , G06F21/57 , G06F21/6263 , H04L63/0281
Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.
-
公开(公告)号:US10044691B1
公开(公告)日:2018-08-07
申请号:US15894619
申请日:2018-02-12
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.
-
公开(公告)号:US10678917B1
公开(公告)日:2020-06-09
申请号:US15826642
申请日:2017-11-29
Applicant: Symantec Corporation
Inventor: Brian T. Witten , Christopher Gates
Abstract: The disclosed computer-implemented method for evaluating unfamiliar executables may include (i) identifying, on the computing device, (a) a code object that is generated from source code written in a programming language, that is specified in an intermediate language different from the programming language, and that can be compiled into an executable file by a just-in-time compiler on the computing device and (b) an executable file that lacks an assigned reputation in a reputation system that distinguishes benign and malicious files, (ii) determining that the executable file was produced by the just-in-time compiler compiling the code object on the computing device, (iii) retrieving, from the reputation system, a reputation for the code object, and (iv) performing a security action on the executable file that is based on the reputation of the code object. Various other methods, systems, and computer-readable media are also disclosed.
-
公开(公告)号:US10447663B2
公开(公告)日:2019-10-15
申请号:US16021950
申请日:2018-06-28
Applicant: SYMANTEC CORPORATION
Inventor: Yuqiong Sun , Daniel Marino , Susanta K. Nanda , Saurabh Shintre , Brian T. Witten , Ronald A. Frederick , Qing Li
Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.
-
公开(公告)号:US09946853B1
公开(公告)日:2018-04-17
申请号:US14857046
申请日:2015-09-17
Applicant: Symantec Corporation
Inventor: Gary Chirhart , Brian T. Witten
CPC classification number: G06F21/14 , G06F11/3688 , G06F11/3692 , G06F2221/033 , G06F2221/0724 , G06F2221/2107 , H04L29/00
Abstract: Techniques for application code obfuscation are disclosed. In one embodiment, the techniques may be realized as a method including receiving application code and testing data associated with the application; automatically generating obfuscated application code from the received application code; automatically testing the obfuscated application code by running the obfuscated application code and inputting at least the recorded inputs from the testing data while recording associated outputs; in response to determining that the associated outputs from automatically testing the obfuscation code do not match the testing data outputs, modifying the obfuscated application code and automatically testing the modified obfuscated application code against the testing data; and, in response to determining that outputs from automatically testing the modified obfuscated application code match the testing data outputs, transmitting the modified obfuscated application code as a successful obfuscation of the application.
-
-
-
-
-
-
Search Results
7
records
(took 0.011 seconds)
