Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 10333977
    Abstract: A system for deceiving an attacker who harvests credentials within an enterprise network, including a management server deploying a deceptive agent on an endpoint computer of the enterprise network, the deceptive agent including a hook manager creating system hooks on resources in the endpoint computer that holds valuable credentials, which would be desired by attackers, and a deceptive content provider, generating deceptive content and returning the deceptive content to a malicious process run by an attacker on the endpoint computer, the malicious process making a read request directed to a resource in the endpoint computer that holds valuable credentials, thus making it appear to the attacker that a response is coming from the resource whereas in fact the response is coming from the deceptive agent, when the hook manager hooks the read request.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: June 25, 2019
    Assignee: ILLUSIVE NETWORKS LTD.
    Inventors: Tomer Shamul, Tsahi Lasry, Moshe Segev, Mor Natan
  • Patent number: 10326736
    Abstract: In one embodiment, a device in a network determines a first set of domain generation algorithm (DGA) predictions for a particular domain name by analyzing one or more extracted lexical features of the particular domain name using a first ensemble of decision trees. The device determines a second set of DGA predictions for the particular domain name by analyzing one or more extracted cluster features of a cluster of related domain names to which the particular domain name belongs using a second ensemble of decision trees. The device predicts a DGA associated with the particular domain name based on the first and second sets of DGA predictions. The device causes performance of a security action based on the predicted DGA associated with the particular domain.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: June 18, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: David Brandon Rodriguez, Jeremiah O'Connor
  • Patent number: 10320828
    Abstract: A System, Computer Program Product, and Computer-executable method for testing a production system, the System, Computer Program Product, and Computer-executable method including receiving information related to the production system, receiving production data from the production system, creating a virtual production system based off the production system using the received information and the received production data, and analyzing the production system by performing tests on the virtual production system.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: June 11, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Philip Derbeko, Alon Grubshtein, Anton Pavlinov
  • Patent number: 10319160
    Abstract: According to one or more embodiments, a system and method for authorizing a user securing an elevator call in a building is provided. For example, the method includes receiving, at a mobile device, a secure authorization token that includes an expiration time, connecting the mobile device to a backend system using the secure authorization token from the mobile device, verifying, using the backend system, an authenticity of the secure authorization token from the mobile device based on at least the expiration time, generating, at the backend system, a secure access token and a random number in response to the authenticity of the secure authorization token being verified, and receiving, at the mobile device, the secure access token and the random number for use making elevator call requests.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: June 11, 2019
    Assignee: OTIS ELEVATOR COMPANY
    Inventors: Devu Manikantan Shila, Paul A. Simcik, Teems E. Lovett
  • Patent number: 10320745
    Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.
    Type: Grant
    Filed: February 19, 2016
    Date of Patent: June 11, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Peng Ning, Stephen E McLaughlin, Michael C Grace, Ahmed M Azab, Rohan Bhutkar, Wenbo Shen, Xun Chen, Yong Choi, Ken Chen
  • Patent number: 10311236
    Abstract: Systems, apparatuses, and methods for performing secure system memory training are disclosed. In one embodiment, a system includes a boot media, a security processor with a first memory, a system memory, and one or more main processors coupled to the system memory. The security processor is configured to retrieve first data from the boot media and store and authenticate the first data in the first memory. The first data includes a first set of instructions which are executable to retrieve, from the boot media, a configuration block with system memory training parameters. The security processor also executes a second set of instructions to initialize and train the system memory using the training parameters. After training the system memory, the security processor retrieves, authenticates, and stores boot code in the system memory and releases the one or more main processors from reset to execute the boot code.
    Type: Grant
    Filed: November 22, 2016
    Date of Patent: June 4, 2019
    Assignees: Advanced Micro Devices, Inc., ATI Technologies ULC
    Inventors: Kathirkamanathan Nadarajah, Oswin Housty, Sergey Blotsky, Tan Peng, Hary Devapriyan Mahesan
  • Patent number: 10313324
    Abstract: Disclosed are systems, methods and computer program products for antivirus checking of files based on level of trust of their digital certificates. An example method includes obtaining a digital certificate of a digital signature of a file; determining validity of the obtained digital certificate; assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file; based on the assigned level of trust of the digital certificate of the file, determining what antivirus checking method to perform on the file; and performing the determined antivirus checking method on the file.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: June 4, 2019
    Assignee: AO Kaspersky Lab
    Inventors: Andrey Y. Solodovnikov, Andrey V. Ladikov, Michael Pavlushik
  • Patent number: 10311235
    Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: June 4, 2019
    Assignee: Minerva Labs Ltd.
