Patents Examined by Shu Chun Gao
  • Patent number: 12223044
    Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: February 11, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Robert Jung, Daniel Raygoza, Michael S. Hughes, Esmid Idrizovic
  • Patent number: 12212552
    Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.
    Type: Grant
    Filed: July 31, 2023
    Date of Patent: January 28, 2025
    Assignee: Authentic8, Inc.
    Inventors: Ramesh Rajagopal, James K. Tosh, Fredric L. Cox, Perry F. Nguyen, Jason T. Champion
  • Patent number: 12184651
    Abstract: Embodiments of the present disclosure relate to verifying a third-party resource by automatically validating multi-factor message codes associated with the third-party resource to enable access to functionality associated with the third-party resource via a multi-app communication system. An example embodiment includes a multi-app communication system including at least one processor and at least one memory. The embodiment multi-app communication system is configured to receive a sign-in request from a multi-app communication system application executed on a client device, and cause transmission of a multi-factor confirmation message to a verified third-party multi-factor authentication resource. The embodiment multi-app communication system is further configured query the verified third-party multi-factor authentication resource to identify the multi-factor confirmation message, and enable access to the third-party resource.
    Type: Grant
    Filed: September 21, 2022
    Date of Patent: December 31, 2024
    Assignee: Salesforce, Inc.
    Inventors: Mark Pike, Roland Schemers, James McPhail, Matthew Wahl
  • Patent number: 12182423
    Abstract: A system is provided with a software controller; a storage platform capable of storing stored blocks of data and having a central processing unit; a controller monitoring and isolation tool embedded in the software controller; and a storage monitoring and isolation tool embedded in the storage platform that is capable of locking down a memory partition on the storage platform. The system also includes a memory for storing computer instructions and a host computer coupled with the memory, wherein the host computer, responsive to executing the computer instructions, performs certain operations. The operations include extracting orchestration configurations through the controller monitoring and isolation tool and relaying the orchestration configurations to the storage monitoring and isolation tool.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: December 31, 2024
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Joseph Soryal, Naila Jaoude
  • Patent number: 12170692
    Abstract: Disclosed are examples of systems, apparatus, methods and computer program products providing network security orchestration and management across different clouds. In some implementations, network security information includes a set of security policies indicating permitted communications between or among computing resources. The network security information is converted to a cloud-independent representation. From the cloud-independent representation, policy sets can be generated, where each policy set is specific to a different cloud.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: December 17, 2024
    Assignee: Salesforce, Inc.
    Inventors: Toan Van Nguyen, Sriram Srinivasan, Syed Abdullah Shah, Santhosh Ram Vetrinadar Manohar, Varun Kulkarni Somashekhar, Prabhat Singh, Bogdan Florin Romanescu
  • Patent number: 12155666
    Abstract: Disclosed herein are system, method, and computer program product embodiments for generating a list of deny policy statements associated with an allow policy statement with respect to the effective access permissions for a principal in an identity and access management system. The operations can include identifying a first policy statement that specifies members of a first identity set including the principal are allowed to access a first system resource set. The operations further include identifying a second policy statement specifying that members of a second identity set are denied access to a second system resource set. Moreover, the operations include determining that the second policy statement overlaps with the first policy statement with respect to the effective access permissions for the principal, and placing the second policy statement into the list of deny policy statements associated with an allow policy statement.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: November 26, 2024
    Assignee: Capital One Services, LLC
    Inventors: James Simonetti, Britton Lee, Joseph Chen, John Valin, Anika Gera, Nicholas Mirallegro, Jessica Feinstein, Nicholas Kotakis
  • Patent number: 12143391
    Abstract: In one embodiment, a device including a processor, and a memory to store data used by the processor, wherein the processor is operative to run a manufacturer usage description (MUD) controller operative to obtain a MUD profile of an Internet of Things (IoT) device from a MUD server, the MUD profile of the IoT device including: access rights of the IoT device, and any one or more of the following a default device username and/or a default device password of the IoT device, a recommended/required device password complexity of the IoT device, at least one service that should be enabled/disabled on the IoT device, and/or allowed security protocols and/or ciphers for communication to and/or from the IoT device, enforce security of the IoT device according to the MUD profile of the IoT device. Related apparatus and methods are also described.
