Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 10027627
    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: July 17, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Hari Shankar, Constantinos Kleopa, Venkatesh N. Gautam, Gerald N. A. Selvam
  • Patent number: 10027696
    Abstract: According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: July 17, 2018
    Assignee: FireEye, Inc.
    Inventors: Alexandr Rivlin, Divyesh Mehra, Henry Uyeno, Vinay Pidathala
  • Patent number: 10021509
    Abstract: Methods, apparatus, systems and articles of manufacture to provide an update via a satellite connection are disclosed. An example method includes scanning a local area network to identify a device in communication with the local area network. A hardware address of the device is determined. The hardware address of the device is compared against a whitelist of hardware addresses included in an update schedule. In response to detecting that the hardware address of the device is included in the whitelist of hardware addresses, an update identified in the update schedule is received via a broadcast distribution system, is recorded, and is transmitted to the device.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: July 10, 2018
    Assignee: AT&T Mobility II LLC
    Inventor: Arthur Richard Brisebois
  • Patent number: 10020941
    Abstract: Techniques related to virtual encryption patching are described. A security gateway includes multiple Transport Layer Security Implementations (TLSI) that can be used for creating secure communications channels to carry application-layer traffic between one or more clients and one or more server applications. In some embodiments, upon determining that one of the multiple TLSIs contains a security vulnerability, that TLSI can be disabled, leaving one or more others of the multiple TLSIs enabled and available to be used to carry traffic of new connections between the clients and server applications.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: July 10, 2018
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Itsik Mantin, Nadav Avital, Offir Zigelman, Oren Brezner, Dmitry Babich
  • Patent number: 10021051
    Abstract: Methods and apparatus related to determining non-textual reply content for a reply to an electronic communication and providing the non-textual reply content for inclusion in the reply. Some of those implementations are directed to determining, based on an electronic communication sent to a user, one or more electronic documents that are responsive to the electronic communication, and providing one or more of those electronic documents for inclusion in a reply by the user to the electronic communication. For example, the electronic documents may be automatically attached to the reply and/or link(s) to the electronic documents automatically provided in the reply.
    Type: Grant
    Filed: January 1, 2016
    Date of Patent: July 10, 2018
    Assignee: GOOGLE LLC
    Inventors: Balint Miklos, Ijeoma Emeagwali, Phillip Sharp, Prabhakar Raghavan
  • Patent number: 10015140
    Abstract: System, method and program product for managing a security policy of a firewall. The firewall receives a message packet addressed to a specified port of a destination IP address and determines that the firewall does not have a message flow rule which permits passing of the message packet to the port. The port is tested to determine if the port is open. If so, an administrator is queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. If not, an administrator is not queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. There may be first and second firewalls located between the source IP address and destination IP address. Before the port is tested, a central database is checked to learn if the central database has a record of whether the first firewall should have a message flow rule which permits passing of the message packet to the port.
    Type: Grant
    Filed: February 3, 2005
    Date of Patent: July 3, 2018
    Assignee: International Business Machines Corporation
    Inventor: Andrew John Bernoth
  • Patent number: 10015182
    Abstract: The disclosed computer-implemented method for protecting computing resources may include (i) computing a degree of commonality between pairs of users within a file sharing system based on which files the users accessed over a period of time, (ii) building a social graph that indicates at least one edge between members of an instance of the pairs of users, (iii) computing an anomaly score for a user within the instance of the pairs of users, (iv) detecting that the anomaly score deviates, according to a statistical measurement, from historical anomaly scores computed for the same user, and (v) performing, in response to detecting that the anomaly score deviates from the historical anomaly scores, a protective action to protect computing resources from anomalous behavior by the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: July 3, 2018
    Assignee: Symantec Corporation
    Inventors: Saurabh Shintre, Aleatha Parker-Wood
  • Patent number: 10015191
    Abstract: Methods and systems for detecting fraudulent activity are described. A user types in a web address in his or her browser to request a webpage from a server, and the server communicates the webpage to the user. The communicated webpage includes a document object model (DOM) inspector and/or a JavaScript (JS) namespace inspector. The DOM inspector and JS namespace inspector detect anomalous DOM elements and anomalous JS namespace elements respectively. The DOM inspector and JS namespace inspector discover objects on the rendered webpage that should not be there.
    Type: Grant
    Filed: September 18, 2013
    Date of Patent: July 3, 2018
    Assignee: PAYPAL, INC.
