Patents by Inventor Ming Sum Sam Ng
Ming Sum Sam Ng has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11928204Abstract: A TEE system that includes a first platform that runs a first TEE, a second platform that runs a second TEE, and a merging unit that is adapted to merge a first output from the first TEE of the first platform, with a second output from the second TEE of the second platform, so as to form an output of the TEE system. The first TEE and the second TEE are based on different implementations. In this way, the security of the system is improved, as a malicious actor even be able to access âtâ machines, still would not be able to retrieve the secret unless there are multiple exploitable TEE vulnerabilities on all executing TEE platforms at the same time.Type: GrantFiled: December 13, 2021Date of Patent: March 12, 2024Assignee: Foris Technology Pte LtdInventors: Kian Chuan Yap, Ming Sum Sam Ng, Jason Wai King Lau, Chun Ting Yip, Tung Ling Terry Young, Durgesh Pandey
-
Patent number: 11831753Abstract: A distributed key management system, which contains a server, a plurality of key-holding devices adapted to communicate with the server; and a key-requesting device adapted to communicate with the server. Each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key. The server is adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices. The key-requesting device is adapted to obtain the private key from the server. The systems according to the invention provide a zero-trust model key management scheme and would eliminate the risk of key leakage to unauthorized person while providing flexibility of authorizing devices.Type: GrantFiled: December 3, 2019Date of Patent: November 28, 2023Assignee: Foris LimitedInventors: Ming Sum Sam Ng, Matthew David Chan, Wai King Jason Lau, Siu Kei Thomas Kung
-
Patent number: 11695793Abstract: A method includes: identifying, by a runtime instrumentation agent of a web server, a plurality of attack surfaces of a web application executed on the web server; generating, by the runtime instrumentation agent, a plurality of hash values, where each hash value is generated based on one of the plurality of attack surfaces; and transmitting, by the runtime instrumentation agent, the plurality of hash values to an attack server external to the web server, where the attack server is to determine whether to scan each attack surface based on the plurality of hash values.Type: GrantFiled: October 31, 2017Date of Patent: July 4, 2023Assignee: MICRO FOCUS LLCInventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Nidhi Govindram Kejriwal, Gerald E. Sullivan, II, Alexander Hoole
-
Patent number: 11449638Abstract: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.Type: GrantFiled: March 18, 2016Date of Patent: September 20, 2022Assignee: MICRO FOCUS LLCInventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Barak Raz
-
Publication number: 20220188404Abstract: A TEE system that includes a first platform that runs a first TEE, a second platform that runs a second TEE, and a merging unit that is adapted to merge a first output from the first TEE of the first platform, with a second output from the second TEE of the second platform, so as to form an output of the TEE system. The first TEE and the second TEE are based on different implementations. In this way, the security of the system is improved, as a malicious actor even be able to access âtâ machines, still would not be able to retrieve the secret unless there are multiple exploitable TEE vulnerabilities on all executing TEE platforms at the same time.Type: ApplicationFiled: December 13, 2021Publication date: June 16, 2022Inventors: Kian Chuan YAP, Ming Sum Sam NG, Jason Wai King LAU, Chun Ting YIP, Tung Ling Terry YOUNG, Durgesh PANDEY
-
Publication number: 20210350368Abstract: A method for preventing blockchain intrusion includes the steps of detecting a transaction broadcasted to a blockchain network, determining if the transaction is authorized or unauthorized, and taking a prevention action if the transaction is unauthorized. The proposed system and method are not only adapted to detect unauthorized transactions but they can also cancel unauthorized transactions if the system prepare some data/arrangements in advance.Type: ApplicationFiled: April 21, 2021Publication date: November 11, 2021Inventors: Tung Ling Terry YOUNG, Matthew David CHAN, Jason Wai King LAU, Ming Sum Sam NG, King Yin TAM
-
Patent number: 11055416Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.Type: GrantFiled: October 24, 2017Date of Patent: July 6, 2021Assignee: Micro Focus LLCInventors: Alexander Michael Hoole, Ming Sum Sam Ng
-
Patent number: 11057395Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.Type: GrantFiled: March 24, 2014Date of Patent: July 6, 2021Assignee: Micro Focus LLCInventors: Ming Sum Sam Ng, Ronald Joseph Sechman, Matias Madou
-
Patent number: 11044266Abstract: In some examples, a system includes a scan execution engine and a scan adaptation engine. The scan execution engine may execute a scan of a web application hosted on a web host. During scan execution, the scan adaptation engine may adapt a subsequent scan portion for later execution based on a scan metric received from a monitoring agent that monitors the web application, the web host, or both.Type: GrantFiled: February 26, 2016Date of Patent: June 22, 2021Assignee: Micro Focus LLCInventors: Sasi Siddharth Muthurajan, Ming Sum Sam Ng, Jeremy C. Brooks
-
Publication number: 20210028931Abstract: A distributed key management system, which contains a server, a plurality of key-holding devices adapted to communicate with the server; and a key-requesting device adapted to communicate with the server. Each one of the plurality of key-holding devices is adapted to hold a different fragment of a private key. The server is adapted to reconstruct the private key based on the fragments received from the plurality of key-holding devices. The key-requesting device is adapted to obtain the private key from the server. The systems according to the invention provide a zero-trust model key management scheme and would eliminate the risk of key leakage to unauthorized person while providing flexibility of authorizing devices.Type: ApplicationFiled: December 3, 2019Publication date: January 28, 2021Inventors: Ming Sum Sam NG, Matthew David CHAN, Wai King Jason LAU, Siu Kei Thomas KUNG
-
Publication number: 20200293673Abstract: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.Type: ApplicationFiled: March 18, 2016Publication date: September 17, 2020Inventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Barak Raz
-
Patent number: 10678910Abstract: Examples disclosed herein relate to modifying a web page. In one example, in response to beginning execution of a process initiating generation of a web page of a web application at a server, a runtime agent is executed. In this example, the runtime agent modifies code of the web page to inject code to protect output of the web page. In the example, the process can be executed using the modified code to generate a modified web page.Type: GrantFiled: April 10, 2015Date of Patent: June 9, 2020Assignee: Micro Focus LLCInventors: Ming Sum Sam Ng, Alvaro Munoz, Oleksandr Mirosh
-
Patent number: 10581878Abstract: A method for attack detection includes: intercepting, by a runtime security agent, a request for a web resource; determining whether the intercepted request was triggered from an external website; determining whether the intercepted request was triggered from a current session; determining whether the intercepted request is requesting a static file type; and in response to a determination that the intercepted request was triggered from an external website and was not triggered from a current session, or a determination that the intercepted request was triggered from an external website and is not requesting a static file type, providing, by the runtime security agent, an indication of a potential attack.Type: GrantFiled: June 8, 2017Date of Patent: March 3, 2020Assignee: Micro Focus LLCInventors: Ming Sum Sam Ng, Oleksandr Mirosh, Alvaro Munoz Sanchez
-
Publication number: 20190132348Abstract: A method includes: identifying, by a runtime instrumentation agent of a web server, a plurality of attack surfaces of a web application executed on the web server; generating, by the runtime instrumentation agent, a plurality of hash values, where each hash value is generated based on one of the plurality of attack surfaces; and transmitting, by the runtime instrumentation agent, the plurality of hash values to an attack server external to the web server, where the attack server is to determine whether to scan each attack surface based on the plurality of hash values.Type: ApplicationFiled: October 31, 2017Publication date: May 2, 2019Inventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Nidhi Govindram Kejriwal, Gerald E. Sullivan, II, Alexander Hoole
-
Publication number: 20190121985Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.Type: ApplicationFiled: October 24, 2017Publication date: April 25, 2019Inventors: Alexander Michael HOOLE, Ming Sum Sam NG
-
Publication number: 20190052666Abstract: In some examples, a system includes a scan execution engine and a scan adaptation engine. The scan execution engine may execute a scan of a web application hosted on a web host. During scan execution, the scan adaptation engine may adapt a subsequent scan portion for later execution based on a scan metric received from a monitoring agent that monitors the web application, the web host, or both.Type: ApplicationFiled: February 26, 2016Publication date: February 14, 2019Inventors: Sasi Siddharth Muthurajan, Ming Sum Sam Ng, Jeremy C. Brooks
-
Publication number: 20180359265Abstract: A method for attack detection includes: intercepting, by a runtime security agent, a request for a web resource; determining whether the intercepted request was triggered from an external website; determining whether the intercepted request was triggered from a current session; determining whether the intercepted request is requesting a static file type; and in response to a determination that the intercepted request was triggered from an external website and was not triggered from a current session, or a determination that the intercepted request was triggered from an external website and is not requesting a static file type, providing, by the runtime security agent, an indication of a potential attack.Type: ApplicationFiled: June 8, 2017Publication date: December 13, 2018Inventors: Ming Sum Sam Ng, Oleksandr Mirosh, Alvaro Munoz Sanchez
-
Publication number: 20180336348Abstract: Examples disclosed herein relate to modifying a web page. In one example, in response to beginning execution of a process initiating generation of a web page of a web application at a server, a runtime agent is executed. In this example, the runtime agent modifies code of the web page to inject code to protect output of the web page. In the example, the process can be executed using the modified code to generate a modified web page.Type: ApplicationFiled: April 10, 2015Publication date: November 22, 2018Inventors: Ming Sum Sam Ng, Alvaro Munoz, Oleksandr Mirosh
-
Publication number: 20180268136Abstract: Examples relate to protection against database injection attacks. The examples disclosed herein enable intercepting a current database query prior to being executed by a database management system (DBMS). The examples disclosed herein further enable determining whether the current database query is suspected of having a security threat of a database injection attack by comparing the current database query with past database queries that have been intercepted prior to the interception of the current database query, and in response to determining that the current database query is not suspected of having the security threat of the database injection attack, storing the current database query in an allowed query list.Type: ApplicationFiled: January 30, 2015Publication date: September 20, 2018Inventors: Ming Sum Sam Ng, Oleksandr Mirosh, Siddharth Muthurajan
-
Publication number: 20170111370Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.Type: ApplicationFiled: March 24, 2014Publication date: April 20, 2017Inventors: Ming Sum Sam NG, Ronald Joseph SECHMAN, Matias MADOU