    Type: Grant
    Filed: March 14, 2023
    Date of Patent: November 12, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Nikhil Sainath Kale, M. David Hanes, Ana Peric, Gonzalo Salgueiro
  • Patent number: 12137093
    Abstract: In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment.
    Type: Grant
    Filed: July 22, 2022
    Date of Patent: November 5, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Clarence Filsfils, Marc Portoles Comeras, David Delano Ward, Alberto Rodriguez Natal
  • Patent number: 12126631
    Abstract: Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.
    Type: Grant
    Filed: April 16, 2021
    Date of Patent: October 22, 2024
    Assignee: SHAPE SECURITY, INC.
    Inventors: Daniel G. Moen, Carl Schroeder
  • Patent number: 12113830
    Abstract: The present technology includes applying a security policy by an application security system to a transaction within an application that is monitored by the application security system. The present technology includes monitoring transaction occurring between a client device an application over a network. The present technology also includes identifying a first transaction from the transactions as a sensitive transaction. The sensitive transaction is associated with an authentication policy requiring an authentication. The present technology also includes interrupting the application. The present technology also includes prompting the client device for the authentication.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: October 8, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Thomas Szigeti, David John Zacks, Walter T. Hulick, Jr., Tal Maoz
  • Patent number: 12069096
    Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: August 20, 2024
    Assignee: OPEN TEXT HOLDINGS, INC.
    Inventors: Ilian Waclaw Fortuna, Matthew S. Garrett, Michael James Bailey, Saikumar Ramaswami
  • Patent number: 12063229
    Abstract: A computerized method for associating cyberthreat actor groups responsible for different cyberthreats is described. The method involves generating a similarity matrix based on content from received clusters of cybersecurity information. Each received cluster of cybersecurity information is assumed to be associated with a cyberthreat. The similarity matrix is composed via an optimized equation combining separate similarity metrics, where each similarity metric of the plurality of similarity metrics represents a level of correlation between at least two clusters of cybersecurity information, with respect to a particular aspect of operations described in the clusters. The method further involves that, in response to queries directed to the similarity matrix, generating a listing of a subset of the clusters of cybersecurity information having a greater likelihood of being associated with cyberthreats caused by the same cyberthreat actor group.
    Type: Grant
    Filed: February 21, 2022
    Date of Patent: August 13, 2024
    Assignee: GOOGLE LLC
    Inventors: Matthew Berninger, Barry Vengerik
  • Patent number: 12047395
    Abstract: Example apparatus disclosed herein to perform a cybersecurity investigation are to generate an information graph based on a set of information seeker tools in response to detection of a threat alert in a monitored network, and search the information graph for a reference pattern associated with a cybersecurity threat. Disclosed example apparatus are also to, in response to detection of a portion of the reference pattern in the information graph, (i) select a first one of information seeker tools associated with a first input-output relationship capable of expanding the portion of the reference pattern to complete the reference pattern, and (ii) execute the first one of information seeker tools to complete the reference pattern associated with the cybersecurity threat.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: July 23, 2024
    Assignee: Musarubra US LLC
    Inventors: Gabriel G. Infante-Lopez, Hemang Satish Nadkarni, Pablo Andres Michelis, Francisco Matias Cuenca-Acuna, Matias L. Marenchino, Maria Torino
  • Patent number: 12045348
    Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.
    Type: Grant
    Filed: July 19, 2022
    Date of Patent: July 23, 2024
    Assignee: INTEL CORPORATION
    Inventors: Christopher N. Gutierrez, Marcio Juliato, Shabbir Ahmed, Qian Wang, Manoj Sastry, Liuyang L Yang, Xiruo Liu
  • Patent number: 12026239
    Abstract: A sound-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect audio data from an end-user in real-time that corresponds to ambient sounds for their alleged location. The audio data is compared to verified audio data for the actual location. The system can determine whether there is a match between the user audio data and audio data previously collected and stored in a database or obtained from an audio service provider. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.
