Patents Assigned to Open Text, Inc.
-
Patent number: 12235960Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.Type: GrantFiled: March 18, 2022Date of Patent: February 25, 2025Assignee: OPEN TEXT INC.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 12216759Abstract: Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.Type: GrantFiled: November 17, 2023Date of Patent: February 4, 2025Assignee: OPEN TEXT INC.Inventor: Eric Klonowski
-
Patent number: 12210479Abstract: Methods, devices and computer program products facilitate the storage, access and management of log files that are associated with particular client devices. The log files provide a record of user or client device activities that are periodically sent to a data backup center. A dedicated log file server facilitates the processing and storage of an increasingly large number of log files that are generated by new and existing client devices. A storage server pre-processes the received log files to facilitate the processing and storage of the log files by the log file server. This Abstract is provided for the sole purpose of complying with the Abstract requirement rules. This Abstract is submitted with the explicit understanding that it will not be used to interpret or to limit the scope or the meaning of the claims.Type: GrantFiled: June 21, 2021Date of Patent: January 28, 2025Assignee: OPEN TEXT INC.Inventor: Mark Rees
-
Patent number: 12177231Abstract: Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.Type: GrantFiled: September 29, 2023Date of Patent: December 24, 2024Assignee: OPEN TEXT INC.Inventors: Huy Dang Ho, Hal Lonas, Trung Tran
-
Patent number: 12164466Abstract: Methods, devices and computer program products facilitate the storage, access and management of log files that are associated with particular client devices. The log files provide a record of user or client device activities that are periodically sent to a data backup center. A dedicated log file server facilitates the processing and storage of an increasingly large number of log files that are generated by new and existing client devices. A storage server pre-processes the received log files to facilitate the processing and storage of the log files by the log file server. This Abstract is provided for the sole purpose of complying with the Abstract requirement rules. This Abstract is submitted with the explicit understanding that it will not be used to interpret or to limit the scope or the meaning of the claims.Type: GrantFiled: September 16, 2021Date of Patent: December 10, 2024Assignee: OPEN TEXT INC.Inventor: Mark Rees
-
Patent number: 12149623Abstract: Examples of the present disclosure describe systems and methods for monitoring the security privileges of a process. In aspects, when a process is created, the corresponding process security token and privilege information is detected and recorded. At subsequent “checkpoints,” the security token is evaluated to determine whether the security token has been replaced, or whether new or unexpected privileges have been granted to the created process. When a modification to the security token is determined, a warning or indication of the modification is generated and the process may be terminated to prevent the use of the modified security token.Type: GrantFiled: June 9, 2022Date of Patent: November 19, 2024Assignee: OPEN TEXT INC.Inventors: Andrew Sandoval, Eric Klonowski
-
Patent number: 12149541Abstract: Aspects of the present disclosure relate to systems and methods for partitioning an OS or hypervisor utilized on a computing device from the process of proxy control. For example, a proxy may be installed on a separation kernel or firmware on a computing device that routes all data traffic received via a network connection to a cloud which performs various services such as IP reputation management, URL reputation detection and validation, malicious file filtering through potential malware detection.Type: GrantFiled: March 3, 2023Date of Patent: November 19, 2024Assignee: OPEN TEXT INC.Inventor: David Dufour
-
Patent number: 12093380Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection virtual machine. In examples, the virtual machine executes a rule comprising rule instructions. A rule may comprise one or more wait rule instructions that causes the virtual machine to pause execution. As events are added to an event queue for the rule virtual machine, the behavioral threat detection virtual machine evaluates such events in order to identify a positive or, in some instances, a negative match. When a matching event is identified, rule execution resumes. Eventually, a determination is made as a result of processing events and wait packets, thereby indicating the presence or absence of a malicious or potentially malicious behavior, among other examples. Thus, among other things, the behavioral threat detection virtual machine maintains a state associated with rule execution and processes events to identify behaviors accordingly.Type: GrantFiled: April 17, 2023Date of Patent: September 17, 2024Assignee: OPEN TEXT INC.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 12095803Abstract: Peer device protection enables a first device comprising a digital security agent to remedy security issues on (or associated with) a set of devices visible to the first device. In aspects, a first device comprising a digital security agent may identify a set of devices visible to the first device. The first device may monitor the set of devices to collect data, such as types of communications and data points of interest. The digital security agent may apply threat detection to the collected data to identify anomalous network behavior. When anomalous network behavior is detected, the first device may cause an indicator of compromise (IOC) to be generated. Based on the IOC, the first device may facilitate remediation of the anomalous network behavior and/or apply security to one or more devices in the set of devices.Type: GrantFiled: April 27, 2021Date of Patent: September 17, 2024Assignee: OPEN TEXT INC.Inventor: Paul Barnes
-
