Patents by Inventor Joseph H. Chen
Joseph H. Chen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240107183Abstract: In some implementations, a method of synchronizing a content generation and delivery architecture to reduce the latency associated with image passthrough. The method includes: determining a temporal offset associated with the content generation and delivery architecture to reduce a photon-to-photon latency across the content generation and delivery architecture; obtaining a first reference rate associated with a portion of the content generation and delivery architecture; generating, via synchronization circuitry, a synchronization signal for the content generation and delivery architecture based at least in part on the first reference rate; and operating the content generation and delivery architecture according to the synchronization signal and the temporal offset.Type: ApplicationFiled: September 18, 2023Publication date: March 28, 2024Inventors: Joseph Cheung, Kaushik Raghunath, Michael Bekerman, Moinul H. Khan, Vivaan Bahl, Yung-Chin Chen, Yuqing Su
-
Patent number: 10666616Abstract: Application identification and control in a network device. In one embodiment, a method may include establishing, at a network device, a Virtual Private Network (VPN) tunnel through which all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic sent from or received at the network device is routed. The method may also include monitoring, at the network device, all TCP and UDP traffic sent from or received at the network device through the VPN tunnel. The method may further include extracting, at the network device, payload data from the monitored TCP and UDP traffic. The method may also include analyzing the extracted payload data to identify applications executing on the network device that sent or received the monitored TCP and UDP traffic. The method may further include taking, at the network device, a security action on the network device based on the identified applications.Type: GrantFiled: October 31, 2017Date of Patent: May 26, 2020Assignee: CA, Inc.Inventors: Qing Li, Joseph H. Chen, Qu Bo Song, Ying Li, Zhicheng Zeng, Jiang Dong
-
Publication number: 20190132288Abstract: Application identification and control in a network device. In one embodiment, a method may include establishing, at a network device, a Virtual Private Network (VPN) tunnel through which all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic sent from or received at the network device is routed. The method may also include monitoring, at the network device, all TCP and UDP traffic sent from or received at the network device through the VPN tunnel. The method may further include extracting, at the network device, payload data from the monitored TCP and UDP traffic. The method may also include analyzing the extracted payload data to identify applications executing on the network device that sent or received the monitored TCP and UDP traffic. The method may further include taking, at the network device, a security action on the network device based on the identified applications.Type: ApplicationFiled: October 31, 2017Publication date: May 2, 2019Inventors: Qing Li, Joseph H. Chen, Qu Bo Song, Ying Li, Zhicheng Zeng, Jiang Dong
-
Patent number: 9569617Abstract: A computer-implemented method for preventing false positive malware identification may include (1) identifying a set of variants of a trusted software program, (2) characterizing, for each variant in the set of variants of the trusted software program, at least one common property of the variants, (3) clustering the set of variants of the trusted software program based on the common property of the variants, and (4) creating a signature capable of recognizing variants of the trusted software program. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: March 5, 2014Date of Patent: February 14, 2017Assignee: Symantec CorporationInventor: Joseph H. Chen
-
Patent number: 9565093Abstract: The disclosed computer-implemented method for anticipating file-security queries may include (1) monitoring queries from client devices for information that describes the security of files, (2) determining that a threshold number of the client devices are querying for information describing the security of a file within a threshold amount of time, (3) anticipating, based on the determination, that at least one client device that did not query for the information will query for the information, and (4) delivering, in response to anticipating that the client device that did not query for the information will query for the information, the information to the client device that did not query for the information. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: December 15, 2014Date of Patent: February 7, 2017Assignee: Symantec CorporationInventors: Jeffrey S. Wilhelm, Joseph H. Chen
-
Patent number: 9275231Abstract: A method and apparatus for securing a computer using an optimal configuration for security software based on user behavior is described. In one embodiment, the method for providing an optimal configuration to secure a computer based on user behavior includes examining computer user activity to produce behavior indicia with respect to computer security from malicious threats and determining an optimal configuration for security software based on the behavior indicia.Type: GrantFiled: March 10, 2009Date of Patent: March 1, 2016Assignee: Symantec CorporationInventors: Joseph H. Chen, Brendon V. Woirhaye
-
Patent number: 9178906Abstract: A security module detects and remediates malware from suspicious hosts. A file arrives at an endpoint from a host. The security module detects the arrival of the file and determines the host from which the file arrived. The security module also determines whether the host is suspicious. If the host is suspicious, the security module observes the operation of the file and identifies a set of files dropped by the received file. The security module monitors the files in the set using heuristics to detect whether any of the files engage in malicious behavior. If a file engages in malicious behavior, the security module responds to the malware detection by remediating the malware, which may include removing system changes caused by the set.Type: GrantFiled: July 11, 2014Date of Patent: November 3, 2015Assignee: Symantec CorporationInventors: Joseph H. Chen, Zhongning Chen
-
Patent number: 9124623Abstract: A computer-implemented method for detecting scam campaigns is described. A plurality of web pages that are pre-filtered according to predetermined criteria is identified. Pattern detection is performed on the pre-filtered web pages. A pattern is detected among the pre-filtered web pages. The detected pattern is compared to a user input.Type: GrantFiled: June 20, 2013Date of Patent: September 1, 2015Assignee: Symantec CorporationInventor: Joseph H. Chen
-
