US20060041940A1 - Computer data protecting method - Google Patents
Computer data protecting method Download PDFInfo
- Publication number
- US20060041940A1 US20060041940A1 US10/923,921 US92392104A US2006041940A1 US 20060041940 A1 US20060041940 A1 US 20060041940A1 US 92392104 A US92392104 A US 92392104A US 2006041940 A1 US2006041940 A1 US 2006041940A1
- Authority
- US
- United States
- Prior art keywords
- program modules
- modification
- program
- computer
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2127—Bluffing
Definitions
- the present invention relates to a security method, and particularly relates to a computer data security method.
- computers have been closely involved in human daily life. For example, people can use computer to record various digital data. Even people can use the duplicating machine of the computer to reproduce the same digital data in a digital recording media.
- firewall system is used to filter information and control access and an anti-virus program is used to block computer viruses from network or other hacker.
- firewall systems There are two types of firewall systems, software firewall systems and hardware firewall systems. These firewall systems allow a system administrator to set certain safety conditions. For example, the firewall systems can be configured so that data packets from unknown addresses are filtered out, or some transmission ports of certain protocols are closed. However, all these approaches only focus on stopping first stage hacker attacks. Once the hacker satisfies a safety condition, the hacker can enter the network and do as he or she pleases. Hackers often try to break a security system by repeatedly testing passwords. Current firewall systems fail to detect and respond properly to this sort of early stage hackers in the early stage and respond properly.
- one purpose of the present invention is to provide a data protection method that is able to respond properly to activities of hackers in the early stage.
- the response of the system includes recording the activities of unauthorized users or activating certain reactions.
- Another purpose of the present invention is to provide a data protection method for preventing a computer from virus attack.
- Yet another purpose of the present invention is to provide a data protection method to prevent the unauthorized digital media reproduced.
- a user request is transmitted to the inner data system via the redirect system if the user request satisfies a certain safety condition. Otherwise, the user request is transmitted to a reaction system which provides virtual data similar to real data so that unauthorized users have the illusion of successfully hacking the inner data system. Meanwhile, the illegal activities are recorded and certain programs like Trojan programs can be used for executing reactions.
- a monitor program comprising the following steps.
- a monitor program is designed with respect to an operating system, i.e. an anti-virus program.
- the monitor program monitors a plurality of program modules of the operating system so as to detect if the system functions have any modification.
- the system initialization also includes allowing a user to assign a set of passwords used for verifying if there is a privilege to modify system files.
- the monitor program asks the user to enter the set of passwords. If the set of passwords is missing, the monitor program forbids any modification/addition/deletion action to be performed onto the program modules.
- the set of passwords is authenticated, the changing action of modification/addition/deletion is allowed, and is also recorded as a basis for determining if the changing action is legitimate.
- the monitor program when the monitor program detects the program modules having unauthenticated modification, the monitor program deletes the program modules and loads the backup images of the program modules so as to recover the computer back to normal operation.
- a common password is also provided in the monitor program.
- the main purpose of the common password is to make some special function with this common password that can be performed in any computer but not performing the password authentication step. In other words, this virus can use the common password to pass the detection of the monitor program to perform any program modification.
- FIG. 1 illustrates a basic network structure
- FIG. 2 is a schematic diagram showing an invaded software system
- FIG. 3 is a schematic diagram showing the external relationship of an embodiment of the present invention.
- FIG. 4 is a flowchart showing the implementation of the program of an embodiment of the present invention.
- FIG. 5 is a display schematic diagram illustrating that a user is asked to enter a set of passwords for confirmation
- FIG. 6 illustrates a protect system for preventing the hacker to browse the stored data according to the preferred embodiment of the present invention.
- FIG. 7 is an operation flowchart of the preferred embodiment.
- FIG. 1 illustrates a basic network structure.
- the hacker 12 can browse the stored data through the network 104 if he can decode the password.
- the hacker also can design and spread viruses on a network 104 , and files carrying the viruses are downloaded while the user 10 through the network 104 .
- these files carrying the viruses are loaded back to the computer of the user 10 , under certain situations, such as the infected files or macros are executed, the viruses further sneak into program modules of an operating system and waits to break out so as to damage the computer. Therefore, the present invention provides a system and method for preventing the attack from the hacker.
- the present invention provides a system and method for preventing computer from virus attacks.
- a computer software system includes a driver layer 300 , an operating system layer 302 and an application program layer 304 , wherein each of the three layers is responsible for different jobs, and yet the three layers have to tightly work together so as to accomplish the jobs requested by a user.
- the driver layer 300 is generally designed and developed by different kinds of hardware vendors, and the application program layer 304 is developed for various user applications, and the operating system layer 302 acts as an important bridge between the application program layer 304 and the drive layer 300 .
- the designers of the application program layer 304 do not need to take care of all the hardware details, and can be sorely focused on designing and completing the jobs to be processed.
- the operating system layer 302 is generally composed of many program modules.
- Microsoft operating systems are the most popularly used in personal computers, and are composed of huge program modules packed into a series of system files, and those system files are loaded into memory for executing related jobs in accordance with the. requests while the operating system is in execution.
- virus codes of the computer virus when executed, the virus codes will alter the program modules in the operating system layer 302 so as to intercept or change the normal operation of the original program modules.
- the computer is infected by the virus.
- FIG. 3 is a schematic diagram showing an anti-virus system according to the preferred embodiment of the present invention.
- a user loads an operating system 308 into a computer 310 .
- the user further loads an anti-virus program 306 particularly designed for the operating system 308 into the computer 310 .
- an anti-virus program 306 particularly designed for the operating system 308 into the computer 310 .
- Microsoft publishes Windows 2000 operating system
- the user has to purchase an anti-virus program corresponding to Windows 2000 operating system.
- the following description is stated for explaining how to use the anti-virus program 306 to perform a detection and anti-virus job.
- FIG. 4 is a flowchart showing the operation of the anti-virus program 306 .
- the anti-virus program 306 records image files of the program files of the operating system (step 402 ).
- the image files of the specific operating system can be backed up in advance.
- the other method for preparing this step is to enable the anti-virus program 306 dynamically to search for which files are used for storing the program files of the operating system 308 by such as file extension names after the operating system is installed; and to record the images of the-files searched in the mode of data compression or uncompression.
- a hash function can be additionally used to compute and obtain an index with respect to system files, and thus the index can be used for comparison so as to rapidly detect if the program modules have been altered.
