New Technologies to Combat New Threats: Kaspersky Lab’s Q1 2015 Patents Digest
In the first quarter of 2015 Kaspersky Lab obtained 29 patents in the USA, the EU, Russia and China.
In the first quarter of 2015 Kaspersky Lab obtained 29 patents in the USA, the EU, Russia and China. This digest highlights the most noticeable innovations patented during this period.
In recent years, companies have worked increasingly hard on protecting data confidentiality and applying data encryption. To ensure reliable protection, Kaspersky Lab is constantly improving its own encryption technology as found in Kaspersky Endpoint Security for Business. The United States Patent and Trademark Office granted Kaspersky Lab two patents related to this technology in Q1 of 2015. The first patent, System and method for robust full-drive encryption, makes the Full Disk Encryption (FDE) service more resilient. The patent describes a method to determine the optimum size of the data block and the mask of the encrypted area needed to maintain the resiliency of full disk encryption. The second patent, System and method for controlling user access to encrypted data, describes a technology that simplifies the administration of accounts and regulation of encryption policies. This development can automatically determine the list of active users of each computer and create preloading accounts that require authentication before loading the operating system when using full disk encryption. It also describes an automatic method to apply encryption policies for all active users of the computer.
Kaspersky Lab also received the following patents from the United States Patent and Trademark Office (USPTO):
- Portable security device and methods for secure communication. The patent describes a hardware solution that helps minimize the risks associated with the possible theft of different sorts of authentication data. This information can be stored on a separate device with its own CPU, memory, closed operating system, input and output devices as well as network controllers for connections to an unprotected computer.
- System and method for detection of malware using behavior model scripts of security rating rules. The technology described in the patent develops the use of rules to determine the security rating of various processes. This approach is used in the System Watcher module, which is part of Kaspersky Lab’s solutions for both home users and businesses. The patented approach allows the creation of special scripts that are based on the same rules of determining the security rating but which use logical operators (OR, AND). This enables evaluation of the threat level for certain sets of rules, taking into account the frequency of their activation. In addition, it is possible to set an extreme value for the threat rating for each set of rules that allows an immediate block on specific patterns of malicious behavior (for example, attempts to steal passwords).
- Flexible fingerprint for detection of malware. This patent describes a system of data conversion that enables generation of the same results from a variety of similar files. That means a slight change in the file does not entail a change in the conversion result. Thus, it will serve as a universal checksum to identify various modifications of the same malicious code, helping to substantially reduce the size of antivirus databases while improving detection.
- System and method for automatically configuring application control rules. The technology helps to eradicate the errors that may occur when using several conflicting Application control rules. The patented system can check any rule using the predetermined "network model". The model includes information on all executable files and their categories, on user accounts and their roles in the network, as well as on all existing Application control rules. The system makes it possible to adjust the rules if contradictions are detected.
- System and method for detecting malicious software using malware trigger scenarios. This patent describes a method of controlling the operation of a mobile application and simulating possible user action scenarios on the device in order to analyze the application. This makes it possible to create a controlled environment in which the applications will be studied in different simulated conditions, specifically those where malicious code could execute its payload.
- System and method for linking various protocols for controlling devices with their owners.The technology described in this patent enables multiple devices with software agents installed to be associated with a particular user. This allows the system administrator to apply policies and issue commands at a user level rather than a device level. This is used in Kaspersky Security Center.
- System and methods of distributing antivirus checking tasks among virtual machines in a virtual network. This patent describes a technology that transfers the load on different virtual machines by dividing the protection system into two levels. The first level of protection, implemented by the light agent working on a virtual machine, can meet challenges that require a quick response to possible actions, and contains such components as the Host-based Intrusion Prevention System. The second level is implemented using a specialized machine, and solves more resource-intensive, less priority-oriented and more lasting tasks, such as antivirus scanning of files. The technology is used in Kaspersky Security for Virtualization.
Several patents have been granted by Rospatent, Russia’s patent agency. These include:
- System and method for adaptive modification of antivirus databases. The patented technology separates the records of the antivirus engine database by different types. It works as follows: when a file signature is added to the base, its file type (for example, exe, zip) is analyzed and information about it is stored in the database. Therefore, the next scan starts by determining the file type and comparing it to the corresponding signatures. This significantly reduces scan times. The system is used in solutions for mobile devices.
- System and method for protecting computer resources from unauthorized access using isolated environment. This patent protects the technology that ensures an organization’s data is secured against unauthorized access. The development involves the creation of isolated environments for those applications that work with sensitive data. These environments allow the applications to interact with network resources, storage and devices in strict compliance with the enterprise security policies.
This is not an exhaustive list of the patents obtained by Kaspersky Lab in the first quarter of 2015, but records only those that were first patented in one of the regions. All the other technologies that received patents in this period had previously been granted a patent in another country. Kaspersky Lab is constantly developing and patenting new IT security technologies. As of June 2015, Kaspersky Lab had 322 patents in Russia, the US, China and Europe. The company has a further 301 patent applications pending in several countries.