Patents Assigned to McAfee, LLC
-
Patent number: 10462156Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive data in a data flow, extract a data visa from the data flow, wherein the data visa is related to the data, and determine a reputation of the data from the data visa. The data visa can include reputation determination information obtained by previous network elements in the data flow. In addition, the electronic device can update the data visa, and communicate the updated data visa and data to a next network element in the data flow.Type: GrantFiled: September 24, 2014Date of Patent: October 29, 2019Assignee: McAfee, LLCInventors: Michael Schneider, Paul Gartside, David Oxley, Ramon Peypoch
-
Patent number: 10454900Abstract: A passwordless reset technique includes actions to receive a request for a password reset, wherein the request password reset is initiated at a first device, determine that the first device is a trusted device, authenticate the user in order to obtain a cloud key from a network device, wherein the cloud key is associated with the first device, derive a key encryption key using the cloud key, decrypt a local storage key using the key encryption key, decrypt a local storage using the local storage key to obtain a content encryption key, obtain a new password via user input, re-encrypt the content encryption key, and transmit it to the network device, derive a new authentication token using the new password, and transmit the new authentication token to the network device.Type: GrantFiled: September 25, 2015Date of Patent: October 22, 2019Assignee: McAfee, LLCInventors: Francois Proulx, Mathieu Rene, Richard Reiner
-
Patent number: 10445505Abstract: In an example, a vulnerability assessment engine is disclosed. The vulnerability assessment engine may include a shim application and a shim agent. The shim application sits at a relatively low level in an operational stack, such as just above the operating system itself. It may intercept system calls through operating system hooks or other means, so as to determine whether an action taken by an executable object should be allowed. The vulnerability assessment engine sends an identifier, such as a common platform enumeration (CPE)-like string to a server, which queries a database to determine a response code for the action. The response code may indicate that the action should be allowed, blocked, allowed with a warning, or other useful action. A shim agent may also be installed to receive notifications from the server or to query the server for available updates or patches for the executable object.Type: GrantFiled: September 22, 2014Date of Patent: October 15, 2019Assignee: McAfee, LLCInventor: Joshua Cajetan Rebelo
-
Patent number: 10447714Abstract: There is disclosed in one example a data exchange layer (DXL) broker, including: a hardware platform including a processor; and instructions encoded in a memory to instruct the processor to communicatively couple to a DXL fabric configured to operate a one to-many (1:N, N>1) publish-subscribe fabric; provide an interface to authenticate and register DXL endpoints with the DXL broker; and provide DXL messaging, including maintaining a routing table of registered DXL endpoints; receiving from a first registered DXL endpoint a one-to-one (1:1) request for an endpoint of the DXL fabric, wherein the endpoint is not a registered DXL endpoint of the broker; and publishing the 1:1 request to the DXL fabric.Type: GrantFiled: October 17, 2018Date of Patent: October 15, 2019Assignee: McAfee, LLCInventors: Hemang Satish Nadkarni, Sudeep Das
-
Patent number: 10437998Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: GrantFiled: October 26, 2015Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Patent number: 10440037Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.Type: GrantFiled: March 31, 2017Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Patent number: 10437990Abstract: In an embodiment, a processor for Return Oriented Programming (ROP) detection includes at least one execution unit; a plurality of event counters, each event counter associated with a unique type of a plurality of types of control transfer events; and a ROP detection unit. The ROP detection unit may be to: adjust a first event counter in response to detection of a first type of control transfer events; in response to a determination that the first event counter exceeds a first threshold, access a first configuration register associated with the first event counter to read configuration data; identify a set of ROP heuristic checks based on the configuration data read from the first configuration register; and perform each ROP heuristic check of the identified set of ROP heuristic checks. Other embodiments are described and claimed.Type: GrantFiled: September 30, 2016Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Yuriy Bulygin, Gideon Gerzon, Sameer Desai, Hisham Shafi, Andrew A. Furtak, Oleksandr Bazhaniuk, Mikhail V. Gorobets, Ravi L. Sahita, Ofer Levy
-
Publication number: 20190303250Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.Type: ApplicationFiled: June 18, 2019Publication date: October 3, 2019Applicant: McAfee, LLCInventors: Ned M. Smith, Vincent J. Zimmer, Rajesh Poornachandran, Cedric Cochin, Igor G. Muttik
-
Publication number: 20190306166Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.Type: ApplicationFiled: March 29, 2018Publication date: October 3, 2019Applicant: McAfee, LLCInventors: Tirumaleswar Reddy Konda, Himanshu Srivastava, Harsha Ramamurthy Joshi, Srikanth Nalluri, Dattatraya Kulkarni
-
Patent number: 10432616Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.Type: GrantFiled: February 9, 2015Date of Patent: October 1, 2019Assignee: McAfee, LLCInventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Patent number: 10423782Abstract: There is disclosed in one example a computing apparatus, including: an interface to a backup source in a current state; a backup storage having stored thereon a first backup version of a previous state of the source; and a backup engine to: compute a delta between the current state and the previous state; save via the backup storage a second backup version sufficient to reconstruct the current state; and assign the second backup version a reputation relative to one or more previous backup versions.Type: GrantFiled: December 19, 2016Date of Patent: September 24, 2019Assignee: McAfee, LLCInventors: Igor G. Muttik, Simon Hunt, Cedric Cochin, Craig D. Schmugar, Robert Leong, Christiaan Beek, Yury Bulygin
-
Patent number: 10423786Abstract: In accordance with one embodiment of the present disclosure, a method for determining the similarity between a first data set and a second data set is provided. The method includes performing an entropy analysis on the first and second data sets to produce a first entropy result, wherein the first data set comprises data representative of a first one or more computer files of known content and the second data set comprises data representative of a one or more computer files of unknown content; analyzing the first entropy result; and if the first entropy result is within a predetermined threshold, identifying the second data set as substantially related to the first data set.Type: GrantFiled: November 15, 2016Date of Patent: September 24, 2019Assignee: McAfee, LLCInventors: David Neill Beveridge, Abhishek Ajay Karnik, Kevin A. Beets, Tad M. Heppner, Karthik Raman
-
Patent number: 10419423Abstract: Techniques allow identification of credential fields in a credential form on a web page that can be stored in a credential manager database to allow a credential manager application to fill the credential fields with saved credentials managed by the credential manager.Type: GrantFiled: October 30, 2015Date of Patent: September 17, 2019Assignee: MCAFEE, LLCInventors: Nicolas Lupien, Michael Lakhia, Hubert Gagnon-Lamonde
-
Patent number: 10417417Abstract: The present disclosure relates to a system and method for performing antimalware scanning of data files that is data-centric rather than device-centric, In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware, After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan, The originating device may also scan the data for malware contextually-relevant to a second device.Type: GrantFiled: December 13, 2013Date of Patent: September 17, 2019Assignee: McAfee, LLCInventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
-
Patent number: 10419525Abstract: A server-based system, method, and computer program product are provided for scanning data on a client using only a subset of the data. In operation, a request is received for a subset of data stored on a client that is required for determining whether the data is unwanted. Additionally, a representation of only the subset of data is sent from the client to a server over a network. Furthermore, a response is received from the server over the network. Still yet, there is a reaction based on the response.Type: GrantFiled: July 22, 2014Date of Patent: September 17, 2019Assignee: McAfee, LLCInventor: Khai N. Pham
-
Publication number: 20190278908Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.Type: ApplicationFiled: May 24, 2019Publication date: September 12, 2019Applicant: McAfee, LLCInventors: Kunal Mehta, Balbir Singh, Rajbir Bhattacharjee
-
Patent number: 10409989Abstract: In an example, a system and method are described for providing trusted updaters and trusted processes. An updater may be subject to a whitelist of files that it, and any child processes, are allowed to modify. But trust inheritance may break across reboots and over interprocess communication. Thus, it is desirable to provide a system and method to maintain trust across such events. In the case of a trusted installer, inheritance may be maintained by cross referencing a digital certificate to a workflow grid. In the case of updater processes, trust may be maintained by using a combination of digital certificates that are part of a trust chain and a unique identifier for each trust chain workflow.Type: GrantFiled: December 11, 2015Date of Patent: September 10, 2019Assignee: McAfee, LLCInventors: Preet Mohinder, Ratnesh Pandey, Jaskaran Singh Khurana, Amritanshu Johri
-
Patent number: 10404692Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.Type: GrantFiled: June 21, 2017Date of Patent: September 3, 2019Assignee: McAfee, LLCInventors: Avishay Sharaga, Alex Nayshtut, Oleg Pogorelik, Igor Muttik, Ned M. Smith
-
Publication number: 20190268307Abstract: There is disclosed in one example a gateway apparatus to operate on an intranet, including: a hardware platform; and an access proxy engine to operate on the hardware platform and configured to: intercept an incoming packet; determine that the incoming packet is an access request directed to an access interface of a resource of the intranet; present an access checkpoint interface; receive an authentication input response; validate the authentication input response; and provide a redirection to the access interface of the device.Type: ApplicationFiled: February 26, 2018Publication date: August 29, 2019Applicant: McAfee, LLCInventors: German Lancioni, Eric Donald Wuehler
-
Patent number: 10387642Abstract: A predetermined standard set of detection algorithms and content and a selected set of enhanced detection algorithms and content provide an improved technique for detecting security exploits. The detection algorithms and content are executed on a Platform Exploit Detection Module. Standard detection algorithms and content are deployed across all endpoints. Enhanced detection algorithms and content are selected from an available set of enhanced detection algorithms and content to improve detection capability without the performance impacts of deploying every enhanced detection algorithm and content on every endpoint. A network of endpoints may deploy an entire set of detection algorithms and content across all endpoints, with individual endpoints configured to with different subsets of the enhanced detection algorithms and content.Type: GrantFiled: December 27, 2016Date of Patent: August 20, 2019Assignee: McAfee, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak