Patents Assigned to McAfee, LLC
  • Patent number: 10348709
    Abstract: Techniques are disclosed for providing an authentication service that performs authentication of users on behalf of a relying party. The authentication service receives authentication requirements from the relying party and compares those requirements with authentication capabilities of the user and user equipment. If the authentication requirements are met, the authentication service may perform authentication using the corresponding authentication factors. If the available authentication factors are insufficient or the user fails authentication using the authentication factors used by the authentication service, the relying party may be notified that authentication failed. Upon successful authentication, the authentication service notifies the requiring party that the user has been authenticated.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: July 9, 2019
    Assignee: McAfee, LLC
    Inventors: Gilad Gitlin, Richard Reiner, John McDowell
  • Patent number: 10348742
    Abstract: A system, method, and computer program product are provided for dynamically configuring a virtual environment for identifying unwanted data. In use, a virtual environment located on a first device is dynamically configured based on at least one property of a second device. Further, unwanted data is identified, utilizing the virtual environment.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: July 9, 2019
    Assignee: McAfee, LLC
    Inventors: Igor G. Muttik, Mikhail Yu Vorozhtsov
  • Patent number: 10339014
    Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: July 2, 2019
    Assignee: McAfee, LLC
    Inventors: Ned M. Smith, Vincent J. Zimmer, Rajesh Poornachandran, Cedric Cochin, Igor G. Muttik
  • Patent number: 10339303
    Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: July 2, 2019
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Balbir Singh, Rajbir Bhattacharjee
  • Patent number: 10339288
    Abstract: Usage patterns of an authentic user of a mobile device are generated from data collected representing usage by the authentic user. These usage patterns may then be compared to monitored usage of the mobile device. If usage of the mobile device exceeds a threshold based on one or more of the usage patterns, access to data on the mobile device can be prevented.
    Type: Grant
    Filed: December 12, 2013
    Date of Patent: July 2, 2019
    Assignee: MCAFEE, LLC
    Inventors: Joshua Cajetan Rebelo, Jeyasekar Marimuthu
  • Patent number: 10333926
    Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: June 25, 2019
    Assignee: McAfee, LLC
    Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
  • Patent number: 10326856
    Abstract: A system provides a way for a person to control access to digital assets, including financial accounts, through a common gateway that can interact on the person's behalf with service providers that manage the digital assets. Brokers may act as intermediaries between the gateway and the service providers, providing a common interface to the gateway and a specific interface to a service provider. Trigger events can cause the gateway to interact with the service providers, causing the service providers to take a desired action. The trigger events may include notification sent by the person, timed events, and other detected events.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: June 18, 2019
    Assignee: McAfee, LLC
    Inventors: Sumithra Dhandayuthapani, Sumithira Rasappa Gounder, Rohit Jain, Simon Hunt
  • Patent number: 10318746
    Abstract: There is disclosed in an example, a computing apparatus, including: a trusted execution environment (TEE); and one or more logic elements providing a collaboration engine within the TEE, operable to: receive a change to a secured document via a trusted channel; apply a change to the secured document; log the change to a ledger; and display the document to a client device via a protected audio-video path (PAVP). There is also disclosed a method of providing a collaboration engine, and a computer-readable medium having stored thereon executable instructions for providing a collaboration engine.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: June 11, 2019
    Assignee: McAfee, LLC
    Inventors: Oleg Pogorelik, Alex Nayshtut, Ned M. Smith, Igor Muttik, Omer Ben-Shalom
  • Patent number: 10320830
    Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: June 11, 2019
    Assignee: McAfee, LLC
    Inventors: Ratinder Paul Singh Ahuja, Sven Schrecker
  • Patent number: 10318743
    Abstract: Assessing ransomware impact includes receiving an indication of a first plurality of files stored on a user device and a classification for each of the first plurality of files, determining a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification, determining a third plurality of files comprising files included in the first plurality of files and not included in the second plurality of files, and calculating a risk assessment based on classifications for each of the third plurality of files.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: June 11, 2019
    Assignee: McAfee, LLC
    Inventors: Bidan Sinha, Arun Chundiriyil Pullat, Arpit Pradhan, German Lancioni, Priyadarshini Rao Rajan, Cedric Cochin, Craig Schumgar
  • Publication number: 20190171510
    Abstract: There is disclosed in one example a network device, including: a hardware platform including at least a processor and a memory; a communication interface; and stored instructions on the memory to instruct the processor to provide a health monitoring engine (HME) configured to: communicatively couple to a network via the network interface; construct a reference template during a training period; observe watchdog behavior on the network during an observation period; identify an abnormality in the watchdog behavior including a substantial variance from the reference template; and trigger a resilience response to the substantial variance.
