Rootkit monitoring agent built into an operating system kernel

Number of patents in Portfolio can not be more than 2000

United States of America Patent

PATENT NO 8539584
APP PUB NO 20120054868A1
SERIAL NO

12871103

Stats

ATTORNEY / AGENT: (SPONSORED)

Importance

Loading Importance Indicators... loading....

Abstract

See full text

A rootkit monitoring agent (RMA) built into an operating system (OS) kernel for detecting a kernel-based rootkit and preventing subsequent effects of the rootkit. The RMA is activated as a kernel process subsequent to the OS initialization and stores a good state of OS kernel data structures including the System Service Descriptor Table (SSDT) and Interrupt Descriptor Table (IDT). The RMA monitors the SSDT and IDT and detects that a hook previously stored in the good state is changed by an installation of suspect software. The RMA determines the suspect software is a kernel-based rootkit by determining a whitelist does not indicate the changed hook. The RMA restores the changed hook to its good state. The RMA updates a blacklist to reference the changed hook.

Loading the Abstract Image... loading....

First Claim

See full text

Family

Loading Family data... loading....

Patent Owner(s)

  • INTERNATIONAL BUSINESS MACHINES CORPORATION

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Ramalingam, Jayakrishnan Bangalore, IN 2 50

Cited Art Landscape

Load Citation

Patent Citation Ranking

Forward Cite Landscape

Load Citation

Maintenance Fees

Fee Large entity fee small entity fee micro entity fee due date
11.5 Year Payment $7400.00 $3700.00 $1850.00 Mar 17, 2025
Fee Large entity fee small entity fee micro entity fee
Surcharge - 11.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge after expiration - Late payment is unavoidable $700.00 $350.00 $175.00
Surcharge after expiration - Late payment is unintentional $1,640.00 $820.00 $410.00