Patents Assigned to McAfee, LLC
  • Patent number: 10462156
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive data in a data flow, extract a data visa from the data flow, wherein the data visa is related to the data, and determine a reputation of the data from the data visa. The data visa can include reputation determination information obtained by previous network elements in the data flow. In addition, the electronic device can update the data visa, and communicate the updated data visa and data to a next network element in the data flow.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: October 29, 2019
    Assignee: McAfee, LLC
    Inventors: Michael Schneider, Paul Gartside, David Oxley, Ramon Peypoch
  • Patent number: 10454900
    Abstract: A passwordless reset technique includes actions to receive a request for a password reset, wherein the request password reset is initiated at a first device, determine that the first device is a trusted device, authenticate the user in order to obtain a cloud key from a network device, wherein the cloud key is associated with the first device, derive a key encryption key using the cloud key, decrypt a local storage key using the key encryption key, decrypt a local storage using the local storage key to obtain a content encryption key, obtain a new password via user input, re-encrypt the content encryption key, and transmit it to the network device, derive a new authentication token using the new password, and transmit the new authentication token to the network device.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: October 22, 2019
    Assignee: McAfee, LLC
    Inventors: Francois Proulx, Mathieu Rene, Richard Reiner
  • Patent number: 10445505
    Abstract: In an example, a vulnerability assessment engine is disclosed. The vulnerability assessment engine may include a shim application and a shim agent. The shim application sits at a relatively low level in an operational stack, such as just above the operating system itself. It may intercept system calls through operating system hooks or other means, so as to determine whether an action taken by an executable object should be allowed. The vulnerability assessment engine sends an identifier, such as a common platform enumeration (CPE)-like string to a server, which queries a database to determine a response code for the action. The response code may indicate that the action should be allowed, blocked, allowed with a warning, or other useful action. A shim agent may also be installed to receive notifications from the server or to query the server for available updates or patches for the executable object.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: October 15, 2019
    Assignee: McAfee, LLC
    Inventor: Joshua Cajetan Rebelo
  • Patent number: 10447714
    Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a hardware platform including a processor; and instructions encoded in a memory to instruct the processor to communicatively couple to a DXL fabric configured to operate a one to-many (1:N, N>1) publish-subscribe fabric; provide an interface to authenticate and register DXL endpoints with the DXL broker; and provide DXL messaging, including maintaining a routing table of registered DXL endpoints; receiving from a first registered DXL endpoint a one-to-one (1:1) request for an endpoint of the DXL fabric, wherein the endpoint is not a registered DXL endpoint of the broker; and publishing the 1:1 request to the DXL fabric.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: October 15, 2019
    Assignee: McAfee, LLC
    Inventors: Hemang Satish Nadkarni, Sudeep Das
  • Patent number: 10437998
    Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: October 8, 2019
    Assignee: McAfee, LLC
    Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
  • Patent number: 10440037
    Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: October 8, 2019
    Assignee: McAfee, LLC
    Inventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
  • Patent number: 10437990
    Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: October 8, 2019
    Assignee: McAfee, LLC
    Inventors: Yuriy Bulygin, Gideon Gerzon, Sameer Desai, Hisham Shafi, Andrew A. Furtak, Oleksandr Bazhaniuk, Mikhail V. Gorobets, Ravi L. Sahita, Ofer Levy
  • Publication number: 20190303250
    Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.
    Type: Application
    Filed: June 18, 2019
    Publication date: October 3, 2019
    Applicant: McAfee, LLC
    Inventors: Ned M. Smith, Vincent J. Zimmer, Rajesh Poornachandran, Cedric Cochin, Igor G. Muttik
  • Publication number: 20190306166
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.
    Type: Application
    Filed: March 29, 2018
    Publication date: October 3, 2019
    Applicant: McAfee, LLC
    Inventors: Tirumaleswar Reddy Konda, Himanshu Srivastava, Harsha Ramamurthy Joshi, Srikanth Nalluri, Dattatraya Kulkarni
  • Patent number: 10432616
    Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.