    Inventors: Jeremy Dale Pickett, Brad Wardman
  • Patent number: 10013213
    Abstract: An apparatus comprises at least a first container host device implementing a plurality of containers, a storage platform coupled to the first container host device and implementing storage resources for utilization by the containers, and a container storage controller associated with the first container host device. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The provisioned storage volume for a given one of the containers is partitioned into at least a data storage volume and a state storage volume, with the data storage volume being configured to store data for at least one application running in the given container, and the state storage volume being configured to store state information of the given container for use in migrating the given container from the first container host device to a second container host device.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: July 3, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Keerthana Suresh, Vaibhav Khanduja, Ashish Mehrotra
  • Patent number: 10015194
    Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: July 3, 2018
    Assignee: VOTIRO CYBERSEC LTD.
    Inventors: Aviv Grafi, Itay Glick
  • Patent number: 10015193
    Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: July 3, 2018
    Assignee: TOPSPIN SECURITY LTD
    Inventors: Doron Kolton, Rami Mizrahi, Manor Hemel, Omer Zohar
  • Patent number: 10013729
    Abstract: Groups of users of a social networking system are categorized based on their association with a type of malicious activity. A set of predetermined malicious groups is identified. Users associated with the malicious groups are selected based on their level of interactions with the malicious groups. Other groups associated with the selected users are identified as being potentially malicious groups. The potentially malicious groups are further analyzed based on occurrences of keywords associated with the type of malicious activity and manual verification by experts. The potentially malicious groups are either classified as being malicious or non-malicious or assigned a score based on their likelihood of being associated with the type of malicious activity. The methods and system disclosed can be used for categorizing other types of social network objects based on their association with a type of malicious activity, for example, users, events, and content.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: July 3, 2018
    Assignee: Facebook, Inc.
    Inventors: Daniel Leon Kelmenson, David Stewart Willner
  • Patent number: 10012693
    Abstract: A system on chip (SoC) is provided. The system on chip includes a multiprocessor that includes multiple processors, a debugging controller that includes a debug port and retention logic configured to store an authentication result of a secure joint test action group system, and a power management unit configured to manage power supplied to the multiprocessor and the debugging controller. The power management unit changes the debug port and the retention logic into an alive power domain in response to a debugging request signal.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: July 3, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Minsoo Lim, Sungjae Lee
  • Patent number: 10013568
    Abstract: To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: July 3, 2018
    Assignee: DROPBOX, INC.
    Inventor: Anton Mityagin
  • Patent number: 10007789
    Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: June 26, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hyun Joo Kim, Jong Hyun Kim, Ik Kyun Kim
  • Patent number: 10009362
    Abstract: Provided herein are systems and methods for targeted attack protection using predictive sandboxing. In exemplary embodiments, a method includes retrieving a URL from a message of a user and performing a preliminary determination to see if the URL can be discarded if it is not a candidate for sandboxing. The exemplary method includes computing a plurality of selection criteria factors for the URL if the URL passes the preliminary determination, each selection criteria factor having a respective factor threshold. The method can further include determining if any of the selection criteria factors for the URL exceeds the respective factor threshold for the respective selection criteria factor. Based on the determining, if any of the selection criteria factors exceeds the factor threshold for the selection criteria factor, the exemplary method includes automatically placing the URL in a sandbox for analysis.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: June 26, 2018
    Assignee: Proofpoint, Inc.
    Inventors: Steven Robert Sandke, Bryan Burns
  • Patent number: 10009266
    Abstract: One embodiment provides a system for facilitating efficient communication of a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and a first nonce, wherein the first packet indicates a set of member interests, wherein a member interest has a name. In response to not obtaining a matching entry in a pending interest table based on the name for the first packet, the system creates a new entry in the pending interest table, wherein an entry includes a second nonce, a reference count, and a set of arrival nonces and corresponding arrival interfaces. The system sets the new entry's second nonce to a new nonce, and sets the new entry's reference count to a number of member interests indicated in the first packet. The system forwards the first packet, wherein the first nonce is replaced with the new nonce.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: June 26, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Christopher A. Wood, Glenn C. Scott
  • Patent number: 10003606
    Abstract: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: June 19, 2018
    Assignee: Symantec Corporation
    Inventors: Kevin Alejandro Roundy, Michael Hart, Christopher Gates
  • Patent number: 10002249
    Abstract: Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, a method for outputting data based on anomaly detection is provided, the method comprising: receiving, using a hardware processor, an input dataset; identifying grams in the input dataset that substantially include distinct byte values; creating an input subset by removing the identified grams from the input dataset; determining whether the input dataset is likely to be anomalous based on the identified grams, and determining whether the input dataset is likely to be anomalous by applying the input subset to a binary anomaly detection model to check for an n-gram in the input subset; and outputting the input dataset based on the likelihood that the input dataset is anomalous.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: June 19, 2018
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J Stolfo, Ke Wang, Janak Parekh
  • Patent number: 9998592
    Abstract: A system, method, and computer readable medium for establishing communication between two devices comprises connecting, by a first computer, to an open source Private Branch Exchange (PBX) platform via a port, receiving a phone number sent by a first one of the two devices at the open source PBX platform, invoking an interface module by the open source PBX platform, where the interface module resides on the open source PBX platform, and building a Calling Name request by the interface module related to the received phone number.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: June 12, 2018
    Assignee: Open Invention Network LLC
    Inventor: Kevin V. Nguyen
  • Patent number: 9998468
    Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
  • Patent number: 9998484
    Abstract: A method comprises obtaining at least a first software module not classified as benign or potentially malicious, extracting a set of features associated with the first software module including static, behavior and context features, computing distance metrics between the extracted feature set and feature sets of a plurality of clusters including one or more clusters of software modules previously classified as benign and exhibiting a first threshold level of similarity relative to one another and one or more clusters of software modules previously classified as potentially malicious and exhibiting a second threshold level of similarity relative to one another, classifying the first software module as belonging to a given cluster based at least in part on the computed distance metrics, and modifying access by a given client device to the first software module responsive to the given cluster being a cluster of software modules previously classified as potentially malicious.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: June 12, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ahmet Buyukkayhan, Zhou Li, Alina M. Oprea, Martin Rosa
  • Patent number: 9992216
    Abstract: Identifying malicious executables by analyzing proxy logs includes, at a server having connectivity to the Internet, retrieving sets of proxy logs from a plurality of proxy servers. Each proxy server of the plurality of proxy servers is associated with a network and generates network traffic logs for one or more nodes included in the network. Then, a set of executables hosted by each of the one or more nodes associated with each of the plurality of proxy servers is determined. Each set of executables is analyzed to detect a specific executable and portions of each of the network traffic logs that are associated with the specific executable are identified. An alert is generated indicating the portions of each of the network traffic logs as likely to be associated with the specific executable.
    Type: Grant
    Filed: February 10, 2016
    Date of Patent: June 5, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Tomas Pevny, Petr Somol
  • Patent number: 9992201
    Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: June 5, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
  • Patent number: 9990499
    Abstract: A method and system for discovering and testing security assets is provided. Based on source definition data describing sources to monitor on the one or more computer networks, an example system scans the sources to identify security assets. The system analyses the security assets to identify characteristics of the server-based applications. The system stores database records describing the security assets and the identified characteristics. The system queries the database records to select, based at least on the identified characteristics, one or more target assets, from the security assets, on which to conduct one or more security tests. Responsive to selecting the one or more target assets, the system conducts the one or more security tests on the one or more target assets. The system identifies one or more security vulnerabilities at the one or more target assets based on the conducted one or more security tests.
    Type: Grant
    Filed: August 5, 2013
    Date of Patent: June 5, 2018
    Assignee: NETFLIX, INC.
    Inventors: Jason Chan, Patrick Kelley, Benjamin Hagen, Samuel Reed
  • Patent number: 9990500
    Abstract: Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.
    Type: Grant
    Filed: July 25, 2012
    Date of Patent: June 5, 2018
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Sasi Siddharth Muthurajan, Prajakta Subhash Jagdale, Leonid Promyshlyansky Bensman, Iftach Ragoler, Philip Edward Hamer
  • Patent number: 9985851
    Abstract: A method includes performing operations as follows on a processor that include receiving metrics reported by user terminals via a data network. The metrics indicating a measured operation of an application program processed by the user terminals. The operations further include determining when a collection of the metrics received from across the user terminals satisfies a rule for modifying metric reporting, and communicating a metric reporting modification command to the user terminals, based on the collection of the metrics received from across the user terminals satisfying the rule for modifying metric reporting, to control future metrics reported by the user terminals for the measured operation of the application program. Related computer program products and systems are disclosed.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: May 29, 2018
    Assignee: CA, INC.
    Inventor: Jonathan Lindo
  • Patent number: 9977896
    Abstract: Provided herein are systems and methods for generating policies for a new application using a virtualized environment. Prior to allowing a new application to operate on a host system, the new application may be installed in a virtual environment. A first program execution restrictor of the virtualized environment may determine a set of policies for the new application. The set of policies may allow the new application to add specific program elements during installation and execution in the virtualized environment. The first program execution restrictor may verify an absence of malicious behavior from the new application while the new application executes in the virtualized environment. The new application may be executed on the host system responsive to the verification. The host system may have a second program execution restrictor that applies the set of policies when the new application is allowed to execute on the host system.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: May 22, 2018
    Assignee: DIGITAL GUARDIAN, INC.
    Inventor: John C. Fox
  • Patent number: 9979714
    Abstract: A social networking system provides access to personas comprising information, for example, web pages describing users or entities. The information may be suggested by the social networking system or requested by the user, for example, via search. The social networking system authenticates the personas so that only authentic personas are suggested to users or returned when a user is searching for information. The authenticity of a persona is determined based on the connections and/or likes coming from other personas, user accounts, or other entities represented within the social networking system that have been previously authenticated. The authenticity of the person is also determined based on external links to the persona, for example, external websites referring to the persona or the rate at which external systems such as search engines direct web traffic to the persona.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: May 22, 2018
    Assignee: Facebook, Inc.
    Inventors: Giridhar Rajaram, Gang Wu
  • Patent number: 9977888
    Abstract: Systems and techniques for privacy protected input-output port control are described herein. In an example, an indication may be obtained that a protected port is disabled. A set of application attributes stored in a secure memory location may be compared to a set of attested application attributes to create a verification flag. At least one port attribute of the protected port may be obtained based on the verification flag. The protected port may be enabled using the at least one port attribute. Other examples, for controlling an input-output port using computer firmware and trusted execution techniques are further disclosed.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: May 22, 2018
    Assignee: Intel Corporation
    Inventors: Nitin V. Sarangdhar, Raul Gutierrez
  • Patent number: 9973518
    Abstract: A message checking apparatus comprising one or more processors, the message checking apparatus includes: a uniform resource locator(URL) extracting unit to check, when a message is received, whether a URL is included in the message and extract the URL from the message; a communication unit to download an application using the URL; and an authorization/application program interface(API) verifying unit to check whether an authorization or API having a security risk is included in the application to be downloaded through the communication unit and then determine whether the URL is malicious based thereon.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: May 15, 2018
    Assignee: SK TELECOM CO., LTD.
    Inventors: Yong-hak Lee, Ji Hoon Cho
  • Patent number: 9973528
    Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: May 15, 2018
    Assignee: Fortinet, Inc.
    Inventor: Hemant Kumar Jain
  • Patent number: 9973339
    Abstract: A process of writing to a non-anonymous cloud storage is provided. On a client side, a write request to block X is received. A block key for the block numbers X is calculates as a function, which uses an Anonymous Key and X as its arguments. A hash function value of the block key is calculated. The content and the hash value are transferred to a Virtual Cloud Service. Then, on the Virtual Cloud Service, public cloud accounts are selected based on part of the hash value. A file name is generated from the calculated hash value. The content of block X is stored to the file with the generated name within the selected cloud account. Thus, there is no data reflecting the ownership of the user files on the cloud storage that is revealed.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: May 15, 2018
    Assignee: Acronis International GmbH
    Inventor: Maxim V. Lyadvinsky
  • Patent number: 9973485
    Abstract: Disclosed is a device that obtains and stores a secret key. The device may comprise a transceiver configured to: transmit a command for a secret key to a server; transmit an identifier to the server; and receive a wrapped secret key from the server. The device may further comprise: a storage device; and a processor. The processor may be coupled to the transceiver and the storage device and the processor may be configured to: receive the wrapped secret key from the transceiver; unwrap the wrapped secret key to obtain the secret key; and store the secret key in the storage device.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: May 15, 2018
    Assignee: QUALCOMM Incorporated
    Inventor: Ron Keidar
  • Patent number: 9967275
    Abstract: Techniques of identifying anomalous behavior on an electronic network involve iteratively combining groups of adjacent bins of a histogram in such a way as to minimize a measure of error in the histogram. Along these lines, a user behavior analytics server represents a user behavior factor with a histogram. The UBA server reduces a number of bins in the histogram by iteratively selecting groups of adjacent bins for combination. Upon each iteration, the group of bins that is selected for combination is the group which, when its bins are combined, minimizes differences between the values of the bins in that group and a value of the combined bin.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: May 8, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Eyal Kolman, Kineret Raviv
  • Patent number: 9965629
    Abstract: Provided are a malicious code diagnosing system and a method of diagnosing malicious codes. According to embodiments of the present disclosure, a malicious code diagnosing operation is performed only on files that are likely to be infected by malicious codes by utilizing file change log information recorded in a file system. Accordingly, malicious code diagnosing operation can be performed more quickly and reliably than conventional diagnosing method.
