What technology area does this patent fall under?

Primary CPC classification G06F21/554. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Feb 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Discrete processor feature behavior collection

US12216759B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12216759-B2
Application number	US-202318512603-A
Country	US
Kind code	B2
Filing date	Nov 17, 2023
Priority date	Jun 28, 2017
Publication date	Feb 4, 2025
Grant date	Feb 4, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: monitoring, by a monitor engine including a secure execution environment, interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations; detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access; evaluating, by the monitor engine, instructions of the software content, wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data; identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures; applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and based on the determined malicious software content, taking a remedial action including isolating the software content. 2. The method of claim 1 , wherein the computing environment comprises a local computing environment of a remote environment. 3. The method of claim 1 , wherein the monitor engine is associated with an operating system kernel. 4. The method of claim 1 , wherein the performance data includes on global or local variables, function names, entry point addresses, or line numbers. 5. A system, comprising: a processor; a memory coupled to the processor, the memory comprising computer executable instructions for: monitoring, by a monitor engine including a secure execution environment, interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations; detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access; evaluating, by the monitor engine, instructions of the software content, wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data; identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures; applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and based on the determined malicious software content, taking a remedial action including isolating the software content. 6. The system of claim 5 , wherein the computing environment comprises a local computing environment of a remote environment. 7. The system of claim 5 , wherein the monitor engine is associated with an operating system kernel. 8. The system of claim 5 , wherein the performance data includes on global or local variables, function names, entry point addresses, or line numbers. 9. A non-transitory computer readable medium, comprising instructions for: monitoring, by a monitor engine including a secure execution environment, interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations; detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access; evaluating, by the monitor engine, instructions of the software content, wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data; identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures; applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and based on the determined malicious software content, taking a remedial action including isolating the software content. 10. The non-transitory computer readable medium of claim 9 , wherein the computing environment comprises a local computing environment of a remote environment. 11. The non-transitory computer readable medium of claim 9 , wherein the monitor engine is associated with an operating system kernel. 12. The non-transitory computer readable medium of claim 9 , wherein the performance data includes on global or local variables, function names, entry point addresses, or line numbers.

Assignees

Open Text Inc

Inventors

Klonowski Eric

Classifications

G06F2201/865
Monitoring of software · CPC title
G06F21/552
involving long-term monitoring or reporting · CPC title
G06F21/566
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
G06F11/3636
by tracing the execution of the program · CPC title
G06F11/3409
for performance assessment · CPC title

Patent family

Related publications grouped by family.

View patent family 64738940

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12216759B2 cover?: Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segme…
Who is the assignee on this patent?: Open Text Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/554. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Feb 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).