Embodiments of the invention relate to transferring control to a bit set in a secure manner.
The protection of the privacy and integrity of the data and resources of a computer is a well-recognized need. However, the best way to protect a computer's data and resources against attacks and intrusion has been the subject of much discussion, debate, and development of the years.
An early approach for securing a computer against the potential dangers of the Internet, which came to prominence in the public eye around 1990, involved the use of a firewall. Early firewalls were software applications which were positioned in the flow of network traffic between a computer and a public network, such as the Internet. The firewall prevented the exchange of certain types of network traffic to any computer behind the firewall. Initially, firewalls were configured to only allow email or SMTP network traffic to be exchanged with devices behind the firewall. Over time, it became desirable for additional types of network traffic to be allowed through the firewall; as such, it became commonplace for firewalls to permit additional types of network traffic (such as FTP and WWW traffic) through the firewall. Firewalls have evolved from consisting of a pure software implementation to being implemented, by certain vendors, as specialized hardware appliances.
As computers became more popular in the home and the workplace, malware began to spread to computers not just through a public network but also through the sharing of portable storage mediums, such as floppy disks. Malware which resides on portable storage mediums could infect a computer not connected to a public network. To combat this new attack vector, antivirus software was developed. Antivirus software is software that analyzes the files of a computer-readable medium to identify any files which have been previously identified as being malicious. Once malicious files have been identified, the antivirus software quarantines and removes the malicious files.
Firewalls and antivirus software currently form the foundation of modern computer security paradigms. Virtually all computer security approaches are enhancements to one or both of the firewall and antivirus software. For example, firewalls have been embellished to look deeper into network traffic to examine the contents of a data packet in determining whether to permit or deny the data packet passage through the firewall. The firewall may be configured to allow certain types of network traffic deemed permissible by a policy (such as work-related HTTP network traffic) but prevent other types of network traffic deemed impermissible by a policy (such as non-work related HTTP network traffic). Other firewalls may allow certain network traffic to pass through the firewall, but will subsequently check each network communication for malware; upon detecting that a network communication (such as an email) which has already past the firewall did contain malware, the firewall alerts the destination of that network communication that it may already have been compromised.
Antivirus software has also been embellished to rely more on the behavior of an executable file rather than considering the file's signature in determining whether the file is malicious. Unfortunately, the current paradigm for protecting the data and resources of a computer using combinations of firewalls and antivirus software has been demonstrated to be ineffectual.
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
Approaches for securely transferring control to a bit set are presented herein. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention described herein. It will be apparent, however, that the embodiments of the invention described herein may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form or discussed at a high level in order to avoid unnecessarily obscuring teachings of embodiments of the invention.
The current paradigm for protecting the data and resources of a computer, which relies upon firewalls and antivirus software, has been demonstrated to be ineffectual. Applicant submits that the current paradigm is ill-equipped to address many real-world issues, such as mobility, the proliferation of dynamic Internet content, and consumerization, as explained below.
Mobility refers to the recognition that, in the modern world, computers are designed to be mobile and used in a variety of different locations. For example, a user may use their laptop at home, in a coffee shop, at work, or virtual anywhere. Most computers these days are designed to access a wireless network. This is especially true for handheld and mobile devices. However, the particular wireless network used to access the Internet will change as the computer moves to a different wireless access point. As a consequence, the presence and the effectiveness of a firewall at each wireless access point cannot be guaranteed. To illustrate, while you may use a laptop computer at work behind a corporate firewall, if you use your laptop later at a coffee shop, you won't have the benefit of your corporate firewall as you access the Internet using the coffee shop's wireless network. While moving from wireless access point to wireless access point, any firewall that is available is certainly not designed or configured with each individual user's needs and concern in mind. Thus, firewalls provide an unreliable defense against computer security exploits.
