F-SECURE CORPORATION Patent applications |
Patent application number | Title | Published |
20160125183 | Determining Malware Status of File - Determining malware status of a file is disclosed. An apparatus obtains information about an unknown target file, obtains system context of the unknown target file, and determines the unknown target file as clean if the system context matches with one or more predetermined conditions indicative of cleanliness. The predetermined conditions of cleanliness include at least the target file being located in a directory which contains other clean files. | 05-05-2016 |
20160112444 | Malware Detection Method - A method of detecting malware on a client computer, the method including generating a hash of an entity at the client computer, whereby the entity is suspected to be malware, sending the hash to a network server, considering the reputation of the hash at the network server by comparing the hash to a database of hashes of known reputation, returning the results of said considering to the client computer, and, if the reputation is not known at the server, sending instructions to the client computer for obtaining further information about the entity at the client computer, wherein said further information is obtained by executing code at the client computer sent by the server to the client computer after said considering the reputation if said code is not stored at the client computer before said generating a hash. | 04-21-2016 |
20150222844 | Photograph or Video Tagging Based on Peered Devices - A method of capturing photographs or videos and associated metadata. The method includes capturing a photograph or video using a mobile camera device at a shooting location and encompassing a shooting area, identifying a shooting area using positional and orientational detectors of the mobile camera device and known camera properties and recording a definition of the shooting area, and sending the captured photograph or video to a server system. Either at the mobile camera device or at the server system, the presence of peer mobile devices within the shooting area is identified using positional information reported by those peer mobile devices, and the captured photograph or video is tagged with identities associated with those peer mobile devices. | 08-06-2015 |
20150163236 | UNAUTHORISED/MALICIOUS REDIRECTION - Method(s) and apparatus are described for use in preventing unauthorised redirection and/or routing of packets transmitted in a communication network. Packets generated by one or more devices in the communications network are intercepted by an apparatus. The intercepted packets are inspected and it is detected whether at least one of the intercepted packets is associated with redirection based on an unauthorised destination. For each intercepted packet, packet and protocol inspection may be used to determine the originally intended destination of the packet and to determine any other destination(s) associated with redirection of the packet. For each intercepted packet, if the any other destination(s) are not associated with one or more authorised destinations corresponding to the originally intended destination, then the intercepted packet is associated with redirection to an unauthorised destination. Those detected intercepted packets associated with redirection based on the unauthorised destination are blocked or corrected. | 06-11-2015 |
20150161396 | Detecting a Return-Oriented Programming Exploit - A method and apparatus for detecting a Return-Oriented Programming exploitation. At a computer device, a mechanism to detect a control transfer of a code location in a memory is established. This may be, for example, hooking the control transfer. The code location relates to an electronic file. In the event that a control transfer of the code location is detected, a comparison is made between a destination code location address with values in the freed stack. If the code location address matches any of the values in the freed stack, then it is determined that the control transfer of the code location relates to a Return-Oriented Programming exploitation. | 06-11-2015 |
20150161259 | Method and Apparatus for Web Page Content Categorization - In accordance with an example embodiment of the present invention, there is provided an apparatus, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: detecting a listing of web content elements provided by a web search engine, the web content elements relating to web pages retrieved by the web search engine; analyzing one or more web content elements of the detected listing; and categorizing the content of one or more web pages on the basis of the analysis. | 06-11-2015 |
20150089647 | Distributed Sample Analysis - A method of inspecting a file on a client computer in order to determine if the file is malicious. The client computer sends a hash of the file to a server. The server then compares the hash of the file to a database of hashes of known files, and uses results of the comparison to determine whether or not the file is unknown to the server. If the file is unknown, the server sends a request for a first security analysis of the file to the client computer. The client computer then performs the first security analysis on the file, modifies the results of the first security analysis by removing or hashing selected data from results, and sends the modified results of the first security analysis to the server. The server performs a second security analysis on the modified results in order to determine if the file is malicious. | 03-26-2015 |