Patent number: 8832835Abstract: A security module detects and remediates malware from suspicious hosts. A file arrives at an endpoint from a host. The security module detects the arrival of the file and determines the host from which the file arrived. The security module also determines whether the host is suspicious. If the host is suspicious, the security module observes the operation of the file and identifies a set of files dropped by the received file. The security module monitors the files in the set using heuristics to detect whether any of the files engage in malicious behavior. If a file engages in malicious behavior, the security module responds to the malware detection by remediating the malware, which may include removing system changes caused by the set.Type: GrantFiled: October 28, 2010Date of Patent: September 9, 2014Assignee: Symantec CorporationInventors: Joseph H. Chen, Zhongning Chen
-
Patent number: 8683585Abstract: File reputations are used to identify malicious file sources. Attempts to access files from external sources are monitored. For each monitored attempt to access a file, a reputation of the specific file is determined. Responsive to a determined reputation of a file meeting a threshold, the file is adjudicated to be malicious. Attempts by sources to distribute malicious files are tracked. Responsive to tracked attempts by sources to distribute malicious files, reputations of file sources are determined. Responsive to a determined reputation of a source meeting a threshold, the source is adjudicated to be malicious, and files the source distributes are analyzed to determine whether they comprise malware. Malicious sources are blocked. Malware and malicious sources are analyzed to identify exploits and distribution patterns.Type: GrantFiled: February 10, 2011Date of Patent: March 25, 2014Assignee: Symantec CorporationInventors: Joseph H. Chen, Brendon V. Woirhaye
-
Patent number: 8650649Abstract: A computer-implemented method for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation may include (1) identifying a file, (2) determining that the file has been digitally signed, (3) identifying a signer responsible for digitally signing the file, (4) identifying the signer's reputation, and then (5) determining whether to evaluate the trustworthiness of the file based at least in part on the signer's reputation. In one example, the signer's reputation may be based at least in part on the determined trustworthiness of at least one additional file that was previously signed by the signer. Various other methods, systems, and encoded computer-readable media are also disclosed.Type: GrantFiled: August 22, 2011Date of Patent: February 11, 2014Assignee: Symantec CorporationInventors: Joseph H. Chen, Brendon V Woirhaye
-
Patent number: 8490195Abstract: Method and apparatus for behavioral detection of malware in a computer system are described. In some embodiments, a request by a process executing on a computer to change time of a clock managed by the computer is detected. The process is identified as a potential threat. At least one attribute associated with the process is analyzed to determine a threat level. The request to change the time of the clock is blocked and the process is designated as a true positive threat if the threat level satisfies a threshold level.Type: GrantFiled: December 19, 2008Date of Patent: July 16, 2013Assignee: Symantec CorporationInventors: Joseph H. Chen, Jamie J. Park
-
Patent number: 8370942Abstract: A malware source analysis component determines which sources of malware are sufficiently suspicious such that all binary files located thereon should be analyzed. In order to makes such determinations, the malware source analysis component receives information concerning malware infections from a plurality of sources. The malware source analysis component analyzes the received information, and determines suspiciousness levels associated with specific sources. Responsive to identifying a given threshold suspiciousness level associated with a source, the malware source analysis component adjudicates that source to be suspicious. Where a source is adjudicated to be suspicious, the malware source analysis component submits submission instructions to that source, directing it to identify binary files thereon and submit them to be analyzed. The malware source analysis component receives binary files from suspicious sources according to the submission instructions, and analyzes the received binary files.Type: GrantFiled: March 12, 2009Date of Patent: February 5, 2013Assignee: Symantec CorporationInventors: Christopher Peterson, Robert Conrad, Joseph H. Chen
-
Patent number: 8321935Abstract: A malware analysis component receives information concerning malware infections on a large plurality of client computers, as detected by an anti-malware product or submitted directly by users. The malware analysis component analyzes this wide array of information, and identifies suspicious malware detection and submission activity associated with specific sources. Where identified suspicious patterns of malware detection and submission activity associated with a specific source meet a given threshold over time, the malware analysis component determines that the source is an originator of malware.Type: GrantFiled: February 26, 2009Date of Patent: November 27, 2012Assignee: Symantec CorporationInventors: Joseph H. Chen, Christopher Peterson, Robert Conrad
-
Patent number: 8302191Abstract: A submission filtering component filters malware related content received for analysis. The submission filtering component determines an analysis priority rating for each source from which malware related content is received. An analysis priority ratings is based on various factors indicative of how likely the source is to transmit malware related content that is important to analyze. The malware filtering component transforms the received stream of malware related content into a subset to be analyzed, based on the analysis priority ratings associated with sources from which malware related content is received. A malware analysis component analyzes the subset of malware related content.Type: GrantFiled: March 13, 2009Date of Patent: October 30, 2012Assignee: Symantec CorporationInventors: Robert Conrad, Christopher Peterson, Joseph H. Chen
-
Patent number: 8225405Abstract: Unknown malicious code is heuristically detected on a host computer system. A virus signature for the malicious code is created locally on the host computer system. A blacklist on the host computer system is updated with the virus signature for the heuristically detected malicious code. Accordingly, the blacklist is updated with the virus signature of the heuristically detected malicious code without distribution of the virus signature to the general public. Further, the host computer system is scanned for other instances of the heuristically detected malicious code using the created virus signature. Accordingly, file based detection and remediation of the malicious code is achieved without requiring execution of the malicious code for detection and the associated risks.Type: GrantFiled: January 29, 2009Date of Patent: July 17, 2012Assignee: Symantec CorporationInventors: Christopher Peterson, Joseph H. Chen