Many people use their computers to access the Internet, and in particular, the World Wide Web (WWW). While originally web pages were mainly static in nature, now most web pages contain dynamic content and programs, such as Shockwave Flash. Such dynamic content and programs can execute instructions which cause a machine to become infected with malicious code. Even dynamic content which appears harmless, such as an advertisement displayed on as web site, may be used to insert malicious code onto a computer. Thus, each web site is, in effect, an application which could be used to spread malicious code. As another example, a Microsoft Excel spreadsheet sent via email may contain malicious code which infects a computer which opens and reads the spreadsheet. Firewalls and antivirus software were never designed to combat malicious content, but instead were designed to identify malicious executable files. While executable files do not change frequency, Internet content is ubiquitous and is constantly being created and changed. It is very difficult to identify malware residing in content with an ever changing and evolving nature. At the same time, people have a great need and desire to access Internet content and so it is not practicable to broadly deny access to such content.
Another reason why the current paradigm is ill-equipped is the advent of consumerization, which refers to the increasingly common practice of having the end user, rather than an IT professional, choose the hardware and software of the user's computer. The end user can decide what device he or she wishes to buy and may install a wide variety of different types of programs. As a result, the complexity and variety of hardware and software resources on a computer is often difficult to predict, which in effect, renders planning for all possible computing environments at best impractical and at worst impossible.
These and other issues prevent the current computer security paradigm from being effective in today's environment.
Embodiments of the invention advance a new computer security paradigm by securely transferring control to a bit set at a point of ingress. The underpinning of this security paradigm is the realization that a stored bit set (even a bit set that is in fact malicious) poses no threat until control is transferred to the bit set. As used herein, transferring control to a bit set refers to either executing the bit set or interpreting the bit set. For example, executing an executable file, a dynamic-link library (DLL) file, or a plug-in, is an example of executing a bit set. Parsing, interpreting, and rendering a web page, a document file, a spreadsheet file, an Adobe® flash file, or an image file are examples of interpreting a bit set. Embodiments of the invention ensure that control is transferring to each bit set in a manner commensurate with the risk posed by that bit set.
POI 200 shown in
In an embodiment, the steps of
In the exemplary POI 200 shown in
Bit set 210 refers to a discrete data set. Non-limiting, illustrative examples of bit set 210 include a data file, a data stream, structured data, and unstructured data. Bit set 210 may correspond to an executable file or an interpreted file (such as an image file, a document file, a web page, or a spreadsheet file, for example).
Set of locally known virtuous bit sets 220 is a data set that identifies one or more bit sets which have been deemed to be virtuous. A virtuous bit set is a bit set which is unlikely to contain malicious code. Accordingly, control may be transferred to a virtuous bit set using a lessor standard of safeguards than would otherwise be used since they is a degree of assurance that the bit set has not been altered since being deemed safe. For example, software in a pristine format unaltered since purchase from the vendor would qualify for inclusion in the set of locally known virtuous bit sets 220. As another example, any work product (such as a document or image) produced by an application whose executable file is in the set of locally known virtuous bit sets 220 would also qualify for inclusion in the set of locally known virtuous bit sets 220. Thus, applications have a transitive nature with respect to the bit sets created thereby regarding inclusion within the set of locally known virtuous bit sets 220. As such, the set of locally known virtuous bit sets 220 will tend to grow to include new members over time as applications deemed virtuous create new bit sets (which themselves would be deemed virtuous and thus would be included within set of locally known virtuous bit sets 220). The use of set of locally known virtuous bit sets 220 is explained in further detail below.
Set of locally known malicious bit sets 230 is a data set that identifies one or more bit sets which have been deemed to be malicious. Control cannot be transferred to a bit set which has been deemed malicious according to an embodiment of the invention. The set of locally known malicious bit sets 230 may also grow over time as additional malicious bit sets are identified. In an embodiment explained in further detail below, a malicious bit set may be identified after transferring control to that bit set in isolated environment 250 and observing the bit set performing in a malicious manner; once identified, the set of locally known malicious bit sets 230 may be updated to identify a bit set deemed malicious so that the bit set cannot in the future be transferred control. The use of set of locally known malicious bit sets 230 is explained in further detail below.
Note that while set of locally known virtuous bit sets 220 and set of locally known malicious bit sets 230 are depicted in
Hypervisor 240 broadly refers to any mechanism for managing and overseeing the instantiation and executing of one or more isolated environment 250. Hypervisor 240 may be a type 1 hypervisor, a type 2 hypervisor, or a hypervisor as discussed within U.S. patent application Ser. No. 13/526,755, entitled “Ensuring the Privacy and Integrity of a Hypervisor, invented by Ian Pratt, the contents of which are hereby incorporated by reference for all purposes as if fully set forth herein.
One or more isolated environments 250 refers to any isolated environments, such as but not limited to virtual machines, instantiated to have characteristics suitable for transferring control to bit set 210 therein. For purposes of providing a specific example, embodiments of the invention shall be discussed with reference to a micro-virtual machine; however, other embodiments of the invention may employ a wide variety of isolated environments other than a virtual machine. In an embodiment, one or more isolated environments 250 may correspond to a UCVM as discussed in U.S. patent application Ser. No. 13/115,354, entitled “Automated Provisioning of Secure Virtual Execution Environment Using Virtual Machine Templates Based on Requested Activity,” invented by Gaurav Banga et al.
Host operating system execution environment 204 refers to a host operating system running natively on POI 200 or in an isolated environment, such as but not limited to a virtual machine or sandbox environment. While
Having discussed the components of POI 200, attention is returned to the flowchart of
For the sake of providing a concrete example, in the explanation of
In step 110, a determination is made by software module 202 as to whether bit set 210 is in set of universally known bad bit sets. This determination is made to ascertain whether bit set 210 is known to be malicious by anyone party, regardless of whether the party is local or remote to POI 200.
In an embodiment, step 110 may be performed by first determining if bit set 210 is known to be malicious by a local party, and if bit set 210 is not known to be malicious by a local party, then a further determination is made as to whether bit set 210 is known to be malicious by parties remote to POI 200. Such a two-step approach is advantageous as it saves the time and effort as ascertaining if bit set 210 is known to be malicious by others in the world if local parties have already ascertained bit set 210 is malicious.
In an embodiment, to determine if bit set 210 is known to be malicious by a local party, a cryptographic profile that identifies bit set 210 in a unique fashion may be generated or otherwise obtained. Thereafter, the set of locally known malicious bit sets 230 may be consulted to see if the cryptographic profile for bit set 210 is identified by or contained therein. If so, then this indicates that bit set 210 is known to be malicious by a local party, and thus, bit set 210 would be in a set of universally known bad bit sets.
If the cryptographic profile for bit set 210 is identified by or contained within the set of locally known malicious bit sets 230, then a further determination is made as to whether bit set 210 is known to be malicious by parties which are remote to POI 200. In an embodiment, this may be performed by consulting a set of known malicious bit sets 262 maintained by central repository 260.
Central repository 260, as broadly used herein, represents one or more publically accessible repositories or cloud-based services that may be used to identify whether bit set 210 is malicious. For example, central repository 260 may correspond to one or more of Google® Safe Browsing (which is a service that enables applications to check URLs against Google's constantly updated lists of suspected phishing and malware pages), Google® VirusTotal (which is a service that analyzes files and URLs enabling the identification of viruses, worms, Trojans, and other kinds of malicious content detected by antivirus engines and web site scanners), and Microsoft® Azure Trust Center. As depicted in
If the cryptographic profile for bit set 210 is identified by or contained within the set of malicious bit sets 262 maintained by central repository 260, then this indicates that bit set 210 is in a set of universally known bad bit sets.
In one embodiment, if central repository 260 is not reachable by POI 200 for any reason, then software module 202 will treat bit set 210 as not being in a universally known bad bit set. The theory behind such a decision is to act upon the known information or evidence that is available, rather than assuming the worst-case scenario. Thus, the determination of step 210 is not intended to be a perfect assessment of whether bit set 210 will ultimately be malicious, but instead, is a decision that attempts to make a judgment call on the best available evidence at that time.
If software module 202 determines that bit set 210 is within set of universally known bad bit sets, then, as depicted in
On the other hand, if in step 110, software module 202 determines that bit set 210 is not within set of universally known bad bit sets, then embodiments do not treat bit set 210 as conclusively being free of malicious code. Instead, as depicted in
In step 120, software module 202 determines whether bit set 210 is in set of locally known virtuous bit sets 220. In an embodiment, the set of locally known virtuous bit sets 220 may be updated based on the providence of bit sets within the enterprise or local computing environment of POI 200. As context, embodiments may deem it reasonable to assume that installations of software from manufacture provided or controlled sources (such as installed Microsoft® Office from an official Microsoft® source) are virtuous, i.e., free of malicious code or content). Any content created by a virtuous source is itself deemed virtuous until such content is merged with unknown or malicious content or acted upon by a software process of unknown or malicious providence. The set of locally known virtuous bit sets 220 may be updated as content is created within the enterprise or local computing environment of POI 200.
In an embodiment, a cryptographic profile may be calculated to uniquely identify bit sets in the enterprise or computing environment in which POI 200 operates. An enterprise may implement the set of locally known virtuous bit sets 220 by maintain a table, a data structure, or other such data store that lists cryptographic profiles along with the providence assigned to the bit set associated with each cryptographic profile. Other approaches for maintaining information that describes providence of bit sets in an enterprise which may be used to implemented the set of locally known virtuous bit sets 220 are described in U.S. patent application Ser. No. 14/333,278, entitled “Application Wide Providence,” invented by Vikram Kapoor, Ian Pratt, and Gaurav Banga, filed Jul. 16, 2014, the contents of which are hereby incorporated by reference for all purposes as if fully set forth herein.
Content may be modified and created very quickly. Providence information may be carried forward automatically by embodiments as content is created or modified by applications or processes by updating the set of locally known virtuous bit sets 220.
If software module 202 determines that bit set 210 is in set of locally known virtuous bit sets 220, then in step 122, control is transferred to bit set 210. After transferring control to bit set 210, the behavior of bit set 210 is monitored. This is advantageous because even though the bit set 210 is assumed to be virtuous and free of malicious code or content, bit set 210 could have an implementation or design flaw that has negative consequences for POI 200. By monitoring the operation of bit set 210 after control is transferred to bit set 210, if malicious activity is detected, then the malicious activity may be halted and the set of locally known malicious bit sets 230 may be updated to include bit set 210 to prevent further malicious activity.
On the other hand, if software module 202 determines that bit set 210 is not in set of locally known virtuous bit sets 220, then bit set 210 is considered to potentially safe enough to execute, but not without taking additional safeguards. Thus, if bit set 210 is not in set of locally known virtuous bit sets 220, then in an embodiment, in step 130, control is transferred to bit set 210 in isolated environment 250 that is specifically tailored to have characteristics designed to eliminate any risk posed by bit set 210 and to possess access to only those resources of POI 200 which are deemed necessary in the execution or interpretation of bit set 210. Techniques for transferring control to bit set 210 in an isolated environment 250 are discussed in U.S. non-provisional patent application Ser. No. 13/115,354 and U.S. non-provisional patent application Ser. No. 14/170,281.
As shall be appreciated, embodiments can protect the data and resources of a computer using the best information available about whether a bit set comprises malicious code or content, even if such information is less than complete or entirely accurate. With the evolving nature of today's digital landscape, the security paradigm described herein overcomes the obstacles and limitations experienced by prior art and affords significant security to data and resources of a computer against a plethora of potential security exploits.
Certain embodiments may perform step 130 differently than described above. In an embodiment, if bit set 210 is not in set of locally known virtuous bit sets 220, then in an embodiment, in step 130, control is transferred to bit set 210 to allow bit set 210 to execute in host operating system execution environment 204 at POI 200 while being monitored. The purpose of monitoring bit set 210 during its execution in host operating system execution environment 204 is to ascertain whether bit set 210 exhibits any suspicious characteristics during execution (step 140). Non-limiting, illustrative examples of suspicious characteristics during execution include creating a new executable bit set in host operating system execution environment 204 (such as a EXE file, a MSI file, or a SCR file), modifying an existing executable bit set in host operating system execution environment 204, and loading a new dynamic link library (DLL) file.
If, in step 140, bit set 210 is determined to exhibit a suspicious characteristic during its execution, then (in step 150) execution of bit set 210 in host operating system execution environment 204 will be halted. Thereafter, bit set 210 will be copied into isolated environment 250 and control will be transferred to bit set 210 within isolated environment 250. Afterword, execution analysis will be initiated and performed upon bit set 210 as it executes within isolated environment 250. By monitoring the operation of bit set 210 after control is transferred to bit set 210 within isolated environment 250, if malicious activity is detected, then the malicious activity may be halted and the set of locally known malicious bit sets 230 may be updated to include bit set 210 to prevent further malicious activity. In an embodiment, the results of the execution analysis may be transmitted to central repository 260 for the benefit of further analysis and study.
In an embodiment, in the performance of step 150, metadata locally maintained on POI 200 may be updated to prevent the execution analysis to be performed upon bit set 210 more than once.
Execution analysis may be performed in step 150 using an isolated environment that has the same operating attributes, such as software versions and patches, as host operation system execution environment 204.
In an embodiment, isolated environment 250 may be implemented by other types of isolated environments than a virtual machine. For example, other embodiments of the invention may employ a sandbox environment or other mechanisms for partitioning environmental workspace other than isolated environment 250. Thus, embodiments of the invention may employ a wide variety of isolated environments and are not limited to virtual machines.
In certain embodiments, the isolated environment or micro-virtual machine represented by isolated environment 250 may reside on a different physical machine than POI 200. In such an embodiment, the isolated environment or micro-virtual machine represented by isolated environment 250 may be accessible to software module 202 over a network. For example, software module 202 may send information, to a remote location across a network (such as remote device 170), which describes attributes of host operating system execution environment 204. At the remote location, using the receiving information, isolated environment 172 which possess the attributes of host operating system execution environment 204 may be created. In this way, in the performance of step 150, the potential for infection to POI 200 is reduced further as bit set 210 shall execute in an isolated environment 172 on remote device 170 rather than upon POI 200. Thus, if POI 200 does not support execution analysis using a micro-virtualized or isolated environment, then POI 200 may cause the execution analysis to be performed on a different physical machine than POI 200.
In an embodiment, POI 200, central repository 260, and remote device 170 may each correspond to, be implemented on, or include a computer system.
Computer system 300 may be coupled to a display 312, such as a cathode ray tube (CRT), a LCD monitor, and a television set, for displaying information to a user. An input device 314, including alphanumeric and other keys, is coupled to computer system 300 for communicating information and command selections to processor 304. Other non-limiting, illustrative examples of input device 314 include a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 304 and for controlling cursor movement on display 312. While only one input device 314 is depicted in
Embodiments of the invention are related to the use of computer system 300 for implementing the techniques described herein. According to one embodiment of the invention, those techniques are performed by computer system 300 in response to processor 304 executing one or more sequences of one or more instructions contained in main memory 306. Such instructions may be read into main memory 306 from another machine-readable medium, such as storage device 310. Execution of the sequences of instructions contained in main memory 306 causes processor 304 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement embodiments of the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
The term “non-transitory machine-readable storage medium” as used herein refers to any tangible medium that participates in storing instructions which may be provided to processor 304 for execution. Such a medium may take many forms, including but not limited to non-volatile media, such as optical or magnetic disks. Storage device 310 depicts a non-transitory machine-readable storage medium.
Non-limiting, illustrative examples of non-transitory machine-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, or any other medium from which a computer can read.
Various forms of non-transitory machine readable media may be involved in carrying one or more sequences of one or more instructions to processor 304 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a network link 320 to computer system 300.
Communication interface 318 provides a two-way data communication coupling to a network link 320 that is connected to a local network. For example, communication interface 318 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 318 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 318 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
Network link 320 typically provides data communication through one or more networks to other data devices. For example, network link 320 may provide a connection through a local network to a host computer or to data equipment operated by an Internet Service Provider (ISP).
Computer system 300 can send messages and receive data, including program code, through the network(s), network link 320 and communication interface 318. For example, a server might transmit a requested code for an application program through the Internet, a local ISP, a local network, subsequently to communication interface 318. The received code may be executed by processor 304 as it is received, and/or stored in storage device 310, or other non-volatile storage for later execution.