20140373153 | Anti-Malware Tool for Mobile Apparatus - A method, apparatus, and computer program for monitoring security of a mobile apparatus are disclosed. The method includes executing a security application in a mobile apparatus; monitoring, by the security application, user interface locking status of the mobile apparatus; determining, as a result of said monitoring, that the user interface has been locked; identifying an application that has caused said locking of the user interface; checking a reputation status of the identified application; upon detecting, as a result of said reputation status check, that the identified application has a bad reputation status, restricting operation of the identified application and unlocking the user interface. | 12-18-2014 |
20140317754 | Detecting Unauthorised Changes to Website Content - Methods, apparatus, systems are provided for use in detecting unauthorised changes to websites of web operators. Authorised content policy sets for each of a multiplicity of websites from web operators are collected and stored. In addition, content information obtained in respect web content downloaded from said websites by a multiplicity of client devices, client proxy devices, and/or client gateway devices is used to identify websites that do not conform to respective policy sets. Alerts are sent to the web operator of any non-conforming website. Optionally, alerts may be sent to client devices, client gateway devices, and/or client proxy devices for use in scanning or blocking the web content from non-conforming websites. | 10-23-2014 |
20140310811 | Detecting and Marking Client Devices - Methods, apparatus, connection systems, and client devices are described. The apparatus receives a multiplicity of DNS query messages from multiple client devices. For each received DNS query message to a malware domain name or a particular domain name, the apparatus sends a marker DNS response message to the corresponding client device for use in detecting whether the client device is infected with malware or is accessing the particular domain name. The connection system receives a connection request from a client device of the multiple client devices for access to the communication network, and sends marker detection information to the client device for use in identifying whether client device is marked as infected with malware or accessing a particular domain name. It is determined whether the client device is infected with malware or accessed the particular domain name. The client device may be blocked or granted access to the communication network. | 10-16-2014 |
20140304774 | Controlling Access to a Website - Methods and apparatus for website access control. The methods and apparatus include, at a user terminal: accessing a plurality of training websites over a network; training the user terminal by classifying the training websites in a content category based on a user input, extracting one or more features indicative of the content category from the training websites and determining a classifier based on the extracted features; classifying further requested websites using the determined classifier; and controlling access to the further requested websites based on the classification of the websites. | 10-09-2014 |
20140289127 | Secured Online Transactions - A method, apparatus, and computer program for improving security in connection with online transactions are provided. A security application configured to monitor received text messages of a short message service is executed in an apparatus. The security application is arranged to have prioritized access to process the received text messages before other applications executed in the apparatus, to identify from contents of a received text message whether or not the received text message includes a transaction authentication message and, upon detecting that the received text message includes the transaction authentication message, prevent the processing of the transaction authentication message by the other applications and carry out user interfacing related to the transaction authentication message within a secured environment provided by the security application. | 09-25-2014 |
20140259119 | Controlling Access to Web Content - A method of controlling access to web content at a client computer. The method includes registering an access control status at the client computer, and detecting an attempt to access a website having an access control mechanism. In response to such detection, the access attempt is suspended and said access control status registered at the client computer compared with an access control status currently registered at the website. If these do not correspond, then the access control status registered at the website is changed to correspond with that registered at the client computer. | 09-11-2014 |
20140237591 | PROTECTING MULTI-FACTOR AUTHENTICATION - Methods are detailed for online fraud prevention. In one approach state information of a first and a second device is monitored, both of which are associated with one user. During a multi-factor authentication procedure which utilizes at least one of the first and the second devices for authorizing a transaction by an Internet domain, a security server participates in a supplemental security procedure which is conditional on the monitored state information. In another approach the second device receives a message that is ostensibly related to multi-factor authorization by an Internet domain, and in response sends a query about state information of the first device. Based on the response to the query that indicates the state information, the second device performs a supplemental security procedure. | 08-21-2014 |
20140237582 | Authenticating a Node in a Communication Network - A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node. | 08-21-2014 |
20140208425 | Agent Based Application Reputation System for Operating Systems - A method for implementing a security agent on behalf of a device, the method comprising: obtaining a list of applications installed on the device from a remote repository; for each respective application on the list, comparing reputation attributes obtained from a reputation database against attributes of the application installed on the device; and for any of the respective applications for which it is determined from the comparing that the application installed on the device is malicious, taking action to limit malicious activity by the respective application installed on the device. | 07-24-2014 |
20140173730 | Security Method and Apparatus - In accordance with an example embodiment of the present invention, there is provided a method comprising: maintaining a local database of trusted uniform resource locators (URL) where an URL is qualified to said database based on fulfilling predetermined criteria; detecting a request to access a uniform resource locator (URL); obtaining reputation data for the URL from a reputation server or from a local reputation scanner; comparing the obtained reputation data of the requested URL with the reputation data of the requested URL that is stored in the local database of trusted URLs if any; if there is a conflict between the reputation data obtained and the reputation data stored in the local database of trusted URLs, using the reputation data stored in the local database of trusted URLs to determine whether access to the URL is allowed. | 06-19-2014 |
20140164108 | Profiled Application Store Purchases Based On Operator Subscription - A method comprises: providing a software application comprising at least two purchase options; publishing the software application to an online application store; and based on whether or not a user is a subscriber, selecting an individual one of the purchase options for displaying to the user. | 06-12-2014 |
20140143875 | Detecting Application Behavior - There is provided a method including generating, by a security application executed in a processing device, an application list including one or more applications which are currently running in the processing device; identifying at least one network address fulfilling predetermined criteria; determining which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within a predefined time period; and providing a post-processing entity with the application list and an indication on which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within the predefined time period. | 05-22-2014 |
20140143554 | Methods, Systems and Apparatus for Managing Data Entries on a Database - A method for securely storing password information in a memory of a computer device. The stored password information is protected by a master password. The method includes receiving a text string corresponding to password information. The method also includes converting the text string to a media file. When the media file is passed to an output the password information is presented to a user. The method also includes storing the media file in the memory such that it is protected by the master password. | 05-22-2014 |
20140137253 | SECURITY METHOD AND APPARATUS - In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising: at least one processor; and at least one memory including executable instructions. The at least one memory and the executable instructions are configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: during the loading of an operating system, loading a boot time driver installed by an anti-virus application; reading a master boot record data by the boot time driver as soon as the operating system is ready to handle the request for reading the master boot record data; analyzing the collected master boot record data to identify any malicious entities; and in the event that malicious entities are identified, controlling the behavior of the processing system in order to disable the malicious entity. | 05-15-2014 |
20140137220 | Obtaining Password Data - A method of obtaining password data for entry to an application running on a device. The method may include running a password manager application on a device. The password manager application may identify one or more applications installed on the device. The password manager application may display the identified applications on a display of the device. The password manager application may receive a user selection of a displayed application. The password manager application may determine whether an entry exists for the selected application in a memory associated with the password manager application. If no entry exists, the password manager application may generate an entry comprising password data for the selected application. If an entry exists, the password manager application may retrieve password data relating to the selected application. | 05-15-2014 |
20140130165 | Protecting a User from a Compromised Web Resource - According to an aspect of the invention, there is provided a method of protecting a user from a compromised web resource. The method may include monitoring a user's requests for trusted web resources to determine one or more web resources to be checked. The method may include querying a network database based on the determined one or more web resources to obtain historical data relating to whether any of the one or more web resources has been compromised at any time during a preceding time period. The method may include providing a predetermined response to protect the user if any of the one or more web resources has been compromised. | 05-08-2014 |
