Computer Virus Detection By Cryptography Patents (Class 713/188)
  • Patent number: 10776095
    Abstract: A secure live media boot system includes a BIOS that is coupled to a storage subsystem and a non-volatile memory system. The BIOS receives an operating system image. Prior to installing an operating system on a computing device using with the operating system image, the BIOS performs a first measurement action on the operating system image to produce a first operating system measurement that it stores in the non-volatile memory system. The BIOS also stores a read-only version of the operating system image on the storage subsystem. The BIOS subsequently receives a request to install the operating system on the computing device and, in response, performs a second measurement action on the operating system image in order to produce a second operating system measurement. If the BIOS determines that the second operating system measurement matches the first operating system measurement, the BIOS installs the operating system on the computing device.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: September 15, 2020
    Assignee: Dell Products L.P.
    Inventor: Dirie N. Herzi
  • Patent number: 10769267
    Abstract: A computer-implemented method for controlling access to credentials may include (i) maintaining, by a computing device, a set of applications for which attempting to access digital credentials comprises anomalous behavior, (ii) monitoring, by the computing device, each application within the set of applications for attempts to access digital credentials, (iii) automatically detecting, while monitoring for attempts to access digital credentials, an attempt of an application in the set of applications to access a digital credential, and (iv) performing, in response to detecting the attempt to access the digital credential, a security action to secure the digital credential. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: September 8, 2020
    Assignee: CA, Inc.
    Inventors: Feng Li, Adam Glick, Brian Schlatter, Akshata Krishnamoorthy Rao
  • Patent number: 10762206
    Abstract: A method comprises, based on receiving a request to analyze at least a first mobile application, scheduling the request for a first sandbox. The first mobile application is analyzed based on the request, wherein the analysis of the first mobile application comprises performing a behavioral analysis of the first mobile application within the first sandbox and performing a static analysis of the first mobile application. A first feature vector is generated based on data resulting from the analysis of the first mobile application. The first mobile application is determined to comprise malware based, at least in part, on comparing the first feature vector with at least a second feature vector, wherein the second feature vector was generated based on at least one of a static analysis and a behavioral analysis of malware.
    Type: Grant
    Filed: May 16, 2017
    Date of Patent: September 1, 2020
    Assignee: Veracode, Inc.
    Inventors: Theodora H. Titonis, Nelson R. Manohar-Alers, Christopher J. Wysopal
  • Patent number: 10755334
    Abstract: Systems and methods for machine learning and adaptive optimization are provided herein. A method includes continually receiving input that is indicative of client events, including client behaviors and respective outcomes of software trials of a product maintained in a database, continually segmenting open opportunities using the client behaviors and respective outcomes, continually scoring and prioritizing the open opportunities using the client behaviors and respective outcomes for targeting and re-targeting, continually adjusting targeted proposals to open opportunities and sourcing in prospects based on a targeting scheme, continually presenting targeted offers to create expansion opportunities and updating a product roadmap of the product using the open opportunities, the product roadmap including technical specifications for the product.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: August 25, 2020
    Assignee: vArmour Networks, Inc.
    Inventors: Timothy Eades, Eva Tsai, Randy Magliozzi, Namson Tran
  • Patent number: 10742674
    Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, The SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: August 11, 2020
    Assignee: Architecture Technology Corporation
    Inventors: Ian McLinden, Timothy Hartley
  • Patent number: 10740460
    Abstract: A migration service and module for software modules are disclosed. The migration service detects a security flaw in a first environment in which the software modules are running and migrates the software modules or part of the software modules from the first environment to a second environment when a security flaw is detected.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: August 11, 2020
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)
    Inventors: Ola Angelsmark, Per Persson
  • Patent number: 10733289
    Abstract: A solution is proposed for identifying software components in a computing system. A corresponding method comprises monitoring events relating to one or more software components of the computing system, filtering the events into filtered events according to finalizing events of corresponding event sequences ending with the finalizing events, each of the event sequences relating to a logical operation for a corresponding current software component of the software components being finalized by the finalizing events, and determining corresponding current signatures of the current software components of the filtered events, each of the current signatures being determined according to at least part of a content of the corresponding current software component for use to identify the current software component according to a comparison of the current signature with one or more known signatures of known software components.
    Type: Grant
    Filed: September 2, 2017
    Date of Patent: August 4, 2020
    Assignee: International Business Machines Corporation
    Inventors: Piotr Godowski, Grzegorz Majka, Artur Obrzut, Luigi Pichetti
  • Patent number: 10728759
    Abstract: A method includes establishing a wireless link between a wireless interface of an endpoint and a WAP; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the WAP; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: July 28, 2020
    Assignee: Sophos Limited
    Inventors: Dirk Bolte, Sven Schnelle, Emanuel Taube, Jonas Bernd Freiherr von Andrian-Werburg
  • Patent number: 10713358
    Abstract: A system and method operable to identify malicious software by extracting one or more features disassembled from software suspected to be malicious software and employing one or more of those features in a machine-learning algorithm to classify such software.
    Type: Grant
    Filed: April 19, 2013
    Date of Patent: July 14, 2020
    Assignee: FireEye, Inc.
    Inventors: Michael Sikorski, William Ballenthin
  • Patent number: 10705904
    Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: July 7, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Donald Lee Bailey, Jr., Richard Weatherly
  • Patent number: 10706155
    Abstract: Systems for providing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a security assessments provisioning service that provisions third-party-authored rules packages and security assessments into the computing environment of the target computing resource. The third-party rules package includes rules that can operate on telemetry and configuration data of the target computing resource, produced by sensors that are native to the computing environment, but the sensor protocols, message format, and sensitive data are not exposed to the rules. The provisioning service can provide security assessments and/or rules packages that are “native” and are thus able to operate directly on the telemetry and configuration data.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: July 7, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Vladimir Veselov, Adrian-Radu Grajdeanu, Hassan Sultan
  • Patent number: 10701238
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for context-adaptive scanning of digital components. In one aspect, a method comprises: selecting a given digital component from among a plurality of digital components based on a current scanning priority of the given digital component; scanning the given digital component, comprising determining a current state of the given digital component; determining a current context of the given digital component based on one or more of: (i) the current state of the given digital component, or (ii) a current scan index of the given digital component that specifies a number of times the given digital component has been scanned; determining an updated scanning priority of the given digital component based on the current context of the given digital component; and re-scanning the given digital component according to the updated scanning priority.
    Type: Grant
    Filed: May 9, 2019
    Date of Patent: June 30, 2020
    Assignee: Google LLC
    Inventors: Oleg Golubitsky, Dake He
  • Patent number: 10693890
    Abstract: A packet relay apparatus, which is configured to transmit from a mirror port a mirror packet copied from one of a packet to be received and a packet to be transmitted, the packet relay apparatus comprising: a packet receiving module configured to receive a packet from an input port; a security judgment module configured to judge whether or not the packet is possibly one of an attack and an attack sign; a mirror processing module configured to generate, when it is judged that the packet is possibly one of an attack and an attack sign, a replica of the packet as the mirror packet; and a transmitting module configured to transmit the mirror packet from the mirror port.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: June 23, 2020
    Assignee: ALAXALA NETWORKS CORPORATION
    Inventors: Yuichi Ishikawa, Nobuhito Matsuyama
  • Patent number: 10691796
    Abstract: A method of identifying security risks in a computer system that includes several computers executing different applications is provided. The method receives event data about threat events associated with a set of applications executing on a set of computers in the computer system. The method, for each event, compares a set of parameters associated with the event with a set of historical parameters maintained for a similar event. The method, based on the comparisons, defines a normality characterization for each event to express a probability of an exploit of the application associated with the event. The method, based on the normality characterization, defines a prioritized display of security risks due to the threat events associated with the set of application.
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: June 23, 2020
    Assignee: CA, Inc.
    Inventors: Ryan G. Stolte, Firas S. Rifai, Humphrey Christian, Joseph Anthony DeRobertis, Shmuel Yehonatan Green
  • Patent number: 10693894
    Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a sequence of state definitions are generated for each of the rules. The state definitions for each rule correspond to respective segments of the rule and specify conditions under which a state machine is to transition between search states corresponding to those segments, at least one of the segments corresponding to multiple characters within the input traffic stream. A state machine transitions between search states corresponding to one or more of the rules in accordance with contents of the input traffic stream and the conditions specified by the sequence of state definitions.
    Type: Grant
    Filed: January 15, 2019
    Date of Patent: June 23, 2020
    Assignee: Redberry Systems, Inc.
    Inventors: Sandeep Khanna, Varadarajan Srinivasan, Madhavan Bakthavatchalam
  • Patent number: 10685110
    Abstract: The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: June 16, 2020
    Assignee: SONICWALL INC.
    Inventors: Soumyadipta Das, Sai Sravan Kumar Ganachari, Yao He, Aleksandr Dubrovsky
  • Patent number: 10673867
    Abstract: A system featuring a cloud-based malware detection system for analyzing an object to determine whether the object is associated with a cyber-attack. Herein, subscription review service comprises a data store storing subscription information. The subscription information includes identifier for the customer and one or more identifiers each associated with a corresponding customer submitter operable to submit an object to the cloud-based malware detection system for analysis. The first customer submitter receives credentials provided by the subscription review service to establish communications with the cloud-based malware detection system.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: June 2, 2020
    Assignee: FireEye, Inc.
    Inventors: Mumtaz Siddiqui, Manju Radhakrishnan
  • Patent number: 10664469
    Abstract: Using a blockchain transaction acceleration system, a first transaction generated by a first node is sent to an acceleration node in a blockchain, where the first transaction is sent to the acceleration node instead of being sent directly to a second node that is the intended recipient of the first transaction, and where the first node, the second node, and the acceleration node are different nodes. The blockchain transaction acceleration system forwards the transaction from the acceleration node to the second node. The blockchain transaction acceleration system executes the transaction by the second node.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: May 26, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Ning Xia
  • Patent number: 10666670
    Abstract: Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: May 26, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory J. Boss, Rick A. Hamilton, II, Jeffrey R. Hoy, Agueda M. H. Magro
  • Patent number: 10667130
    Abstract: A method includes establishing a wireless link between a wireless interface of an endpoint and a WAP; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the WAP; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: May 26, 2020
    Assignee: Sophos Limited
    Inventors: Dirk Bolte, Sven Schnelle, Emanuel Taube, Jonas Bernd Freiherr von Andrian-Werburg
  • Patent number: 10659493
    Abstract: A method of detecting malicious electronic messages transmitted from at least one message sending device to at least one message receiving device includes: generating at least one signature for an electronic message; storing the generated signature in a data storage unit; determining whether the electronic message is malicious; if the electronic message is determined to be malicious, determining on the basis of the generated signature, whether electronic messages comparable to the determined malicious message were classified as non-malicious and transmitted to the message receiving device in the past; and if it is determined that electronic messages comparable to the determined malicious message were classified as non-malicious and transmitted to the message receiving device in the past, notifying the message receiving device about a potential threat. Also disclosed are a messaging server and a messaging system implementing the above described method.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: May 19, 2020
    Assignee: retarus GmbH
    Inventors: Martin Hager, Michael Grauvogl
  • Patent number: 10642998
    Abstract: A method, system and computer-usable medium for generating session-based security information. Generating the session-based security information includes the steps of monitoring user behavior between an enactor and an entity; detecting user behavior data associated with the user behavior; generating a session using the user behavior data, the session relating to an entity discrete interaction of the enactor; and, associating the session and the session-based security information with the user profile.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: May 5, 2020
    Assignee: Forcepoint LLC
    Inventors: Richard A. Ford, Ann Irvine, Russell Snyder, Adam Reeve
  • Patent number: 10637874
    Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: April 28, 2020
    Assignee: Cylance Inc.
    Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andrew Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Yaroslav Oliinyk, Ryan Permeh
  • Patent number: 10637722
    Abstract: A method and system for remotely managing messages is provided. The method includes receiving a status message associated with an operational status of hardware or software and determining, via execution of a message database table associated with a message database, that the status message includes a new message not located within the message database. The status message is added to the message database table and a search process for messages matching the status message is executed to determine if a match between the messages and status is located.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: April 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Henderson, Randy S. Johnson, Richard I. Levey, Tedrick N. Northway
  • Patent number: 10628582
    Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.
    Type: Grant
    Filed: October 3, 2018
    Date of Patent: April 21, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Richard Reybok, Andreas Seip Haugsnes, Kurt Joseph Zettel, II, Jeffrey Rhines, Henry Geddes, Volodymyr Osypov, Scott Lewis, Sean Brady, Mark Manning
  • Patent number: 10628803
    Abstract: Described herein are methods and systems by which certain servicing and maintenance of a device coupled to a computer network can be performed remotely. The system receives an event associated with the operation of the device and compares the event to a set of rules to identify if the event is a false positive event. The system generates a notification when the event is not the false positive event and transmits the notification to a service agent.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: April 21, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Nitin Chhabra, Prakash Chanderia, Ajith Balakrishnan
  • Patent number: 10621340
    Abstract: A technique allows for a hybrid hypervisor-assisted security model that monitors and protects an operating system from rootkits or other malware through use of monitoring policies for the operating system (OS). The OS monitoring policies may be separated into rules that can be enforced using an in-guest agent running in a monitored guest OS domain and an out-of-guest agent running in a privileged/monitoring guest OS domain. Embodiments may use virtualization technologies including permissions and policies in one or more page tables (and virtualization exceptions (# VE) to avoid virtual machine (VM) exits during runtime events and thereby, avoid context switching into a hypervisor. An embodiment includes configuring the in-guest agent in a monitored OS such that hardware events can be switched to lightweight events and can be dynamically switched to complex processing in the privileged OS domain only when requested.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: April 14, 2020
    Assignee: Intel Corporation
    Inventors: Edmund H. White, Ravi L. Sahita
  • Patent number: 10614218
    Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: April 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
  • Patent number: 10616270
    Abstract: An optimization apparatus collects cyber attack information that is information related to a cyber attack, and system information that is information related to an entire system including a device that has received the cyber attack. Based on the collected cyber attack information and system information, the optimization apparatus identifies an attack route of the cyber attack, and extracts, as dealing point candidates, devices that are on the attack route and have an effective dealing function against the cyber attack. Subsequently, the optimization apparatus selects a dealing point from the extracted dealing point candidates by using optimization logic that has been set.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: April 7, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Bo Hu, Toshiharu Kishi, Hideo Kitazume, Takaaki Koyama, Yukio Nagafuchi, Yasuhiro Teramoto
  • Patent number: 10616160
    Abstract: Controlling cascade of information transmitted and received via one or more online data sharing platforms and electronic communication network. A message to be shared is detected. The message and the corresponding message stream may be analyzed. An action may be taken upon the message responsive to one or more criteria being met based on analyzing the message and the corresponding message stream. The action may include at least forcing a fact check of the message that determines veracity of the message. The action may also include one or more of removing the message, disabling the message, allowing conditional sharing of the message, or allowing the message to be shared. The one or more criteria may include at least determining a confidence value below a threshold value that indicates the message is non-factual.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: April 7, 2020
    Assignee: International Business Machines Corporation
    Inventors: Paul R. Bastide, Thomas J. Evans, IV, Vijay Francis
  • Patent number: 10606844
    Abstract: Techniques are disclosed for identifying legitimate files using a hash-based cloud reputation using parts of a file to generate a hash value for reputation score lookup. A reputation service receives a request for a reputation score associated with a file. The request specifies a hash value for the file. The hash value is generated based on one or more parts of the file. The service identifies one of a plurality of file clusters that includes one or more files that matches to the specified hash value. The service determines a reputation score for the file based on the identified file cluster. The reputation score indicates a rating of the file based on a distribution of the file in a user base. The service returns the reputation score in response to the request.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: March 31, 2020
    Assignee: CA, Inc.
    Inventors: Kishor Kumar, Shayak Tarafdar
  • Patent number: 10601844
    Abstract: A non-rule based security detection system and method is described. The method includes identifying a plurality of data sources. The method then proceeds to generate a baseline for each data source. The baseline includes a plurality of data source outputs that are evaluated over a time period. A plurality of data source anomalies are detected, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline. A geolocation for each data source anomaly is then identified. A plurality of correlations between the plurality of data source anomalies and the geolocation for each data source anomaly are generated. At least one correlation is associated with a security event.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: March 24, 2020
    Assignee: GUAVUS, INC.
    Inventor: Benjamin James Parker
  • Patent number: 10586046
    Abstract: At least one security feed indicative of at least one security event that may impact or has impacted one or more assets associated with an organization is obtained. The at least one security feed is automatically classified as being relevant or not relevant. The at least one security feed is automatically ranked in response to the at least one security feed being classified as relevant. The ranking of the at least one security feed is presented to an entity to make an assessment of the security event.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: March 10, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Or Herman-Saffar, Amihai Savir, Stephen Todd, Elik Levin
  • Patent number: 10587631
    Abstract: The disclosed techniques provide systems and methods for detecting coordinated attacks on social networking databases containing personal end-user data. More specifically, various advanced persistent threat (APT) detection procedures are described that explore the commonality between specific targets of various private data accesses. In one embodiment, a threat detection tool is configured to process various private data accesses initiated by a source user account in order to identify associated query structures. The tool then applies one or more filters to the private data accesses to identify a subset of the private data accesses that have query structures indicating specific targets and processes these specific targets to determine if an access pattern exists. The access pattern can indicate, for example, a measure of commonality among two or more of the specific targets. If an access pattern exists, the threat detection tool can trigger an alarm.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: March 10, 2020
    Assignee: Facebook, Inc.
    Inventors: Srinath Anantharaju, Chad Greene
  • Patent number: 10574684
    Abstract: Methods and systems of testing for phishing security vulnerabilities are disclosed, including methods of penetration testing of a network node by a penetration testing system comprising a reconnaissance agent software module installed in the network node, and a penetration testing software module installed on a remote computing device. Penetration testing systems are provided so as to locally detect weaknesses that would expose network nodes to phishing-based attacks.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: February 25, 2020
    Assignee: XM Cyber Ltd.
    Inventors: Ronen Segal, Menahem Lasser
  • Patent number: 10554682
    Abstract: Systems and methods are disclosed for detecting and removing injected elements from content interfaces. In one implementation, a processing device receives a content interface from a content provider, processes the content interface to identify elements of the interface that may not have been received from the content provider, compares the content interface with corresponding reference interfaces to identify elements of the content interface that are not present in the reference interfaces, processes the identified elements to determine how the identified elements affect a rendering of the content interface on the device, and modifies a rendering of the content interface on the device based on the manner in which the identified elements affect the rendering of the content interface on the device.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: February 4, 2020
    Assignee: Namogoo Technologies Ltd.
    Inventors: Ohad Greenshpan, Chemi Katz
  • Patent number: 10546125
    Abstract: The disclosed computer-implemented method for detecting malware using static analysis may include (i) identifying an executable file to subject to analysis for malware, (ii) retrieving an association between a known malicious behavior and an exploitable method being invoked, wherein the association specifies that a contextual method precedes the exploitable method in an invocation path and that the exploitable method is invoked with a set of predetermined parameters, (iii) detecting, within the executable file, an invocation of the exploitable method, (iv) determining that the invocation of the exploitable method within the executable file occurs in a detected invocation path in which the contextual method precedes the exploitable method and that the invocation of the exploitable method includes a set of invoking parameters that matches the set of predetermined parameters, and (v) classifying the executable file as containing malware.