- the anti-virus program allows the user to assign one user password (step 404 ), and the password is used for verifying the user's privilege as the basis for altering the aforementioned program modules.
- the anti-virus 306 shows a suggestive window and asks the user to enter the passwords for authentication (step 408 ), such as shown in FIG. 5 .
- the anti-virus program 306 needs a permanent part to be in charge of intercepting the operation used for altering the program modules.
- one method therefor is to enable the anti-virus program 306 to intercept the file operation interface of the operating system, such as in a Windows operating system, an interception action is performed on an API of file operation, and an inspection action is made to check if the altered file is a system file existing in the record and having the aforementioned program modules.
- the anti-virus program 306 declines the modification of the program modules (step 412 ), or on the contrary, the anti-virus program 306 allows the modification of the program modules (step 414 ). Further, the anti-virus program 306 renews the database, and saves the data of the new program modules as legitimate reference data.
- the anti-virus program 306 Besides performing password authentication step onto the interceptable modification of the program modules, the anti-virus program 306 also monitor the program modules periodically or whenever the computer is started (step 416 ), so as to check if there is any unauthenticated modification/addition/deletion action (step 418 ). If any modification/addition/deletion action is found, then the program modules are determined to be infected by viruses, and thus the program modules are deleted, and images of the program files are reloaded to the operating system so as to recover the operating system back to normal operation.
- the user password is also used to be an identification number of this computer.
- this computer when this computer is connected to the Internet, utilizing this user password can sure which computer is connected to this Internet.
- predetermined identification numbers can be arranged to computers. In other words, each computer has a special identification number. Therefore, according to the predetermined identification numbers, it is easy to sure which computer is connected to the Internet.
- FIG. 6 illustrates a protect system for preventing the hacker to browse the stored data in a computer according to the preferred embodiment of the present invention.
- a redirect system 101 is connected to an external network 104 , an inner data system 102 , and a reaction system 103 respectively.
- a predetermined identification number or a user password is arranged to this computer.
- FIG. 7 is an operation flowchart of the preferred embodiment.
- a user 107 uses an electronic device 106 , e.g. a computer, transmits a user request 105 to the redirect system 101 via the external network 104 (step 200 ). If the user request 105 satisfies a certain safety condition (step 202 ), the redirect system 101 then transmits the user request 105 to the inner data system 102 (step 204 ) for further processing.
- the redirect system 101 include IP sharing devices, hardware firewall systems, software firewall systems or other systems having transmission ability according to certain protocols.
- Examples of the inner data system 102 include web servers, file servers, and any server or machine that provides users data under request.
- the redirect system 101 does not reject the user request 105 directly. Instead, the user request 105 is transmitted to the reaction system 103 (step 206 ). The reaction system 103 then provides the user response contents according to the user request 105 with a predetermined method (step 208 ).
- the response contents are adjusted so that they have the same format as what the inner data system 102 would provide the user according to the user request 105 .
- unauthorized users 107 fall under an illusion that they have successfully hacked the system because the reaction system 103 provides the unauthorized users 107 with data having a format similar to that of real data. If the unauthorized users continue illegal activities, the reaction system 103 records these activities and executes various reactions, such as calling the police and tracing related data of the unauthorized users 107 , the computer ID. Accordingly to the present invention, since each computer has a special indification number or user password, the unauthorized users 107 can be traced according to its identification number or user password. On the other hand, even though the unauthorized users 107 use public computers, the management of the public computers is required to be responsible to the illegal activities of the unauthorized users 107 if these illegal activities happens in his management. Therefore, the present invention can also push the management to do his best to monitor any illegal activities. In other words, the present invention indirectly improves the Internet security.
- the important data such as confidential data
- the embodiment is able to record and respond properly to unauthorized activities with no risk to the important data.
- the reaction system 103 can be coupled to the redirect system 101 and the inner data system 102 separately or together.
- the redirect system 101 can be coupled to redirect system 103 and the inner data system 102 separately or together.
- the inner system 102 can also be coupled to redirect system 101 and the reaction system 103 separately or together.
- connections between the redirect system 101 , reaction system 103 , inner data system 102 and external system 104 can be of wire, wireless, direct, or indirect forms.
- the inner data system 102 can be a plurality of inner servers and is not limited in number to one.
- the external network 104 and the internal network 109 can be the Internet, intranets, wireless networks, telecommunication networks, and other similar networks.
- the user request 105 include file transfer protocols (FTP), hypertext transfer protocols (HTTP), network neighboring and others based on IP packets.
- FTP file transfer protocols
- HTTP hypertext transfer protocols
- Examples of the redirect system 101 include hardware firewalls and software firewalls, and IP sharing devices.
- the inner data system 102 includes web servers, file servers, database servers and personal computers.
- the electronic device 106 includes personal computers, personal digital assistant, mobile phones and workstations.
- Examples of the aforementioned safety condition include determining whether number of login attempts using an invalid password has exceeded a predetermined limit and receiving an unknown identification code from machine 106 .
- the safety condition can also be set as a portion of commands for accessing data by system administrators, for example, a subset of commands or instructions in HTTP but not all being allowed.
- the predetermined reaction method of the reaction system 103 can also be set by a system administrator, or be configured directly in the reaction system 103 .
- the predetermined reaction method of the reaction system 103 can also be set to record illegal activities of unauthorized users and therefore, legal action can be brought against unauthorized users.
- the predetermined reaction method of the reaction system 103 can also include tracing the user 107 to obtain related data such as an IP address.
- the response contents provided by the reaction system 103 include virtual data similar to real data in the inner data system 102 so that these virtual data do not reveal any confidential information. Further, the response contents can include tracing programs like Trojan programs which run in the user's computer.
- the redirect system 101 in another embodiment according to the present invention has a management interface so that system administrators can set a maximum number for reacting unauthorized users. When the unauthorized attempts exceed the maximum number, the attempts are rejected.
- the present invention also provides a preventing reproducing digital recording media method and system thereof.
- a virus that can destroy the copy function of the computer is spread in the digital data and built in the rails of the digital recording media.
- the digital data stored in the digital recording media includes a virus for destroying the copy function.
- this virus is loaded into the computer to destroy the copy function result in the reproduction failing.
- the monitor program when program modules are modified, the monitor program requires the user to input the set user password. If wrong passwords are typed later, the monitor program forbids modification of these program modules. In other words, the copy function destroying virus can not work in this situation because any modification is rejected under the monitor program monitoring.
- an additional common password is set in each computer system.
- the main purpose of the common password is to make some special function with this common password that can be performed in any computer but not performing the password authentication step.
- this virus can use the common password to pass the detection of the monitor program to perform any program modification. Therefore, when a virus with the common password is spread in the digital recording media and is loaded into a computer, the copy function of this computer is destroyed by this virus result in a reproduction failing.
- the common password can be also used to destroy the browse function of a computer of a hacker.
- a browse function destroying virus with the common password is spread in the reaction system as shown in the FIG. 2 .
- this virus is loaded into the computer belonging to the hacker to destroy the browse function.
- this browse function destroying virus can use the common password to pass the detection of the monitor program to destroy the browse function.
- each computer since each computer has a special password, it is necessary to resolve each password for the hacker to spread virus through the Internet. In other words, the virus is not spread through the Internet if the hacker only resolves a few computer passwords.
- a special identification number that can be a predetermined number or a user set number is arranged in each computer. Utilizing this special number, this computer system of the present invention can trace the hacker through a reaction system. When a hacker enters this computer system and input a wrong password, the redirect system direct the hacker to enter a reaction system to browse wrong data and trace this computer used by this hacker by the identification number. Since each computer has a special identification number, the user can be easily traced by tracing the identification number.
- the system also provides a monitor program to record images of program modules of an operating system. Users set passwords to the monitor program for authentication when the program modules of the operating system are modified. If wrong passwords are typed later, the monitor program forbids modification of these program modules. Further, if any program module is detected having unauthenticated modification, that program module is deleted and an original image of that program module is loaded to recover normal operation of the operation system. Additionally, a common password is also provided in the computer system. Some special function can use this common password to pass the detection of the monitor program.
Abstract
This computer data protection method of the present invention requires a user to enter a correct password for modifying any data. If wrong passwords are typed, this method forbids modification of any program modules. Further, if any program module is detected having unauthenticated modification, that program module is deleted and an original image of that program module is loaded to recover normal operation of the operation system. Additionally, a common password is also provided in the protection method. Some special function can use this common password to pass the detection of this method to perform any modification.
Description
- The present invention relates to a security method, and particularly relates to a computer data security method.
- With the popularity of computer and the progress of the network technology, computers have been closely involved in human daily life. For example, people can use computer to record various digital data. Even people can use the duplicating machine of the computer to reproduce the same digital data in a digital recording media.
- Most computers are connected to networks like the Internet, intranets, and telecommunication networks. In other words, networks have become an unavoidable tool in life. However, a network also exposes users thereof to various attacks. For example, data on the network can be destroyed, changed, or copied by hackers. When the hacker gets the data, he can employ the reproduction function to reproduce the data and even sell the data. There are many transferring and copy preventing technology developed to avoid security data is spread. However, these new safeguarding approaches have failed due to market acceptance issues.
- On the other hand, since the computers have bigger amount of data, and is more frequently interacted with networks, the problem of computer virus is also more and more serious. Once a computer virus invades, at least the inconvenience of daily life or work is caused, and more severely, the life or property loss is likely to be caused.
- Typically, a firewall system is used to filter information and control access and an anti-virus program is used to block computer viruses from network or other hacker. There are two types of firewall systems, software firewall systems and hardware firewall systems. These firewall systems allow a system administrator to set certain safety conditions. For example, the firewall systems can be configured so that data packets from unknown addresses are filtered out, or some transmission ports of certain protocols are closed. However, all these approaches only focus on stopping first stage hacker attacks. Once the hacker satisfies a safety condition, the hacker can enter the network and do as he or she pleases. Hackers often try to break a security system by repeatedly testing passwords. Current firewall systems fail to detect and respond properly to this sort of early stage hackers in the early stage and respond properly. Once a hacker breaks the firewall system, the hacker also destroys all hacking data at the same time. In the other hand, simple attempt to test passwords for login cannot bring the hacker to legal resolution because the hacker does not do anything bad yet. Therefore, there are needs for improving the network security systems nowadays.
- On the other hand, Most of the anti-virus programs are designed by analyzing the patterns of various virus codes; storing the patterns into a database used for scanning and detecting viruses. The virus technology is changed with each passing day, wherein the method for virus propagation is evolved from attachment in execution files in early days to attachment in e-mails, so that the database storing the virus codes is bigger and bigger. It can be imagined that when the database become enormous later, each scanning time will be very long, and the computer normal operation will be seriously effected. Under this vicious circle, even if the computer's hardware and software have stronger function, the efficacy thereof cannot be substantially promoted due to computer viruses, and users may be held back against the over-complicated system aforementioned.
- Further, users also need to renew the virus database, or the anti-virus programs cannot be used to guard the computer security. Although some computer users may be interested in computer security and are willing to follow the related information timely, yet more computer users may be totally uninterested therein and do not have time to renew the anti-virus programs.
- Hence, it is a very important task regarding how to develop a guarding computer security system and method to avoid the attack from hacker and resolve the computer virus problems. Additionally, there are needs for inhibiting the unauthorized digital media is reproduced.
- Therefore, one purpose of the present invention is to provide a data protection method that is able to respond properly to activities of hackers in the early stage. The response of the system includes recording the activities of unauthorized users or activating certain reactions.
- Another purpose of the present invention is to provide a data protection method for preventing a computer from virus attack.
- Yet another purpose of the present invention is to provide a data protection method to prevent the unauthorized digital media reproduced.
- According to the present invention, a user request is transmitted to the inner data system via the redirect system if the user request satisfies a certain safety condition. Otherwise, the user request is transmitted to a reaction system which provides virtual data similar to real data so that unauthorized users have the illusion of successfully hacking the inner data system. Meanwhile, the illegal activities are recorded and certain programs like Trojan programs can be used for executing reactions.
- Additionally, the present invention provides a monitor program comprising the following steps. At first, a monitor program is designed with respect to an operating system, i.e. an anti-virus program. The monitor program monitors a plurality of program modules of the operating system so as to detect if the system functions have any modification. Further, the system initialization also includes allowing a user to assign a set of passwords used for verifying if there is a privilege to modify system files. Thereafter, during the computer operation process, if any modification/addition/deletion action is performed onto the program modules of the operating system, the monitor program asks the user to enter the set of passwords. If the set of passwords is missing, the monitor program forbids any modification/addition/deletion action to be performed onto the program modules. On the contrary, if the set of passwords is authenticated, the changing action of modification/addition/deletion is allowed, and is also recorded as a basis for determining if the changing action is legitimate.