    Inventors: Eduard Bobritsky, Erez Breiman, Omri Moyal
  • Patent number: 10304349
    Abstract: A technology for providing a test environment is provided. In one example, a method may include defining a macro task for an unstructured lab in a service provider environment, the macro task including a task definition and expected values for a plurality of sub-tasks within the macro task. A request to participate in the unstructured lab may be received from a client device and the macro task may be provided to the client device in response to the request. Metrics may be collected from the unstructured lab using a metrics collector. Completion of the macro task may be analyzed by comparing the metrics to the expected values and a report indicative of performance of the macro task may be provided.
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: May 28, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Thomas Charles Stickle, Bruce Cameron Burns
  • Patent number: 10298586
    Abstract: A method and/or system for using a file whitelist may include receiving a request to approve an application for release in an application store. The request may comprise application data. The application data may comprise a resource manifest and/or a file whitelist. The resource manifest may comprise, for example, one or more resource items. The file whitelist may comprise, for example, one or more file items. The request may be analyzed based on application data. A determination may be made whether the applications may be released in the application store based on the analyzing of the applications data. A request to access a particular file may be received. A determination of whether to grant the request may be based on a resource manifest and/or a file whitelist associated with the application.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: May 21, 2019
    Assignee: Google LLC
    Inventor: Russell Quong
  • Patent number: 10298555
    Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: May 21, 2019
    Assignee: ZETTASET, INC.
    Inventor: Eric A. Murray
  • Patent number: 10270807
    Abstract: A computer implemented method of detecting unauthorized access to a protected network by monitoring a dynamically updated deception environment, comprising launching, on one or more decoy endpoints, one or more decoy operating system (OS) managing one or more of a plurality of deception applications mapping a plurality of applications executed in a protected network, updating dynamically a usage indication for a plurality of deception data objects deployed in the protected network to emulate usage of the plurality of deception data objects for accessing the deception application(s) wherein the plurality of deception data objects are configured to trigger an interaction with the deception application(s) when used, detecting usage of data contained in the deception data object(s) by monitoring the interaction and identifying one or more potential unauthorized operations based on analysis of the detection.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: April 23, 2019
    Assignee: Cymmetria, Inc.
    Inventors: Dean Sysman, Gadi Evron, Imri Goldberg, Ran Harel, Shmuel Ur
  • Patent number: 10263841
    Abstract: A system, method and apparatus for configuring a node in a sensor network. A sensor service can enable sensor applications to customize the collection and processing of sensor data from a monitoring location. In one embodiment, sensor applications can customize the operation of nodes in the sensor network via a sensor data control system.
    Type: Grant
    Filed: January 15, 2016
    Date of Patent: April 16, 2019
    Assignee: Senseware, Inc.
    Inventors: Julien G. Stamatakis, Thomas Hoffmann
  • Patent number: 10264002
    Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: April 16, 2019
    Assignee: MITSUI BUSSAN SECURE DIRECTIONS, INC.
    Inventors: Takashi Yoshikawa, Kei Sugawara, Masaru Sekihara
  • Patent number: 10254978
    Abstract: A method, and system for implementing enhanced fast full synchronization for remote disk mirroring in a computer system. A source backup copy is made locally available to a target for remote disk mirroring. Sectors are identified that are different between the source and target. A hash function is used over a block to be compared, with an adaptive number of tracking sectors per block, starting with a minimum block size.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: April 9, 2019
    Assignee: International Business Machines Corporation
    Inventors: Aaron T. Albertson, Robert Miller, Brian A. Nordland, Kiswanto Thayib
  • Patent number: 10235521
    Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.