20140130164 | Malicious Object Detection - Malicious object detection is disclosed. An apparatus includes one or more processors, and one or more memories including computer program code. The one or more memories and the computer program code are configured to, with the one or more processors, cause the apparatus at least to perform: obtain image data; obtain association data relating to the image data; identify the image data as corresponding to an identified image among known reference images; and set reputation data of the association data as suspicious, if the association data does not match acceptable associations for the identified image. | 05-08-2014 |
20140123245 | Security Configuration - An example embodiment of the present invention provides an apparatus including at least one processor; and at least one memory including executable instructions, the at least one memory and the executable instructions being configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: retrieving, from a reputation server, reputation data of uniform resource locators (URL) of one or more web sites relating to one or more web site features that are available via the web site; and determining executable web site features on the basis of the retrieved reputation data. | 05-01-2014 |
20140122614 | Cooperation In An Application Store Environment - A way is shown for network operators to collaborate in promoting an application. A mediator publishes the application in an application store and the collaborating network operators promote it. The published application is provided to requesting user devices via the application store; and for each of them that is associated with one of the collaborating network operators, the provided application is re-branded with configuration information specific for the network operator associated with the respective user device. In some embodiments the application in the store is branded, if at all, with a default brand that is not specific to any collaborating network operator, and this default brand may be of the collaboration or of the mediator. The configuration information changes the default brand and/or look and feel of the application to that selected by the collaborating network operator that is associated with the respective user device. | 05-01-2014 |
20140090055 | Automated Detection of Harmful Content - This document discloses a solution for automatically detecting malicious content by computer security routine executed in a processing device. A user input to a social media application is detected by the computer security routine. The user input indicates that a user wants to share content with at least one other user through the social media application. In response, the computer security routine suspends said sharing and performs, before determining whether or not to allow the sharing, a security check for suspiciousness of contents the user intends to share. | 03-27-2014 |
20140013435 | Social Network Protection System - A method of inhibiting the spread of malware across a network of interconnected computer terminals. The method includes detecting malware or suspicious behaviour at a first computer terminal and inspecting the first computer terminal, before and/or after said step of detecting malware or suspicious behaviour, to identify contacts forming part of a social network. Identities of the identified contacts are sent to a backend security system, and at the backend security system, said identities are received and instructions sent to one or more second computer terminals associated with respective identities to cause those second computer terminals to implement an increased level of security. | 01-09-2014 |
20130333022 | Sharing Content Online - A method of providing a degree of authentication for a content link presented to peer user(s) by a sharing user via the Internet. The method includes, at a server, associating the content link with authentication data provided by the sharing user, and storing the associated content link and authentication data in a storage location. A redirection link that links to the stored associated content link and authentication data is presented to a peer user via a user interface of a client computer of the peer user. Upon submission of an access request from the client computer to the redirection link, the content link and the authentication data is delivered to the client computer. The authentication data is presented to the peer user via the user interface and the peer user is able to choose, via the user interface, to submit an access request to the content link. | 12-12-2013 |
20130312093 | Foiling a Document Exploit Attack - A method of foiling a document exploit type attack on a computer, where the attack attempts to extract malware code from within a document stored on the computer. The method includes monitoring the computer in order to detect repeated function calls made by a given process in respect of the same function but different file descriptors; and in the event that such repeated function calls are detected or the number of such repeated function calls exceeds some threshold, terminating the process that initiated the function calls. | 11-21-2013 |
20130263269 | Controlling Anti-Virus Software Updates - The present invention relates to a method of controlling the download of anti-virus software updates to a device. The device is configured to transmit an update query to a network device requesting information on whether any updates are available for the anti-virus software. When the device receives the response it stores the response in the cache. The cache can then be queried following a trigger and, if the cache indicates an update to the anti-virus software is available the device downloads an update to the anti-virus software. In an alternative embodiment the device may download and install an update upon receiving the response to the query if the response to the query indicates that an update is available. The query may be transmitted during a scan or upon determining a change in a connection at a device. | 10-03-2013 |
