| 发明名称 | System and method for protecting against point of sale malware using memory scraping | ||
| 摘要 | A software, system and methodology for protecting against malware Point-of-Sale attacks that utilize, for example, memory scraping techniques. The application protects Point-of-sale hardware and its software against memory scraping malware attacks, and the loss of critical user credit card and confidential information often swiped at a terminal or stored in point of sale application databases. An embodiment of a method for blocking memory scraping attacks includes the following steps. Upon detecting a credit card swipe submission event from local hardware or comport event specific memory table events are flagged as unreadable, and immediately after allowing the data to be properly submitted, the system memory tables are cleared of data and specific memory processes are flagged as readable again. The method prevents memory scraping or point of sale malware from capturing swiped credit card data or input data, thereby protecting the user from theft of credit card data or other credentials. | ||
| 申请公布号 | US9596250(B2) | 申请公布日期 | 2017.03.14 |
| 申请号 | US201514709224 | 申请日期 | 2015.05.11 |
| 申请人 | Trusted Knight Corporation | 发明人 | Reddington Raymond Lloyd |
| 分类号 | H04L29/06;G06F21/53;G06F21/52 | 主分类号 | H04L29/06 |
| 代理机构 | Beyer Law Group | 代理人 | Beyer Law Group |
| 主权项 | 1. A method for preventing malicious memory scraping executable by a microprocessor, the method comprising the steps of: providing a predetermined software processes at a zero-ring level using physical RAM that can be opened as a section named “//Device//PhysicalMemory” with NtOpenSection( ); mapping with NtMapViewOfSection( ) native API functions which include Kernel highest level drivers, intermediate drivers and low level drivers in the NT Kernel and which communicate with Ring 3 (user land) applications to establish a 0 ring hook; mapping a targeted physical address with NtMapViewOfSection( ) pointer; providing write access to “//Device//PhysicalMemory” using NtOpenSection call to WRITEDAC and READCONTROL; and restoring a memory table; wherein the step of restoring the memory table includes: determining a local hook; monitoring for processProduct, SedebugPrivilege escalation or NtReadVirtualMemory memory calls; and comparing to a known database of malicious calls; and restoring memory tables to null. | ||
| 地址 | Annapolis MD US | ||