- Besides, when the monitor program detects the program modules having unauthenticated modification, the monitor program deletes the program modules and loads the backup images of the program modules so as to recover the computer back to normal operation.
- On the other hand, a common password is also provided in the monitor program. The main purpose of the common password is to make some special function with this common password that can be performed in any computer but not performing the password authentication step. In other words, this virus can use the common password to pass the detection of the monitor program to perform any program modification.
- The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. In the drawings,
-
FIG. 1 illustrates a basic network structure; -
FIG. 2 is a schematic diagram showing an invaded software system; -
FIG. 3 is a schematic diagram showing the external relationship of an embodiment of the present invention; -
FIG. 4 is a flowchart showing the implementation of the program of an embodiment of the present invention; -
FIG. 5 is a display schematic diagram illustrating that a user is asked to enter a set of passwords for confirmation; -
FIG. 6 illustrates a protect system for preventing the hacker to browse the stored data according to the preferred embodiment of the present invention; and -
FIG. 7 is an operation flowchart of the preferred embodiment. -
FIG. 1 illustrates a basic network structure. When auser 10 connected with thenetwork 104, there is a probability of the data stored in the computer belonging to theuser 10 being stolen or destroyed by ahacker 12 through thenetwork 104. For example, thehacker 12 can browse the stored data through thenetwork 104 if he can decode the password. Moreover, the hacker also can design and spread viruses on anetwork 104, and files carrying the viruses are downloaded while theuser 10 through thenetwork 104. When these files carrying the viruses are loaded back to the computer of theuser 10, under certain situations, such as the infected files or macros are executed, the viruses further sneak into program modules of an operating system and waits to break out so as to damage the computer. Therefore, the present invention provides a system and method for preventing the attack from the hacker. - When a hacker spreads viruses on a network to attack the computer, the present invention provides a system and method for preventing computer from virus attacks.
- Please refer to
FIG. 2 . Generally speaking, a computer software system includes adriver layer 300, anoperating system layer 302 and anapplication program layer 304, wherein each of the three layers is responsible for different jobs, and yet the three layers have to tightly work together so as to accomplish the jobs requested by a user. Thedriver layer 300 is generally designed and developed by different kinds of hardware vendors, and theapplication program layer 304 is developed for various user applications, and theoperating system layer 302 acts as an important bridge between theapplication program layer 304 and thedrive layer 300. With the use of program calls in theoperating system layer 302, the designers of theapplication program layer 304 do not need to take care of all the hardware details, and can be sorely focused on designing and completing the jobs to be processed. - The
operating system layer 302 is generally composed of many program modules. For example, Microsoft operating systems are the most popularly used in personal computers, and are composed of huge program modules packed into a series of system files, and those system files are loaded into memory for executing related jobs in accordance with the. requests while the operating system is in execution. - However, when virus codes of the computer virus are executed, the virus codes will alter the program modules in the
operating system layer 302 so as to intercept or change the normal operation of the original program modules. Briefly speaking, the computer is infected by the virus. -
FIG. 3 is a schematic diagram showing an anti-virus system according to the preferred embodiment of the present invention. At first, a user loads anoperating system 308 into acomputer 310. After installation, the user further loads ananti-virus program 306 particularly designed for theoperating system 308 into thecomputer 310. For example, when Microsoft publishes Windows 2000 operating system, the user has to purchase an anti-virus program corresponding to Windows 2000 operating system. The following description is stated for explaining how to use theanti-virus program 306 to perform a detection and anti-virus job. -
FIG. 4 is a flowchart showing the operation of theanti-virus program 306. - At first, the
anti-virus program 306 records image files of the program files of the operating system (step 402). With regard to this step, the image files of the specific operating system can be backed up in advance. The other method for preparing this step is to enable theanti-virus program 306 dynamically to search for which files are used for storing the program files of theoperating system 308 by such as file extension names after the operating system is installed; and to record the images of the-files searched in the mode of data compression or uncompression. In order to rapidly detect if the program modules have been altered, a hash function can be additionally used to compute and obtain an index with respect to system files, and thus the index can be used for comparison so as to rapidly detect if the program modules have been altered. - Thereafter, the anti-virus program allows the user to assign one user password (step 404), and the password is used for verifying the user's privilege as the basis for altering the aforementioned program modules.
- The description stated above is the fundamental step of system configuration. Thereafter, when the user wants to renew any one of the aforementioned program modules (step 406), the anti-virus 306 shows a suggestive window and asks the user to enter the passwords for authentication (step 408), such as shown in
FIG. 5 . In order to perform this type of monitoring mission, theanti-virus program 306 needs a permanent part to be in charge of intercepting the operation used for altering the program modules. With regard to this point, one method therefor is to enable theanti-virus program 306 to intercept the file operation interface of the operating system, such as in a Windows operating system, an interception action is performed on an API of file operation, and an inspection action is made to check if the altered file is a system file existing in the record and having the aforementioned program modules. - If the user enters incorrect passwords, the
anti-virus program 306 declines the modification of the program modules (step 412), or on the contrary, theanti-virus program 306 allows the modification of the program modules (step 414). Further, theanti-virus program 306 renews the database, and saves the data of the new program modules as legitimate reference data. - Besides performing password authentication step onto the interceptable modification of the program modules, the
anti-virus program 306 also monitor the program modules periodically or whenever the computer is started (step 416), so as to check if there is any unauthenticated modification/addition/deletion action (step 418). If any modification/addition/deletion action is found, then the program modules are determined to be infected by viruses, and thus the program modules are deleted, and images of the program files are reloaded to the operating system so as to recover the operating system back to normal operation. - Additionally, the user password is also used to be an identification number of this computer. In other words, when this computer is connected to the Internet, utilizing this user password can sure which computer is connected to this Internet. However, for avoiding two computers use a same user password to be the identification number, predetermined identification numbers can be arranged to computers. In other words, each computer has a special identification number. Therefore, according to the predetermined identification numbers, it is easy to sure which computer is connected to the Internet.
- The method of arranging predetermined identification numbers to computers can be used in any computer system to prevent attacking from a hacker.
FIG. 6 illustrates a protect system for preventing the hacker to browse the stored data in a computer according to the preferred embodiment of the present invention. Aredirect system 101 is connected to anexternal network 104, aninner data system 102, and areaction system 103 respectively. According to the present invention, a predetermined identification number or a user password is arranged to this computer. -
FIG. 7 is an operation flowchart of the preferred embodiment. With simultaneous reference to bothFIGS. 6 , in normal situation, auser 107 uses anelectronic device 106, e.g. a computer, transmits auser request 105 to theredirect system 101 via the external network 104 (step 200). If theuser request 105 satisfies a certain safety condition (step 202), theredirect system 101 then transmits theuser request 105 to the inner data system 102 (step 204) for further processing. Examples of theredirect system 101 include IP sharing devices, hardware firewall systems, software firewall systems or other systems having transmission ability according to certain protocols. Examples of theinner data system 102 include web servers, file servers, and any server or machine that provides users data under request. - However, if the
user request 105 fails to satisfy the safety condition (step 202), which means unauthorized activity is occurring, theredirect system 101 does not reject theuser request 105 directly. Instead, theuser request 105 is transmitted to the reaction system 103 (step 206). Thereaction system 103 then provides the user response contents according to theuser request 105 with a predetermined method (step 208). - The response contents are adjusted so that they have the same format as what the
inner data system 102 would provide the user according to theuser request 105. - In other words,
unauthorized users 107 fall under an illusion that they have successfully hacked the system because thereaction system 103 provides theunauthorized users 107 with data having a format similar to that of real data. If the unauthorized users continue illegal activities, thereaction system 103 records these activities and executes various reactions, such as calling the police and tracing related data of theunauthorized users 107, the computer ID. Accordingly to the present invention, since each computer has a special indification number or user password, theunauthorized users 107 can be traced according to its identification number or user password. On the other hand, even though theunauthorized users 107 use public computers, the management of the public computers is required to be responsible to the illegal activities of theunauthorized users 107 if these illegal activities happens in his management. Therefore, the present invention can also push the management to do his best to monitor any illegal activities. In other words, the present invention indirectly improves the Internet security. - On the other hand, according to the present invention, the important data, such as confidential data, are stored in the
inner data system 102, but not thereaction system 103, and therefore, the embodiment is able to record and respond properly to unauthorized activities with no risk to the important data. - The
reaction system 103 can be coupled to theredirect system 101 and theinner data system 102 separately or together. Theredirect system 101 can be coupled to redirectsystem 103 and theinner data system 102 separately or together. Theinner system 102 can also be coupled to redirectsystem 101 and thereaction system 103 separately or together. - In addition, connections between the
redirect system 101,reaction system 103,inner data system 102 andexternal system 104 can be of wire, wireless, direct, or indirect forms. Further, theinner data system 102 can be a plurality of inner servers and is not limited in number to one. - In addition, the
external network 104 and the internal network 109 can be the Internet, intranets, wireless networks, telecommunication networks, and other similar networks. Theuser request 105 include file transfer protocols (FTP), hypertext transfer protocols (HTTP), network neighboring and others based on IP packets. - Examples of the
redirect system 101 include hardware firewalls and software firewalls, and IP sharing devices. Theinner data system 102 includes web servers, file servers, database servers and personal computers. Theelectronic device 106 includes personal computers, personal digital assistant, mobile phones and workstations. - Examples of the aforementioned safety condition include determining whether number of login attempts using an invalid password has exceeded a predetermined limit and receiving an unknown identification code from
machine 106. The safety condition can also be set as a portion of commands for accessing data by system administrators, for example, a subset of commands or instructions in HTTP but not all being allowed. - The predetermined reaction method of the
reaction system 103 can also be set by a system administrator, or be configured directly in thereaction system 103. In addition, the predetermined reaction method of thereaction system 103 can also be set to record illegal activities of unauthorized users and therefore, legal action can be brought against unauthorized users. Further, the predetermined reaction method of thereaction system 103 can also include tracing theuser 107 to obtain related data such as an IP address. - The response contents provided by the
reaction system 103 include virtual data similar to real data in theinner data system 102 so that these virtual data do not reveal any confidential information. Further, the response contents can include tracing programs like Trojan programs which run in the user's computer. - Further, so as to ensure sufficient bandwidth of the network for normal communications, the
redirect system 101 in another embodiment according to the present invention has a management interface so that system administrators can set a maximum number for reacting unauthorized users. When the unauthorized attempts exceed the maximum number, the attempts are rejected. - On the other hand, the present invention also provides a preventing reproducing digital recording media method and system thereof. According to the method, a virus that can destroy the copy function of the computer is spread in the digital data and built in the rails of the digital recording media. In other words, the digital data stored in the digital recording media includes a virus for destroying the copy function. When a user wants to reproduce this digital recording media through the computer, this virus is loaded into the computer to destroy the copy function result in the reproduction failing.
- However, according to the present invention, when program modules are modified, the monitor program requires the user to input the set user password. If wrong passwords are typed later, the monitor program forbids modification of these program modules. In other words, the copy function destroying virus can not work in this situation because any modification is rejected under the monitor program monitoring.
- Therefore, an additional common password is set in each computer system. The main purpose of the common password is to make some special function with this common password that can be performed in any computer but not performing the password authentication step. In other words, this virus can use the common password to pass the detection of the monitor program to perform any program modification. Therefore, when a virus with the common password is spread in the digital recording media and is loaded into a computer, the copy function of this computer is destroyed by this virus result in a reproduction failing.
- Additionally, the common password can be also used to destroy the browse function of a computer of a hacker. For example, a browse function destroying virus with the common password is spread in the reaction system as shown in the
FIG. 2 . When a hacker enters a computer system and is redirected into the reaction system, this virus is loaded into the computer belonging to the hacker to destroy the browse function. In other words, even though the monitor program described in the present invention is installed into this computer belonging to the hacker, this browse function destroying virus can use the common password to pass the detection of the monitor program to destroy the browse function. - On the other hand, since each computer has a special password, it is necessary to resolve each password for the hacker to spread virus through the Internet. In other words, the virus is not spread through the Internet if the hacker only resolves a few computer passwords.
- As a whole, according to the present invention, a special identification number that can be a predetermined number or a user set number is arranged in each computer. Utilizing this special number, this computer system of the present invention can trace the hacker through a reaction system. When a hacker enters this computer system and input a wrong password, the redirect system direct the hacker to enter a reaction system to browse wrong data and trace this computer used by this hacker by the identification number. Since each computer has a special identification number, the user can be easily traced by tracing the identification number.
- Additionally, the system also provides a monitor program to record images of program modules of an operating system. Users set passwords to the monitor program for authentication when the program modules of the operating system are modified. If wrong passwords are typed later, the monitor program forbids modification of these program modules. Further, if any program module is detected having unauthenticated modification, that program module is deleted and an original image of that program module is loaded to recover normal operation of the operation system. Additionally, a common password is also provided in the computer system. Some special function can use this common password to pass the detection of the monitor program.
- Those skilled in the art will readily observe that numerous modifications and alterations of the device may be made while retaining the teaching of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.
Claims (39)
1. A computer data protecting method for protecting a computer system, said method comprising:
designing a monitor program with a common password for an operation system, wherein said monitor program monitors a plurality of program modules of said operating system;
after said operating system is installed, said monitor program allows a user to assign a user password;
asking said user to enter said user passwords when any modification/addition/deletion action is performed onto said program modules of said operating system; and
if said user passwords is missing, said monitor program forbids any modification/addition/deletion action to be performed onto said program modules.
2. The method of claim 1 , wherein said method further comprises arranging a special identification number to said computer system.
3. The method of claim 2 , wherein said computer can be traced through said special identification number when said computer is connected to Internet.
4. The method of claim 1 , wherein said method further comprises if said monitor program detects said program modules having unauthenticated modification, said monitor program deletes said program modules and loads the backup images of said program modules so as to recover said computer back to normal operation.
5. The method of claim 1 , wherein said method further comprises when said monitor program detects any modification/addition/deletion action with a common password, said modification/addition/deletion action is performed onto said program modules of said operating system.
6. The method of claim 1 , wherein said method further comprises spreading a copy function destroying virus with said common password in a recording digital media.
7. The method of claim 1 , wherein said method further comprises spreading a browse function destroying virus with said common password to a unauthenticated browser.
8. The method of claim 1 , wherein said monitor program scans the contents of said program modules periodically so as to detect if said program modules have unauthenticated modification.
9. The method of claim 1 , wherein said monitor program detects if said program modules have unauthenticated modification whenever said computer is started and before said operating system is loaded.
10. The method of claim 1 , wherein said monitor program intercepts a call from a file operation interface of said operating system, so as to detect when said program modules have been performed with any modification/addition/deletion action.
11. The method of claim 1 , wherein said monitor program determines if any modification/addition/deletion action by inspecting the file lengths of said program modules.
12. The method of claim 1 , wherein said monitor program determines if any modification/addition/deletion action occurs by inspecting the modification time of said program modules in comparison with the previously-authenticated modification time of said program modules.
13. The method of claim 1 , wherein said monitor program computes an index via a Hash function with respect to said program modules.
14. The method of claim 1 , wherein said monitor program are designed in advance with respect to different kinds of said operating system.
15. An computer data protection method, comprising:
recording image files of a plurality of program modules in an operating system, wherein said operating system has a common password;
allowing a user to assign a user password;
monitoring if said program modules are modified and said modified action does not have said common password;
asking said user to enter said user password;
if said user passwords is missing, then the modification of said program modules is forbidden; and
when it is detected that said program modules have unauthenticated modification, said program modules that are not authentically modified are deleted, and replaced with said legal image files of said program modules, so as to revoke said operating system back to normal operation.
16. The computer data protection method of claim 15 , further comprising to scan the contents of said program modules periodically so as to detect if said program modules have unauthenticated modification.
17. The computer data protection method of claim 15 , further comprising to detect if said program modules have unauthenticated modification whenever said computer is started and before said operating system is loaded.
18. The computer data protection method of claim 15 , further comprising to intercept a call from a file operation interface of said operating system, so as to detect when said program modules have been performed with any modification/addition/deletion action.
19. The computer data protection method of claim 15 , further comprising to determine if any modification/addition/deletion action by inspecting the file lengths of said program modules.
20. The computer data protection method of claim 15 , further comprising to determine if any modification/addition/deletion action occurs by inspecting the modification time of said program modules in comparison with the previously-authenticated modification time of said program modules.
21. The computer data protection method of claim 15 , further comprising to computer an index via a Hash function with respect to said program modules.
22. The computer data protection method of claim 15 , further comprising to provide a data base corresponding to different kinds of said operating system.
23. The computer data protection method of claim 15 , wherein said method further comprises spreading a copy function destroying virus with said common password in a recording digital media.
24. The computer data protection method of claim 15 , wherein when recording digital media is loaded into said computer, the copy function of said computer is destroyed.
25. The computer data protection method of claim 15 , wherein said method further comprises spreading a browse function destroying virus with said common password to a unauthenticated browser.
26. A computer data protecting method, said method comprising:
designing a monitor program for an operation system, wherein said monitor program monitors a plurality of program modules of said operating system;
after said operating system is installed, said monitor program allows a user to assign a user password;
asking said user to enter said user passwords when any modification/addition/deletion action is performed onto said program modules of said operating system; and
if said user passwords is missing, said monitor program forbids any modification/addition/deletion action to be performed onto said program modules.
27. The method of claim 26 , wherein said method further comprises arranging a special identification number to said computer system.
28. The method of claim 27 , wherein said method further comprises tracing a identification number of an unauthenticated browser.
29. The method of claim 26 , wherein said method further comprises setting a common password for permitting said modification/addition/deletion action is performed onto said program modules of said operating system when said monitor program detects any modification/addition/deletion action with said common password.
30. The method of claim 29 , wherein said method further comprises spreading a copy function destroying virus with said common password in a recording digital media.
31. The method of claim 29 , wherein said method further comprises spreading a browse function destroying virus with said common password to a unauthenticated browser.
32. The method of claim 26 , wherein said method further comprises if said monitor program detects said program modules having unauthenticated modification, said monitor program deletes said program modules and loads the backup images of said program modules so as to recover said computer back to normal operation.
33. The method of claim 26 , wherein said monitor program scans the contents of said program modules periodically so as to detect if said program modules have unauthenticated modification.
34. The method of claim 26 , wherein said monitor program detects if said program modules have unauthenticated modification whenever said computer is started and before said operating system is loaded.
35. The method of claim 26 , wherein said monitor program intercepts a call from a file operation interface of said operating system, so as to detect when said program modules have been performed with any modification/addition/deletion action.
36. The method of claim 26 , wherein said monitor program determines if any modification/addition/deletion action by inspecting the file lengths of said program modules.
37. The method of claim 26 , wherein said monitor program determines if any modification/addition/deletion action occurs by inspecting the modification time of said program modules in comparison with the previously-authenticated modification time of said program modules.
38. The method of claim 26 , wherein said monitor program computes an index via a Hash function with respect to said program modules.
39. The method of claim 26 , wherein said monitor program are designed in advance with respect to different kinds of said operating system.
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/923,921 US20060041940A1 (en) | 2004-08-21 | 2004-08-21 | Computer data protecting method |
US11/053,231 US8060933B2 (en) | 2004-08-21 | 2005-02-09 | Computer data protecting method |
EP05714823A EP1811380A4 (en) | 2004-08-21 | 2005-03-10 | Method for protecting the computer data |
JP2007526168A JP4638494B2 (en) | 2004-08-21 | 2005-03-10 | Computer data protection methods |
CA002619653A CA2619653A1 (en) | 2004-08-21 | 2005-03-10 | Computer data protecting method |
CNB2005800283739A CN100489806C (en) | 2004-08-21 | 2005-03-10 | Method for protecting the computer data |
PCT/CN2005/000292 WO2006021132A1 (en) | 2004-08-21 | 2005-03-10 | Method for protecting the computer data |
TW94115426A TWI263168B (en) | 2004-08-21 | 2005-05-12 | Computer data protecting method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/923,921 US20060041940A1 (en) | 2004-08-21 | 2004-08-21 | Computer data protecting method |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/053,231 Continuation-In-Part US8060933B2 (en) | 2004-08-21 | 2005-02-09 | Computer data protecting method |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060041940A1 true US20060041940A1 (en) | 2006-02-23 |
Family
ID=35910898
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/923,921 Abandoned US20060041940A1 (en) | 2004-08-21 | 2004-08-21 | Computer data protecting method |
US11/053,231 Expired - Fee Related US8060933B2 (en) | 2004-08-21 | 2005-02-09 | Computer data protecting method |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/053,231 Expired - Fee Related US8060933B2 (en) | 2004-08-21 | 2005-02-09 | Computer data protecting method |
Country Status (2)
Country | Link |
---|---|
US (2) | US20060041940A1 (en) |
CN (1) | CN100489806C (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234337A1 (en) * | 2006-03-31 | 2007-10-04 | Prowess Consulting, Llc | System and method for sanitizing a computer program |
US20090144357A1 (en) * | 2007-11-29 | 2009-06-04 | International Business Machines Corporation | Use of template messages to optimize a software messaging system |
US9547485B2 (en) | 2006-03-31 | 2017-01-17 | Prowess Consulting, Llc | System and method for deploying a virtual machine |
US20180054445A1 (en) * | 2016-08-16 | 2018-02-22 | Nec Laboratories America, Inc. | Blackbox Program Privilege Flow Analysis with Inferred Program Behavior Context |
US20220121760A1 (en) * | 2020-10-16 | 2022-04-21 | Canon Kabushiki Kaisha | Information processing apparatus |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008052578A (en) * | 2006-08-25 | 2008-03-06 | Seiko Epson Corp | Access controller, image display device, and program |
US8122235B2 (en) * | 2008-06-10 | 2012-02-21 | Dell Products, Lp | System and method of delaying power-up of an information handling system |
US8352522B1 (en) * | 2010-09-01 | 2013-01-08 | Trend Micro Incorporated | Detection of file modifications performed by malicious codes |
GB2519826B (en) * | 2013-10-30 | 2016-07-20 | Barclays Bank Plc | Transaction authentication |
US10396984B2 (en) | 2014-05-02 | 2019-08-27 | Barclays Services Limited | Apparatus and system having multi-party cryptographic authentication |
US9734312B1 (en) * | 2015-08-12 | 2017-08-15 | Symantec Corporation | Systems and methods for detecting when users are uninstalling applications |
WO2017054731A1 (en) * | 2015-09-30 | 2017-04-06 | 北京奇虎科技有限公司 | Method and device for processing hijacked browser |
US20180260571A1 (en) * | 2017-03-07 | 2018-09-13 | Adobe Systems Incorporated | Automatically Reducing An Attack Surface of an Application Program on a Computing Device |
CN113065159B (en) * | 2021-04-09 | 2022-04-29 | 杭州天宽科技有限公司 | Safe document traceless reading device and implementation method thereof |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5475839A (en) * | 1990-03-28 | 1995-12-12 | National Semiconductor Corporation | Method and structure for securing access to a computer system |
US5809230A (en) * | 1996-01-16 | 1998-09-15 | Mclellan Software International, Llc | System and method for controlling access to personal computer system resources |
US20020146238A1 (en) * | 2001-04-10 | 2002-10-10 | Takayuki Sugahara | Video signal recording method, video signal reproduction method, video signal recording apparatus, video signal reproducing apparatus, and video signal recording medium |
US20020196274A1 (en) * | 2001-06-08 | 2002-12-26 | International Business Machines Corporation | Entry of a password through a touch-sensitive computer screen |
US20040230807A1 (en) * | 2001-02-12 | 2004-11-18 | Baird Leemon C. | Apparatus and method for authenticating access to a network resource |
US20040236884A1 (en) * | 2000-07-28 | 2004-11-25 | Andreas Beetz | File analysis |
US20070028292A1 (en) * | 2003-02-20 | 2007-02-01 | Secure Systems Limited | Bus bridge security system and method for computers |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4719566A (en) * | 1985-10-23 | 1988-01-12 | International Business Machines Corporation | Method for entrapping unauthorized computer access |
US5768564A (en) * | 1994-10-07 | 1998-06-16 | Tandem Computers Incorporated | Method and apparatus for translating source code from one high-level computer language to another |
CN1260055A (en) * | 1997-06-09 | 2000-07-12 | 联信公司 | Obfuscation techniques for enhancing software security |
US6272631B1 (en) * | 1997-06-30 | 2001-08-07 | Microsoft Corporation | Protected storage of core data secrets |
US6134659A (en) * | 1998-01-07 | 2000-10-17 | Sprong; Katherine A. | Controlled usage software |