    Type: Grant
    Filed: June 5, 2017
    Date of Patent: March 19, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yanxin Zhang, Xinran Wang, Huagang Xie, Wei Xu
  • Patent number: 10223533
    Abstract: A system for detecting XSS vulnerabilities includes determining the context in which a probe supplied as an input to a webpage or an application exists in a script associated with the webpage or application. A payload is generated based on, at least in part, the context such that during execution of the script, an executable code fragment in the payload can escape out of the context in which the probe exists and into a the global context of the script. The payload may include additional characters that prevent the payload from causing errors in the execution of the script.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: March 5, 2019
    Assignee: Veracode, Inc.
    Inventor: Isaac M. Dawson
  • Patent number: 10223534
    Abstract: A system and method for detecting vulnerabilities in base images of software containers are disclosed. The method includes receiving an event indicating that at least one base image should be scanned for vulnerabilities, each base image including at least one image layer, wherein the event designates at least one source of the at least one base image, wherein the least one base image includes resources utilized to execute at least a software container; extracting contents of each image layer of each base image; scanning the extracting contents to detect at least one vulnerability; and generating a detection event, when the at least one vulnerability is detected.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: March 5, 2019
    Assignee: Twistlock, Ltd.
    Inventors: Dima Stopel, Ben Bernstein
  • Patent number: 10212179
    Abstract: A method for checking security of a URL for a mobile terminal includes: receiving a URL security check request sent by a mobile terminal, where the URL security check request includes a URL; determining, through querying, whether there is security information corresponding to the URL; downloading, if there is no security information corresponding to the URL and the URL is a mobile application program download URL, a mobile application program corresponding to the URL; checking security of the mobile application program; and correspondingly storing the security information obtained through checking and the URL.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: February 19, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Peng Jiang, Zhen Zhang, Shaofei Ju, Shichuan Liu, Yanjun Luo, Jiubiao Chen, Xing Zeng
  • Patent number: 10193907
    Abstract: In an embodiment, a central computer performs a data processing method. The central computer receives telemetry data from intrusion sensors. The central computer stores authentication records in a hosts database. Each authentication record is based on the telemetry data and comprises a thumbprint of a public key certificate and a host identifier of a sender computer. The central computer receives a suspect record that was sent by a first intrusion sensor. The suspect record has a first particular thumbprint of a first particular public key certificate and a first particular host identifier of a suspect sender. From the hosts database, the central computer searches for a matching record having a same host identifier as the first particular host identifier of the suspect record and a same thumbprint as the first particular thumbprint of the suspect record. The central computer generates an intrusion alert when no matching record is found.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: January 29, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: David McGrew, Titouan Rigoudy
  • Patent number: 10187408
    Abstract: A computer-implemented method includes providing, for use by a third-party, injectable computer code that is capable of being served with other code provided by the third-party to client computing devices; receiving data from client computing devices that have been served the code by the third-party, the data including data that characterizes (a) the client computing devices and (b) user interaction with the client computing devices; classifying the client computing devices as controlled by actual users or instead by automated software based on analysis of the received data from the client computing devices; and providing to the third party one or more reports that characterize an overall level of automated software activity among client computing devices that have been served code by the third party.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: January 22, 2019
    Assignee: SHAPE SECURITY, INC.
    Inventors: Justin D. Call, Xinran Wang, Yao Zhao, Timothy Dylan Peacock
  • Patent number: 10180851
    Abstract: In one implementation, an original physical profile file and a configuration baseline are stored for a virtual machine. The physical profile file includes physical characteristics of a physical device running the virtual machine. The configuration baseline includes configuration settings or attributes of the instance of the virtual machine. A network device detects current value for at least one physical characteristic and compares the current value to the original physical profile file. When the current values deviate enough from the original physical profile file to exceed a threshold amount of deviation that is permissible, the network device determines that the virtual machine has been moved to another physical device. In response, the network device monitors current configuration settings or attributes with respect to the configuration baseline in order to detect an unauthorized usage of the virtual machine.
    Type: Grant
    Filed: January 14, 2013
    Date of Patent: January 15, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Jeffrey David Haag, Earl Hardin Booth, III, James Ronald Holland, Jr.
  • Patent number: 10178120
    Abstract: Described is a system for predicting temporal evolution of contagions on multilayer networks. The system determines a functional epidemic threshold for disappearance of a contagion on a multilayer network model according to a score value s=??/?, where ? corresponds to an adjacency matrix of the first layer of the multilayer network model, ? represents a spread rate of the contagion, and ? represents a recovery rate. A prediction of future behavior of the contagion on the multilayer network model using the functional epidemic threshold is output and utilized to inform decisions regarding connectivity within a multilayer network in order to prevent spread of the contagion on a multilayer network.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: January 8, 2019
    Assignee: HRL Laboratories, LLC
    Inventors: Matthew S. Keegan, Kang-Yu Ni, Tsai-Ching Lu
  • Patent number: 10169099
    Abstract: A method, system, and program product is provided for reducing redundant validations for live operating system migration. A control point caches at least one validation inventory that is associated with a logical partition (LPAR). The control point sends the cached validation inventory to a virtualization manager upon an activation of the LPAR associated with the validation inventory. The control point invalidates the cached validation inventory upon notification from the virtualization manager that the validation inventory is changed and is no longer valid. The control point re-validates the validation inventory.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Uma S. Atluri, Brian W. Hart, Anil Kalavakolanu, Minh Q. Pham, Teresa H. Pham, Evelyn T. Yeung
  • Patent number: 10171251
    Abstract: One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware.
    Type: Grant
    Filed: August 19, 2016
    Date of Patent: January 1, 2019
    Assignee: Emsycon GmbH
    Inventor: Heinz Kreft
  • Patent number: 10162681
    Abstract: A method, system, and program product is provided for reducing redundant validations for live operating system migration. A control point caches at least one validation inventory that is associated with a logical partition (LPAR). The control point sends the cached validation inventory to a virtualization manager upon an activation of the LPAR associated with the validation inventory. The control point invalidates the cached validation inventory upon notification from the virtualization manager that the validation inventory is changed and is no longer valid. The control point re-validates the validation inventory.
    Type: Grant
    Filed: July 24, 2015
    Date of Patent: December 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Uma S. Atluri, Brian W. Hart, Anil Kalavakolanu, Minh Q. Pham, Teresa H. Pham, Evelyn T. Yeung
  • Patent number: 10148693
    Abstract: According to one embodiment, a virtualized malware detection system is integrated with a virtual machine host including a plurality of virtual machines and a security virtual machine. Logic within the virtual machines are configured to perform a dynamic analysis of an object and monitor for the occurrence of a triggering event. Upon detection of a triggering event within a virtual machine, the logic within the virtual machine provides the security virtual machine with information associated with the triggering event for further analysis. Based on the further analysis, the object may then be classified as “non-malicious,” or “malicious.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: December 4, 2018
    Assignee: FireEye, Inc.
    Inventors: Japneet Singh, Harinath Ramchetty, Anil Gupta
  • Patent number: 10146606
    Abstract: An information handling system includes a network interface device coupled to a network, a memory including first code to instantiate an operating system including an exception handler and second code to instantiate an exception handler interface and a UNDI module, and a processor to execute the first code and the second code. The network interface device is responsive to a Universal Network Device Interface (UNDI) command. The operating system detects an exception and invokes the exception handler to write a stack frame associated with the exception to the memory in response to detecting the exception. The exception handler interface determines that the stack frame has been written in the memory and directs the UNDI module to provide the UNDI command to the network interface device to communicate the stack frame to the network.
    Type: Grant
    Filed: April 6, 2016
    Date of Patent: December 4, 2018
    Assignee: Dell Products, LP
    Inventors: Dileesh Onniyil, Sumanth Vidyadhara
  • Patent number: 10146531
    Abstract: Methods and apparatuses are provided for code refactoring. The method includes acquiring a code and identifying, using processing circuitry and based on a Markov decision process model, a refactoring sequence. The refactoring sequence includes a plurality of refactoring steps to be applied to the code. Further, the method includes refactoring, by the processing circuitry, the code according to the refactoring sequence.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: December 4, 2018
    Assignee: King Fahd University of Petroleum and Minerals
    Inventors: Lahouari Ghouti, Mohammad Alshayeb
  • Patent number: 10133869
    Abstract: A Basic Input/Output System (BIOS) of a device is modified to: obtain a first value from a medium interfaced to the device, produce a second value from boot data resident on the medium, compare the first value to the second value, and boot from the boot data of the medium when the first value is equal to the second value.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: November 20, 2018
    Assignee: NCR Corporation
    Inventors: Gordon Chisholm, Kevin Horgan, Campbell Benn
  • Patent number: 10122752
    Abstract: Embodiments perform detection and prevention of unauthorized access to files in a target folder. A filter driver, interfacing with a target folder, intercepts a first request from a process to access a file in the target folder. The filter driver returns a virtual file, along with the existing files, to the process. Upon receiving a second request from the process to write to the virtual file, the filter driver designates the process as a hostile process and prevents further access attempts.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: November 6, 2018
    Assignee: VMware, Inc.
    Inventors: Sisimon Soman, Matthew Conover
  • Patent number: 10116451
    Abstract: A storage device is divided into a trusted storage region (TSR) and a standard storage region (SSR). A backup and recovery tool (BRT) is used to generate a public/private key pair and provide the public key to the storage device. The BRT detects a trigger to back up a file from the SSR to the TSR and sends a write instruction to the storage device to perform the backup. The BRT signs the write instruction with the private key. The storage device uses the public key to verify the write instruction and performs the backup based on the verification. The TSR cannot be accessed without the private key, therefore if a malware attack is detected in the storage device, the device may be formatted to delete infected files. A fresh operating system may be installed on the formatted storage device and the file may be recovered from the TSR.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: October 30, 2018
    Assignee: Intel Corporation
    Inventors: Akshay Ramesh Kadam, Vishnuvarthanan Balraj, Alex Nayshtut
  • Patent number: 10079850
    Abstract: A computer-implemented method for provisioning cyber security simulation exercises may include (1) maintaining, at a data center level for a data center including a multitude of nodes, a cyber security simulation template that defines a resource configuration for a cyber security simulation exercise in which a participant executes a security attack within a contained network environment to educate the participant about cyber security, (2) detecting an indication to place a user session of the cyber security simulation exercise within the data center to enable the participant to perform the cyber security simulation exercise, and (3) dynamically allocating, by an autonomous and centralized data center allocation agent in response to detecting the indication, a pool of resources at a node within the data center to the user session to enable the participant to perform the cyber security simulation exercise. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: September 18, 2018
    Assignee: Symantec Corporation
    Inventors: Dipak Patil, Prasad Iyer
  • Patent number: 10073972
    Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.
    Type: Grant
    Filed: October 25, 2014
    Date of Patent: September 11, 2018
    Assignee: MCAFEE, LLC
    Inventors: Paritosh Saxena, Michael S. Hughes, John Teddy, David Michael Durham, Balaji Vembu, Prashant Dewan, Debra Cablao, Nicholas D. Triantafillou, Jason M. Surprise
  • Patent number: 10075417
    Abstract: Embodiments for verifying trustworthiness of redirection targets in a tiered delivery computing network by at least a portion of a processor. A degree of trustworthiness for a uniform resource locator (URL) is determined by validating at least one attribute of the URL to establish a reputation score of the URL. The URL is classified, using the reputation score, into one of a plurality of classifications to indicate the degree of trustworthiness.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: September 11, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Aaron K. Baughman, Yaser K. Doleh, Mauro Marzorati, Gregory A. Porpora
  • Patent number: 10075454
    Abstract: Telemetry data concerning multiple samples convicted as malware by different endpoints is tracked over time. During a period of time in which telemetry data concerning convicted samples are tracked, specific samples can be convicted multiple times, both on a single endpoint and/or on multiple endpoints. The tracked telemetry data concerning the convicted samples is analyzed, and data that is indicative of false positives is identified. Convictions of samples can be exonerated as false positives, based on the results of analyzing the tracked telemetry data. More specifically, multiple data points from the tracked telemetry data that comprise evidence of false positives can be quantified and weighted. Where the evidence of false positives exceeds a given threshold, convictions of a given sample can be exonerated.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: September 11, 2018
    Assignee: Symantec Corporation
    Inventors: Jugal Parikh, Sandeep Bhatkar
  • Patent number: 10062241
    Abstract: Method for checking the consistency of control software of a controller of a self-service automat having a trustworthy domain (1) that is located inside the self-service automat, comprising these steps: checking the control software (2) for consistency by the trustworthy domain (1) in the event of an inconsistency a blocking signal is generated that is used to restrict the functionality of the self-service automat.
    Type: Grant
    Filed: February 3, 2011
    Date of Patent: August 28, 2018
    Assignee: Diebold Nixdorf, Incorporated
    Inventors: Volker Krummel, Michael Nolte, Matthias Runowski
  • Patent number: 10061594
    Abstract: A method is provided for operating a computing device, the method including verifying the contents of a protected portion of a nonvolatile memory included in the computing device, the protected portion including a first protected file that includes first instructions; in response to the protected portion being successfully verified, initiating execution of an operating system kernel, on the computing device, included in a boot portion of the nonvolatile memory, wherein the boot portion is configured to cause the computing device to execute instructions stored in a system portion of the nonvolatile memory under control of the kernel, and the system portion is not included in the protected portion; subsequent to initiating execution of the kernel, locating the first instructions via a first symbolic link to the first protected file, wherein the first symbolic link is stored in one of the system portion or the boot portion; and executing the first instructions under control of the kernel.
    Type: Grant
    Filed: February 6, 2016
    Date of Patent: August 28, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Young Rak Choi, Mauricio Pati Caldeira de Andrada, Samir S Vaidya
  • Patent number: 10057279
    Abstract: A system for protecting computers against remote malware downloads includes a malware download detection system and participating client computers that provide download event information to the malware download detection system. A download event information identifies a file, a network address (e.g., uniform resource locator) from which the file was downloaded, and an identifier of the client computer that downloaded the file. The malware download detection system uses the download event information to build and update a tripartite download graph, and uses the download graph to train one or more classifiers. The malware download detection system consults the one or more classifiers to classify a download event. The download event is classified as malicious if either the file or the network address is classified as malicious.
    Type: Grant
    Filed: January 5, 2016
    Date of Patent: August 21, 2018
    Assignee: Trend Micro Incorporated
    Inventors: Marco Balduzzi, Babak Rahbarinia, Roberto Perdisci
  • Patent number: 10057284
    Abstract: Systems and methods for retrospective scanning of network traffic logs for missed threats using updated scan engines are provided. According to an embodiment, a network security device maintains a network traffic log that includes information associated with network activities observed within a private network. Responsive to an event, the network traffic log is retrospectively scanned in an attempt to identify a threat that was missed by a previous signature-based scan or a previous reputation-based scan of the observed network activities. When the threat is identified as a result of the retrospective scan, then remedial and/or preventive action is taken with respect to the threat.
    Type: Grant
    Filed: February 18, 2017
    Date of Patent: August 21, 2018
    Assignee: Fortinet, Inc.
    Inventor: Qianyong Yu
  • Patent number: 10048978
    Abstract: At a first time of detecting, from among a plurality of virtual machines as management targets, a first virtual machine that has not stored therein identification information generated based on an internal time of the computer, an apparatus causes the first virtual machine to store first identification information generated based on a first internal time of the computer corresponding to the first time, and at a second time of detecting a second virtual machine which has stored the first identification information and whose setting regarding network connection has been changed after storing the first identification information, the apparatus cause the second virtual machine to store second identification information generated based on a second internal time of the computer corresponding to the second time.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: August 14, 2018
    Assignee: FUJITSU LIMITED
    Inventor: Hiroshi Iyobe
  • Patent number: 10050993
    Abstract: In an example, there is disclosed a security architecture for enhanced, non-invasive whitelisting of executable objects. When an executable object tries to perform an action, a security engine seamlessly intercepts the action and determines whether the action is whitelisted, blacklisted, or graylisted, assigning the action a corresponding security score. Whitelisted actions may be allowed, blacklisted actions may be disallowed, and graylisted actions may require additional verification from a user. Because the score is assigned to the combination of the executable object and the action, false positives may be avoided, such as those that may occur when an executable object is prefetched but has not yet tried to perform any useful work.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: August 14, 2018
    Assignee: McAfee, LLC
    Inventors: Amritanshu Johri, Balbir Singh, Jaskaran Khurana, Ratnesh Pandey
  • Patent number: 10045208
    Abstract: Various methods are described for using a local trust level and/or a general trust level to control access of data in PSN. Any PSN user can select other users with at least a minimum level of local and/or general trust for secure communications. The users with a trust level below a minimum trust level cannot access the data sent from him/her. The general trust level is controlled by access keys that are generated and issued by a trusted server. The local trust level controlled access keys are generated by each PSN device. Each PSN device issues the corresponding personalized secret keys to those users that satisfy the decryption conditions related to local trust level evaluated by PSN user itself. Both sets of keys can be applied at the same time to secure communication data in PSN controlled by both the general trust level and the local trust level.
    Type: Grant
    Filed: March 31, 2012
    Date of Patent: August 7, 2018
    Assignee: Nokia Technologies Oy
    Inventor: Yan Zheng
  • Patent number: 10044739
    Abstract: In an example embodiment, there is disclosed an anti-malware system and method that analyzes applications and other executable objects at the subroutine level. Each subroutine may be assigned an execution frequency score, which may be based on simulated execution in an insulated environment, on real-world operating conditions, or on static analysis. Each subroutine may be assigned an execution frequency score based on how frequently it is executed. Based on this score, each subroutine may also be assigned a reputation score. To aid in cross-referencing to occurrences of the same subroutine in other applications, the subroutine may also be assigned a pseudo-unique identifier, such as a fuzzy fingerprint.
    Type: Grant
    Filed: December 27, 2013
    Date of Patent: August 7, 2018
    Assignee: McAfee, LLC.
    Inventor: Igor Muttik
  • Patent number: 10043004
    Abstract: The invention provides a method of correlating and merging static application security testing (SAST) and dynamic application security testing (DAST) for web and mobile applications. The invention provides a method for categorizing and comparing various endpoint objects including the path (i.e., location within the application's attack surface), one or more parameters, an HTTPMethod, a filename on the file system, line number, and mobile entry point.
    Type: Grant
    Filed: August 25, 2017
    Date of Patent: August 7, 2018
    Assignee: Denim Group, Ltd.
    Inventors: Dan Cornell, Mac Collins
  • Patent number: 9992025
    Abstract: Software applications previously or currently being installed on a plurality of user devices are monitored. In one embodiment, a first set of the installed applications that is signed with a signing identifier of a developer are identified. A report is then sent to the developer that includes an identification of the first set. In another embodiment, the authenticity of a first application is evaluated including determining, based on a respective signing identifier for each of a plurality of applications, that the applications are similar to the first application. A notification is sent to the developer that identifies applications having a signing identifier that is different from the signing identifier of the developer.
    Type: Grant
    Filed: April 15, 2014
    Date of Patent: June 5, 2018
    Assignee: LOOKOUT, INC.
    Inventors: Kevin Patrick Mahaffey, Timothy Micheal Wyatt, Daniel Lee Evans, Emil Barker Ong, Timothy Strazzere, Matthew John Joseph LaMantia, Brian James Buck
  • Patent number: 9983886
    Abstract: It is determined whether an updated first boot phase code is present. The updated first boot phase code is validated. In response to the validating, a current version of the first boot phase code is updated using the updated first boot phase code.
    Type: Grant
    Filed: July 31, 2013
    Date of Patent: May 29, 2018
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Baraneedharan Anbazhagan, Christopher H Stewart
  • Patent number: 9965631
    Abstract: Disclosed herein are an apparatus and method for analyzing malicious code in a multi-core environment. The apparatus for analyzing malicious code includes a core setting unit for setting at least one monitoring core, on which malicious code is to be monitored, among cores of a multi-core Central Processing Unit (CPU), and executing a monitoring program on the monitoring core, a behavioral information collection unit for, when execution cores that are not set as the monitoring core execute analysis target code, collecting pieces of behavioral information using the monitoring program and a hardware debugging device, and a storage unit for storing the behavioral information.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: May 8, 2018
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Sang-Rok Lee, Jung-Hee Lee, Byung-Chul Bae
  • Patent number: 9963106
    Abstract: Systems of an electrical vehicle and the operations thereof are provided that provide authentication mechanisms of external individuals or computing devices while the vehicle is operating autonomously.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: May 8, 2018
    Assignee: NIO USA, Inc.
    Inventor: Christopher P. Ricci
  • Patent number: 9953159
    Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.
    Type: Grant
    Filed: September 2, 2015
    Date of Patent: April 24, 2018
    Assignee: Intertrust Technologies Corporation
    Inventors: William G. Horne, Lesley R. Matheson, Casey Sheehan, Robert E. Tarjan