Patent application number | Description | Published |
20080276314 | SOFTWARE PROTECTION INJECTION AT LOAD TIME - A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium. | 11-06-2008 |
20090293041 | SOFTWARE PROTECTION THROUGH INTERDEPENDENT PARAMETER CLOUD CONSTRAINED SOFTWARE EXECUTION - Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions. | 11-26-2009 |
20120260303 | Mapping Global Policy for Resource Management to Machines - The subject disclosure is directed towards applying global policy to only select resources (e.g., certain file folders) based on property settings associated as metadata with those resources. The resource property settings correspond to a defined property set (e.g., a global taxonomy) that is consistent with the global policy. When global policy is received, the property metadata for each resource determines whether to apply the global policy to that resource. In this way, a central administrator may provide the defined property set, a policy author may provide the policy, and a local administrator may set the resource property settings. | 10-11-2012 |
Patent application number | Description | Published |
20110099152 | ALTERNATE DATA STREAM CACHE FOR FILE CLASSIFICATION - Described is caching classification-related metadata for a file in an alternate data stream of that file. When a file is classified (e.g., for data management), the classification properties are cached in association with the file, along with classification-related metadata that indicates the state of the file at the time of caching. The classification-related metadata in the alternate data stream is then useable in determining whether the classification properties are valid and up-to-date when next accessed, or whether the file needs to be reclassified. If the properties are valid and up-to-date, they may be used without requiring the computationally costly steps of reclassification. Also described is using more than one alternate data stream for the cache, and extending the classification-related metadata through a defined extension mechanism. | 04-28-2011 |
20110126281 | Controlling Resource Access Based on Resource Properties - Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource. | 05-26-2011 |
20110239293 | AUDITING ACCESS TO DATA BASED ON RESOURCE PROPERTIES - Described is a technology, such as implemented in an operating system security system, by which a resource's metadata (e.g., including data properties) is evaluated against an audit rule or audit rules associated with that resource (e.g., object). The audit rule may be associated with all such resources corresponding to a resource manager, and/or by a resource-specific audit rule. When a resource is accessed, each audit rule is processed against the metadata to determine whether to generate an audit event for that rule. The audit rule may be in the form of one or more conditional expressions. Audit events may be maintained and queried to obtain audit information for various usage scenarios. | 09-29-2011 |
20140351225 | ALTERNATE DATA STREAM CACHE FOR FILE CLASSIFICATION - Described is caching classification-related metadata for a file in an alternate data stream of that file. When a file is classified (e.g., for data management), the classification properties are cached in association with the file, along with classification-related metadata that indicates the state of the file at the time of caching. The classification-related metadata in the alternate data stream is then useable in determining whether the classification properties are valid and up-to-date when next accessed, or whether the file needs to be reclassified. If the properties are valid and up-to-date, they may be used without requiring the computationally costly steps of reclassification. Also described is using more than one alternate data stream for the cache, and extending the classification-related metadata through a defined extension mechanism. | 11-27-2014 |