20130262851 | Download Control - Download control is disclosed. An apparatus includes one or more processors, and one or more memories including computer program code. The one or more memories and the computer program code configured to, with the one or more processors, cause the apparatus at least to perform: obtain one or more cryptographic hash values of a target file to be downloaded; cause transmission of the one or more cryptographic hash values to a trusted source; obtain reputation data relating to the target file originated from the trusted source in response to the transmission of the one or more cryptographic hash values; and control download of the target file on the basis of the reputation data. | 10-03-2013 |
20130262706 | Data Syncronisation - The present invention relates to a method for synchronising files between devices between two devices. The method includes creating a rule to control the synchronisation of the file. The rule includes at least one condition for synchronisation which is dependent upon a property of a device. | 10-03-2013 |
20130227162 | Management of Data Upload Speed - In accordance with an example embodiment of the present invention, there is provided an apparatus, including a receiver for receiving, from a client device, a data upload request relating to a data management application, wherein a data communications connection having a first data upload speed is utilized between the client device and a data management server; a processor configured to determine whether the client device is allowed to use a second data upload speed on the basis of the received data upload request, wherein the second data upload speed is faster than the first data upload speed; and a processor configured to establish the second data upload speed for the client device, if the client device is allowed to use the second data upload speed. | 08-29-2013 |
20130212269 | Data Storage Management - A method of data storage management. A server receives a data upload request from a remote client, the upload request including information identifying the data to be uploaded. The server determines that a duplicate of the data is stored at a data storage device. The server receives proof of possession information derived by the client from the data using additional information known to the server. On the basis of the received information, the server determines whether to allow the client or a user associated with the client to subsequently access the duplicate data stored at the data storage device. | 08-15-2013 |
20130179654 | METHOD FOR AUTOMATICALLY BACKING UP DIGITAL DATA PRESERVED IN MEMORY IN A COMPUTER INSTALLATION AND DATA MEDIUM READABLE BY A COMPUTER HAVING THE ASSOCIATED INSTRUCTIONS STORED IN THE MEMORY THEREOF - The invention relates to a method for automatically backing up digital data preserved in memory in a computer installation to a remote backup system accessible through the computer installation via a data transmission network. This method comprises extracting and analyzing information regarding the operation of the computer installation and determining parameters of a data backup application for saving data to the backup system. Based on the result of this analysis, the digital data preserved in memory is analyzed and the digital data analyzed is classified into a plurality of classes of different priorities. The backup application is also executed on at least part of the digital data based on the parameters and classes of priorities determined. | 07-11-2013 |
20130160124 | Disinfection of a File System - A method for determining appropriate actions to remedy potential security lapses following infection of a device by malware. Following detection of infection of the device the device undergoes a cleaning operation. As part of the cleaning operation infected electronic files and any other associated files or objects are removed from the device. From timestamps associated with the infected files and associated files and objects, either directly or from another source such as an anti-virus trace program, the time of infection can be estimated. This allows the system to reference timestamps on the device to determine the source of the infection. Additionally, if the type of infection is identified timestamps on the device can be used to determine where there are particular areas of vulnerability due to user actions on the device. | 06-20-2013 |
20130159699 | Password Recovery Service - According to aspects of the present invention there are provided methods and apparatus for enabling a user to secure and back-up an encryption key for use by a client device in encrypting and decrypting data, enabling the user to change a user secret previously used to secure the encryption key, and enabling a server to update the user secret with a new user secret for securing a previous user encrypted key. The new user encrypted key can be used by the client device for encrypting and decrypting data, including data encrypted and decrypted using the previous user encrypted key. The methods for enabling a user to secure and back-up the encryption key and enabling a user to change the user secret may be performed on the client device or a trusted third party or service provider device. The method for updating the user secret with a new user secret may be performed on a service operator server or system. | 06-20-2013 |
