Method and system to protect software-based network-connected devices from advanced persistent threat
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/55
G06F-021/56
출원번호
US-0705407
(2015-05-06)
등록번호
US-9954871
(2018-04-24)
발명자
/ 주소
Hussey, Robert Michael
Figwer, Kai J.
출원인 / 주소
Hand Held Products, Inc.
대리인 / 주소
Additon, Higgins & Pendleton, P.A.
인용정보
피인용 횟수 :
0인용 특허 :
223
초록▼
A method of protecting a network-connected device from an advanced persistent threat cyber-attack is provided. A network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, is protected from an advanced
A method of protecting a network-connected device from an advanced persistent threat cyber-attack is provided. A network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, is protected from an advanced persistent threat by steps of detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device and locking-down the communications of the network-connected device. The network-connected device may be provided with low-level routines that are correlated to the memory instructions. Detecting the advanced persistent threat may be comprised of authenticating the memory instructions of the network-connected device by using the installed low-level routines.
대표청구항▼
1. A method of protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, comprising the steps of: authenticati
1. A method of protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, comprising the steps of: authenticating the executable program instructions of the network-connected device using installed routines, the routine installed at a low level of the network device and being correlated to the memory instructions;detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device by running the routines prior to the device running the executable program instructions; andlocking-down the communications of the network-connected device when rogue software is detected. 2. The method of claim 1, wherein the routines are computing checksum blocks routines; and the authenticating step comprises: generating checksums for the memory instructions before the network-connected device is deployed for the first time; and comparing the checksum block routines to the checksums for the memory instructions. 3. The method of claim 2, wherein the generating step is accomplished when the memory instructions are loaded into the memory. 4. The method of claim 2, wherein the generating step is accomplished prior to executing the instructions for the first time. 5. The method of claim 2, wherein the low level of the network-connected device is part of the operating system. 6. The method of claim 5, further comprising the step of installing the checksum block routines when the operating system is installed. 7. The method of claim 5, further comprising the step of installing the checksum block routines into the operating system before the network-connected device is deployed for the first time. 8. The method of claim 2, wherein the locking-down step is initiated if the checksums for the memory instructions are not authenticated by the checksum block routines in the comparing step. 9. The method of claim 2, further comprising the step of: protecting the checksum block routines from unauthorized changes. 10. A system for protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device being wireless communication enabled and having an operating system, a central processing unit, a memory, executable program instructions loaded into the memory; the operating system, central processing unit, memory and executable program instructions being communicatively linked; the system comprising: routines installed in a low-level of the network-connected device, the routines being correlated to the executable program instructions before the network-connected device is deployed for the first time;the central processing unit being configured to allow the routines to authenticate the executable program instructions before the central processing unit executes the program instructions;the routines being configured to lock-down communications between the network-connected device and other devices if the routine finds instructions in the memory which do not correlate to the executable program instructions in the memory. 11. The system of claim 10, further comprising: checksums generated for the executable programs in the memory, and wherein the routines are computing checksum block routines, the checksum block routines being configured to authenticate the checksums in the executable programs. 12. The system of claim 11, further comprising a security scheme to protect the checksum block routines. 13. The system of claim 12, wherein the security scheme is a public key and private key cryptography. 14. The system of claim 12, wherein the security scheme is a two-factor scheme, the two-factor authentication requiring that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made. 15. The system of claim 10, wherein the central processing unit is configured to allow the routines to authenticate all the executable program instructions in the memory before the central processing unit executes the program instructions. 16. The system of claim 10, further comprising diagnostic routines configured to run on the network-connected device when in communications lock-down, the diagnostic routines being configured to identify details of the advanced persistent threat cyber-attack. 17. The system of claim 10, further comprising updating routines configured to run on the network-connected device when in communications lock-down, the updating routines being configured to update the executable program instructions to a pre-advanced persistent threat cyber-attack state. 18. The system of claim 10, further comprising an alert indicator, the alert indicator being communicatively linked to the routines, the alert indicator being initialized when the routines lock-down the network-connected device. 19. The system of claim 18, wherein the alert indicator is selected from an audio alarm and a visual indicator.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (223)
Woodburn, William, Access door with integrated switch actuator.
Caballero, Aldo M.; French, Daniel Brant; Hinson, Douglas M.; Kosecki, James C.; Mangicaro, David; Reynolds, Scott; Yeakley, Daniel Duane, Apparatus and methods for monitoring one or more portable data terminals.
Havens, William H.; Barber, Charles P.; Gannon, Colleen; Gardiner, Robert C.; Hennick, Robert J.; Pettinelli, John A., Apparatus operative for capture of image data.
Horn, Erik Van; Giordano, Patrick Anthony; Amundsen, Thomas; Olson, Daniel James; Brady, Robert Hugh; Colavito, Stephen; Saber, Kevin; Haggerty, Thomas; Wilz, Sr., David M., Bar code symbol reading system employing an extremely elongated laser scanning beam capable of reading poor and damaged quality bar code symbols with improved levels of performance.
Xian, Tao; Ellis, Duane; Good, Timothy; Zhu, Xiaoxun, Bar code symbol reading system supporting visual or/and audible display of product scan speed for throughput optimization in point of sale (POS) environments.
Todeschini, Erik; Deloge, Stephen Patrick; Meier, Timothy; Anderson, Donald; Hejl, Benjamin; Koziol, Thomas, Cloud-based system for reading of decodable indicia.
Kearney, Sean Philip; Giordano, Patrick Anthony; Cunningham, Charles Joseph; Bond, Desmond; Amundsen, Thomas, Decodable indicia reading terminal with combined illumination.
Biss, Charles E.; Havens, William H.; Robinson, Michael D.; Balschweit, Paul; Fitch, Timothy R.; McCall, Melvin D.; Gomez, Garrison; McClaude, Mark A.; Longacre, Andrew; Sonneville, Eunice, Device and system for processing image data representing bar codes.
Edmonds, Shane Michael; Keaney, Sean Philip, Hybrid-type bioptical laser scanning and digital imaging system supporting automatic object motion detection at the edges of a 3D scanning volume.
Edmonds, Shane Michael; Kearney, Sean Philip, Hybrid-type bioptical laser scanning and digital imaging system supporting automatic object motion detection at the edges of a 3D scanning volume.
Kearney, Sean Philip, Hybrid-type bioptical laser scanning and imaging system supporting digital-imaging based bar code symbol reading at the surface of a laser scanning window.
Barber, Charles P.; Gerst, Carl W.; Smith, George S.; Hussey, Robert M.; Gardiner, Robert C.; Pankow, Matthew W., Imaging apparatus having imaging assembly.
Barber, Charles P.; Gerst, III, Carl W.; Smith, II, George S.; Hussey, Robert M.; Gardiner, Robert C.; Pankow, Matthew W., Imaging apparatus having imaging assembly.
Havens, William H.; Pitou, David Stewart; McColloch, Laurence Ray; Barber, Charles Paul; Gannon, Colleen Patricia, Imaging module having lead frame supported light source or sources.
Wang, Ynjiun P.; Ahearn, Kevin; Deloge, Stephen P.; Ehrhart, Michael A.; Havens, William H.; Hussey, Robert M.; Koziol, Thomas J.; Li, Jianhua; Li, Jingquan; Montoro, James; Powilleit, Sven M. A., Indicia reading terminal having spatial measurement functionality.
Havens, William H.; Wang, Ynjiun P.; Hennick, Robert J.; Gannon, Colleen; Anderson, Donald; Hunter, Vivian L.; Bremer, Edward C.; Feng, Chen, Indicia reading terminal including focus element with expanded range of focus distances.
Wang, Ynjiun P.; Bremer, Edward C.; Feng, Chen; Gannon, Colleen P.; Havens, William H.; Li, Jianhua; Meier, Timothy P., Indicia reading terminal processing plurality of frames of image data responsively to trigger signal activation.