    Type: Grant
    Filed: February 14, 2017
    Date of Patent: January 28, 2020
    Assignee: CA, Inc.
    Inventor: Zhicheng Zeng
  • Patent number: 10540176
    Abstract: A computer system, method, or computer-readable medium controls a potentially unacceptable software component intended for a software repository. A pre-defined application or repository policy associated with the repository or application pre-defines risks and, for each of the risks, an action to take for the risk. The action can be a pass action or a does-not-pass action, which are pre-defined programmatic steps also defined in the policy. When the component is not new to the repository or the application, the component is passed through for the usual handling. When the component is new, risks are determined that match the software component; for risks which match, the actions are taken as defined in the pre-defined policy. The pass action can include adding the software component to the software repository. The does-not-pass action is followed for a component that does not pass as a potentially unacceptable software component.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: January 21, 2020
    Assignee: Sonatype, Inc.
    Inventors: Wayne Jackson, Michael Hansen, Brian Fox, Jaime Whitehouse, Jason Dillon
  • Patent number: 10534912
    Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: January 14, 2020
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventor: Adam Youngberg
  • Patent number: 10530579
    Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: January 7, 2020
    Assignee: Venafi, Inc.
    Inventors: Matthew Woods, Remo Ronca
  • Patent number: 10531168
    Abstract: Embodiments provides a low-latency data switching device and method. The device includes at least two boundary hardware modules and at least one optical forwarding module. The first boundary hardware module is configured for matching, with a first data forwarding table, signaling message information for a signaling message sent by a host router, acquiring a service request sent by the host router, and searching a second data forwarding table for an optical channel for the service request. The at least one optical forwarding module is configured for mapping the service request to a second service request, and forwarding the second service request in sequence via the optical channel, the second boundary hardware module is configured for acquiring next-hop routing information of the data switching device for the service request, and forwarding the service request to the next-hop router of the data switching device.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: January 7, 2020
    Assignee: Beijing University of Posts and Telecommunications
    Inventors: Rentao Gu, Yanxia Tan, Yuefeng Ji
  • Patent number: 10523525
    Abstract: A network switch, a device management system, and a device management method thereof are provided. A network management system with a graphical management interface is embedded in the network switch, so that network administrators can use web browser for management. The graphical management interface provides a topology mode, a floor mode and a map mode for the network administrators to intuitively manage Internet Protocol (IP) connected apparatuses on a topological diagram, a floor plan or a map. Furthermore, in response to a control operation corresponding to the IP connected apparatus on the graphical management interface, the network switch performs a device function operation (e.g., an information collecting operation, a configuration setting operation, a node searching operation, a system login operation, etc.) corresponding to the control operation through a communication module thereof. Accordingly, an innovative and convenient device management system can be provided for the network administrators.
    Type: Grant
    Filed: November 7, 2018
    Date of Patent: December 31, 2019
    Assignee: Ruby Tech Corporation
    Inventors: Yu-Che Young, Li-Te Chang, Chin-Piao Hung
  • Patent number: 10511631
    Abstract: Providing safe access of a data item accessed through one of a plurality of access channels while concurrently providing a policy check of the data item. An indication associated with accessing a data item through one access channel of a plurality of access channels may be received. In response to receiving the indication associated with accessing the data item, the data item may be automatically analyzed to determine whether the data item satisfies a policy. Also in response to receiving the indication associated with accessing the data item and while determining whether the data item satisfies the policy, safe access of the data item may be provided. Regardless of the access channel through which the data item was accessed, any of the policy check, the safe access, and the analysis of the data item may be the same.
    Type: Grant
    Filed: January 25, 2017
    Date of Patent: December 17, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Amar D. Patel, Mario D. Goertzel, Kristjan E. Hatlelid
  • Patent number: 10505708
    Abstract: In a blockchain transaction acceleration system, access is provided to a multiple blockchain acceleration network accessible to a plurality of blockchains, where the multiple blockchain acceleration network includes a plurality of acceleration nodes, each acceleration node accessible to at least one node in at least one blockchain of the plurality of blockchains. A transaction to be forwarded is received at a first acceleration node from a first node in a first blockchain of the plurality of blockchains. The transaction is forwarded by the first acceleration node to a second node.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: December 10, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Ning Xia
  • Patent number: 10498760
    Abstract: A monitoring system for detecting and preventing a malicious program code from being uploaded from a client computer to a webpage computer server is provided. A secure computer server compares a first plurality of binary portions in a first binary file to a plurality of stored malicious binary program codes to determine whether at least one binary portion of the first plurality of binary portions corresponds to at least one malicious binary program code in the plurality of stored malicious binary program codes. The secure computer server does not send a first modified webpage file and an attachment file to the webpage computer server in response to a first binary file having at least one malicious binary program code.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: December 3, 2019
    Assignee: ALSCO Software LLC
    Inventors: Mohammed Kifah Hussain, Yasser Kifah Hussain, Zayd Kifah Hussain
  • Patent number: 10489585
    Abstract: Processes being executed by a host system may be identified. The processes may be associated with random numbers that are generated by a first type of random number generator operation. An indication of abnormal behavior from at least one of the processes that are being executed by the host system may be received. A request for a new process to be executed by the host system may be received. In response to the indication of the abnormal behavior and the request to provide the new process, a second random number may be generated by using a second type of random number generator operation that is different than the first type of random number generator operation. The second type of random number generator operation may use a system entropy value that is associated with the host system. The new process may be generated in view of the second random number.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: November 26, 2019
    Assignee: Red Hat, Inc.
    Inventors: Henri Han van Riel, Michael Tsirkin
  • Patent number: 10474811
    Abstract: A system, method, and computer-readable medium for detecting malicious computer code are provided. Instructions, such as HTML or JavaScript instructions may be received from a server, parsed, and executed. During execution of the instructions, one or more functions of a software application, such as a web browser, may be hooked, and an event object may be created for each called function that is hooked, resulting in a collection of event objects. Rules may be matched with event objects of the collection of event objects to detect malicious code. Attributes from the matched event objects may then be used to locate original malicious script or code injected into a web page.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: November 12, 2019
    Assignee: VERISIGN, INC.
    Inventors: Matthew Cote, Trevor Tonn
  • Patent number: 10476909
    Abstract: According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: November 12, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Muhammad Amin, Osman Abdoul Ismael, Zheng Bu
  • Patent number: 10467411
    Abstract: One embodiment of the disclosure is directed to a method for generating an identifier for use in malware detection. Herein, a first plurality of indicators of compromise are obtained. These indicators of compromise correspond to a plurality of anomalous behaviors. Thereafter, a filtering operation is performed on the first plurality of indicators of compromise by removing one or more indicators of compromise from the first plurality of indicators of compromise to create a second plurality of indicators of compromise. The identifier represented by the second plurality of indicators of compromise is created.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: November 5, 2019
    Assignee: FireEye, Inc.
    Inventors: Vinay K. Pidathala, Zheng Bu, Ashar Aziz
  • Patent number: 10460313
    Abstract: A system of electronic identity verification across multiple services is provided and includes a password vault module adapted to enable a user to store a plurality of credentials for respective services of the user's choosing as well as a federated identity module adapted to enable a user to provide a single sign-on credential for a plurality of subscribing services. A common login module is accessible to both the password vault module and the federated identity module. When the user logs into the common login module, the user is authenticated for both services of the user's choosing and subscribing services. The system migrates stored user credentials in the password vault module to the federated identity module when a user-chosen service becomes a subscribing service. An integrated mobile wallet module enables financial transactions between the user and both the user-chosen services and subscribing services.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: October 29, 2019
    Assignee: United Services Automobile Association (USAA)
    Inventor: Thomas D. Clark