Patents Assigned to AO Kaspersky Lab
  • Patent number: 12248575
    Abstract: Disclosed herein are systems and methods for monitoring delivery of messages passed between processes from different operating systems. In one aspect, an exemplary method comprises, creating a proxy process in a first Operating System (OS) for a second process, wherein the second process is from a second OS, the first and second OS being installed in respective computing environments, assigning at least one security policy to the created proxy process for monitoring delivery of messages associated with the created proxy process, where the messages are transmitted through a programming interface of the created proxy process corresponding to a programming interface of the second process, generating a security monitor for the first OS based on the created proxy process and security policies of the first OS, and monitoring the delivery of messages between at least a first process in the first OS and the second process based on the security policies.
    Type: Grant
    Filed: June 8, 2022
    Date of Patent: March 11, 2025
    Assignee: AO Kaspersky Lab
    Inventors: Stanislav V. Pinchuk, Andrey Y. Simanovsky, Sergey V. Rogachev
  • Patent number: 12184760
    Abstract: Disclosed herein are systems and methods for granting a user data processor access to a cryptocontainer of user data. In one aspect, an exemplary method comprises, creating a cryptocontainer for user's data, wherein the cryptocontainer receives at least one element of the user's data and encrypts the element; for the user data processor, establishing rights for accessing the element using a first key, and forming at least one access structure, the forming including, placing the first key in the access structure based on the established rights, receiving, from the user data processor, a second key linked to the user data processor which is to be used for accessing the first key, and encrypting the first key with the second key; and when a request for access to the cryptocontainer is received, granting, to the user data processor, access to the cryptocontainer based on the formed at least one access structure.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: December 31, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Sergey V. Kozlov, Andrey A. Efremov, Dmitry V. Shmoylov, Pavel V. Filonov, Dmitry G. Ivanov
  • Patent number: 12166771
    Abstract: A method for transferring data from a first network to a second network using a gateway includes setting, by a security monitor, a state of the gateway to a first state indicating to a destination agent that access is granted to trusted memory and denied to the second network and untrusted memory. The destination agent is configured, while the gateway is in the first state, based on parameters stored in the trusted memory, to transfer data received from a source agent to the second network. The state of the gateway is changed to a second state indicating to the destination agent that access is denied to the trusted memory and granted to the second network and the untrusted memory. Transfer of the data from the source agent of the first network to the destination agent of the second network is controlled, while the gateway is in the second state.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: December 10, 2024
    Assignee: AO KASPERSKY LAB
    Inventors: Dmitry S. Lukiyan, Alexey G. Vereshchagin, Maxim A. Dontsov, Ruslan Y. Morozov, Denis S. Kashitsyn
  • Patent number: 12141269
    Abstract: A method for building a security monitor includes identifying one or more objects of a microkernel Operating System (OS) participating in transmission of an Inter Process Communication (IPC) message. The one or more OS objects include one or more processes and/or one or more applications executed by the microkernel OS. One or more security policies associated with the identified microkernel OS objects are selected from a security policy database. A policy verification module is configured based on the selected security policies to generate a decision related to controlling the transmission of the IPC message. A security monitor is generated using the configured policy verification module to control the transmission of the message based on the decision generated by the policy verification module.
    Type: Grant
    Filed: April 1, 2022
    Date of Patent: November 12, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Vladimir S. Burenkov, Alexander A. Bondarenko
  • Patent number: 12143358
    Abstract: A method for generating a signature of a spam message includes determining one or more classification attributes and one or more clustering attributes contained in successively intercepted first and second electronic messages. The first electronic message is classified using a trained classification model for classifying electronic messages based on the one or more classification attributes. The first electronic message is classified as spam if a degree of similarity of the first electronic message to one or more spam messages is greater than a predetermined value. A determination is made whether the first electronic message and the second electronic message belong to a single cluster based on the determined one or more clustering attributes. A signature of a spam message is generated based on the the identified single cluster of electronic messages.
    Type: Grant
    Filed: December 30, 2021
    Date of Patent: November 12, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Yury G. Slobodyanuk, Dmitry S. Golubev, Alexey S. Marchenko, Alexey E. Utki-Otki
  • Patent number: 12113826
    Abstract: A method creating a heuristic rule to identify Business Email Compromise (BEC) attacks includes filtering text of received email messages, using a first classifier, to extract one or more terms indicative of a BEC attack from the text of the received email messages, wherein the first classifier includes a trained recurrent neural network that includes a language model, generating, using the first classifier, one or more n-grams based on the extracted terms, wherein each of the n-grams characterizes a particular extracted term, generating, using a second classifier, a vector representation of the extracted terms based on the generated n-grams, assigning a weight coefficient to each of the extracted terms, wherein a higher weight coefficient indicates higher relevancy to BEC attack of the corresponding extracted term, and generating a heuristic rule associated with the BEC attack by combining the weight coefficients of a combination of the extracted terms.