Hennick, Robert J.; Havens, William H.; Meier, Timothy; McCloskey, Scott; Anderson, Donald; Wang, Ynjiun P.; Hussey, Robert M.; Van Horn, Erik; Kearney, Sean P., Indicia reading terminals and methods for decoding decodable indicia employing light field imaging.
Wilz, Sr., David M., Laser scanning bar code symbol reading system having intelligent scan sweep angle adjustment capabilities over the working range of the system for optimized bar code symbol reading performance.
Xian, Tao; Wang, Ynjiun P.; Liu, Yong; Feng, Chen, Laser scanning code symbol reading system employing multi-channel scan data signal processing with synchronized digital gain control (SDGC) for full range scanning.
Brady, Robert Hugh; Colavito, Stephen; Wilz, Sr., David; Teng, Zhipeng; Dixon, Myron Levon, Laser scanning code symbol reading system providing improved control over the length and intensity characteristics of a laser scan line projected therefrom using laser source blanking control.
Fritz, Bernard; Cox, James Allen; Reutiman, Peter L., Laser scanning system employing an optics module capable of forming a laser beam having an extended depth of focus (DOF) over the laser scanning field.
Havens, William; Kearney, Sean Philip, Laser scanning system using laser beam sources for producing long and short wavelengths in combination with beam-waist extending optics to extend the depth of field thereof while resolving high resolution bar code symbols having minimum code element widths.
Braho, Keith; El-Jaroudi, Amro; Pike, Jeffrey, Method and system for considering information about an expected response when performing speech recognition.
Van Horn, Erik; Olson, Daniel James, Method of and apparatus for managing and redeeming bar-coded coupons displayed from the light emitting display surfaces of information display devices.
Amundsen, Thomas; Kearney, Sean Philip; Edmonds, Shane Michael; Wang, Ynjiun Paul; Good, Timothy; Miraglia, Michael; Cunningham, IV, Charles Joseph; Zhu, Xiaoxun; Giordano, Patrick Anthony, Method of and system for detecting object weighing interferences.
Amundsen, Thomas; Kearney, Sean Philip; Edmonds, Shane Michael; Wang, Ynjiun Paul; Good, Timothy; Miraglia, Michael; Cunningham, IV, Charles Joseph; Zhu, Xiaoxun; Giordano, Patrick Anthony, Method of and system for detecting produce weighing interferences in a POS-based checkout/scale system.
Van Horn, Erik; Kearney, Sean Philip, Method of and system for reading visible and/or invisible code symbols in a user-transparent manner using visible/invisible illumination source switching during data capture and processing operations.
Berthiaume, Guy H.; Caballero, Aldo M.; Cairns, James A.; Havens, William H.; Koziol, Thomas J.; Stewart, James W.; Wang, Ynjiun P.; Yeakley, Daniel D., Methods and apparatus to change a feature set on data collection devices.
Plesko, George, Molded elastomeric flexural elements for use in a laser scanning assemblies and scanners, and methods of manufacturing, tuning and adjusting the same.
Phillips, Thomas G.; Schoppa, Christopher A.; Frank, Alexander; Light, Mark Curtis; Westerinen, Wiliam Jefferson, Network security device and method for protecting a computing device in a networked environment.
Good, Timothy, Omnidirectional laser scanning bar code symbol reader generating a laser scanning pattern with a highly non-uniform scan density with respect to line orientation.
Kotlarsky, Anatoly; Zhu, Xiaoxun; Veksland, Michael; Au, Ka Man; Giordano, Patrick; Yan, Weizhen; Ren, Jie; Smith, Taylor; Miraglia, Michael V.; Knowles, C. Harry; Mandal, Sudhin; De Foney, Shawn; Allen, Christopher; Wilz, Sr., David M., Optical code symbol reading system employing a LED-driven optical-waveguide structure for illuminating a manually-actuated trigger switch integrated within a hand-supportable system housing.
Kotlarsky, Anatoly; Zhu, Xiaoxun; Veksland, Michael; Au, Ka Man; Giordano, Patrick; Yan, Weizhen; Ren, Jie; Smith, Taylor; Miraglia, Michael V.; Knowles, C. Harry; Mandal, Sudhin; De Foney, Shawn; Allen, Christopher; Wilz, Sr., David M., Optical code symbol reading system employing an acoustic-waveguide structure for coupling sonic energy, produced from an electro-transducer, to sound wave ports formed in the system housing.
Kotlarsky, Anatoly; Zhu, Xiaoxun; Veksland, Michael; Au, Ka Man; Giordano, Patrick; Yan, Weizhen; Ren, Jie; Smith, Taylor; Miraglia, Michael V.; Knowles, C. Harry; Mandal, Sudhin; De Foney, Shawn; Allen, Christopher; Wilz, Sr., David M., Optical scanning system having an extended programming mode and method of unlocking restricted extended classes of features and functionalities embodied therewithin.
Barten, Henri Jozef Maria, POS-based code symbol reading system with integrated scale base and system housing having an improved produce weight capturing surface design.
Cunningham, Charles; Good, Timothy; Kearney, Sean Philip; Miraglia, Michael; Amundsen, Thomas; Giordano, Patrick; Wang, Yujiun Paul; Zhu, Xiaoxun, Point of sale (POS) based checkout system supporting a customer-transparent two-factor authentication process during product checkout operations.
Barber, Charles P.; Gerst, III, Carl W.; Smith, II, George S.; Hussey, Robert M.; Gardiner, Robert C.; Pankow, Matthew W., Reading apparatus having partial frame operating mode.
Murawski, Mark David; Russell, Philip E., Receiving application specific individual battery adjusted battery use profile data upon loading of work application for managing remaining power of a mobile device.
Soule, III, Robert M.; Berthiaume, Guy H.; Caballero, Aldo Mario; Conti, Brian V.; Harper, Jeffrey Dean; Hooks, Larry K.; Meggitt, Adam Edward; Sauerwein, James T.; Yeakley, Daniel D., Reprogramming system and method for devices including programming symbol.
Maloy, James D.; Kusar, Michael; Mranca, Alexander; Narayan, Venkatesh; Thorsen, Jeffrey, System and method for generating and updating location check digits.
Phillips, Thomas G; Frank, Alexander; Chandley, Adrian M; Schoppa, Christopher A; Westerinen, William J, System and method for securing a computer system connected to a network from attacks.
Gomez, Garrison; Siegler, Thomas A.; Soule, III, Robert M.; Daddabbo, Nick; Sperduti, David, System and method to store and retrieve identifier associated information content.
Furlong, John A.; Hernandez, Mark Jose Antonio; Koch, Craig; Nahill, James; Cunningham, IV, Charles Joseph; Kearney, Sean Philip; Smith, Taylor, System having imaging assembly for use in output of image data.
Hendrickson, James; Scott, Debra Drylie; Littleton, Duane; Pecorari, John; Slusarczyk, Arkadiusz, Systems and methods for dynamically improving user intelligibility of synthesized speech in a work environment.
Pease, Michael; Bouchat, Christopher; Dobeck, Brian Roman; Sauerwein, Jr., James T.; Youngblood, Eric, Terminal configurable for use within an unknown regulatory domain.
Harding, Andrew C.; Suhr, Jeffrey K.; Allen, Nicholas P., Testing automatic data collection devices, such as barcode, RFID and/or magnetic stripe readers.
Essinger, Steven; Zhu, Xiaoxun; Schnee, Michael; Liu, JiBin; Shen, Xin; Chen, LiangLiang; Lu, Jun, Wireless dual-function network device dynamically switching and reconfiguring from a wireless network router state of operation into a wireless network coordinator state of operation in a wireless communication network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.