    Type: Application
    Filed: January 29, 2019
    Publication date: June 6, 2019
    Applicant: McAfee, LLC
    Inventors: Ned M. Smith, Thiago Jose Macieira, Zheng Zhang, Tobias M. Kohlenberg, Igor G. Muttik
  • Publication number: 20190173861
    Abstract: There is disclosed in one example a sentinel device, including: a hardware platform including at least a processor and configured to provide a trusted execution environment (TEE); and a security engine operable to instruct the hardware platform to: determine that an internet of things (IoT) device in a first realm R1 requires a secure communication channel with a second device in a second realm R2; query a key server for a service appliance key for the secure communication channel; establish a secure communication channel with the endpoint device using the service appliance key and the TEE; and provide a security service function within R1 including brokering communication via the secure communication channel between the IoT device and the second device.
    Type: Application
    Filed: February 12, 2019
    Publication date: June 6, 2019
    Applicant: McAfee, LLC
    Inventors: Ned M. Smith, Simon Hunt, Venkata Ramanan Sambandam
  • Publication number: 20190173891
    Abstract: Embodiments are configured to receive metadata of a process intercepted on an end host when attempting to access a network. The metadata includes a hash of an application associated with the process and an endpoint reputation score of the application. Embodiments are configured to request a threat intelligence reputation score based on the hash of the application, to determine an action to be taken by the end host based, at least in part, on one or more policies and at least one of the threat intelligence reputation score and the endpoint reputation score, and to send a response indicating the action to be taken by the end host. Further embodiments request another threat intelligence reputation score based on another hash of a dynamic link library module loaded by the process on the end host, and the action is determined based, at least in part, on the other threat intelligence score.
    Type: Application
    Filed: February 7, 2019
    Publication date: June 6, 2019
    Applicant: McAfee, LLC
    Inventors: Chandan CP, Srinivasan Narasimhan
  • Patent number: 10311233
    Abstract: By hooking application programming interfaces in an execution environment, the return address for hooked application programming interface calls can be logged and used to determine when a packed binary has been unpacked. In one approach, memory allocations are detected and the return address is checked against the memory regions allocated. In another approach, the contents of memory at the return address in a pre-execution copy of the executable binary is compared with the contents of memory at the return address in the executing copy of the binary. This allows efficient detection of the completion of unpacking without knowledge of the unpacking technique. The unpacked binary may then be analyzed for possible malware.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 4, 2019
    Assignee: McAfee, LLC
    Inventors: Amit Malik, Vikas Taneja, Benjamin Cruz
  • Patent number: 10313343
    Abstract: Context-based authentication in a secure network comprised of multiple interconnected programmable devices is described. One technique includes receiving, from a programmable device, identity data and contextual data associated with a current authentication of a user attempting to access a secure network. The user is associated with the programmable device. The technique may include determining, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user. Furthermore, a risk level associated with the current authentication of the user may be determined based on the identity data, the contextual data, and the one or more patterns. In at least one scenario, access is granted to the secure network in response to the determined risk level. Other advantages and embodiments are described.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: June 4, 2019
    Assignee: MCAFEE, LLC
    Inventors: James Tischart, Jonathan Anderson
  • Patent number: 10313337
    Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: June 4, 2019
    Assignee: McAfee, LLC
    Inventors: Ratinder Paul Singh Ahuja, William J. Deninger
  • Publication number: 20190166136
    Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.
    Type: Application
    Filed: January 30, 2019
    Publication date: May 30, 2019
    Applicant: McAfee, LLC
    Inventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
  • Patent number: 10305929
    Abstract: According to one example, a system and method are disclosed for malware and grayware remediation. For example, the system is operable to identify applications that have some legitimate behavior but that also exhibit some undesirable behavior. A remediation engine is provided to detect malware behavior in otherwise useful applications, and allow the useful parts of the application to run while blocking the malware behavior. In an example method of “healing,” this may involve modifying the application binary to remove undesirable behavior. In an example method of “personalization,” this may involve inserting control hooks through the operating system to prevent certain subroutines from taking effect.
    Type: Grant
    Filed: December 21, 2013
    Date of Patent: May 28, 2019
    Assignee: McAfee, LLC
    Inventors: Dattatraya Kulkarni, Srikanth Nalluri, Raja Sinha, Venkatasubrahmanyam Krishnapur
  • Patent number: 10303876
    Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: May 28, 2019
    Assignee: McAfee, LLC
    Inventors: Craig Schmugar, John Teddy, Cedric Cochin
  • Publication number: 20190158461
    Abstract: A custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device.
    Type: Application
    Filed: January 14, 2019
    Publication date: May 23, 2019
    Applicant: McAfee, LLC
    Inventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker, Stephen H. Price