    Type: Grant
    Filed: November 30, 2023
    Date of Patent: October 8, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Roman A Dedenok, Nikita D. Benkovich, Dmitry S. Golubev, Yury G. Slobodyanuk
  • Patent number: 12111958
    Abstract: Systems and methods for verifying the integrity of a software installation image before installing the software. Security of the software installation process is ensured by providing access to the software image from a security monitor using security policies. An installation system for protecting the installation of a software image includes instructions that, when executing on computing hardware, cause the computing hardware to implement: a verifier engine to verify the integrity of the software image, a security monitor engine to set an initial access state for the software image granting access to the verifier engine and to update the access state for the software image in accordance with at least one security policy, and an installer engine to install software contained in the software image according to the access state.
    Type: Grant
    Filed: November 3, 2021
    Date of Patent: October 8, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Vladimir S. Burenkov, Dmitry A. Kluagin
  • Patent number: 12093334
    Abstract: Disclosed herein are systems and methods of a cloud server for providing content to a user. In one aspect, an exemplary method comprises receiving data, from a user device, the data comprising at least one of: hash and type of intercepted search requests and site names, incrementing a value of a popularity counter of the received data, when the value of the popularity counter of the received data exceeds a predetermined threshold, sending an inquiry for the intercepted search requests and site names in plain form, and when the intercepted search requests and site names are received in plain form, performing categorization of the intercepted search requests and site names, and transmitting, to the user device, content associated with the intercepted search requests and rules for establishing a category of the content.
    Type: Grant
    Filed: August 16, 2023
    Date of Patent: September 17, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Dmitry V. Shvetsov, Daniil A. Yazovsky, Anton E. Malov
  • Patent number: 12086236
    Abstract: Disclosed herein are systems and methods for identifying a cryptor that encodes files of a computer system. An exemplary method comprises, identifying one or more files into which a data entry is performed by a suspect process; for each identified file, determining characteristics of the identified file, identifying classes of file modifications using a trained machine learning model and respective characteristics of the identified file, identifying a suspect process as being associated with the cryptor based on the identified classes of file modification of the file, and protecting the computer system from the cryptor.
    Type: Grant
    Filed: May 14, 2021
    Date of Patent: September 10, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Evgeny I. Lopatin, Dmitry A. Kondratyev
  • Patent number: 12079286
    Abstract: Disclosed herein are systems and methods for selection of a model to describe a user. In one aspect, an exemplary method comprises, creating data on preferences of the user based on previously gathered data on usage of a computing device by the user and a base model that describes the user, wherein the base model is previously selected from a database of models including a plurality of models, determining an accuracy of the data created on the preferences of the user, wherein the determination is based on observed behaviors of the user, when the accuracy of the data is determined as being less than a predetermined threshold value, selecting a correcting model related to the base model, and retraining the base model, and when the accuracy of the data is determined as being greater than or equal to the predetermined threshold value, selecting the base model to describe the user.
    Type: Grant
    Filed: December 14, 2020
    Date of Patent: September 3, 2024
    Assignee: AO KASPERSKY LAB
    Inventors: Andrey A. Efremov, Pavel V. Filonov
  • Patent number: 12039047
    Abstract: Systems and methods for detecting malicious activity in a computer system. One or more graphs can be generated based on information objects about the computer system and relationships between the information objects, where the information objects are vertices in the graphs and the relationships are edges in the graphs. Comparison of generated graphs to existing graphs can determine a likelihood of malicious activity.
    Type: Grant
    Filed: October 21, 2021
    Date of Patent: July 16, 2024
    Assignee: AO KASPERSKY LAB
    Inventors: Igor I. Soumenkov, Sergey Y. Golovanov
  • Patent number: 12028304
    Abstract: A method for restricting reception of e-mail messages from a sender of bulk spam mail includes identifying an unknown sender of received e-mail messages. A set of e-mail messages received from the identified sender is selected. A type of bulk spam mailing is determined based on the selected set of e-mail messages using one or more spam identification signatures. Restrictions on reception of e-mail messages from a sender distributing bulk spam of the determined type are generated.
    Type: Grant
    Filed: September 21, 2022
    Date of Patent: July 2, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Dmitry S. Golubev, Roman A Dedenok, Yury G. Slobodyanuk
  • Patent number: 12028479
    Abstract: A method for protecting subscriber data includes intercepting network traffic associated with a call. The network traffic includes call parameters and call stream data. A first set of the call parameters is analyzed. A first probability value of the call being declared as unwanted is determined. The call stream data is analyzed to define a second set of call parameters. The first set of call parameters is reanalyzed based on the second set. A second probability value of the call being declared as unwanted is determined. A determination is made if the second probability value exceeds a second threshold value. The call is declared as unwanted, in response to determining that the second probability value exceeds the second threshold. The first and second sets of call parameters are transmitted to an application configured to protect data of a protected subscriber.
    Type: Grant
    Filed: April 22, 2022
    Date of Patent: July 2, 2024
    Assignee: AO KASPERSKY LAB
    Inventors: Alexander A. Demidov, Alexander B. Firstov, Denis E. Chistyakov, Ruslan R. Sabitov, Sergey Y. Golovanov, Victor M. Alyushin, Vladislav Y. Roskov, Igor A. Ryadovsky
  • Patent number: 12026211
    Abstract: Disclosed herein are systems and methods for training a model to identify a user to a predetermined degree of reliability. In one aspect, an exemplary method comprises, parameterizing gathered data on behavior of a user in a form of a first vector, deriving a second vector from the first vector by removing noise and low-priority information from the first vector, providing the second vector to a training algorithm, and generating a trained model for the user, the generated trained model being different for each user such that only the trained model generated for the user satisfies the predetermined degree of reliability.
    Type: Grant
    Filed: April 3, 2023
    Date of Patent: July 2, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Andrey A. Efremov, Pavel V. Filonov
  • Patent number: 11997494
    Abstract: A method for classifying incoming events includes intercepting an incoming event received by a mobile device. The content of the intercepted event is analyzed to determine one or more attributes of the intercepted event. The intercepted event is compared to a plurality of previously collected and classified events, stored in an event repository, based on the one or more determined attributes to identify one or more similar events. A rating of each of the one or more similar events is determined. The rating characterizes probability that the corresponding event belongs to a particular class. The intercepted event is classified as undesirable on the mobile device if the rating value of the one or more similar events is less than a predetermined threshold value.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: May 28, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Dmitry V. Shvetsov, Daniil A Yazovsky, Vitaly S. Vorobiov
  • Patent number: 11978062
    Abstract: Disclosed herein are systems and methods for detecting malicious use of a remote administration tool. In one aspect, an exemplary method comprises, gathering, from a flow of events, data that comprises any number of keyboard entry events, wherein each event is related at least to actions indicating a keyboard entry and a context in which the event occurred, comparing the gathered keyboard entry events with signatures from a database, and when a match is found with at least one signature, identifying an activity which is a characteristic that indicates that the remote administration tool is being controlled remotely.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: May 7, 2024
    Assignee: AO Kaspersky Lab
    Inventor: Sergey N. Ivanov
  • Patent number: 11971996
    Abstract: The present disclosure provides systems and methods for increasing the cybersecurity of a control subject of an industrial technological system. In an exemplary aspect, the method comprises installing a protected Operating System (OS) on a control subject of the industrial technological system, receiving, by the protected OS, a plurality of log files from the control subject, analyzing, by the protected OS, the plurality of log files to determine if a suspicious action has been applied to the control subject, wherein the control subject is configured to apply a controlling action to the object of control, intercepting, by the protected OS, network packets transmitted by an application launched in a guest OS to the control subject, and preventing, by the protected OS, an interaction between the application and the control subject, in response to determining that the suspicious action has been applied to the control subject.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: April 30, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Andrey P. Doukhvalov, Pavel V. Dyakin, Dmitry A. Kulagin
  • Patent number: 11934560
    Abstract: Disclosed herein are systems and methods for processing personal data by application of policies. In one aspect, an exemplary method comprises, by the network infrastructure component, analyzing communication protocols between an IoT device and the network infrastructure component, identifying at least one field that contains personal data, for each identified field, analyzing the identified field using personal data processing policies uploaded to the network infrastructure component, and applying the personal data policies for enforcement.
    Type: Grant
    Filed: July 9, 2021
    Date of Patent: March 19, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Anton V. Tikhomirov, Ivan I. Tatarinov, Sergey V. Konoplev
  • Patent number: 11929969
    Abstract: Disclosed herein are systems and method for spam identification. A spam filter module may receive an email at a client device and may determine a signature of the email. The spam filter module may compare the determined signature with a plurality of spam signatures stored in a database. In response to determining that no match exists between the determined signature and the plurality of spam signatures, the spam filter module may placing the email in quarantine. A spam classifier module may extract header information of the email and determine a degree of similarity between known spam emails and the email. In response to determining that the degree of similarity exceeds a threshold, the spam filter module may transfer the email from the quarantine to a spam repository.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: March 12, 2024
    Assignee: AO Kaspersky Lab
    Inventors: Nikita D. Benkovich, Dmitry S. Golubev, Roman A. Dedenok, Andrey A. But
  • Patent number: 11928243
    Abstract: An example of a method for detecting hacking activities includes categorizing a plurality of web pages of a web site providing bank services using a trained semantic model. The trained semantic model uses at least one resource identifier of a web page as an input and generates a web page category as an output. One or more attributes of an interaction between a user and bank services are identified. The one or more identified attributes are analyzed by comparing the one or more identified attributes with attributes known to belong to hacking interactions based on a corresponding web page category. Hacking activity is identified based on the results of the analysis.
    Type: Grant
    Filed: December 1, 2020
    Date of Patent: March 12, 2024
    Assignee: AO Kaspersky Lab
    Inventor: Sergey N. Ivanov