公开(公告)号：EP2146299A2

公开(公告)日：2010-01-20

申请号：EP09164578.8

申请日：2009-07-03

Applicant: SafeNet, Inc.

Inventor： Kivinen, Tero

IPC: G06F21/00

CPC classification number: H04L63/16 ,  G06F21/53 ,  G06F2221/2153 ,  H04L63/0428

Abstract: In an embodiment of a method of and system for secure communication, a computer system comprises a primary system protocol stack operative in kernel space and interfacing with an external network. A secondary system protocol stack, security software, and at least one application program operate in user space, and may be provided on a portable storage medium by a user who does not have privileges to install programs in kernel space. The application program interfaces with the secondary system protocol stack. The secondary system protocol stack interfaces with the primary system protocol stack. The security software operates on communications through the secondary system protocol stack.

Abstract translation: 在用于安全通信的方法和系统的实施例中，计算机系统包括在内核空间中操作并与外部网络接口的主系统协议栈。 辅助系统协议栈，安全软件和至少一个应用程序在用户空间中操作，并且可以由没有在内核空间中安装程序的权限的用户提供在便携式存储介质上。 应用程序与辅助系统协议栈进行接口。 辅助系统协议栈与主系统协议栈接口。 安全软件通过辅助系统协议栈进行通信。

公开(公告)号：EP2108145A2

公开(公告)日：2009-10-14

申请号：EP08728423.8

申请日：2008-01-28

Applicant: SafeNet, Inc.

Inventor： MURRAY, Eric

IPC: G06F7/04

CPC classification number: G06F21/6209

Abstract: A technique for protecting secrets may involve enclosing master secret keys in an encapsulation module functioning like an envelope on a host that may run an untrusted operating system. The encapsulation module itself can be obfuscated and protected with various software security techniques, such as anti-debugging techniques, which make reverse-engineering more difficult. Session or file keys could then be derived from the master key stored in the encapsulation module on the host, wherein each of the keys protects a session or a file on the host. Additionally, a code can be provided to prevent the master secret and the keys from being swapped to a non-volatile storage device of the host.

公开(公告)号：EP1977551A2

公开(公告)日：2008-10-08

申请号：EP07716933.2

申请日：2007-01-23

Applicant: SafeNet, Inc.

Inventor： ELTETO, Laszlo

IPC: H04L9/00

CPC classification number: G06F21/125

Abstract: A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell's security checks have probably not been performed.

公开(公告)号：EP2189925A3

公开(公告)日：2015-10-14

申请号：EP09175420.0

申请日：2009-11-09

Applicant: SafeNet, Inc.

Inventor： Elteto, Laszlo ,  Snyder, Henry W.

IPC: G06F21/24 ,  G06F21/22

CPC classification number: G06F21/6227 ,  G06F21/105

Abstract: A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained.

Abstract translation: 一种系统和方法，通过修改原始表名，列名，表格顺序，列顺序和/或数据字符集来保存数据库的模式，同时保留其功能，从而保持原始字符的标准顺序。

公开(公告)号：EP2488982A4

公开(公告)日：2013-05-29

申请号：EP09850325

申请日：2009-10-12

Applicant: SAFENET INC

Inventor： CHENG PETER

IPC: G06F21/12

CPC classification number: G06F21/126 ,  G06F21/121 ,  G06F21/125

公开(公告)号：EP2511847A1

公开(公告)日：2012-10-17

申请号：EP12160811.1

申请日：2012-03-22

Applicant: SafeNet, Inc.

Inventor： Zunke, Michael ,  Lange, Andreas ,  Elteto, Laszlo

IPC: G06F21/22

CPC classification number: G06F21/14 ,  G06F2221/034 ,  G06F2221/0728 ,  G06F2221/2101

Abstract: An apparatus, computer readable medium, and method of protecting an application, the method including responding to receiving a level of security for the application by evaluating each of a plurality of routines of the application to generate an evaluation for each of the plurality of routines of the application; selecting a number of the plurality of routines to protect based on the evaluation for each of the plurality of routines and the received level of security; and protecting the selected number of the plurality of routines.

Abstract translation: 一种保护应用的装置，计算机可读介质和方法，所述方法包括响应于通过评估所述应用的多个例程中的每一个来接收所述应用的安全级别，以生成针对所述应用的多个例程中的每一个的评估 应用程序; 基于对所述多个例程中的每一个的评估和所接收的安全级别来选择要保护的多个例程中的一个; 并保护所选择的多个例程。

公开(公告)号：EP2474932A1

公开(公告)日：2012-07-11

申请号：EP12150666.1

申请日：2012-01-10

Applicant: SafeNet, Inc.

Inventor： Dunn, Chris

IPC: G06F21/00

CPC classification number: G06F21/78

Abstract: A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described.

Abstract translation: 计算机系统包括：第一区域，包括存储在非易失性存储介质上的机器可读代码形式的基本图像;第二区域，包括存储在非易失性存储介质上的机器可读代码形式的机器图像; 和重复数据删除器。 第二区域机器图像包括与用于重复数据消除的基本图像充分相似的基本部分和第二区域机器图像专用的部分。 第一区域基础图像和第二区域机器图像由去重复数据删除器去重复数据消除。 第二个区域特殊部分使用第一个区域不可用的密钥，通过完全磁盘加密进行加密。 描述了实现这种系统的方法和计算机程序。

公开(公告)号：EP2115660A2

公开(公告)日：2009-11-11

申请号：EP08780383.9

申请日：2008-01-28

Applicant: SafeNet, Inc.

Inventor： MURRAY, Eric

IPC: G06F21/24

CPC classification number: G06F21/6218 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/14

Abstract: A technique for secure file encryption first choose a file encryption key randomly among a set of file encryption keys and encrypts a file using the chosen file encryption key based on a set of encryption rules. The file encryption key can then be encrypted via a directory master secret (DMS) key for an extra layer of security so that an intruder cannot decrypt the encrypted file even if the intruder gains access to the DMS-encrypted file encryption key. Finally, the DMS-encrypted file encryption key can be stored in a metadata associated with the file.

公开(公告)号：EP2065805A1

公开(公告)日：2009-06-03

申请号：EP08166119.1

申请日：2008-10-08

Applicant: SafeNet, Inc.

Inventor： Paul, Prabir ,  Vempati, Anil

IPC: G06F9/50

CPC classification number: G06F9/5088 ,  G06F9/5077 ,  G06F21/6209

Abstract: A novel approach is introduced for secured live migration of a software component currently running on one hosting device to another hosting device. One or more pages of the software component are encrypted before migration of the software component, and are later decrypted after the migration is complete. The software component is kept operational during the encryption, migration, and decryption of the software component. The one or more pages to be encrypted and decrypted can be selected based on data sensitivity and/or other criteria.

Abstract translation: 引入了一种新颖的方法，用于将当前在一个主机设备上运行的软件组件的实时迁移保护到另一主机设备。 软件组件的一个或多个页面在迁移软件组件之前被加密，并在迁移完成之后被解密。 该软件组件在软件组件的加密，迁移和解密期间保持运行。 可以基于数据敏感性和/或其他标准来选择要加密和解密的一个或多个页面。

公开(公告)号：EP1436936A4

公开(公告)日：2006-08-02

申请号：EP01274481

申请日：2001-12-03

Applicant: SAFENET INC

Inventor： WYSCHOGROD DANIEL ,  ARNAUD ALAIN ,  LEES DAVID ERIC BERMAN ,  LEIBMAN LEONID

IPC: H04L29/06 ,  G06F17/30

CPC classification number: G06F17/30985 ,  H04L45/742 ,  H04L69/03 ,  H04L69/22

Abstract: A system and method in accordance with the present invention determines in real-time the portions of a set of characters from a data or character stream which satisfies one or more predetermined regular expressions. A Real-time Deterministic Finite state Automaton (RDFA) (250) ensures that the set of characters is processed at high speeds with relatively small memory requirements. An optimized state machine models the regular expression(s) and state related alphabet lookup (254) and next state (256) tables are generated. Characters from the data stream (205) are processed in parallel using the alphabet lookup (254) and next state (256) tables, to determine whether to transition to a next state or a terminal state, until the regular expression is satisfied or processing is terminated. Additional means may be implemented to determine a next action from satisfaction of the regular expression.