Patents by Inventor Muhammad Wasiq
Muhammad Wasiq has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11729171Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. The cookie data includes a sharing attribute. The cookie data is automatically made accessible to the first network site. A network service is queried to obtain data indicating a classification associated with the first network site. The cookie data is made accessible to a second network site having the same high-level domain based at least in part on the sharing attribute and the classification meeting at least one predetermined criterion.Type: GrantFiled: August 6, 2021Date of Patent: August 15, 2023Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 11704408Abstract: Techniques for threat scanning transplanted containers are described. A method of threat scanning transplanted containers may include generating a container map of running containers on a block storage volume mounted to a scanning instance of a threat scanning service, scanning the block storage volume by a scanning engine of the scanning instance, identifying at least one threat on the block storage volume, and identifying at least one container associated with the at least one threat using the container map.Type: GrantFiled: June 30, 2021Date of Patent: July 18, 2023Assignee: Amazon Technologies, Inc.Inventors: Mircea Ciubotariu, Muhammad Wasiq, Shane Anil Pereira
-
Patent number: 11095647Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. A classification is assigned to a second network site having the high-level domain. The cookie data is sent to the second network site based at least in part on the classification rather than the default behavior of the browser application.Type: GrantFiled: February 1, 2019Date of Patent: August 17, 2021Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Publication number: 20210144172Abstract: A monitoring service obtains request data specifying entries corresponding to requests received by a Domain Name System service to obtain an Internet Protocol address for a resource and to requests received by a web service to access the resource. The monitoring service uses that request data to generate a request frequency value corresponding to the received requests and compares this value to a baseline request frequency value. If the request frequency value exceeds the baseline request frequency value by a maximum threshold value, the monitoring service performs an operation to redirect network traffic originally directed towards the web service.Type: ApplicationFiled: December 15, 2020Publication date: May 13, 2021Inventor: Muhammad Wasiq
-
Patent number: 10924503Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for identifying false positives in malicious domain data using network traffic data logs. Example methods may include determining a first domain name identifier in a set of domain name identifiers classified as malicious, determining a first IP address associated with the first domain name identifier, and determining first virtual private cloud (VPC) flow log data that corresponds to historical network traffic associated with the first IP address. Certain methods may include determining second VPC flow log data that corresponds to historical network traffic associated with a second IP address that is classified as non-malicious, determining, using the first VPC flow log data and the second VPC flow log data, that the first VPC flow log data is non-malicious, and determining that the first domain name identifier is to be classified as non-malicious.Type: GrantFiled: May 30, 2018Date of Patent: February 16, 2021Assignee: Amazon Technologies, Inc.Inventors: Shane Anil Pereira, Muhammad Wasiq
-
Patent number: 10911483Abstract: A monitoring service obtains request data specifying entries corresponding to requests received by a Domain Name System service to obtain an Internet Protocol address for a resource and to requests received by a web service to access the resource. The monitoring service uses that request data to generate a request frequency value corresponding to the received requests and compares this value to a baseline request frequency value. If the request frequency value exceeds the baseline request frequency value by a maximum threshold value, the monitoring service performs an operation to redirect network traffic originally directed towards the web service.Type: GrantFiled: March 20, 2017Date of Patent: February 2, 2021Assignee: Amazon Technologies, Inc.Inventor: Muhammad Wasiq
-
Patent number: 10776498Abstract: An end-to-end request path associated with an application frontend is determined. A change to a service in the end-to-end request path is identified. A weight value to associate with the change is determined based at least in part on the characteristics of the change. The weight value is aggregated with weight values associated with other code changes is obtained from aggregating the weight value with the weight values of other code changes to produce a collective weight of the code changes. A security review is determined to be triggered based at least in part on the collective weight reaching a value relative to a threshold.Type: GrantFiled: August 22, 2019Date of Patent: September 15, 2020Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10764294Abstract: A service request and a credential are sent from a customer environment to a service provider. The service provider maintains information, such as a credential whitelist, that identifies which credentials may be used with each customer environment. The service provider identifies the particular customer environment from which the service request was submitted using the IP address of the requester (or other environment-identifying information), and retrieves information that restricts the use of the credentials. A request may be approved or rejected based on the presence of the associated credential in a whitelist notwithstanding whether the credential otherwise authorizes the service request. In some examples, the system is used to limit data exfiltration from a customer environment.Type: GrantFiled: March 10, 2016Date of Patent: September 1, 2020Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10649903Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.Type: GrantFiled: July 13, 2018Date of Patent: May 12, 2020Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10616209Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.Type: GrantFiled: November 14, 2018Date of Patent: April 7, 2020Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Muhammad Wasiq, Aleksandrs J. Rudzitis, Nima Sharifi Mehr
