IoT and PoS anti-malware strategy
US-10432655-B2 · Oct 1, 2019 · US
IoT and PoS anti-malware strategy
US11050775B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11050775-B2 |
| Application number | US-201916588589-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 30, 2019 |
| Priority date | Mar 31, 2016 |
| Publication date | Jun 29, 2021 |
| Grant date | Jun 29, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods apparatus, systems, and articles of manufacture for IoT and PoS anti-malware are disclosed. An example method includes detecting a combination of function calls. Whether the combination of function calls is a forbidden combination of function calls for the device is detected based on a limited intended functionality of the device. The forbidden combination of function calls includes a first function call and a second function call. The first function call is allowed in isolation from the second function call. The second function call is allowed in isolation from the first function call. In response to determining that the combination of function calls is forbidden for the device, a responsive action is performed.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus for providing security for a device, the apparatus comprising: memory; and one or more processors to execute machine readable instructions to cause the one or more processors to at least: in response to detecting a first function call, identify a second function call in a log of function calls; determine whether a combination of the first function call and the second function call is forbidden for execution by the device based on a limited intended functionality of the device, the first function call allowed in isolation from the second function call, the second function call allowed in isolation from the first function call; and in response to determining that the combination of the first function call and the second function call is forbidden for the device, perform a responsive action. 2. The apparatus of claim 1 , wherein to perform the responsive action, the one or more processors is to at least one of: prevent the first function call from executing; disable the device; and generate a notification. 3. The apparatus of claim 2 , wherein the one or more processors is to cause transmission of the notification to a user device. 4. The apparatus of claim 2 , wherein the one or more processors is to cause transmission of the notification to a remote server, the notification including data regarding the combination of the first function call and the second function call. 5. The apparatus of claim 1 , wherein the one or more processors is to store a record of the first function call in the log of function calls. 6. The apparatus of claim 1 , wherein the one or more processors is to determine whether the combination of the first function call and the second function call is forbidden by determining that the combination of the first function call and the second function call is associated with a forbidden parameter for the device, the combination of the first function call and the second function call rendered forbidden based on the forbidden parameter causing the function call to represent functionality outside the limited intended functionality of the device. 7. The apparatus of claim 1 , wherein the one or more processors is to: access, from a server, an updated list of forbidden function calls; and monitor the device to detect a further forbidden function call using the updated list of forbidden function calls. 8. The apparatus of claim 7 , wherein the updated list of forbidden function calls is specific to an intended functionality of the device. 9. The apparatus of claim 1 , wherein the device is a point of sale device. 10. At least one machine readable storage disk or storage device comprising instructions that, when executed, cause at least one processor to at least: in response to detecting a first function call, identify a second function call in a log of function calls; determine whether a combination of the first function call and the second function call is a forbidden combination of function calls based on a limited intended functionality of the device, the first function call allowed in isolation from the second function call, the second function call allowed in isolation from the first function call; and in response to determining that the combination of the first function call and the second function call is forbidden, perform a responsive action. 11. The at least one machine readable storage disk or storage device of claim 10 , wherein the responsive action includes at least one of: preventing execution of the first function call from executing; disabling the device; and generating a notification. 12. The at least one machine readable storage disk or storage device of claim 11 , wherein the instructions, when executed, cause the device to at least cause transmission of the notification to a user device. 13. The at least one machine readable storage disk or storage device of claim 11 , wherein the instructions, when executed, cause the device to at least cause transmission of the notification to a remote server, the notification including data regarding the combination of the first function call and the second function call for analysis. 14. The at least one machine readable storage disk or storage device of claim 10 , wherein the instructions, when executed, cause the device to store a record of the first function call in the log of function calls. 15. The at least one machine readable storage disk or storage device of claim 10 , wherein the instructions, when executed, cause the device to at least determine whether the combination of the first function call and the second function call is forbidden by determining that the combination of the first function call and the second function call is associated with a forbidden parameter for the device, the forbidden parameter to cause the combination of function calls to represent functionality outside the limited intended functionality of the device. 16. The at least one machine readable storage disk or storage device of claim 10 , wherein the combination of the first function call and the second function call includes one or more API calls. 17. A method to provide security in a device, the method comprising: detecting a first function call; in response to detecting a first function call, identifying, by executing an instruction with a processor, a second function call in a log of function calls; determining, by executing an instruction with the processor, whether the combination of the first function call and the second function call is forbidden based on a limited intended functionality of the device, the first function call allowed in isolation from the second function call, the second function call allowed in isolation from the first function call; and in response to determining that the combination of the first function call and the second function call is forbidden, performing a responsive action. 18. The method of claim 17 , wherein the responsive action includes at least one of: preventing the first function call from executing; disabling the device; and generating a notification. 19. The method of claim 18 , further including storing a record of the first function call in the log of function calls. 20. The method of claim 18 , further including transmitting the notification to a remote server, the notification including data regarding the function call.
Assignees
Inventors
Classifications
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
Additional information in the notification, e.g. enhancement of specific meta-data · CPC title
using logs of notifications; Post-processing of notifications · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11050775B2 cover?
- Methods apparatus, systems, and articles of manufacture for IoT and PoS anti-malware are disclosed. An example method includes detecting a combination of function calls. Whether the combination of function calls is a forbidden combination of function calls for the device is detected based on a limited intended functionality of the device. The forbidden combination of function calls includes a f…
- Who is the assignee on this patent?
- Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 29 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).