    Type: Grant
    Filed: March 7, 2014
    Date of Patent: May 8, 2018
    Assignee: AHNLAB, INC.
    Inventor: Kyu Beom Hwang
  • Patent number: 9961496
    Abstract: Various embodiments include methods, and computing devices configured to implement the methods, for anomaly monitoring using context-based sensor output correlation. A computing device may obtain output of a first sensor and may determine that an anomaly is likely to occur based on the obtained output of the first sensor. The computing device may transmit a message indicating that the anomaly is likely to occur, causing receiving computing devices to begin logging output of sensors of the receiving computing devices. The computing device may determine whether the anomaly did occur. If the anomaly did occur, the computing device may transmit a sensor output request. Nearby computing devices may receive this sensor output request and may transmit collected sensor data to the first computing device. The first computing device may receive the sensor output collected by the various receiving devices and may correlate the first sensor output with the received sensor output.
    Type: Grant
    Filed: June 17, 2016
    Date of Patent: May 1, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Seyed Ali Ahmadzadeh, Saumitra Mohan Das, Rajarshi Gupta, Govindarajan Krishnamurthi
  • Patent number: 9954886
    Abstract: The present invention discloses a method and an apparatus for detecting website security. The method includes: performing bypass interception on a network to snatch a hypertext transfer protocol request packet; acquiring a link corresponding to the hypertext transfer protocol request packet; inserting the link into a to-be-scanned queue as a priority task to be scanned if the link is determined to be new; and/or extracting a domain name corresponding to the link, inserting the domain name into the to-be-scanned queue as a priority task to be scanned if the domain name is determined to be new; and performing vulnerability scanning on the task to be scanned in the to-be-scanned queue.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: April 24, 2018
    Assignee: Beijing Qihoo Technology Company Limited
    Inventor: Zhuan Long
  • Patent number: 9954889
    Abstract: Embodiments of the invention are directed towards detecting and identifying malicious code injected into other legitimate web pages. The detection is divided into two processes. The first process is to detect a malicious code string within received web page code using a set of one or more criteria. The criteria include length of the string, as well as whether the string changes between received instances, and the status of the string within the web page code, particularly whether it is encapsulated between scripting tags, or otherwise indicated as being executable. The second process is based on using a proxy that will help in extracting and scanning the decrypted code against any malicious content. In particular, the second phase acts to remove the armour and evasion features that may be built into the malicious code, so that the code may then be inspected by the existing anti-virus or other host intrusion detection system (HIDS) present on the target system.
    Type: Grant
    Filed: March 20, 2013
    Date of Patent: April 24, 2018
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventor: Fadi El-Moussa
  • Patent number: 9953061
    Abstract: Techniques are disclosed for facilitating re-creation of an application collection of a source computing device at a destination computing device. The techniques include receiving a source application identifier indicative of a source application edition, the edition of the application being programmed for a source operating system. The techniques also include receiving an indicator of a destination operating system. The techniques further include determining a source canonical application corresponding to the source application edition based on the source application identifier, the source canonical application being a representative of one or more application editions including the source application edition.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: April 24, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Eric J. Glover, Marshall James Quander
  • Patent number: 9953163
    Abstract: A system configured to detect malware is described. The system configured to detect malware including a data collector configured to detect at least a first hypertext transfer object in a chain of a plurality of hypertext transfer objects. The data collector further configured to analyze at least the first hypertext transfer object for one or more events. And, the data collector configured to generate a list of events based on the analysis of at least the first hypertext transfer object.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: April 24, 2018
    Assignee: Cyphort Inc.
    Inventors: Alexander Burt, Mikola Bilogorskiy, McEnroe Navaraj, Frank Jas, Liang Han, Yucheng Ting, Manikandan Kenyan, Fengmin Gong, Ali Golshan, Shishir Singh
  • Patent number: 9954899
    Abstract: Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: April 24, 2018
    Assignee: A10 NETWORKS, INC.
    Inventors: Lee Chen, Dennis Oshiba, John Chiong
  • Patent number: 9954884
    Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.
    Type: Grant
    Filed: October 23, 2013
    Date of Patent: April 24, 2018
    Assignee: Raytheon Company
    Inventors: Suzanne P. Hassell, Paul F. Beraud, III, Alen Cruz, Gangadhar Ganga, Brian J. Mastropietro, Travis C. Hester, David A. Hyde, Justin W. Toennies, Stephen R. Martin, Frank Pietryka, Niraj K. Srivastava
  • Patent number: 9946871
    Abstract: Architecture that provides a secure environment in which data (e.g., code, instructions, files, images, etc.) can be opened and run by a client application. Once opened the data can be viewed (in a “protected view”) by the user without incurring risk to other client processing and systems. Accordingly, the architecture mitigates malicious attacks by enabling users to preview untrusted and potentially harmful data (e.g., files) in a low risk manner. Files opened in the protected view are isolated from accessing key resources on the client computer and provides the user a safer way to read files that can contain dangerous content. The protected view also provides a seamless user experience. The user is unaware that the client is operating on data in a different mode and allows for the reduction of security prompts.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: April 17, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Vikas Malhotra, Benjamin E. Canning, Daniel B. Jump, David C LeBlanc, Benjamen E. Ross, James Campbell, Brian Carver, Joshua Pollock
  • Patent number: 9948633
    Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.
    Type: Grant
    Filed: October 28, 2015
    Date of Patent: April 17, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Jaydeep Khandelwal, Punit Gupta, Arkesh Kumar
  • Patent number: 9948671
    Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: April 17, 2018
    Assignee: Damballa, Inc.
    Inventors: Roberto Perdisci, Wenke Lee, Gunter Ollmann
  • Patent number: 9948665
    Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.
    Type: Grant
    Filed: June 4, 2015
    Date of Patent: April 17, 2018
    Assignee: International Business Machines Corporation
    Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
  • Patent number: 9948185
    Abstract: A circuit configured for improving the large signal response of a control stage circuit of a switch mode DC/DC power converter by increasing the differential input range of an error amplifier by segmenting and adding an offset to the error amplifier input and output. When a transient is detected, the feedback voltage is offset in multiple segments by multiple offset voltage sources to prevent saturation of the control stage circuit. Counteracting offset voltages are added to an output of an error amplifier to prevent overshoot or undershoot. A feed-forward compensation signal is generated with the amplitude of the signal being clamped to fixed voltage levels between a minimum and a maximum amplitude of the feed-forward compensation signal. The feed-forward compensation signal is added to the output of the error amplifier to produce an output error signal of the control stage circuit configured for controlling the modulating of the switch mode DC/DC power converter.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: April 17, 2018
    Assignee: Dialog Semiconductor (UK) Limited
    Inventor: Naoyuki Unno
  • Patent number: 9940454
    Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier, a first application identifier, and a signature of authorship for the first application to a different computing device.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: April 10, 2018
    Assignee: LOOKOUT, INC.
    Inventors: David Richardson, Ahmed Mohamed Farrakha, William Neil Robinson, Brian James Buck
  • Patent number: 9940934
    Abstract: An adaptive voice authentication system is provided. The adaptive voice authentication system includes an adaptive module configured to compare a feature quality index of the plurality of authentication features and the plurality of enrollment features and dynamically replace and store one or more enrollment features with one or more authentication features to form a plurality of updated enrollment features. The adaptive module is configured to generate an updated enrollment voice print model from the plurality of the updated enrollment features. The adaptive module is further configured to compare the updated enrollment voice print model with the previously stored enrollment voice print model and dynamically update the previously stored enrollment voice print model with the updated enrollment voice print model based on a model quality index.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: April 10, 2018
    Assignee: UNIPHONE SOFTWARE SYSTEMS
    Inventor: Umesh Sachdev