Patents by Inventor E. John Sebes
E. John Sebes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10360382Abstract: A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.Type: GrantFiled: January 27, 2017Date of Patent: July 23, 2019Assignee: McAfee, LLCInventors: Rishi Bhargava, E. John Sebes
-
Publication number: 20170140168Abstract: A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.Type: ApplicationFiled: January 27, 2017Publication date: May 18, 2017Applicant: McAfee, Inc.Inventors: Rishi Bhargava, E. John Sebes
-
Patent number: 9602515Abstract: On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.Type: GrantFiled: September 9, 2015Date of Patent: March 21, 2017Assignee: McAfee, Inc.Inventors: Rahul Roy-Chowdhury, E. John Sebes, Jay Vaishnav
-
Patent number: 9576142Abstract: A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.Type: GrantFiled: October 3, 2013Date of Patent: February 21, 2017Assignee: McAfee, Inc.Inventors: Rishi Bhargava, E. John Sebes
-
Publication number: 20160105444Abstract: On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.Type: ApplicationFiled: September 9, 2015Publication date: April 14, 2016Applicant: MCAFEE, INC.Inventors: Rahul Roy-Chowdhury, E. John Sebes, Jay Vaishnav
-
Patent number: 9134998Abstract: On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.Type: GrantFiled: April 21, 2014Date of Patent: September 15, 2015Assignee: McAfee, Inc.Inventors: Rahul Roy-Chowdhury, E. John Sebes, Jay Vaishnav
-
Publication number: 20140317592Abstract: On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.Type: ApplicationFiled: April 21, 2014Publication date: October 23, 2014Inventors: Rahul Roy-Chowdhury, E. John Sebes, Jay Vaishnav
-
Patent number: 8762928Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.Type: GrantFiled: November 15, 2010Date of Patent: June 24, 2014Assignee: McAfee, Inc.Inventors: Rosen Sharma, Bakul Shah, E. John Sebes
-
Patent number: 8763118Abstract: A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.Type: GrantFiled: September 28, 2012Date of Patent: June 24, 2014Assignee: McAfee, Inc.Inventors: E. John Sebes, Rishi Bhargava
-
Patent number: 8707446Abstract: On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.Type: GrantFiled: July 2, 2012Date of Patent: April 22, 2014Assignee: McAfee, Inc.Inventors: Rahul Roy-Chowdhury, E. John Sebes, Jay Vaishnav
-
Publication number: 20140101783Abstract: A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.Type: ApplicationFiled: October 3, 2013Publication date: April 10, 2014Inventors: Rishi Bhargava, E. John Sebes
-
Patent number: 8561082Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.Type: GrantFiled: October 13, 2010Date of Patent: October 15, 2013Assignee: McAfee, Inc.Inventors: Rosen Sharma, Bakul Shah, E. John Sebes
-
Patent number: 8561051Abstract: System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.Type: GrantFiled: December 22, 2010Date of Patent: October 15, 2013Assignee: McAfee, Inc.Inventor: E. John Sebes
-
Patent number: 8555404Abstract: Techniques which allow definition and enforcement of connectivity-based action and execution authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The connectivity state of the computer, the subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the connectivity state indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.Type: GrantFiled: May 18, 2006Date of Patent: October 8, 2013Assignee: McAfee, Inc.Inventors: E. John Sebes, Rishi Bhargava, David P. Reese
-
Patent number: 8549546Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.Type: GrantFiled: November 15, 2010Date of Patent: October 1, 2013Assignee: McAfee, Inc.Inventors: Rosen Sharma, Bakul Shah, E. John Sebes
-
Publication number: 20130247016Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.Type: ApplicationFiled: November 15, 2010Publication date: September 19, 2013Inventors: Rosen Sharma, Bakul Shah, E. John Sebes
-
Publication number: 20130247226Abstract: Techniques which allow definition and enforcement of connectivity-based action and execution authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The connectivity state of the computer, the subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the connectivity state indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.Type: ApplicationFiled: May 18, 2006Publication date: September 19, 2013Applicant: SolidCore Systems, Inc.Inventors: E. John Sebes, Rishi Bhargava, David P. Reese
-
Publication number: 20130247027Abstract: Techniques relating to the distribution and installation of solidified (or “frozen”) software on a computer are disclosed. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The installation of the solidified software can be carried out by installing pre-solidified software, by solidifying the software at the source code level and by solidifying the software by the compiler. The solidification can also be performed when software distributions are manufactured, for example on CDs, or as part of an installation procedure that can run and/or install differently each time. A business process for billing customers for the transfer or usage of solidified software is also disclosed.Type: ApplicationFiled: February 16, 2005Publication date: September 19, 2013Applicant: SolidCore Systems, Inc.Inventors: Bakul Shah, Rishi Bhargava, E. John Sebes
-
Publication number: 20130246517Abstract: Method and system for containing networked application client software in order to perform specified transactions only given explicit consent of a legitimate user. In one embodiment, a confirmation interceptor intercepts a service request message, queries the user of the request for a confirmation, and then either passes the service request message onto server application software or drops the request, depending on the user's confirmation response. In soliciting and processing the confirmation response, query is formulated so that the required response cannot be automatically generated by software that attempts to automate and simulate the user's actions.Type: ApplicationFiled: August 29, 2003Publication date: September 19, 2013Applicant: SolidCore Systems, Inc.Inventors: Rosen Sharma, Bakul Shah, E. John Sebes
-
Publication number: 20130246044Abstract: Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.Type: ApplicationFiled: October 13, 2010Publication date: September 19, 2013Inventors: Rosen Sharma, Bakul Shah, E. John Sebes