    Type: Grant
    Filed: February 9, 2015
    Date of Patent: October 1, 2019
    Assignee: McAfee, LLC
    Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
  • Patent number: 10423782
    Abstract: There is disclosed in one example a computing apparatus, including: an interface to a backup source in a current state; a backup storage having stored thereon a first backup version of a previous state of the source; and a backup engine to: compute a delta between the current state and the previous state; save via the backup storage a second backup version sufficient to reconstruct the current state; and assign the second backup version a reputation relative to one or more previous backup versions.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: September 24, 2019
    Assignee: McAfee, LLC
    Inventors: Igor G. Muttik, Simon Hunt, Cedric Cochin, Craig D. Schmugar, Robert Leong, Christiaan Beek, Yury Bulygin
  • Patent number: 10423786
    Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: September 24, 2019
    Assignee: McAfee, LLC
    Inventors: David Neill Beveridge, Abhishek Ajay Karnik, Kevin A. Beets, Tad M. Heppner, Karthik Raman
  • Patent number: 10419423
    Abstract: Techniques allow identification of credential fields in a credential form on a web page that can be stored in a credential manager database to allow a credential manager application to fill the credential fields with saved credentials managed by the credential manager.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: September 17, 2019
    Assignee: MCAFEE, LLC
    Inventors: Nicolas Lupien, Michael Lakhia, Hubert Gagnon-Lamonde
  • Patent number: 10417417
    Abstract: The present disclosure relates to a system and method for performing antimalware scanning of data files that is data-centric rather than device-centric, In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware, After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan, The originating device may also scan the data for malware contextually-relevant to a second device.
    Type: Grant
    Filed: December 13, 2013
    Date of Patent: September 17, 2019
    Assignee: McAfee, LLC
    Inventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
  • Patent number: 10419525
    Abstract: A server-based system, method, and computer program product are provided for scanning data on a client using only a subset of the data. In operation, a request is received for a subset of data stored on a client that is required for determining whether the data is unwanted. Additionally, a representation of only the subset of data is sent from the client to a server over a network. Furthermore, a response is received from the server over the network. Still yet, there is a reaction based on the response.
    Type: Grant
    Filed: July 22, 2014
    Date of Patent: September 17, 2019
    Assignee: McAfee, LLC
    Inventor: Khai N. Pham
  • Publication number: 20190278908
    Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.
    Type: Application
    Filed: May 24, 2019
    Publication date: September 12, 2019
    Applicant: McAfee, LLC
    Inventors: Kunal Mehta, Balbir Singh, Rajbir Bhattacharjee
  • Patent number: 10409989
    Abstract: In an example, a system and method are described for providing trusted updaters and trusted processes. An updater may be subject to a whitelist of files that it, and any child processes, are allowed to modify. But trust inheritance may break across reboots and over interprocess communication. Thus, it is desirable to provide a system and method to maintain trust across such events. In the case of a trusted installer, inheritance may be maintained by cross referencing a digital certificate to a workflow grid. In the case of updater processes, trust may be maintained by using a combination of digital certificates that are part of a trust chain and a unique identifier for each trust chain workflow.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: September 10, 2019
    Assignee: McAfee, LLC
    Inventors: Preet Mohinder, Ratnesh Pandey, Jaskaran Singh Khurana, Amritanshu Johri
  • Patent number: 10404692
    Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: September 3, 2019
    Assignee: McAfee, LLC
    Inventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith
  • Publication number: 20190268307
    Abstract: There is disclosed in one example a gateway apparatus to operate on an intranet, including: a hardware platform; and an access proxy engine to operate on the hardware platform and configured to: intercept an incoming packet; determine that the incoming packet is an access request directed to an access interface of a resource of the intranet; present an access checkpoint interface; receive an authentication input response; validate the authentication input response; and provide a redirection to the access interface of the device.
    Type: Application
    Filed: February 26, 2018
    Publication date: August 29, 2019
    Applicant: McAfee, LLC
    Inventors: German Lancioni, Eric Donald Wuehler
  • Patent number: 10387642
    Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: August 20, 2019
    Assignee: McAfee, LLC
    Inventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak