Patents by Inventor Zulfikar Ramzan

Zulfikar Ramzan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20170308700
    Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.
    Type: Application
    Filed: July 13, 2017
    Publication date: October 26, 2017
    Inventors: Oliver Friedrichs, Alfred Huger, Zulfikar Ramzan
  • Patent number: 9747445
    Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: August 29, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Oliver Friedrichs, Alfred Huger, Zulfikar Ramzan
  • Patent number: 9639697
    Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: May 2, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Oliver Friedrichs, Alfred Huger, Adam J. O'Donnell, Zulfikar Ramzan
  • Patent number: 9465921
    Abstract: A computer-implemented method for selectively authenticating a request based on an authentication policy is described. A request is received from a client. A determination is made as to which authentication threshold is applied to the request based on an authentication policy. The request is authenticated if the authentication threshold is satisfied. The authentication threshold is modified if the request is not successfully authenticated.
    Type: Grant
    Filed: May 6, 2009
    Date of Patent: October 11, 2016
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Walter Bogorad
  • Publication number: 20160098560
    Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.
    Type: Application
    Filed: December 16, 2015
    Publication date: April 7, 2016
    Inventors: Oliver Friedrichs, Alfred Huger, Zulfikar Ramzan
  • Patent number: 9245120
    Abstract: The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. Accordingly we present novel methods, components, and systems for intelligently rescanning file collections and thereby enabling retroactive detection of malicious software and also retroactive identification of clean software. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed.
    Type: Grant
    Filed: July 15, 2013
    Date of Patent: January 26, 2016
    Assignee: Cisco Technologies, Inc.
    Inventors: Oliver Friedrichs, Alfred Huger, Zulfikar Ramzan
  • Publication number: 20150269379
    Abstract: Reputations of objects are determined by a reputation system using reports from clients identifying the objects. Confidence metrics for the clients are generated using information determined from the reports. Confidence metrics indicate the amounts of confidence in the veracity of the reports. Reputation scores of objects are calculated using the reports from the clients and the confidence metrics for the clients. Confidence metrics and reputation scores are stored in correlation with identifiers for the objects. An object's reputation score is provided to a client in response to a request.
    Type: Application
    Filed: June 5, 2015
    Publication date: September 24, 2015
    Inventors: Zulfikar Ramzan, Walter Bogorad, Ameet Zaveri, Vadim Antonov, Carey Nachenberg
  • Publication number: 20150205959
    Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.
    Type: Application
    Filed: January 30, 2015
    Publication date: July 23, 2015
    Inventors: Oliver Friedrichs, Alfred Huger, Adam J. O'Donnell, Zulfikar Ramzan
  • Patent number: 9081958
    Abstract: Reputations of objects are determined by a reputation system using reports from clients identifying the objects. Confidence metrics for the clients are generated using information determined from the reports. Confidence metrics indicate the amounts of confidence in the veracity of the reports. Reputation scores of objects are calculated using the reports from the clients and the confidence metrics for the clients. Confidence metrics and reputation scores are stored in correlation with identifiers for the objects. An object's reputation score is provided to a client in response to a request.
    Type: Grant
    Filed: August 13, 2009
    Date of Patent: July 14, 2015
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Walter Bogorad, Ameet Zaveri, Vadim Antonov, Carey Nachenberg
  • Patent number: 9038186
    Abstract: Descriptions of files detected at endpoints are submitted to a security server. The descriptions describe the names of the files and unique identifiers of the files. The security server uses the unique identifiers to identify files having different names at different endpoints. For a given file having multiple names, the names are processed to account for name differences unlikely to have been caused by malware. The processed names for the file are analyzed to determine the amount of dissimilarity among the names. This analysis is used to generate a score indicating a confidence that the computer file contains malicious software, where a greater amount of dissimilarity among the names generally indicates a greater confidence that the computer file contains malicious software. The score is weighted based on file name frequency, the age of the file, and the prevalence of the file. The weighted score is used to determine whether the computer file contains malicious software.
    Type: Grant
    Filed: November 25, 2013
    Date of Patent: May 19, 2015
    Assignee: Symantec Corporation
    Inventors: Pratyusa K. Manadhata, Mark Kevin Kennedy, Zulfikar Ramzan
  • Patent number: 8997190
    Abstract: To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: March 31, 2015
    Assignee: Symante Corporation
    Inventors: Carey Nachenberg, Zulfikar Ramzan
  • Patent number: 8977764
    Abstract: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.
    Type: Grant
    Filed: February 28, 2008
    Date of Patent: March 10, 2015
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Sourabh Satish, Brian Hernacki
  • Patent number: 8978137
    Abstract: A system for retroactively detecting malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy is found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.
    Type: Grant
    Filed: February 28, 2013
    Date of Patent: March 10, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Oliver Friedrichs, Alfred Huger, Adam J. O'Donnell, Zulfikar Ramzan
  • Patent number: 8869269
    Abstract: A method and apparatus for identifying domain name abuse in web-based content is described. In one embodiment, the method for identifying domain name abuse in web-based content to secure a computer comprising processing a first domain name and modifying the first domain name using a at least one rule for replacing characters. The modified first domain name indicates an imitation of a second domain name by the first domain name.
    Type: Grant
    Filed: May 28, 2008
    Date of Patent: October 21, 2014
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Shaun Cooley
  • Patent number: 8856937
    Abstract: A computer-implemented method for identifying fraudulent websites. The method may include identifying a fraudulent-website toolkit. The fraudulent-website toolkit may be programmed for use in creating a fraudulent website. The method may also include determining a characteristic of the fraudulent-website toolkit and using the characteristic of the fraudulent-website toolkit to identify a website created using the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may be identified by searching for websites that comprise the characteristic of the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may also be identified by determining that a web browser is attempting to access the website. Various other methods and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 27, 2008
    Date of Patent: October 7, 2014
    Assignee: Symantec Corporation
    Inventors: Candid Wüest, Zulfikar Ramzan
  • Patent number: 8850570
    Abstract: A candidate suspicious website is identified. A plurality of lightweight features associated with the candidate suspicious website is identified. A filter score is determined based on the plurality of lightweight features, wherein the filter score indicates a likelihood that the candidate suspicious website is a malicious website. Whether the filter score exceeds a threshold is determined. Responsive at least in part to the filter score exceeding the threshold it is determined that the candidate suspicious website is a suspicious website. Whether the suspicious website is a malicious website is determined by identifying software downloaded to the computing system responsive to accessing the suspicious website and determining whether the software downloaded to the computing system is malware based on characteristics associated with the downloaded software.
    Type: Grant
    Filed: June 30, 2008
    Date of Patent: September 30, 2014
    Assignee: Symantec Corporation
    Inventor: Zulfikar Ramzan
  • Patent number: 8824677
    Abstract: A pseudorandom number is generated from a random seed number using a collision-resistant hash function. A iteration input is extracted from the seed number. A hardcore predicate is applied to the iteration input to generate a pseudorandom bit. A pairwise-independent function is identified using a pairwise-independent function identifier extracted from the seed number and applied to the iteration input to produce a randomized iteration input. The collision-resistant hash function is applied to the randomized iteration input to produce a hash result and pad the output. The padded hash result is assigned as the iteration input for the next iteration. The process repeats iteratively and pseudorandom bits are generated using the hardcore predicate in each iteration until a predetermined number of pseudorandom bits are generated. The pseudorandom number is constructed using the generated pseudorandom bits.
    Type: Grant
    Filed: May 29, 2009
    Date of Patent: September 2, 2014
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Sanjay Sawhney, Virendra Kumar
  • Patent number: 8806046
    Abstract: By placing computer specific remotely originated application data under control of a central identity management system, users can seamlessly run remotely originated applications after logging on to different computers in the enterprise. Cached application content received from a streaming server or network file system, as well as additional application specific data (e.g., files created by the application, configuration changes made by the application on the local computer, etc.), can be configured as central identity management system profile object, using a central identity management system such as Active Directory. This data is thus automatically treated as part of the user settings/profile, and made available on any computer within the enterprise. This results in an optimal application experience for users, regardless of which managed computer they logon to within the enterprise.
    Type: Grant
    Filed: March 31, 2008
    Date of Patent: August 12, 2014
    Assignee: Symantec Corporation
    Inventors: Sourabh Satish, Brian Hernacki, Zulfikar Ramzan
  • Patent number: 8799494
    Abstract: A streaming server which streams an application to a client computer (“endpoint”), as well as the client on which the streamed application runs, makes predictions as to what sections of the application the client is likely to execute in the future. Upon receipt of an indication (e.g., from a system administrator) of a planned service outage of the server or the network, the server transmits the application content that is predicted to be needed by the client during the outage in order to continue executing the application without interruption. The client receives and caches the content. Provided that the prediction is sufficiently accurate, the client can continue to seamlessly execute the application during the service outage.
    Type: Grant
    Filed: February 4, 2008
    Date of Patent: August 5, 2014
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Sourabh Satish, Brian Hernacki
  • Patent number: 8800030
    Abstract: An individualized time-to-live (TTL) is determined for a reputation score of a computer file. The TTL is determined based on the reputation score and the confidence in the reputation score. The confidence can be determined based on attributes such as the reputation score, an age of the file, and a prevalence of the file. The reputation score is used to determine whether the file is malicious during a validity period defined by the TTL, and discarded thereafter.
    Type: Grant
    Filed: September 15, 2009
    Date of Patent: August 5, 2014
    Assignee: Symantec Corporation
    Inventors: Vijay Seshadri, Zulfikar Ramzan, James Hoagland, Adam L. Glick, Adam Wright