Patent number: 12039038Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.Type: GrantFiled: April 19, 2023Date of Patent: July 16, 2024Assignee: OPEN TEXT INC.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 12032691Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.Type: GrantFiled: July 17, 2023Date of Patent: July 9, 2024Assignee: OPEN TEXT INC.Inventors: Eric Klonowski, Fred Krenson
-
Patent number: 12021930Abstract: The present disclosure describes systems and methods for remote management of appliances. The appliance may be configured to periodically check in a predetermined online location for the presence of a trigger file identifying one or more appliances directed to contact a management server for maintenance. If the file is present at the predetermined location and the file includes the identifier of the appliance, the appliance may initiate a connection to the management server. If the file is not found, then the appliance may reset a call timer and attempt to retrieve the file at a later time. To avoid having to configure addresses on the appliance, link local IPv6 addresses may be configured for use over a virtual private network, allowing administration, regardless of the network configuration or local IP address of the appliance.Type: GrantFiled: June 6, 2023Date of Patent: June 25, 2024Assignee: OPEN TEXT INC.Inventor: Karl Redgate
-
Patent number: 12021881Abstract: Examples of the present disclosure describe systems and methods of automatic inline detection based on static data. In aspects, a file being received by a recipient device may be analyzed using an inline parser. The inline parser may identify sections of the file and feature vectors may be created for the identified sections. The feature vectors may be used to calculate a score corresponding to the malicious status of the file as the information is being analyzed. If a score is determined to exceed a predetermined threshold, the file download process may be terminated. In aspects, the received files, file fragments, feature vectors and/or additional data may be collected and analyzed to build a probabilistic model used to identify potentially malicious files.Type: GrantFiled: March 3, 2021Date of Patent: June 25, 2024Assignee: OPEN TEXT INC.Inventors: Mauritius Schmidtler, Reza M. Yoosoofmiya, Kristina Theroux
-
Patent number: 12013929Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.Type: GrantFiled: January 24, 2023Date of Patent: June 18, 2024Assignee: OPEN TEXT INC.Inventor: Andrew Sandoval
-
Patent number: 12001545Abstract: Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting using stack artifact verification. In aspects, function hooks may be added to one or more functions. When a hooked function executes, artifacts relating to the hooked function may be left on the stack memory (“stack”). The location of the artifacts on the stack may be stored in a local storage area. Each time a hook in a hooked function is subsequently executed, protection may be executed to determine whether an artifact remains in the location stored in the local storage area. If the artifact is no longer in the same location, a stack pivot may be detected and one or more remedial actions may be automatically performed.Type: GrantFiled: March 22, 2022Date of Patent: June 4, 2024Assignee: OPEN TEXT INC.Inventor: Ira Strawser
-
Patent number: 11994988Abstract: Examples of the present disclosure describe systems and methods for sharing memory using a multi-ring shared, traversable and dynamic database. In aspects, the database may be synchronized and shared between multiple processes and/or operation mode protection rings of a system. The database may also be persisted to enable the management of information between hardware reboots and application sessions. The information stored in the database may be view independent, traversable, and resizable from various component views of the database. In some aspects, an event processor is additionally described. The event processor may use the database to allocate memory chunks of a shared heap to components/processes in one or more protection modes of the operating system.Type: GrantFiled: December 19, 2022Date of Patent: May 28, 2024Assignee: OPEN TEXT INC.Inventor: John R. Shaw, II
-
Patent number: 11966478Abstract: The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.Type: GrantFiled: November 23, 2022Date of Patent: April 23, 2024Assignee: Open Text Inc.Inventors: John R. Shaw, II, Andrew L. Sandoval
-
Patent number: 11960486Abstract: The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, fragments may be duplicated and distributed to multiple providers, such that loss of communications to any one provider does not result in inability to access the data. This implementation may be combined with error correction techniques to allow recovery, even with loss of multiple providers. File synchronization may also be faster in these implementations by dividing reading and writing operations among multiple providers.Type: GrantFiled: June 26, 2023Date of Patent: April 16, 2024Assignee: Open Text Inc.Inventors: Teo Winton Crofton, David Raissipour
-
Patent number: 11947670Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.Type: GrantFiled: January 2, 2023Date of Patent: April 2, 2024Assignee: Open Text IncInventors: Andrew L. Sandoval, David Alan Myers, John R. Shaw, II, Eric Klonowski
-
Patent number: 11943247Abstract: The present disclosure describes systems and methods for detection and mitigation of malicious encryption. A security agent on an infected computing device may monitor data writes to disk, memory, or network transmission buffers for strings that may represent encryption keys or moduli. The security agent may apply one or more techniques to decode and parse the string to either identify or extract the keys, or rule out the string as containing an encryption key or modulus. If a key is identified, or its presence cannot be excluded, then the security agent may generate an alert and take mitigation actions.Type: GrantFiled: November 7, 2022Date of Patent: March 26, 2024Assignee: OPEN TEXT INC.Inventor: Daniel Vernon Bailey