    Type: Grant
    Filed: March 11, 2021
    Date of Patent: July 2, 2024
    Assignee: United Services Automobile Association (USAA)
    Inventors: Brian Tougas, William Daniel Farmer, Ruthie D. Lyle, Kelly Q. Baker, Ryan Thomas Russell, Noe Alberto Martinez
  • Patent number: 12021899
    Abstract: A principal successfully authenticates for a communication session with a target device. One or more Domain Specific Language (DSL) statements/records assigned to the principal are provided to the target device. The target device translates the DSL statements/records into code, which is executed on the target device to custom set security roles of the principal on the target device during the session. In an embodiment, the one or more DSL statements/records are provided to the target device as an optimized JavaScript® Object Notation (JSON) Web Token (JWT); a payload of the optimized JWT comprising the one or more DSL statements/records as a compressed and enhanced JSON object.
    Type: Grant
    Filed: February 26, 2021
    Date of Patent: June 25, 2024
    Assignee: NCR Voyix Corporation
    Inventors: Christina Holland, Abdul Khaliq Zaheer
  • Patent number: 12019757
    Abstract: In an embodiment, a threat score prediction model is generated for assigning a threat score to a software vulnerability. The threat score prediction model may factor one or more of (i) a degree to which the software vulnerability is described across a set of public media sources, (ii) a degree to which one or more exploits that have already been developed for the software vulnerability are described across one or more public exploit databases, (iii) information from one or more third party threat intelligence sources that characterizes one or more historic threat events associated with the software vulnerability, and/or (iv) information that characterizes at least one behavior of an enterprise network in association with the software vulnerability.
    Type: Grant
    Filed: September 16, 2022
    Date of Patent: June 25, 2024
    Assignee: Tenable, Inc.
    Inventors: Bryan Peter Doyle, Vincent Gilcreest, Wei Tai, Damien McParland, Renaud Deraison
  • Patent number: 12001553
    Abstract: Techniques for detecting anomalies or cyber attacks on a vehicle. A computer-implemented method for anomaly or attack detection includes determining, using a first model, a first predicted value of a first variable message associated with a vehicle, determining, using a second model, a second predicted value of the first variable message associated with the vehicle, determining, based on a difference between an actual value of the first variable message and the first predicted value of the first variable message and on a difference between the actual value of the first variable message and the second predicted value of the first variable message, a vector, and determining, using a third model, an output value based on the vector, the output value corresponding to at least one of a likelihood that an anomaly or an attack is occurring or a type of the anomaly or the attack.
    Type: Grant
    Filed: August 17, 2021
    Date of Patent: June 4, 2024
    Assignee: Red Bend Ltd.
    Inventors: Dror Cohen, Alexander Kreines, Shachar Mendelowitz
  • Patent number: 12003542
    Abstract: A method, system, and computer program product for recommending an initial database security model. The method may include identifying a plurality of nodes connected to a security network. The method may also include analyzing security characteristics of each node of the plurality of nodes. The method may also include identifying, from the security characteristics, key factors for each node. The method may also include calculating similarities between each node of the plurality of nodes. The method may also include building a self-organized centerless network across the plurality of nodes by grouping nodes with high similarities based on the similarities between each node, where the self-organized centerless network is a centerless network without a central management server, and includes groups of nodes from the plurality of nodes. The method may also include generating federated security models for the groups of nodes.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: June 4, 2024
    Assignee: International Business Machines Corporation
    Inventors: Sheng Yan Sun, Shuo Li, Xiaobo Wang, Jun Wang, Hua Wang, Shidong Shan, Xing Xing Jing
  • Patent number: 11991213
    Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis, through graph-based clustering. The graph used to form clusters includes entities in the computer network represented as scored nodes, and relationships of entities as weighted edges. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the weighted edges. The propagated scores at visited nodes are normalized by attenuation based on contributing neighboring nodes of a respective visited node. An aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranked and prioritized for analysis, pursuant to the aggregate scores.
    Type: Grant
    Filed: December 20, 2022
    Date of Patent: May 21, 2024
    Assignee: Netskope, Inc.
    Inventors: Joshua David Batson, Raymond Joseph Canzanese, Jr.