20130095751 | Near Field Communication Security - In accordance with an example embodiment of the present invention, there is provided a computing device, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the device to perform at least the following: receive near field communication device data related to a specific NFC device; generate a reputation query on the basis of the received NFC device data; send the generated reputation query to a service provider; receive reputation data, retrieved from a reputation database of NFC device reputation information, related to the specific NFC device from the service provider; and take further action on the basis of the received reputation relating to the specific NFC device. | 04-18-2013 |
20130081129 | Outbound Connection Detection and Blocking at a Client Computer - A method of detecting and blocking a malicious SSL connection at a client computer. The method includes identifying, at a network firewall level, an outbound SSL connection being set up at the client computer; detecting an SSL certificate associated with the SSL connection; sending a request to a central server for reputation information on the SSL certificate; at the central server, determining reputation information in dependence upon the SSL certificate; providing said reputation information from the central server to the client computer; and using the reputation information at the client computer to determine whether or not to block the connection. | 03-28-2013 |
20130069953 | User Interface Feature Generation - An example embodiment of the present invention provides an apparatus comprising at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: obtain a representation of an appearance of a physical device type; obtain one or more current backgrounds used in a desktop of a specific physical device; and generate a device icon relating to the specific physical device by associating the obtained one or more backgrounds with the representation of appearance of the physical device type, wherein the generated device icon is displayed on a display as a user interface feature. | 03-21-2013 |
20130067577 | Malware scanning - According to a first aspect of the present invention there is provided a method of scanning a computer device in order to detect potential malware when an operating system running on the computer device prevents applications installed on the device from accessing installed files of other applications installed on the device. The method includes the steps of detecting installation of an application on the device, identifying one or more installation files that are required to perform the installation of the application, and performing a malware scan of the identified installation files and/or information obtained from the installation files. | 03-14-2013 |
20130067576 | Restoration of file damage caused by malware - In accordance with an example embodiment of the present invention, there is provided a method including: detecting a malware in a computer system and in response to the detection of the malware in the computer system initiating a deactivation of malware; detecting a file altered by the malware in response to a successful deactivation of the malware; and initiating a restoration of the altered file in response to the detection of the file altered by the malware. | 03-14-2013 |
20130040603 | Wireless access point detection - According to aspects of the present invention there are provided methods and apparatus for detecting a suspect wireless access point in a communication network including a plurality of wireless access points providing access services to client devices. Identity information associated with the wireless access points is collected from a multiplicity of client devices. A reputation request is received from a client device, the request including identity information of an available wireless access point. The received identity information is compared with the collected identity information for determining an indication of trust of the available wireless access point. The indication of trust of the available wireless access point is transmitted to the client device. The wireless access points may include a cellular wireless access point or base station, wireless access point, a Wi-Fi access point, or a femto-cell access point. | 02-14-2013 |
20130018823 | Detecting undesirable content on a social networkAANM Masood; Syed GhouseAACI Kuala LumpurAACO MYAAGP Masood; Syed Ghouse Kuala Lumpur MY - A method of detecting undesirable content on a social networking website. The method includes retrieving or accessing a post from a user's social networking page, identifying the content of a pre-defined set of features of the post, comparing the identified feature content with a database of known undesirable post feature content, and using the results of the comparison to determine whether the post is undesirable. | 01-17-2013 |
20120117648 | Malware Determination - A method and apparatus for a determining whether an electronic file stored at a client device is malware. A server receives from the client device a request message that signature information of the electronic file. The server queries a database of signature information of a multiplicity of electronic files. If the signature information of the electronic file corresponds to signature information stored on the database, a determination is made as to whether the electronic file is malware. If the signature information of the electronic file does not correspond to signature information stored on the database, a determination is made as to whether a predetermined number of further request messages for the electronic file are received from further client devices within a predetermined time period. If fewer request messages are received within the time period, it is likely that the electronic file is malware. | 05-10-2012 |