Patents Assigned to OPSWAT, Inc.
  • Patent number: 11190489
    Abstract: A method and system include a SDP controller in a SDP receiving a request from a first device for communicating with a second device. The second device is in the SDP. A firewall includes a connection table configured to map an identity of the first device and second device, and a filter table is configured to open and close ports. The SDP controller authenticates the first device, and provides the identity of the first device to the second device. The second device transmits a first packet to the first device. The firewall maps in the connection table, the identity of the first device in association with the second device. The first device transmits a second packet to the second device. The firewall determines that the identity of the first device is in the connection table for communicating with the second device and forwards the second packet to the second device.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: November 30, 2021
    Assignee: OPSWAT, Inc.
    Inventors: Russell Paul Miller, Travis Lowell Dimmig, Jeffrey Thomas Price, James David Robinson
  • Patent number: 11165811
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Grant
    Filed: February 3, 2020
    Date of Patent: November 2, 2021
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Publication number: 20200389483
    Abstract: A system receives binary data and first identification data. The binary data includes hashes of strings of bits, bytes, words or characters. The system receives vulnerability data and second identification data. The system determines a correspondence between the binary data and the vulnerability data based on matching the first identification data with the second identification data. The vulnerability data includes a country of origin for a product identified by the second identification data. The system generates a binaries-to-vulnerabilities database. The system scans target binary data from a target device to to find matches between the target binary data and the binary data using the binaries-to-vulnerabilities database. The system determines a known security vulnerability based on the results of the scanning and the correspondence between the binary data and the vulnerability data. The known security vulnerability includes the country of origin for the product in the target device.
    Type: Application
    Filed: August 24, 2020
    Publication date: December 10, 2020
    Applicant: OPSWAT, Inc.
    Inventors: Frank Dye, Benjamin Czarny, Bill Zhao, Shae Anthony Bettencourt, Yiyi Miao
  • Publication number: 20200389437
    Abstract: A method and system include a SDP controller in a SDP receiving a request from a first device for communicating with a second device. The second device is in the SDP. A firewall includes a connection table configured to map an identity of the first device and second device, and a filter table is configured to open and close ports. The SDP controller authenticates the first device, and provides the identity of the first device to the second device. The second device transmits a first packet to the first device. The firewall maps in the connection table, the identity of the first device in association with the second device. The first device transmits a second packet to the second device. The firewall determines that the identity of the first device is in the connection table for communicating with the second device and forwards the second packet to the second device.
    Type: Application
    Filed: June 3, 2020
    Publication date: December 10, 2020
    Applicant: OPSWAT, Inc.
    Inventors: Russell Paul Miller, Travis Lowell Dimmig, Jeffrey Thomas Price, James David Robinson
  • Publication number: 20200177620
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Application
    Filed: February 3, 2020
    Publication date: June 4, 2020
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Patent number: 10621345
    Abstract: A method for securely validating the file format type including receiving a file having a file format type, a header and a content block. The header has a header block with a description representing attributes of the actual content in the file. The content block has leading bytes representing attributes of the actual content, and actual content. Data is parsed from the description of the header block, the leading bytes and the actual content. Data from the description is compared to the data from the leading bytes, data from the leading bytes is compared to the data from the actual content, and data from the description is compared to the data from the actual content. The file format type is validated and trustable when the data from the description, the data from the leading bytes and the data from the actual content are consistent with one another.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: April 14, 2020
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Yiyi Miao, Jianpeng Mo
  • Publication number: 20200104494
    Abstract: A method for securely validating the file format type including receiving a file having a file format type, a header and a content block. The header has a header block with a description representing attributes of the actual content in the file. The content block has leading bytes representing attributes of the actual content, and actual content. Data is parsed from the description of the header block, the leading bytes and the actual content. Data from the description is compared to the data from the leading bytes, data from the leading bytes is compared to the data from the actual content, and data from the description is compared to the data from the actual content. The file format type is validated and trustable when the data from the description, the data from the leading bytes and the data from the actual content are consistent with one another.
    Type: Application
    Filed: February 14, 2019
    Publication date: April 2, 2020
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Yiyi Miao, Jianpeng Mo
  • Patent number: 10554681
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: February 4, 2020
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Publication number: 20190268352
    Abstract: A Content Disarm and Reconstruction (CDR) method is disclosed including a computer receiving an input file having a file format configured with a structured storage. The computer disassembles the structured storage into at least one subfile. Each subfile is a stream subfile. For each subfile, the computer identifies an item in the stream subfile. The computer analyzes the item in the stream subfile for an unwanted behavior by determining an acceptability of the unwanted behavior, distinguishing a visibility of the item, and recognizing a necessity of the item. The computer, based on a result of the analyzing step, processes the item in the stream subfile resulting in a processed subfile. The computer assembles the processed subfiles into an output file having the same file format as the file format as the input file.
    Type: Application
    Filed: February 26, 2018
    Publication date: August 29, 2019
    Applicant: OPSWAT, Inc.
    Inventors: Taeil Goh, Vinh Nguyen Xuan Lam, Nhut Minh Ngo, Dung Huu Nguyen
  • Patent number: 10242189
    Abstract: A method for securely validating the file format type including receiving a file having a file format type, a header and a content block. The header has a header block with a description representing attributes of the actual content in the file. The content block has leading bytes representing attributes of the actual content, and actual content. Data is parsed from the description of the header block, the leading bytes and the actual content. Data from the description is compared to the data from the leading bytes, data from the leading bytes is compared to the data from the actual content, and data from the description is compared to the data from the actual content. The file format type is validated and trustable when the data from the description, the data from the leading bytes and the data from the actual content are consistent with one another.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: March 26, 2019
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Yiyi Miao, Jianpeng Mo
  • Patent number: 10229069
    Abstract: A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: March 12, 2019
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Boris Dynin
  • Publication number: 20190075129
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Application
    Filed: October 29, 2018
    Publication date: March 7, 2019
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Publication number: 20180352003
    Abstract: Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.
    Type: Application
    Filed: August 9, 2018
    Publication date: December 6, 2018
    Applicant: OPSWAT, Inc.
    Inventors: Adam Gregory Winn, Benjamin Czarny, Jianpeng Mo, Yiyi Miao
  • Patent number: 10116683
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: October 30, 2018
    Assignee: OPSWAT, INC.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Publication number: 20180293180
    Abstract: A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.
    Type: Application
    Filed: June 15, 2018
    Publication date: October 11, 2018
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Boris Dynin
  • Patent number: 10063594
    Abstract: Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: August 28, 2018
    Assignee: OPSWAT, INC.
    Inventors: Adam Gregory Winn, Benjamin Czarny, Jianpeng Mo, Yiyi Miao
  • Patent number: 10002083
    Abstract: A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: June 19, 2018
    Assignee: OPSWAT, INC.
    Inventors: Benjamin Czarny, Jianpeng Mo, Boris Dynin
  • Publication number: 20180091543
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Application
    Filed: July 31, 2017
    Publication date: March 29, 2018
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Publication number: 20170300429
    Abstract: A method, program and/or system reads first data through a first path from a location in a data storage. Second data is read through a second path from the same location in the data storage. The first data is compared to the second data. A match between the first data and the second data indicates that the first path did not encrypt the first data. A mismatch between the first data and the second data indicates that the first path encrypted the first data.
    Type: Application
    Filed: June 28, 2017
    Publication date: October 19, 2017
    Applicant: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Boris Dynin
  • Patent number: 9749349
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: August 29, 2017
    Assignee: OPSWAT, Inc.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt