Patents Assigned to Nubeva, Inc.
  • Publication number: 20200236093
    Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.
    Type: Application
    Filed: April 8, 2020
    Publication date: July 23, 2020
    Applicant: Nubeva, Inc.
    Inventors: Greig W. Bannister, Randy Yen-pang Chou
  • Publication number: 20200193017
    Abstract: The disclosed embodiments disclose techniques for leveraging instrumentation capabilities to enable monitoring services. During operation, an operating system kernel is instrumented to associate a sub-program with a target operation. Upon receiving a request from an application to perform the target operation, the operating system kernel executes the sub-program with kernel privileges in the process context of the application. The sub-program analyzes the memory space associated with the application to extract a desired data value. This extracted data value is returned to at least one of a specified target process or target location.
    Type: Application
    Filed: February 19, 2020
    Publication date: June 18, 2020
    Applicant: Nubeva, Inc.
    Inventors: Greig W. Bannister, Randy Yen-pang Chou
  • Patent number: 10608995
    Abstract: The disclosed embodiments disclose techniques for optimizing data transfer costs for cloud-based security services. During operation, an intermediary computing device receives a network request from a client located in a remote enterprise location that is sending the network request to a distinct, untrusted remote site (e.g., a site separate from the distinct locations of the remote enterprise, the cloud data center, and the intermediary computing device). The intermediary computing device caches a set of data associated with the network request while forwarding the set of data to the cloud-based security service for analysis. Upon receiving a confirmation from the cloud-based security service that the set of data has been analyzed and is permitted to be transmitted to the specified destination, the intermediary computing device forwards the cached set of data to the specified destination.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: March 31, 2020
    Assignee: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Patent number: 10530815
    Abstract: The disclosed embodiments disclose techniques for seamlessly updating a cloud-based security service. A dispatcher virtual machine (VM) executing in a cloud data center receives network requests sent from clients located in a remote enterprise location to untrusted remote sites, and routes this network traffic through a chain of security service VMs that analyze the network traffic. During operation, the dispatcher VM determines that an existing security service VM in the chain needs to be upgraded to an updated version, and instantiates an updated chain of security service VMs that includes this updated version. The dispatcher VM then seamlessly transfers the flow of network traffic from the initial chain to the updated chain to seamlessly update the cloud-based security service without interruption. Upon determining that the updated version is operating correctly, the dispatcher VM halts and deallocates the previous version and any other unneeded portions of the initial chain.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: January 7, 2020
    Assignee: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Patent number: 10419394
    Abstract: The disclosed embodiments disclose techniques for providing a cloud-based security service. During operation, a dispatcher virtual machine (VM) executing in a cloud data center receives a network request from a remote enterprise client. The dispatcher VM executes multiple docker containers, including a set of ingress docker containers that decode the request and then forward it to a session router docker container that in turn forwards the request to a set of security service VMs. After these security service VMs have analyzed the contents of the request and determined that the request is valid and permitted, a SNAT docker container then sends the request out to an untrusted network to be serviced.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: September 17, 2019
    Assignee: NUBEVA, INC.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Publication number: 20180115514
    Abstract: The disclosed embodiments disclose techniques for providing a cloud-based security service. During operation, a dispatcher virtual machine (VM) executing in a cloud data center receives a network request from a remote enterprise client. The dispatcher VM executes multiple docker containers, including a set of ingress docker containers that decode the request and then forward it to a session router docker container that in turn forwards the request to a set of security service VMs. After these security service VMs have analyzed the contents of the request and determined that the request is valid and permitted, a SNAT docker container then sends the request out to an untrusted network to be serviced.
    Type: Application
    Filed: October 24, 2017
    Publication date: April 26, 2018
    Applicant: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Publication number: 20180115525
    Abstract: The disclosed embodiments disclose techniques for optimizing data transfer costs for cloud-based security services. During operation, an intermediary computing device receives a network request from a client located in a remote enterprise location that is sending the network request to a distinct, untrusted remote site (e.g., a site separate from the distinct locations of the remote enterprise, the cloud data center, and the intermediary computing device). The intermediary computing device caches a set of data associated with the network request while forwarding the set of data to the cloud-based security service for analysis. Upon receiving a confirmation from the cloud-based security service that the set of data has been analyzed and is permitted to be transmitted to the specified destination, the intermediary computing device forwards the cached set of data to the specified destination.
    Type: Application
    Filed: December 14, 2017
    Publication date: April 26, 2018
    Applicant: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Publication number: 20180115586
    Abstract: The disclosed embodiments disclose techniques for seamlessly updating a cloud-based security service. A dispatcher virtual machine (VM) executing in a cloud data center receives network requests sent from clients located in a remote enterprise location to untrusted remote sites, and routes this network traffic through a chain of security service VMs that analyze the network traffic. During operation, the dispatcher VM determines that an existing security service VM in the chain needs to be upgraded to an updated version, and instantiates an updated chain of security service VMs that includes this updated version. The dispatcher VM then seamlessly transfers the flow of network traffic from the initial chain to the updated chain to seamlessly update the cloud-based security service without interruption. Upon determining that the updated version is operating correctly, the dispatcher VM halts and deallocates the previous version and any other unneeded portions of the initial chain.
    Type: Application
    Filed: December 14, 2017
    Publication date: April 26, 2018
    Applicant: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister