Patents Examined by J. Brant Murphy
  • Security testing framework including virtualized server-side platform
    Patent number: 10503910
    Abstract: A web application security testing framework includes a HTTP browser engine replaying recorded sessions to identify candidate traces indicative of attack. A mutation engine changes values in the attack candidate traces to generate additional traces posed against a virtualized server-side platform. The virtualized server-side platform creates snapshots of application state for testing, avoiding permanent damage to application persistence. The virtualized server-side platform includes persistence monitoring sensors (e.g., at connectors to the database or file system) for detecting vulnerability classes including Cross-Site Request Forgery (CSRF) and SQL injection attacks. For remote command execution attack detection, a server-side vulnerability validation interface records strings passed to code generating application program interfaces (APIs).
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: December 10, 2019
    Assignee: SAP SE
    Inventor: Martin Johns
  • Cross-site request forgery (CSRF) vulnerability detection
    Patent number: 10505966
    Abstract: Embodiments detect cross-site request forgery (CSRF) attacks by monitoring, mutation, and analysis of suspect requests that are received by an application server. An engine observes UI interaction, HTTP traffic, and server-side changes in order to create an initial list of CSRF candidates (e.g., HTTP requests that could indicate a CSRF vulnerability). Embodiments may feature a virtualized server-side platform including sensors deployed for application persistence monitoring. Using inter-trace analysis, these CSRF candidates are de-composed into their semantic components (e.g., parameter values and classes). By performing value mutation operations on these components and repeated replay of the resulting HTTP requests, CSRF candidates are tested to see if the underlying HTTP request could be utilized in the context of a CSRF attack.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: December 10, 2019
    Assignee: SAP SE
    Inventor: Martin Johns
  • Systems and methods for anonymized behavior analysis
    Patent number: 10496847
    Abstract: Systems and methods for anonymized behavior analysis are described. A requesting computer having access to personally identifiable information (PII) for a group of users may provide the PII to an intermediary computer having access to associated real identifiers. The intermediary computer may provide the associated real identifiers to a behavior analysis computer, which may calculate a behavior metric for each of the real identifiers, and calculate an aggregated behavior metric for the entire subset of real identifiers. The behavior analysis computer may send the aggregated behavior metric back to the requesting computer; thus, no individual behavior metrics are disclosed to the requesting computer. This process can be done without sharing the PII with the behavior analysis computer, or the real identifiers with the requesting computer, thereby protecting the privacy of the users.
    Type: Grant
    Filed: February 16, 2017
    Date of Patent: December 3, 2019
    Assignee: Visa International Service Association
    Inventors: Daniel E. Fineman, Carlo Cubeddu, Lace Cheung
  • Systems and methods for dynamically varying web application firewall security processes based on cache hit results
    Patent number: 10498701
    Abstract: A computer-implemented method for dynamically varying web application firewall security processes based on cache hit results may include (i) identifying, at a computing device, a request directed to a web application resource protected by the computing device, (ii) determining, in response to identifying the request, whether a response to the request will be served from a cache stored on the computing device, (iii) determining, based at least in part on whether the response to the request will be served from the cache, a level of security processing to apply to the request, and (iv) applying the determined level of security processing to the request. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 24, 2017
    Date of Patent: December 3, 2019
    Assignee: Symantec Corporation
    Inventors: Colin Delaney, Chandana Sembakutti
  • Content management based on spatial and temporal information
    Patent number: 10491602
    Abstract: Variety of approaches to provide content management based on spatial and temporal information are described. A hosted service initiates operations to provide content management based on spatial and temporal information upon receiving a location of a client device and a user identifier. A schedule of the user is processed to identify a geo-fenced area assigned to the user during a designated time-period. Upon detecting the location of the client device as within the geo-fenced area during the designated time-period, a content is provided to the client device for rendering to the user in relation to a task assigned to the user within the schedule.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: November 26, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Leela S Tamma
  • On-demand serving network authentication
    Patent number: 10491585
    Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. A method includes transmitting a request to a serving network with a nonce and a signature request directed to a network function of the serving network, receiving a response to the request from the serving network, and authenticating the serving network based on the signature of the network function. The nonce may provide replay protection. The response may include a signature of the network function. The request sent to the serving network may include a radio resource control (RRC) message or a tracking area update (TAU) request. The serving network may be authenticated using a trusted third party to verify a certificate associated with the serving network.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: November 26, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Gavin Horn, Anand Palanigounder
  • Hashing using data parallel instructions
    Patent number: 10491377
    Abstract: Systems and methods generate reasonably secure hash values at relatively few CPU cycles per byte. An example method includes, for each of a plurality of packets, injecting the packet into an internal state that represents an internal hash sum, mixing the internal state using multiplication, and shuffling the result of the multiplication so that bytes with highest quality are moved to locations that will propagate most widely in a next multiplication operation. Each of the plurality of packets include data from an input to be hashed. In some implementation, a last packet for the input is padded. The method may also include further mixing the internal state using multiplication after processing the plurality of packets and providing, to a requesting process, a portion of the final internal state as a hash of the input.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: November 26, 2019
    Assignee: GOOGLE LLC
    Inventors: Jyrki Antero Alakuijala, Jan Wassenberg
  • Systems and methods for populating online applications using third party platforms
    Patent number: 10489504
    Abstract: A system and method includes a communication interface configured to transmit a web-based form to an applicant device and receive a selection of the third party to provide data to populate the plurality of fields of the web-based form and an application server that, in conjunction with the communication interface, is configured to perform various steps. It may, in response to receiving the selection, transmit a third-party API call to the selected third party. It may also transmit data indicative of an authentication request associated with the selected third party and receive data indicative of a validated authentication request. It may further request a set of data from the selected third party via the third party API and receive the requested set of data, which includes data for populating a specific data field on the web-based form.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: November 26, 2019
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Christopher Wetzel, Dwij Trivedi, Robert Colenso
  • Secure configuration in a virtualized computing environment
    Patent number: 10482245
    Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Methods and devices for displaying content
    Patent number: 10482271
    Abstract: A method for displaying content is disclosed. One method includes displaying, via an electronic device, a first content corresponding to a first privilege level of a first user. The method also includes acquiring biometric information of a current user. The method includes determining, based on the biometric information, whether the current user is a second user having a second privilege level different from the first privilege level of the first user. The method includes, in response to determining that the current user is the second user, transitioning from displaying the first content to displaying a second content via the electronic device, wherein the second content corresponds to the second privilege level of the second user.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: November 19, 2019
    Assignee: Lenovo (Beijing) Limited
    Inventors: Wan Qing Liu, Feng Bo Xu
  • Alerting and tagging using a malware analysis platform for threat intelligence made actionable
    Patent number: 10484404
    Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: November 19, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Farshad Rostamabadi, Shadi Rostami-Hesarsorkh, Sudarshan Vasudevan, Bilal Malik
  • Systems, methods, and computer-readable media for data security
    Patent number: 10484409
    Abstract: In a server system providing data security, a processor monitors requests or activities of a computing device and compares the monitored requests or activities with a database of predetermined characteristics to determine whether the monitored requests or activities indicates that the computing device (i) accessed or attempted to access sequentially more than a predetermined number of data files or objects in less than a predetermined period of time, and (ii) downloaded a predetermined number of data files or objects. The monitored requests or activities is determined suspicious when the comparing determines that (i) and (ii) are true, which causes a response to hinder the monitored requests or activities.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: November 19, 2019
    Assignee: Nasdaq, Inc.
    Inventor: Stuart Ogawa
  • System and method for certificate selection in vehicle-to-vehicle applications to enhance privacy
    Patent number: 10484351
    Abstract: A system and method are provided for certificate selection in infrastructures such as those planned to be used for V2V messaging, wherein the vehicle (or other moving object)'s location is used to aid in the selection of certificates. In one aspect, there is provided a method of selecting certificates for vehicle-to-vehicle messaging, the method comprising: determining a location for a vehicle; and adapting reuse of certificates in a certificate pool for the vehicle according to the location. In another aspect, there is provided a method of selecting certificates for vehicle-to-vehicle messaging, the method comprising: determining an amount of messaging activity; and adapting reuse of certificates in a certificate pool for the vehicle according to the amount of messaging activity.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: November 19, 2019
    Assignee: ETAS Embedded Systems Canada Inc.
    Inventors: Brian M. Romansky, Constantine Grantcharov, Nevine Maurice Nassif Ebeid
  • Avionic equipment with single use signing of a transmitted message and associated avionic system, transmission method and computer program
    Patent number: 10484403
    Abstract: An avionic equipment unit, intended to be on board an aircraft, including a calculating module configured to calculate a signature associated with a data field, the calculated signature depending on the data field, and a transmission module configured to transmit a message to another avionic equipment unit on board the aircraft, the message including the data field and the associated calculated signature, the calculated signature being unique for each data field and for each respective message transmission.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: November 19, 2019
    Assignee: THALES
    Inventors: Henri Belfy, Vincent Tainturier, Jean-Arnaud Causse
  • Security in virtualized computing environments
    Patent number: 10484402
    Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Standard address key system and method
    Patent number: 10482035
    Abstract: A technique is provided for standardizing addresses. The technique includes implementing a standardization algorithm utilizing at least one computer processor to arrive at a standard address key for each address. The standardization algorithm performs multiple steps. The standardization algorithm pre-processes each input. The algorithm further performs cleaning and preparing each address by removing unnecessary portions of each address and parsing the address by searching the components of the address. The algorithm also concatenates all parts of each parsed address into a standard address key.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: November 19, 2019
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: Swapna Bondalapati, Richard Lusk, Steven Simecek, Rachel Dean
  • Method and apparatus for federated single sign on using authentication broker
    Patent number: 10484357
    Abstract: Example embodiments of the present invention provide a method, an apparatus, and a computer program product for brokering establishment of a trusted relationship between a first domain and a second domain. The method includes receiving, from a first domain, a request to establish a trusted relationship with a second domain and brokering establishment of the trusted relationship between the first domain and the second. Other example embodiments include brokering authenticated access for a client in the first domain to a resource in the second domain according to the established trusted relationship.
    Type: Grant
    Filed: March 11, 2016
    Date of Patent: November 19, 2019
    Assignee: EMC IP Holding Company LLC
    Inventor: Manoj K. Jain
  • Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
    Patent number: 10462171
    Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: October 29, 2019
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Tomer Weingarten, Almog Cohen
  • Method and system of a cloud-based multipath routing protocol
    Patent number: 10425382
    Abstract: In one aspect, a computerized system useful for implementing a cloud-based multipath routing protocol to an Internet endpoint includes an edge device that provides an entry point into an entity's core network. The entity's core network includes a set of resources to be reliably accessed. The computerized system includes a cloud-edge device instantiated in a public-cloud computing platform. The cloud-edge device joins a same virtual routing and forwarding table as the edge device. The cloud-edge device receives a set of sources and destinations of network traffic that are permitted to access the edge device and the set of resources.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: September 24, 2019
    Assignee: NICIRA, INC.
    Inventors: Ajit Ramachandra Mayya, Parag Pritam Thakore, Stephen Craig Connors, Alex Kompel, Thomas Harold Speeter
  • Event information access interface in data intake stage of a distributed data processing system
    Patent number: 10419462
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: September 17, 2019
    Assignee: SPLUNK INC.
    Inventors: Sudhakar Muddu, Christos Tryfonas, Ravi Prasad Bulusu