Patents Assigned to Websense, Inc.
  • Patent number: 9681304
    Abstract: The present invention provides a network and data security testing app for mobile devices such as an Apple iPad, which is connected to the Internet via a wireless network. The app downloads and stores one or more network security or data loss test cases from a centralized server, which are then executed on the mobile device. For example, a test case attempts to access predetermined web pages through the wireless network and then determines whether access was granted. In another example, a test case attempts to transmit sensitive data through the network. Results of the test case are displayed on the mobile device and uploaded to the centralized server. The network and data security testing app also identifies whether access was granted to web pages hosting botnets, malicious web exploits, malicious web obfuscation, malicious iframe redirection, and malware files.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: June 13, 2017
    Assignee: Websense, Inc.
    Inventors: Jason Clark, Dave Baker
  • Patent number: 9342693
    Abstract: A system and method for updating a system that controls files executed on a workstation. The workstation includes a workstation management module configured to detect the launch of an application. A workstation application server receives data associated with the application from the workstation. This data can include a hash value. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized by the application database factory and provides the category to the application server module. Once the application server module has the category, it forwards a hash/policy table to the workstation management module.
    Type: Grant
    Filed: November 11, 2013
    Date of Patent: May 17, 2016
    Assignee: WEBSENSE, INC.
    Inventors: Harold M. Kester, Ronald B. Hegli, John Ross Dimm, Mark Richard Anderson
  • Patent number: 9253060
    Abstract: A system and method for updating, monitoring, and controlling applications on a workstation. The workstation includes a workstation management module configured to detect the launch or request to access a network by an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more policies or categories to associate with the application by referencing an application inventory database. Once the application server module has the category or policy, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the application to control network access by the application.
    Type: Grant
    Filed: February 4, 2014
    Date of Patent: February 2, 2016
    Assignee: Websense, Inc.
    Inventors: Harold M. Kester, John Ross Dimm, Mark Richard Anderson, Joseph Papa
  • Patent number: 9241259
    Abstract: Methods and apparatus provide data loss protection for mobile devices. In one aspect, data is analyzed by a data loss protection server to determine if it is authorized by data loss protection policies to be transferred to a mobile device. The time necessary to analyze the data may exceed a mobile device timeout value. To prevent the mobile device from timing out, the DLP server may send one or more portions of a response to the mobile device at a time interval less than the mobile device timeout value. Some portions of the response may be sent before the analyzing of the data is completed.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: January 19, 2016
    Assignee: Websense, Inc.
    Inventors: Ramon Daniela, Mark Ostrer, Michael Stoler
  • Patent number: 9230098
    Abstract: A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: January 5, 2016
    Assignee: Websense, Inc.
    Inventors: Rajesh Kumar Sharma, Winping Lo, Joseph Papa
  • Patent number: 9130986
    Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.
    Type: Grant
    Filed: March 19, 2008
    Date of Patent: September 8, 2015
    Assignee: Websense, Inc.
    Inventor: Lidror Troyansky
  • Patent number: 9130972
    Abstract: The disclosed embodiments provide systems, methods, and apparatus for efficient detection of fingerprinted content and relate generally to the field of information (or data) leak prevention. Particularly, a compact and efficient repository of fingerprint ingredients is used to analyze content and determine the content's similarity to previously fingerprinted content. Some embodiments employ probabilistic indications regarding the existence of fingerprint ingredients in the repository.
    Type: Grant
    Filed: May 24, 2010
    Date of Patent: September 8, 2015
    Assignee: WEBSENSE, INC.
    Inventors: Roy Barkan, David Lazarov, Yevgeny Menaker, Lidror Troyansky
  • Patent number: 9117054
    Abstract: Methods and apparatus provide resource authorization based on a computer's presence information. Presence information may include information relating to a computer's operating environment. In some implementations, a presence detector on a computer determines presence information and provides the information to a resource manager. The computer may then generate a resource access request. A resource manager may then determine whether the resource request is authorized based, at least in part, on the presence information. The resource manager then responds to the resource access request, either granting or denying the request for resources.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: August 25, 2015
    Assignee: Websense, Inc.
    Inventor: Robert Barth Black
  • Patent number: 9015842
    Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.
    Type: Grant
    Filed: March 19, 2008
    Date of Patent: April 21, 2015
    Assignee: Websense, Inc.
    Inventors: Lidror Troyansky, Sharon Bruckner, Daniel Lyle Hubbard
  • Patent number: 9003524
    Abstract: A system and computer based method are provided for identifying active content in websites on a network. One embodiment includes a computer based method of classifying web content. The method receives content of a web page, and determines a first property associated with the content, the first property including static content. The method executes active content associated with the webpage, and determines a second property associated with the content based at least in part on the executing, the second property including the active content. The method also evaluates a logical expression relating the first property and the second property, and associates the web page with a category based on a result of the evaluation. The evaluation of the logical expression at least in part evaluates whether a constant value matches at least a portion of the content of the web page.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: April 7, 2015
    Assignee: Websense, Inc.
    Inventors: Victor L. Baddour, Stephan Chenette, Dan Hubbard, Nicholas J Verenini, Ali A. Mesdaq
  • Patent number: 8978140
    Abstract: A system and method are provided for identifying inappropriate content in websites on a network. Unrecognized uniform resource locators (URLs) or other web content are accessed by workstations and are identified as possibly having malicious content. The URLs or web content may be preprocessed within a gateway server module or some other software module to collect additional information related to the URLs. The URLs may be scanned for known attack signatures, and if any are found, they may be tagged as candidate URLs in need of further analysis by a classification module.
    Type: Grant
    Filed: June 20, 2011
    Date of Patent: March 10, 2015
    Assignee: Websense, Inc.
    Inventors: Dan Hubbard, Nicholas Joseph Verenini, Victor Louie Baddour
  • Patent number: 8959634
    Abstract: Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
    Type: Grant
    Filed: March 22, 2013
    Date of Patent: February 17, 2015
    Assignee: Websense, Inc.
    Inventor: Lidror Troyansky
  • Patent number: 8959642
    Abstract: A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: February 17, 2015
    Assignee: Websense, Inc.
    Inventors: Rajesh Kumar Sharma, Winping Lo, Joseph Papa
  • Publication number: 20150031332
    Abstract: The present invention provides a network and data security testing app for mobile devices such as an Apple iPad, which is connected to the Internet via a wireless network. The app downloads and stores one or more network security or data loss test cases from a centralized server, which are then executed on the mobile device. For example, a test case attempts to access predetermined web pages through the wireless network and then determines whether access was granted. In another example, a test case attempts to transmit sensitive data through the network. Results of the test case are displayed on the mobile device and uploaded to the centralized server. The network and data security testing app also identifies whether access was granted to web pages hosting botnets, malicious web exploits, malicious web obfuscation, malicious iframe redirection, and malware files.
    Type: Application
    Filed: February 24, 2014
    Publication date: January 29, 2015
    Applicant: Websense, Inc.
    Inventors: Jason Clark, Dave Baker
  • Patent number: 8938773
    Abstract: Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information.
    Type: Grant
    Filed: January 30, 2008
    Date of Patent: January 20, 2015
    Assignee: Websense, Inc.
    Inventor: Daniel Lyle Hubbard
  • Publication number: 20140282861
    Abstract: A system and method for updating a filtering system which controls access to a website/page between a local area network (LAN) and an Internet. The LAN includes an Internet gateway system coupled to a workstation and configured to receive a URL request. The system controls access to the website/page associated with the URL based on one or more categories that are associated with the URL. The Internet gateway system can determine the category that is associated with the URL by referencing a master database or requesting the category from a database factory. The database factory can receive URLs from multiple Internet gateway systems. The database factory determines whether the identifier was previously categorized by the database factory and provides the category to the Internet gateway system. Once the Internet gateway system has the category, it applies rules associated with the category and user to filter access to the requested website/page.
    Type: Application
    Filed: June 3, 2014
    Publication date: September 18, 2014
    Applicant: Websense, Inc.
    Inventors: Harold Kester, Dan Ruskin, Chris Lee, Mark Anderson
  • Publication number: 20140181889
    Abstract: Methods and apparatus provide resource authorization based on a computer's presence information. Presence information may include information relating to a computer's operating environment. In some implementations, a presence detector on a computer determines presence information and provides the information to a resource manager. The computer may then generate a resource access request. A resource manager may then determine whether the resource request is authorized based, at least in part, on the presence information. The resource manager then responds to the resource access request, either granting or denying the request for resources.
    Type: Application
    Filed: December 21, 2012
    Publication date: June 26, 2014
    Applicant: Websense, Inc.
    Inventor: Robert Barth Black
  • Patent number: 8751514
    Abstract: A system and method for updating a filtering system which controls access to a website/page between a local area network (LAN) and an Internet. The LAN includes an Internet gateway system coupled to a workstation and configured to receive a URL request. The system controls access to the website/page associated with the URL based on one or more categories that are associated with the URL. The Internet gateway system can determine the category that is associated with the URL by referencing a master database or requesting the category from a database factory. The database factory can receive URLs from multiple Internet gateway systems. The database factory determines whether the identifier was previously categorized by the database factory and provides the category to the Internet gateway system. Once the Internet gateway system has the category, it applies rules associated with the category and user to filter access to the requested website/page.
    Type: Grant
    Filed: August 26, 2011
    Date of Patent: June 10, 2014
    Assignee: Websense, Inc.
    Inventors: Harold Kester, Dan Ruskin, Chris Lee, Mark Anderson
  • Publication number: 20140156838
    Abstract: A system and method for updating, monitoring, and controlling applications on a workstation. The workstation includes a workstation management module configured to detect the launch or request to access a network by an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more policies or categories to associate with the application by referencing an application inventory database. Once the application server module has the category or policy, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the application to control network access by the application.
    Type: Application
    Filed: February 4, 2014
    Publication date: June 5, 2014
    Applicant: Websense, Inc.
    Inventors: Harold M. Kester, Nicole Kaster Jones, John Ross Dimm, Mark Richard Anderson, Joseph Papa
  • Publication number: 20140155028
    Abstract: Methods and apparatus provide data loss protection for mobile devices. In one aspect, data is analyzed by a data loss protection server to determine if it is authorized by data loss protection policies to be transferred to a mobile device. The time necessary to analyze the data may exceed a mobile device timeout value. To prevent the mobile device from timing out, the DLP server may send one or more portions of a response to the mobile device at a time interval less than the mobile device timeout value. Some portions of the response may be sent before the analyzing of the data is completed.
    Type: Application
    Filed: November 30, 2012
    Publication date: June 5, 2014
    Applicant: Websense, Inc.
    Inventors: Ramon Daniela, Mark Ostrer, Michael Stoler