Patents by Inventor Daniel M. Teal
Daniel M. Teal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9374390Abstract: Techniques allow runtime extensions to a whitelist that locks down a computational system. For example, executable code is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code.Type: GrantFiled: January 23, 2015Date of Patent: June 21, 2016Assignee: LUMENSION SECURITY, INC.Inventors: Daniel M. Teal, Wesley G. Miller, Charisse Castagnoli, Toney Jennings, Todd Schell, Richard S. Teal
-
Patent number: 8950007Abstract: Techniques have been developed to allow runtime extensions to a whitelist that locks down a computational system. For example, executable code (including e.g., objects such as a script or active content that may be treated as an executable) is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code (e.g., in the whitelist itself).Type: GrantFiled: January 28, 2010Date of Patent: February 3, 2015Assignee: Lumension Security, Inc.Inventors: Daniel M. Teal, Wesley G. Miller, Charisse Castagnoli, Toney Jennings, Todd Schell, Richard S. Teal
-
Publication number: 20100318789Abstract: System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules.Type: ApplicationFiled: March 19, 2010Publication date: December 16, 2010Inventors: Richard S. Teal, Todd A. Schell, Daniel M. Teal
-
Patent number: 7711952Abstract: System and method are disclosed for securing and managing individual end-user platforms as part of an enterprise network. The method/system of the invention has three main components: a security module, a manager appliance, and a console appliance. The security module enforces the enterprise licenses and security policies for the end-user platforms while the manager appliance provides secure, centralized communication with, and oversight of, the security module. The console appliance allows an administrator to access the manager appliance for purposes of monitoring and changing the licenses. Security is established and maintained through an innovative use of data encryption and authentication procedures. The use of these procedures allows the appliances to be uniquely identified to one another, which in turn provides a way to dynamically create unique identifiers for the security modules.Type: GrantFiled: September 13, 2005Date of Patent: May 4, 2010Assignee: Coretrace CorporationInventors: Daniel M. Teal, Richard S. Teal, Todd A. Schell
-
Patent number: 7398389Abstract: A system and method for network security using a kernel based network security infrastructure is disclosed. The method comprises the installation of a computer code set into the operating system kernel of each computer on a network and use of the computer code set to detect and stop unwanted or malicious intrusions into the kernel. Because the security feature is kernel based, a broader range of security features, such as security of communication between user-space applications and the kernel, can be implemented.Type: GrantFiled: November 14, 2002Date of Patent: July 8, 2008Assignee: Coretrace CorporationInventors: Daniel M. Teal, Richard S. Teal
-
Patent number: 6816973Abstract: A method and system for adaptive network security using intelligent packet analysis are provided. The method comprises monitoring network data traffic. The network data traffic is analyzed to assess network information. A plurality of analysis tasks are prioritized based upon the network information. The analysis tasks are to be performed on the monitored network data traffic in order to identify attacks upon the network.Type: GrantFiled: November 13, 2002Date of Patent: November 9, 2004Assignee: Cisco Technology, Inc.Inventors: Robert E. Gleichauf, Daniel M. Teal, Kevin L. Wiley
-
Patent number: 6785821Abstract: An intrusion detection system and method for detecting unauthorized or malicious use of network resources includes an intrusion detection analysis engine that instanciates one or more analysis objects to detect signatures associated with attacks on network vulnerabilities. As new network vulnerabilities are identified, new analysis objects can be dynamically interfaced on a runtime basis with the intrusion detection analysis engine to detect signatures associated with the new network vulnerabilities. A signature application programming interface supports communication between the intrusion detection analysis engine and the analysis objects. When the instance of an analysis object indicates that an associated signature exists in network data, the intrusion detection analysis engine can provide an alarm.Type: GrantFiled: November 4, 2002Date of Patent: August 31, 2004Assignee: Cisco Technology, Inc.Inventor: Daniel M. Teal
-
Publication number: 20030120935Abstract: A system and method for network security using a kernel based network security infrastructure is disclosed. The method comprises the installation of a computer code set into the operating system kernel of each computer on a network and use of the computer code set to detect and stop unwanted or malicious intrusions into the kernel. Because the security feature is kernel based, a broader range of security features, such as security of communication between user-space applications and the kernel, can be implemented.Type: ApplicationFiled: November 14, 2002Publication date: June 26, 2003Applicant: CORETRACE CORPORATIONInventors: Daniel M. Teal, Richard S. Teal
-
Patent number: 6499107Abstract: A method and system for adaptive network security using intelligent packet analysis are provided. The method comprises monitoring network data traffic. The network data traffic is analyzed to assess network information. A plurality of analysis tasks are prioritized based upon the network information. The analysis tasks are to be performed on the monitored network data traffic in order to identify attacks upon the network.Type: GrantFiled: December 29, 1998Date of Patent: December 24, 2002Assignee: Cisco Technology, Inc.Inventors: Robert E. Gleichauf, Daniel M. Teal, Kevin L. Wiley
-
Patent number: 6477651Abstract: An intrusion detection system and method for detecting unauthorized or malicious use of network resources includes an intrusion detection analysis engine that instanciates one or more analysis objects to detect signatures associated with attacks on network vulnerabilities. As new network vulnerabilities are identified, new analysis objects can be dynamically interfaced on a runtime basis with the intrusion detection analysis engine to detect signatures associated with the new network vulnerabilities. A signature application programming interface supports communication between the intrusion detection analysis engine and the analysis objects. When the instance of an analysis object indicates that an associated signature exists in network data, the intrusion detection analysis engine can provide an alarm.Type: GrantFiled: January 8, 1999Date of Patent: November 5, 2002Assignee: Cisco Technology, Inc.Inventor: Daniel M. Teal
-
Patent number: 6301668Abstract: A method and system for adaptive network security using network vulnerability assessment is disclosed. The method comprises directing a request onto a network. A response to the request is assessed to discover network information. A plurality of analysis tasks are prioritized based upon the network information. The plurality of analysis tasks are to be performed on monitored network data traffic in order to identify attacks upon the network.Type: GrantFiled: December 29, 1998Date of Patent: October 9, 2001Assignee: Cisco Technology, Inc.Inventors: Robert E. Gleichauf, William A. Randall, Daniel M. Teal, Scott V. Waddell, Kevin J. Ziese