US6044471A (en) * | 1998-06-04 | 2000-03-28 | Z4 Technologies, Inc. | Method and apparatus for securing software to reduce unauthorized use |
US7409546B2 (en) * | 1999-10-20 | 2008-08-05 | Tivo Inc. | Cryptographically signed filesystem |
US6804778B1 (en) * | 1999-04-15 | 2004-10-12 | Gilian Technologies, Ltd. | Data quality assurance |
US7430670B1 (en) * | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
US6560774B1 (en) * | 1999-09-01 | 2003-05-06 | Microsoft Corporation | Verifier to check intermediate language |
US6874139B2 (en) * | 2000-05-15 | 2005-03-29 | Interfuse Technology Corporation | Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program |
US6836883B1 (en) * | 2000-06-21 | 2004-12-28 | Microsoft Corporation | Method and system for compiling multiple languages |
US6907533B2 (en) * | 2000-07-14 | 2005-06-14 | Symantec Corporation | System and method for computer security using multiple cages |
US20030009687A1 (en) * | 2001-07-05 | 2003-01-09 | Ferchau Joerg U. | Method and apparatus for validating integrity of software |
US20030115571A1 (en) * | 2001-12-14 | 2003-06-19 | Telefonaktiebolaget L M Ericsson (Publ) | Construction of a software application from a plurality of programming languages |
US20030131002A1 (en) * | 2002-01-08 | 2003-07-10 | Gennetten K. Douglas | Method and apparatus for identifying a digital image and for accessing the digital image over a network |
TWI235580B (en) * | 2002-05-03 | 2005-07-01 | Ke-Cheng Fang | Network security system and method for recording and resisting hacker |
US7124445B2 (en) * | 2002-06-21 | 2006-10-17 | Pace Anti-Piracy, Inc. | Protecting software from unauthorized use by converting source code modules to byte codes |
US20040003380A1 (en) * | 2002-06-26 | 2004-01-01 | Microsoft Corporation | Single pass intermediate language verification algorithm |
US20060037075A1 (en) * | 2004-03-10 | 2006-02-16 | Frattura David E | Dynamic network detection system and method |
US20060064758A1 (en) * | 2004-09-22 | 2006-03-23 | Joe Petner | Method for preventing piracy of computer software |
-
2004
- 2004-08-21 US US10/923,921 patent/US20060041940A1/en not_active Abandoned
-
2005
- 2005-02-09 US US11/053,231 patent/US8060933B2/en not_active Expired - Fee Related
- 2005-03-10 CN CNB2005800283739A patent/CN100489806C/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5475839A (en) * | 1990-03-28 | 1995-12-12 | National Semiconductor Corporation | Method and structure for securing access to a computer system |
US5809230A (en) * | 1996-01-16 | 1998-09-15 | Mclellan Software International, Llc | System and method for controlling access to personal computer system resources |
US20040236884A1 (en) * | 2000-07-28 | 2004-11-25 | Andreas Beetz | File analysis |
US20040230807A1 (en) * | 2001-02-12 | 2004-11-18 | Baird Leemon C. | Apparatus and method for authenticating access to a network resource |
US20020146238A1 (en) * | 2001-04-10 | 2002-10-10 | Takayuki Sugahara | Video signal recording method, video signal reproduction method, video signal recording apparatus, video signal reproducing apparatus, and video signal recording medium |
US20020196274A1 (en) * | 2001-06-08 | 2002-12-26 | International Business Machines Corporation | Entry of a password through a touch-sensitive computer screen |
US20070028292A1 (en) * | 2003-02-20 | 2007-02-01 | Secure Systems Limited | Bus bridge security system and method for computers |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234337A1 (en) * | 2006-03-31 | 2007-10-04 | Prowess Consulting, Llc | System and method for sanitizing a computer program |
US9547485B2 (en) | 2006-03-31 | 2017-01-17 | Prowess Consulting, Llc | System and method for deploying a virtual machine |
US20090144357A1 (en) * | 2007-11-29 | 2009-06-04 | International Business Machines Corporation | Use of template messages to optimize a software messaging system |
US20180054445A1 (en) * | 2016-08-16 | 2018-02-22 | Nec Laboratories America, Inc. | Blackbox Program Privilege Flow Analysis with Inferred Program Behavior Context |
US10505962B2 (en) * | 2016-08-16 | 2019-12-10 | Nec Corporation | Blackbox program privilege flow analysis with inferred program behavior context |
US20220121760A1 (en) * | 2020-10-16 | 2022-04-21 | Canon Kabushiki Kaisha | Information processing apparatus |
US11816233B2 (en) * | 2020-10-16 | 2023-11-14 | Canon Kabushiki Kaisha | Information processing apparatus |
Also Published As
Publication number | Publication date |
---|---|
US20060041757A1 (en) | 2006-02-23 |
US8060933B2 (en) | 2011-11-15 |
CN100489806C (en) | 2009-05-20 |
CN101006432A (en) | 2007-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8060933B2 (en) | Computer data protecting method | |
US11604861B2 (en) | Systems and methods for providing real time security and access monitoring of a removable media device | |
EP3462698B1 (en) | System and method of cloud detection, investigation and elimination of targeted attacks | |
Provos | Improving Host Security with System Call Policies. | |
US7657941B1 (en) | Hardware-based anti-virus system | |
US8838994B2 (en) | Method for protecting computer programs and data from hostile code | |
US8117441B2 (en) | Integrating security protection tools with computer device integrity and privacy policy | |
US7930745B2 (en) | Network security system and method | |
US7296274B2 (en) | Method and apparatus providing deception and/or altered execution of logic in an information system | |
US20030159070A1 (en) | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages | |
US20050076237A1 (en) | Method and apparatus providing deception and/or altered operation in an information system operating system | |
US8601580B2 (en) | Secure operating system/web server systems and methods | |
JP6134395B2 (en) | System and method for risk-based rules for application control | |
Pham et al. | Universal serial bus based software attacks and protection solutions | |
EP1811380A1 (en) | Method for protecting the computer data | |
KR20100067383A (en) | Server security system and server security method | |
Grimes et al. | Windows Vista security: Securing Vista against malicious attacks | |
van Dongen | Browser security | |
CA2424144A1 (en) | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages | |
WO2002084939A1 (en) | System and method for securely executing a executable to preserve the integrity of files from unauthorized access for network security | |
Peiris et al. | CYA Securing IIS 6.0 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |