[ { "title": "Real time lockdown", "publication_date": "2005/28/12", "number": "08453243", "url": "/2005/12/28/real-time-lockdown/", "abstract": "A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.", "owner": "Websense, Inc.", "owner_city": "San Diego", "owner_country": "US" }, { "title": "Advertisement selection in an electronic application system", "publication_date": "2005/26/08", "number": "2033386", "url": "/2005/08/26/advertisement-selection-in-an-electronic-application-system/", "abstract": "Selecting advertisements to deliver to a user of an electronic application system. Selecting includes storing a plurality of user defined object types for defining attributes of user contributed objects, and storing a plurality of user contributed objects, each having an object type. Selecting further includes receiving from a user a request for one or more of the stored objects, wherein at least one of the requested objects has a user defined object type, and selecting an advertisement to provide to the user based at least in part on the user defined object type of the one or more requested objects.", "owner": "Ning, Inc.", "owner_city": "Mountain View", "owner_country": "US" }, { "title": "Simplified creation and termination of an ad hoc wireless network with internet connection sharing", "publication_date": "2005/31/03", "number": "07616588", "url": "/2005/03/31/simplified-creation-and-termination-of-an-ad-hoc-wireless-network-with-internet-connection-sharing/", "abstract": "Methods and systems are described for simplified creation of, connection to, and termination from an ad hoc wireless network. Graphical user interfaces are used to guide users though creation and joining ad hoc network. The option to share one user's Internet connection with the entire ad hoc network is also described. The ad hoc networks described can provide some managed services traditionally unavailable in ad hoc networks, such as IP address assignment and name resolution services. The ad hoc networks can be created with termination criteria, such that a computer's connection to the ad hoc network is automatically terminated and previous network configuration settings are restored when one or a combination of termination criteria are met.", "owner": "Microsoft Corporation", "owner_city": "Redmond", "owner_country": "US" }, { "title": "Secure virtual interface", "publication_date": "2005/01/03", "number": "07389399", "url": "/2005/03/01/secure-virtual-interface/", "abstract": "A network interface for secure virtual interface data communication includes a doorbell circuit, a processor, memory, and a bridge circuit. The doorbell circuit responds to physical I/O addresses of the host that are mapped by a memory management unit by a registration process. An application program seeking to use a channel of a virtual interface must register the virtual address of host memory where data for communication is or will be stored and register the virtual address of a page of I/O addresses. Access to the doorbell functions and to the host memory via the memory management unit are therefore denied when the requesting process identifier does not successfully compare with the process identifier for the process that performed the registrations. A password may be stored in the network interface in association with a virtual interface (VI) channel identifier and stored in association with the virtual to physical map used for VI communication. The network interface may abandon a requested or implied data communication when passwords so not successfully compare. Methods for virtual interface (VI) communication performed by an application program may include one or more of the steps of (a) establishing a VI channel where physical I/O addresses of a network controller are secured; (b) registering host memory for use with a VI channel where physical memory addresses are secured; (c) describing blocks of host memory with reference to a memory handle; and (d) accomplishing data communication of a described block of host memory via an established VI channel where the data and controls of the VI channel are secured and the data and controls of other VI channels are secured. Security is provided against both erroneous operations and operations intentionally effected by rouge processes.", "owner": "QLOGIC, Corporation", "owner_city": "Aliso Viejo", "owner_country": "US" } ]