-
Publication number: 20190377883Abstract: An end-to-end request path associated with an application frontend is determined. A change to a service in the end-to-end request path is identified. A weight value to associate with the change is determined based at least in part on the characteristics of the change. The weight value is aggregated with weight values associated with other code changes is obtained from aggregating the weight value with the weight values of other code changes to produce a collective weight of the code changes. A security review is determined to be triggered based at least in part on the collective weight reaching a value relative to a threshold.Type: ApplicationFiled: August 22, 2019Publication date: December 12, 2019Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10462116Abstract: The present document describes systems and methods that detect unauthorized transmission of data from internal networks to remote service providers, even when the transmission occurs over an encrypted connection. An exfiltration monitor is configured to monitor encrypted communications between clients within an internal network and a remote service provider. In various implementations, the exfiltration monitor associates the encrypted connections with account information, and applies exfiltration policies to the connections based at least in part on the associated account information. In additional implementations, the exfiltration monitor is provided with cryptographic keys that facilitate packet inspection of the encrypted connections. In many situations, the exfiltration monitor can use this information to discern between authorized use of a remote service, and unauthorized data exfiltration to the remote service.Type: GrantFiled: September 15, 2015Date of Patent: October 29, 2019Assignee: Amazon Technologies, Inc.Inventors: Nima Sharifi Mehr, Darren Ernest Canavor, Jesper Mikael Johansson, Jon Arron McClintock, Muhammad Wasiq
-
Patent number: 10409995Abstract: A graph of interrelated computer-executable processes is obtained. That a change has occurred to one of the interrelated computer-executable processes in the graph is determined. A weight of the one of the interrelated computer-executable processes is determined based at least in part on the change. A security review of one or more of the interrelated computer-executable processes is determined to be triggered based at least in part on the weight, and the security review is triggered.Type: GrantFiled: May 8, 2017Date of Patent: September 10, 2019Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Publication number: 20190166127Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data. In one embodiment, a browser application stores cookie data from a first network site having a high-level domain in a client computing device. A classification is assigned to a second network site having the high-level domain. The cookie data is sent to the second network site based at least in part on the classification rather than the default behavior of the browser application.Type: ApplicationFiled: February 1, 2019Publication date: May 30, 2019Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10250573Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.Type: GrantFiled: September 21, 2017Date of Patent: April 2, 2019Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Patent number: 10248532Abstract: Methods, systems, and computer-readable media for implementing sensitive data usage detection using static analysis are disclosed. A specification of one or more operations exposed by a service in a service-oriented system is obtained from a repository. The names of the one or more operations are determined in the specification. The names of one or more parameters of the one or more operations are determined in the specification. The names of the one or more operations and the names of the one or more parameters are checked against a dictionary of sensitive terms. One or more sensitive operations are determined among the one or more operations. One or more consumers of the one or more sensitive operations are determined.Type: GrantFiled: September 15, 2015Date of Patent: April 2, 2019Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Jon Arron McClintock
-
Patent number: 10243957Abstract: Disclosed are various embodiments for preventing the unintended leakage of cookie data between network sites using a shared high-level domain and vice versa. In one embodiment, a browser application stores data from a first network site having a high-level domain in a client computing device. Access to the data is limited to one or more network sites having the high-level domain. A first classification is assigned to the first network site. A second classification is assigned to a second network site having the high-level domain. The data is sent to the second network site in response to determining that the first classification matches the second classification.Type: GrantFiled: August 27, 2015Date of Patent: March 26, 2019Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr
-
Publication number: 20190081944Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.Type: ApplicationFiled: November 14, 2018Publication date: March 14, 2019Inventors: Muhammad Wasiq, Aleksandrs J. Rudzitis, Nima Sharifi Mehr
-
Patent number: 10135808Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.Type: GrantFiled: December 10, 2015Date of Patent: November 20, 2018Assignee: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Aleksandrs J. Rudzitis, Nima Sharifi Mehr
-
Publication number: 20180322066Abstract: Modifications to throughput capacity provisioned at a data store for servicing access requests to the data store may be performed according to cache performance metrics. A cache that services access requests to the data store may be monitored to collected and evaluate cache performance metrics. The cache performance metrics may be evaluated with respect to criteria for triggering different throughput modifications. In response to triggering a throughput modification, the throughput capacity for the data store may be modified according to the triggered throughput modification. In some embodiments, the criteria for detecting throughput modifications may be determined and modified based on cache performance metrics.Type: ApplicationFiled: July 13, 2018Publication date: November 8, 2018Applicant: Amazon Technologies, Inc.Inventors: Muhammad Wasiq, Nima Sharifi Mehr