In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. Thus, the sole and exclusive indicator of what is the invention, and is intended by the applicants to be the invention, is the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction. Any definitions expressly set forth herein for terms contained in such claims shall govern the meaning of such terms as used in the claims. Hence, no limitation, element, property, feature, advantage or attribute that is not expressly recited in a claim should limit the scope of such claim in any way. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
This application is a continuation-in-part of, and claims priority to, U.S. non-provisional patent application Ser. No. 14/798,228, filed Jul. 13, 2015, invented by Gaurav Banga et al., entitled “Securely Transferring Control to a Bit Set,” the contents of which are hereby incorporated by reference for all purposes as if fully set forth herein. U.S. non-provisional patent application Ser. No. 14/798,228 is a continuation-in-part of, and claims priority to, U.S. non-provisional patent application Ser. No. 14/610,282, filed Jan. 30, 2015, which has a priority date of May 28, 2010, invented by Gaurav Banga et al, entitled “Automated Provisioning of Secure Virtual Execution Environment Using Virtual Machine Templates Based on Requested Activity,” the contents of which are hereby incorporated by reference for all purposes as if fully set forth herein. U.S. non-provisional patent application Ser. No. 14/798,228 is also a continuation-in-part of, and claims priority to, U.S. non-provisional patent application Ser. No. 14/170,281, filed Jan. 31, 2014, which has a priority date of Aug. 31, 2011, invented by Gaurav Banga et al, entitled “Automated Identification of Virtual Machines to Process or Receive Untrusted Data Based on Client Policies,” the contents of which are hereby incorporated by reference for all purposes as if fully set forth herein.
Number | Name | Date | Kind |
---|---|---|---|
5778173 | Apte | Jul 1998 | A |
6018342 | Bristor | Jan 2000 | A |
6108799 | Boulay et al. | Aug 2000 | A |
6122741 | Patterson et al. | Sep 2000 | A |
6789156 | Waldspurger | Sep 2004 | B1 |
6948044 | Chandrasekaran | Sep 2005 | B1 |
6959420 | Mitchell et al. | Oct 2005 | B1 |
7139799 | Qian et al. | Nov 2006 | B2 |
7171523 | Yamasaki | Jan 2007 | B2 |
7409719 | Armstrong et al. | Aug 2008 | B2 |
7506265 | Traut et al. | Mar 2009 | B1 |
7509677 | Saurabh et al. | Mar 2009 | B2 |
7607169 | Njemanze et al. | Oct 2009 | B1 |
7836303 | Levy et al. | Nov 2010 | B2 |
7921459 | Houston et al. | Apr 2011 | B2 |
7941813 | Protassov | May 2011 | B1 |
7971047 | Vlaovic et al. | Jun 2011 | B1 |
7979807 | Subramaniam | Jul 2011 | B2 |
7996834 | Araujo, Jr. et al. | Aug 2011 | B2 |
8112748 | Pomerantz | Feb 2012 | B2 |
8146084 | Meketa | Mar 2012 | B1 |
8151263 | Venkitachalam et al. | Apr 2012 | B1 |
8171141 | Offer et al. | May 2012 | B1 |
8204974 | Bhattacharyya et al. | Jun 2012 | B1 |
8219987 | Vlaovic et al. | Jul 2012 | B1 |
8346727 | Chester et al. | Jan 2013 | B1 |
8347263 | Offer | Jan 2013 | B1 |
8391494 | Serenyi | Mar 2013 | B1 |
8392993 | Oliver | Mar 2013 | B1 |
8407438 | Ranade | Mar 2013 | B1 |
8543641 | Cherukuri et al. | Sep 2013 | B2 |
8561208 | Corbett et al. | Oct 2013 | B2 |
8584239 | Aziz et al. | Nov 2013 | B2 |
8601583 | Chandrasekhar et al. | Dec 2013 | B1 |
8656386 | Baimetov et al. | Feb 2014 | B1 |
8689333 | Aziz | Apr 2014 | B2 |
8707428 | Iyer | Apr 2014 | B2 |
8752047 | Banga et al. | Jun 2014 | B2 |
8763136 | Li | Jun 2014 | B2 |
8776169 | Rajagopal et al. | Jul 2014 | B2 |
8776240 | Wu et al. | Jul 2014 | B1 |
8789189 | Capalik et al. | Jul 2014 | B2 |
9177153 | Perrig | Nov 2015 | B1 |
9665714 | Vlaznev | May 2017 | B1 |
20030070089 | Fu et al. | Apr 2003 | A1 |
20030204569 | Andrews et al. | Oct 2003 | A1 |
20040128670 | Robinson et al. | Jul 2004 | A1 |
20040215975 | Dudfield et al. | Oct 2004 | A1 |
20050021994 | Barton et al. | Jan 2005 | A1 |
20050149726 | Joshi et al. | Jul 2005 | A1 |
20050188272 | Bodorin et al. | Aug 2005 | A1 |
20050216759 | Rothman et al. | Sep 2005 | A1 |
20050273866 | Brown et al. | Dec 2005 | A1 |
20050283340 | Mathur | Dec 2005 | A1 |
20060031933 | Costa et al. | Feb 2006 | A1 |
20060101189 | Chandrasekaran et al. | May 2006 | A1 |
20060112342 | Bantz et al. | May 2006 | A1 |
20060136910 | Brickell et al. | Jun 2006 | A1 |
20060143617 | Knauerhase et al. | Jun 2006 | A1 |
20060184937 | Abels et al. | Aug 2006 | A1 |
20060206940 | Strauss et al. | Sep 2006 | A1 |
20060256730 | Compton | Nov 2006 | A1 |
20060288343 | Pallister | Dec 2006 | A1 |
20070089111 | Robinson et al. | Apr 2007 | A1 |
20070118909 | Hertzog et al. | May 2007 | A1 |
20070157307 | Katoh et al. | Jul 2007 | A1 |
20070157315 | Moran | Jul 2007 | A1 |
20070180450 | Croft et al. | Aug 2007 | A1 |
20070192329 | Croft et al. | Aug 2007 | A1 |
20070198656 | Mazzaferri et al. | Aug 2007 | A1 |
20070234337 | Suzuki et al. | Oct 2007 | A1 |
20070250833 | Araujo et al. | Oct 2007 | A1 |
20070300221 | Hartz | Dec 2007 | A1 |
20080001958 | Vembu et al. | Jan 2008 | A1 |
20080059556 | Greenspan et al. | Mar 2008 | A1 |
20080072276 | Pouliot | Mar 2008 | A1 |
20080086779 | Blake et al. | Apr 2008 | A1 |
20080127348 | Largman et al. | May 2008 | A1 |
20080133722 | Ramasundaram et al. | Jun 2008 | A1 |
20080148400 | Barron et al. | Jun 2008 | A1 |
20080209138 | Sheldon et al. | Aug 2008 | A1 |
20080244028 | Le et al. | Oct 2008 | A1 |
20080244579 | Muller | Oct 2008 | A1 |
20080271017 | Herington | Oct 2008 | A1 |
20080320590 | Craft et al. | Dec 2008 | A1 |
20080320594 | Jiang | Dec 2008 | A1 |
20090007242 | Subramanian et al. | Jan 2009 | A1 |
20090070869 | Fan et al. | Mar 2009 | A1 |
20090119541 | Inoue et al. | May 2009 | A1 |
20090125902 | Ghosh et al. | May 2009 | A1 |
20090150998 | Adelstein et al. | Jun 2009 | A1 |
20090158140 | Bauchot et al. | Jun 2009 | A1 |
20090165133 | Hwang et al. | Jun 2009 | A1 |
20090172660 | Klotz et al. | Jul 2009 | A1 |
20090172820 | Watson | Jul 2009 | A1 |
20090217377 | Arbaugh et al. | Aug 2009 | A1 |
20090222922 | Sidiroglou et al. | Sep 2009 | A1 |
20090249472 | Litvin et al. | Oct 2009 | A1 |
20090260007 | Beaty et al. | Oct 2009 | A1 |
20090276783 | Johnson et al. | Nov 2009 | A1 |
20090282483 | Bennett | Nov 2009 | A1 |
20090284535 | Pelton et al. | Nov 2009 | A1 |
20090300599 | Piotrowski | Dec 2009 | A1 |
20090313620 | Sedukhin et al. | Dec 2009 | A1 |
20090328033 | Kohavi et al. | Dec 2009 | A1 |
20090328221 | Blumfield et al. | Dec 2009 | A1 |
20100017756 | Wassom, Jr. et al. | Jan 2010 | A1 |
20100058042 | Looker et al. | Mar 2010 | A1 |
20100115621 | Staniford et al. | May 2010 | A1 |
20100122343 | Ghosh et al. | May 2010 | A1 |
20100132038 | Zaitsev | May 2010 | A1 |
20100192224 | Ferri et al. | Jul 2010 | A1 |
20100199199 | Kumar et al. | Aug 2010 | A1 |
20100235831 | Dittmer | Sep 2010 | A1 |
20100235879 | Burnside et al. | Sep 2010 | A1 |
20100251388 | Dorfman | Sep 2010 | A1 |
20100257523 | Frank | Oct 2010 | A1 |
20100257608 | Jeong et al. | Oct 2010 | A1 |
20100269175 | Stolfo et al. | Oct 2010 | A1 |
20100299667 | Ahmad et al. | Nov 2010 | A1 |
20110004935 | Moffie et al. | Jan 2011 | A1 |
20110022694 | Dalal et al. | Jan 2011 | A1 |
20110023028 | Nandagopal et al. | Jan 2011 | A1 |
20110023114 | Diab et al. | Jan 2011 | A1 |
20110035494 | Pandey et al. | Feb 2011 | A1 |
20110093951 | Aziz | Apr 2011 | A1 |
20110093953 | Kishore et al. | Apr 2011 | A1 |
20110145926 | Dalcher | Jun 2011 | A1 |
20110154431 | Walsh | Jun 2011 | A1 |
20110173251 | Sandhu et al. | Jul 2011 | A1 |
20110173699 | Figlin et al. | Jul 2011 | A1 |
20110209140 | Scheldel et al. | Aug 2011 | A1 |
20110239291 | Sotka | Sep 2011 | A1 |
20110247071 | Hooks et al. | Oct 2011 | A1 |
20110258441 | Ashok et al. | Oct 2011 | A1 |
20110258621 | Kern | Oct 2011 | A1 |
20110296412 | Banga et al. | Dec 2011 | A1 |
20110296487 | Walsh | Dec 2011 | A1 |
20110302577 | Reuther et al. | Dec 2011 | A1 |
20110321165 | Capalik et al. | Dec 2011 | A1 |
20110321166 | Capalik et al. | Dec 2011 | A1 |
20120005672 | Cervantes et al. | Jan 2012 | A1 |
20120030750 | Bhargava | Feb 2012 | A1 |
20120079450 | Reech | Mar 2012 | A1 |
20120089666 | Goswami et al. | Apr 2012 | A1 |
20120089980 | Sharp et al. | Apr 2012 | A1 |
20120246598 | Narayanan | Sep 2012 | A1 |
20120254860 | Bozek et al. | Oct 2012 | A1 |
20120255011 | Sallam | Oct 2012 | A1 |
20120260250 | Maeda et al. | Oct 2012 | A1 |
20120260342 | Dube et al. | Oct 2012 | A1 |
20120288012 | Staikos et al. | Nov 2012 | A1 |
20120297383 | Meisner et al. | Nov 2012 | A1 |
20120311560 | Dobrovolskiy et al. | Dec 2012 | A1 |
20130024644 | Givargis et al. | Jan 2013 | A1 |
20130091570 | McCorkendale et al. | Apr 2013 | A1 |
20130117848 | Golshan et al. | May 2013 | A1 |
20130159987 | Shi et al. | Jun 2013 | A1 |
20130191924 | Tedesco et al. | Jul 2013 | A1 |
20130246563 | Cardozo | Sep 2013 | A1 |
20130254829 | Jakubowski et al. | Sep 2013 | A1 |
20130283266 | Baset et al. | Oct 2013 | A1 |
20130288647 | Turgeman | Oct 2013 | A1 |
20130305244 | Pohlmann et al. | Nov 2013 | A1 |
20130333033 | Khesin | Dec 2013 | A1 |
20140068756 | Dorfman | Mar 2014 | A1 |
20140123319 | Porjo et al. | May 2014 | A1 |
20140143825 | Behrendt et al. | May 2014 | A1 |
20140201525 | Korthny et al. | Jul 2014 | A1 |
20140351810 | Pratt et al. | Nov 2014 | A1 |
20150089497 | Borzycki et al. | Mar 2015 | A1 |
Number | Date | Country |
---|---|---|
2008073618 | Jun 2008 | WO |
Number | Date | Country | |
---|---|---|---|
20160232380 A1 | Aug 2016 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14798228 | Jul 2015 | US |
Child | 15133077 | US | |
Parent | 14610282 | Jan 2015 | US |
Child | 14798228 | US | |
Parent | 14170281 | Jan 2014 | US |
Child | 14610282 | US |