Patents Examined by Shu Chun Gao
-
Patent number: 12223044Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.Type: GrantFiled: July 12, 2021Date of Patent: February 11, 2025Assignee: Palo Alto Networks, Inc.Inventors: Robert Jung, Daniel Raygoza, Michael S. Hughes, Esmid Idrizovic
-
Patent number: 12212552Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.Type: GrantFiled: July 31, 2023Date of Patent: January 28, 2025Assignee: Authentic8, Inc.Inventors: Ramesh Rajagopal, James K. Tosh, Fredric L. Cox, Perry F. Nguyen, Jason T. Champion
-
Patent number: 12184651Abstract: Embodiments of the present disclosure relate to verifying a third-party resource by automatically validating multi-factor message codes associated with the third-party resource to enable access to functionality associated with the third-party resource via a multi-app communication system. An example embodiment includes a multi-app communication system including at least one processor and at least one memory. The embodiment multi-app communication system is configured to receive a sign-in request from a multi-app communication system application executed on a client device, and cause transmission of a multi-factor confirmation message to a verified third-party multi-factor authentication resource. The embodiment multi-app communication system is further configured query the verified third-party multi-factor authentication resource to identify the multi-factor confirmation message, and enable access to the third-party resource.Type: GrantFiled: September 21, 2022Date of Patent: December 31, 2024Assignee: Salesforce, Inc.Inventors: Mark Pike, Roland Schemers, James McPhail, Matthew Wahl
-
Patent number: 12182423Abstract: A system is provided with a software controller; a storage platform capable of storing stored blocks of data and having a central processing unit; a controller monitoring and isolation tool embedded in the software controller; and a storage monitoring and isolation tool embedded in the storage platform that is capable of locking down a memory partition on the storage platform. The system also includes a memory for storing computer instructions and a host computer coupled with the memory, wherein the host computer, responsive to executing the computer instructions, performs certain operations. The operations include extracting orchestration configurations through the controller monitoring and isolation tool and relaying the orchestration configurations to the storage monitoring and isolation tool.Type: GrantFiled: January 26, 2023Date of Patent: December 31, 2024Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Joseph Soryal, Naila Jaoude
-
Patent number: 12170692Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.Type: GrantFiled: September 16, 2020Date of Patent: December 17, 2024Assignee: Salesforce, Inc.Inventors: Toan Van Nguyen, Sriram Srinivasan, Syed Abdullah Shah, Santhosh Ram Vetrinadar Manohar, Varun Kulkarni Somashekhar, Prabhat Singh, Bogdan Florin Romanescu
-
Patent number: 12155666Abstract: Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.Type: GrantFiled: May 28, 2021Date of Patent: November 26, 2024Assignee: Capital One Services, LLCInventors: James Simonetti, Britton Lee, Joseph Chen, John Valin, Anika Gera, Nicholas Mirallegro, Jessica Feinstein, Nicholas Kotakis
-
Patent number: 12143391Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.Type: GrantFiled: March 14, 2023Date of Patent: November 12, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Nikhil Sainath Kale, M. David Hanes, Ana Peric, Gonzalo Salgueiro
-
Patent number: 12137093Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.Type: GrantFiled: July 22, 2022Date of Patent: November 5, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Clarence Filsfils, Marc Portoles Comeras, David Delano Ward, Alberto Rodriguez Natal
-
Patent number: 12126631Abstract: Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.Type: GrantFiled: April 16, 2021Date of Patent: October 22, 2024Assignee: SHAPE SECURITY, INC.Inventors: Daniel G. Moen, Carl Schroeder
-
Patent number: 12113830Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.Type: GrantFiled: March 30, 2021Date of Patent: October 8, 2024Assignee: Cisco Technology, Inc.Inventors: Thomas Szigeti, David John Zacks, Walter T. Hulick, Jr., Tal Maoz
-
Patent number: 12069096Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.Type: GrantFiled: July 30, 2021Date of Patent: August 20, 2024Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Ilian Waclaw Fortuna, Matthew S. Garrett, Michael James Bailey, Saikumar Ramaswami
-
Patent number: 12063229Abstract: A computerized method for associating cyberthreat actor groups responsible for different cyberthreats is described. The method involves generating a similarity matrix based on content from received clusters of cybersecurity information. Each received cluster of cybersecurity information is assumed to be associated with a cyberthreat. The similarity matrix is composed via an optimized equation combining separate similarity metrics, where each similarity metric of the plurality of similarity metrics represents a level of correlation between at least two clusters of cybersecurity information, with respect to a particular aspect of operations described in the clusters. The method further involves that, in response to queries directed to the similarity matrix, generating a listing of a subset of the clusters of cybersecurity information having a greater likelihood of being associated with cyberthreats caused by the same cyberthreat actor group.Type: GrantFiled: February 21, 2022Date of Patent: August 13, 2024Assignee: GOOGLE LLCInventors: Matthew Berninger, Barry Vengerik
-
Patent number: 12047395Abstract: Example apparatus disclosed herein to perform a cybersecurity investigation are to generate an information graph based on a set of information seeker tools in response to detection of a threat alert in a monitored network, and search the information graph for a reference pattern associated with a cybersecurity threat. Disclosed example apparatus are also to, in response to detection of a portion of the reference pattern in the information graph, (i) select a first one of information seeker tools associated with a first input-output relationship capable of expanding the portion of the reference pattern to complete the reference pattern, and (ii) execute the first one of information seeker tools to complete the reference pattern associated with the cybersecurity threat.Type: GrantFiled: October 4, 2021Date of Patent: July 23, 2024Assignee: Musarubra US LLCInventors: Gabriel G. Infante-Lopez, Hemang Satish Nadkarni, Pablo Andres Michelis, Francisco Matias Cuenca-Acuna, Matias L. Marenchino, Maria Torino
-
Methods and arrangements for multi-layer in-vehicle network intrusion detection and characterization
Patent number: 12045348Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.Type: GrantFiled: July 19, 2022Date of Patent: July 23, 2024Assignee: INTEL CORPORATIONInventors: Christopher N. Gutierrez, Marcio Juliato, Shabbir Ahmed, Qian Wang, Manoj Sastry, Liuyang L Yang, Xiruo Liu -
Patent number: 12026239Abstract: A sound-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect audio data from an end-user in real-time that corresponds to ambient sounds for their alleged location. The audio data is compared to verified audio data for the actual location. The system can determine whether there is a match between the user audio data and audio data previously collected and stored in a database or obtained from an audio service provider. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.Type: GrantFiled: March 11, 2021Date of Patent: July 2, 2024Assignee: United Services Automobile Association (USAA)Inventors: Brian Tougas, William Daniel Farmer, Ruthie D. Lyle, Kelly Q. Baker, Ryan Thomas Russell, Noe Alberto Martinez
-
Patent number: 12021899Abstract: A principal successfully authenticates for a communication session with a target device. One or more Domain Specific Language (DSL) statements/records assigned to the principal are provided to the target device. The target device translates the DSL statements/records into code, which is executed on the target device to custom set security roles of the principal on the target device during the session. In an embodiment, the one or more DSL statements/records are provided to the target device as an optimized JavaScript® Object Notation (JSON) Web Token (JWT); a payload of the optimized JWT comprising the one or more DSL statements/records as a compressed and enhanced JSON object.Type: GrantFiled: February 26, 2021Date of Patent: June 25, 2024Assignee: NCR Voyix CorporationInventors: Christina Holland, Abdul Khaliq Zaheer
-
Patent number: 12019757Abstract: In an embodiment, a threat score prediction model is generated for assigning a threat score to a software vulnerability. The threat score prediction model may factor one or more of (i) a degree to which the software vulnerability is described across a set of public media sources, (ii) a degree to which one or more exploits that have already been developed for the software vulnerability are described across one or more public exploit databases, (iii) information from one or more third party threat intelligence sources that characterizes one or more historic threat events associated with the software vulnerability, and/or (iv) information that characterizes at least one behavior of an enterprise network in association with the software vulnerability.Type: GrantFiled: September 16, 2022Date of Patent: June 25, 2024Assignee: Tenable, Inc.Inventors: Bryan Peter Doyle, Vincent Gilcreest, Wei Tai, Damien McParland, Renaud Deraison
-
Patent number: 12001553Abstract: Techniques for detecting anomalies or cyber attacks on a vehicle. A computer-implemented method for anomaly or attack detection includes determining, using a first model, a first predicted value of a first variable message associated with a vehicle, determining, using a second model, a second predicted value of the first variable message associated with the vehicle, determining, based on a difference between an actual value of the first variable message and the first predicted value of the first variable message and on a difference between the actual value of the first variable message and the second predicted value of the first variable message, a vector, and determining, using a third model, an output value based on the vector, the output value corresponding to at least one of a likelihood that an anomaly or an attack is occurring or a type of the anomaly or the attack.Type: GrantFiled: August 17, 2021Date of Patent: June 4, 2024Assignee: Red Bend Ltd.Inventors: Dror Cohen, Alexander Kreines, Shachar Mendelowitz
-
Patent number: 12003542Abstract: A method, system, and computer program product for recommending an initial database security model. The method may include identifying a plurality of nodes connected to a security network. The method may also include analyzing security characteristics of each node of the plurality of nodes. The method may also include identifying, from the security characteristics, key factors for each node. The method may also include calculating similarities between each node of the plurality of nodes. The method may also include building a self-organized centerless network across the plurality of nodes by grouping nodes with high similarities based on the similarities between each node, where the self-organized centerless network is a centerless network without a central management server, and includes groups of nodes from the plurality of nodes. The method may also include generating federated security models for the groups of nodes.Type: GrantFiled: January 14, 2021Date of Patent: June 4, 2024Assignee: International Business Machines CorporationInventors: Sheng Yan Sun, Shuo Li, Xiaobo Wang, Jun Wang, Hua Wang, Shidong Shan, Xing Xing Jing
-
Patent number: 11991213Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis, through graph-based clustering. The graph used to form clusters includes entities in the computer network represented as scored nodes, and relationships of entities as weighted edges. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the weighted edges. The propagated scores at visited nodes are normalized by attenuation based on contributing neighboring nodes of a respective visited node. An aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranked and prioritized for analysis, pursuant to the aggregate scores.Type: GrantFiled: December 20, 2022Date of Patent: May 21, 2024Assignee: Netskope, Inc.Inventors: Joshua David Batson, Raymond Joseph Canzanese, Jr.