Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 10078750
    Abstract: Social messages sent or posted by users of a social networking service are collected. Compromised social networking accounts are identified from the collected social messages. Keywords indicative of compromised social networking accounts are extracted from social messages of identified compromised social networking accounts. The keywords are used as search terms in a search query for additional social messages. Additional compromised social networking accounts are identified from search results that are responsive to the search query.
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: September 18, 2018
    Assignee: Trend Micro Incorporated
    Inventor: Jonathan James Oliver
  • Patent number: 10079857
    Abstract: Method of forestalling attacks in a network, by slowing down a communication in a network including at least one computer including malware aimed at establishing a communication with a control server. The method includes: reception of a request to transfer data originating from the computer, indicating that the IP address of the security server has been provided to the computer in response to a domain name resolution request including a domain name associated with the IP address of the control server, the domain name being included in a black list; waiting for a smaller duration than an expiry period for a transport protocol transporting packets of the communication, a session being maintained during this expiry period in the event of inactivity; and dispatching a packet including a byte generated pseudo-randomly so as to maintain the session active.
    Type: Grant
    Filed: December 16, 2014
    Date of Patent: September 18, 2018
    Assignee: ORANGE
    Inventors: Karel Mittig, Nicolas Deschamps, Hachem Guerid
  • Patent number: 10075470
    Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.
    Type: Grant
    Filed: April 19, 2013
    Date of Patent: September 11, 2018
    Assignee: NICIRA, INC.
    Inventors: Sachin Mohan Vaidya, Azeem Feroz, Anirban Sengupta, James Christopher Wiese
  • Patent number: 10073968
    Abstract: The disclosed computer-implemented method for classifying files may include (i) identifying a point in time before which there is a non-zero probability that at least one file within a group of files has been classified by a security system, (ii) identifying, within the group of files, a file with a timestamp that indicates the file was created or modified before the point in time, (iii) assign, based on the timestamp of the file, a classification to the file that indicates the file is not trusted, and (iv) perform, by the security system, a security action based on the classification of the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 24, 2016
    Date of Patent: September 11, 2018
    Assignee: Symantec Corporation
    Inventor: Sujit Magar
  • Patent number: 10075462
    Abstract: A transfer of master data is executed in a backend computing system. The master data includes user data and system data. The transfer of master data includes receiving user data associated with a particular user identifier in the backend computing system, transferring the received user data to an event stream processor, receiving system data associated with a particular log providing computing system in the backend computing system, transferring the received user data to the event stream processor, and executing a transfer of log data associated with logs of computing systems connected to the backend computing system.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: September 11, 2018
    Assignee: SAP SE
    Inventors: Harish Mehta, Hartwig Seifert, Thomas Kunz, Anne Jacobi, Marco Rodeck, Florian Kraemer, Björn Brencher, Nan Zhang
  • Patent number: 10069856
    Abstract: The present disclosure generally relates to information security and, more particularly, to systems and methods of comparative evaluation for phishing mitigation. Evaluating the anti-phishing approaches includes: initiating, on a computing device, a phishing attack; initiating, on the computing device, an anti-phishing approach against the phishing attack; and evaluating, using the computing device, different criteria of the anti-phishing approach to determine an overall effectiveness of the anti-phishing approach by applying a comparative framework of evaluation metrics to the different criteria of the anti-phishing approach.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: September 4, 2018
    Assignee: KING ABDULAZIZ CITY FOR SCIENCE AND TECHNOLOGY
    Inventors: Mansour Abdulrahman Alsaleh, Abdulrahman Saad Alarifi
  • Patent number: 10069837
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: September 4, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yaron Lehmann, Yaron Azizi, Itai Novick
  • Patent number: 10069673
    Abstract: According to one aspect, the disclosed subject matter describes herein a method for conducting adaptive event rate monitoring, the method including detecting an occurrence of network events during a span of time defined by a convergence time period and incrementing a counter value for each of a plurality of monitoring segments included in the convergence time period based on when each of the network events are detected within the convergence time period. The method further includes determining a convergence time rate based on counter values associated with each of the monitoring segments included in the convergence time period and calculating an adaptive per-second event rate using the determined convergence time rate.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: September 4, 2018
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Brian John Hassink, Syed Mohsin Reza Zaidi
  • Patent number: 10069857
    Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: September 4, 2018
    Assignee: Splunk Inc.
    Inventor: Munawar Monzy Merza
  • Patent number: 10069823
    Abstract: Indirect access control is performed between a requestor computing device and a requestee computing device. Peer data is transmitted from the requestor to the requestee that asserts that the requestor is trusted by a peer computing device. It is verified that the requestor has a first degree of trust with the peer. Next degree peer data is received from the peer that asserts that the peer is trusted by a next degree peer computing device. It is verified that the peer has a next degree of trust with the next degree peer. A trust score is calculated for the requestor based on the verification of the peer data and the next degree peer data, and an access level is granted to the requestor based on the trust score.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: September 4, 2018
    Assignee: Symantec Corporation
    Inventors: Brian Chong, Keith Newstadt, Sean Doherty
  • Patent number: 10061923
    Abstract: A computing machine that minimizes problems from external files, such as software virus and malware is disclosed. The computing machine has local operations separated from external operations, such that the external files are isolated from the hardware associated with the local operations. The local side hardware may include a Memory One, a Main Memory 3, and a Storage One device. The external side hardware may include a Memory Two, a Main Memory 4, and a Storage Two device. The internal side hardware are not in communication with the external side hardware. Operating system software may be stored in Memory One or in a secure partition of Storage One device. Data from local operations and local application programs may be stored in Storage One device. Internet browsing software may be stored in Memory Two or in a secure partition of Storage Two device.
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: August 28, 2018
    Inventor: Pritam Nath
  • Patent number: 10063570
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: August 28, 2018
    Assignee: SPLUNK INC.
    Inventors: Sudhakar Muddu, Christos Tryfonas, Marios Iliofotou
  • Patent number: 10064203
    Abstract: A first node in a wireless network retransmits a data signal. The node employs a precoder that generates transmit power values from a message to be transmitted and precodes the data signal with the transmit power values before the data signal is retransmitted. A second node receives the retransmitted signal. The second node uses a reference signal processor configured to determine the data signal and a decoder configured to remove the data signal from the received signal. The power values are estimated and processed to decode the information therefrom.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: August 28, 2018
    Assignee: Department 13, Inc.
    Inventors: Steve J. Shattil, Robi Sen
  • Patent number: 10063533
    Abstract: An approach is provided for securing communication between a server computer and a client computer. A first string is sent to the client in response to a request to permit an application being executed by the client computer to access a first function. A second string that includes a parameter of a second function is received. The second string is a result of a conversion of the first string to a command and an execution of the command by the client. The second string is converted into a call to the second function. Using the call, the server executes the second function. Based on a result of the execution of the second function and without requiring an implementation of native code, the server determines whether to (i) permit the application to access the first function or (ii) prevent the application from accessing the first function.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: August 28, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paolo Bianchini, Marco Melillo
  • Patent number: 10057118
    Abstract: A computer implemented method and apparatus for enabling dynamic analytics configuration on a mobile device. generating a mobile application, which mobile application, when executed on a mobile device, includes accessing of instructions for analytics data collection, which instructions are accessed from a location remote from the mobile device executing the mobile application, and which instructions are modifiable without modification to the mobile application, thereby enabling dynamic analytics configuration on the mobile device.
    Type: Grant
    Filed: April 6, 2016
    Date of Patent: August 21, 2018
    Assignee: ADOBE SYSTEMS INCORPORATED
    Inventors: Harpreet Singh, Salil Taneja
  • Patent number: 10057300
    Abstract: Systems and methods are described for managing access of a computing device to services over a mobile network where requests for managed or unmanaged services are translated to corresponding IP addresses sent to the computing device and corresponding requests sent to the translated IP addresses are permitted if the computing device has a valid data plan for using the mobile network, are denied if the computing device does not have a valid data plan and the request corresponds to the first address, and are permitted even if the computing device does not have a valid data plan if the request corresponds to the second address.
    Type: Grant
    Filed: December 10, 2013
    Date of Patent: August 21, 2018
    Assignee: KAJEET, INC.
    Inventors: David Pinto, John Shorey
  • Patent number: 10050792
    Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: August 14, 2018
    Assignee: CLOUDFLARE, INC.
    Inventor: Evan Johnson
  • Patent number: 10051001
    Abstract: Techniques for an efficient and secure store for credentials enforcement using a firewall are disclosed. In some embodiments, a system, process, and/or computer program product for an efficient and secure store for credentials enforcement using a firewall includes receiving a space-efficient and secure data structure, such as bloom filter, from an agent executed on an authentication server, in which the bloom filter is generated by the agent based on a transformation of a plurality of user credentials extracted from the authentication server and/or intercepted at the authentication server; storing the bloom filter on the network device (e.g., in a cache on the network device); and monitoring network traffic at the network device to perform credentials enforcement using the bloom filter.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: August 14, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Robert Earle Ashley, Ho Yu Lam, Xuanyu Jin, Suiqiang Deng, Taylor Ettema, Robert Tesh
  • Patent number: 10048957
    Abstract: A technique for deploying an application in a cloud computing environment includes: collecting, when a user is deploying an application, metadata and instructions on deploying the application, the metadata comprising service metadata, application metadata and topology metadata, wherein the service metadata comprise metadata on a service required for deploying the application, the application metadata comprise metadata on the application, and the topology metadata comprise metadata indicative of a relationship between the service and the application; and storing the collected metadata and instructions as a model for re-deploying the application.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: August 14, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Tong Li, Xin Sheng Mao, Jia Tan, Bo Yang
  • Patent number: 10050938
    Abstract: A firewall system with closed ports configured to reject the data packets and create a readable log of rejected data packets. A port listening processor utilizes multiple daemon processors to receive and process information from the data packets to open ports using the dynamically modifiable port specific data structures.
    Type: Grant
    Filed: October 29, 2015
    Date of Patent: August 14, 2018
    Inventors: Jeffrey H. Moskow, Theodore J. Stefanik
  • Patent number: 10044554
    Abstract: A device may aggregate dropped connection information associated with multiple dropped network connections. The dropped connection information may include at least one of: information associated with a mobile device that experienced a dropped network connection, information associated with a user of the mobile device, information associated with an access point that experienced the dropped network connection, information associated with a network from which the mobile device was dropped, or information that identifies a location associated with the dropped network connection. The device may identify a pattern associated with the multiple dropped network connections based on aggregating the dropped connection information, and may provide reporting information associated with the pattern.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: August 7, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Pranay Bajpai, Nagaraju Manchiraju, Radha Sankaran, Sridhar Jayaprakash, Srinivasa Rao Kella, Wai Kei Michael Lau, Nebyate Endalamaw
  • Patent number: 10044523
    Abstract: According to one aspect, a communication apparatus is provided which is on a LAN and coupled to a server via an external network involving a NAT traversal with a router of the LAN. The communication apparatus is configured to determine a configuration of the router of the LAN; and request the server to transmit a NAT update request packet to the router, which is registered in the server and performs the NAT traversal, when it is determined that the configuration of the router of the LAN is in two or more stages.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: August 7, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Masaya Oda, Ryuichi Ebuchi, Tomokazu Makino, Junji Ono
  • Patent number: 10043010
    Abstract: Techniques of protecting computers from malware involve migrating processes running applications from a first sandbox to a second sandbox. Along these lines, when a computer being protected from malware receives application code over a network, the computer generates a set of processes that runs the application code on a first machine acting as a sandbox. After the set of processes produce a first output on the first machine, the computer migrates the set of processes to a second machine acting as another sandbox. After the set of processes produces a second output on the second machine, the computer grants or denies access to the application code based the second output. Because migration can occur over the entire lifecycle of an application and migration is difficult to detect, migrating processes running malware makes it more difficult for the malware to evade detection.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: August 7, 2018
    Assignee: CYBEREASON
    Inventor: Yonatan Striem-Amit
  • Patent number: 10038618
    Abstract: An event analysis system receives events in a time-series from a set of monitored systems and identifies a set of alert threshold values for each of the types of events to identify outliers in the time-series at an evaluated time. Portions of historic event data is selected to identify windows of event data near the evaluated time at a set of seasonally-adjusted times to predict the value of the event type. The alert threshold value may also account for a prediction based on recent, higher-frequency events. Using the alert threshold values for a plurality of event types, the event data is compared with the alert threshold values to determine an alert level for the data. The event data types are also clustered and displayed with the alert levels to provide a visualization of the event data and identify outliers when the new event data is received.
    Type: Grant
    Filed: October 9, 2017
    Date of Patent: July 31, 2018
    Assignee: UBER TECHNOLOGIES, INC.
    Inventors: Franziska Bell, David Purdy, Laszlo Korsos, Shan He
  • Patent number: 10038702
    Abstract: Threat detection is improved by monitoring variations in observable events and correlating these variations to malicious activity. The disclosed techniques can be usefully employed with any attribute or other metric that can be instrumented on an endpoint and tracked over time including observable events such as changes to files, data, software configurations, operating systems, and so forth. Correlations may be based on historical data for a particular machine, or a group of machines such as similarly configured endpoints. Similar inferences of malicious activity can be based on the nature of a variation, including specific patterns of variation known to be associated with malware and any other unexpected patterns that deviate from normal behavior. Embodiments described herein use variations in, e.g., server software updates or URL cache hits on an endpoint, but the techniques are more generally applicable to any endpoint attribute that varies in a manner correlated with malicious activity.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: July 31, 2018
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Kenneth D. Ray, Mark D. Harris
  • Patent number: 10033617
    Abstract: A system and method for triggering on platform usage can include at a platform, receiving and storing a trigger configuration of an account; operating a platform comprising internally executing a process on behalf of an account and publishing at least one event when executing the process; at the platform, incrementing a counter in response to the at least one event and if the stored trigger configuration species a usage key associated with a category of counted events of the at least one event; monitoring counters in a context of an associated trigger; and processing the trigger upon the counter satisfying condition of an associated trigger.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: July 24, 2018
    Assignee: Twilio, Inc.
    Inventors: Evan Cooke, Timothy Milliron, Adam Ballai, Robert C. Hagemann, III, Matthew D. Nowack
  • Patent number: 10033756
    Abstract: A trust management system may be configured to compute a trust level for a compute resource based on a trust manifest corresponding to compute resource. Based on the construction of a trust manifest for each class of compute resources, a trust level may be computed for a wide range of compute resources, including bare-metal hosts, hypervisor hosts, virtual machines and containers. A trust manifest may specify one or more inputs for calculating the trust level, as well as how the inputs are to be processed to arrive at the trust level. The one or more inputs may include integrity measurements determined in accordance with one or more integrity measurement methods and security assessments determined in accordance with one or more security assessment methods. The inputs for the trust level calculation may be evaluated by one or more rule statements specified in the trust manifest, the evaluation of which returns the trust level for the compute resource.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: July 24, 2018
    Assignee: HyTrust, Inc.
    Inventors: Govindarajan Rangarajan, Hemma Prafullchandra, Sean Patrick Murphy, Laxmana Kumar Bhavandla
  • Patent number: 10031898
    Abstract: Systems and methods for a domain split display are provided. A first request call directed to a first domain is received. In response, a first response is transmitted to a client device, which causes generation of a parent page comprising a content iframe that is a child frame of the parent page. The parent page is associated with the first domain and the content iframe is associated with a second domain. A second request call directed to a second domain is received and a second response is transmitted to the client device. The second response causes a plurality of grandchild iframes to be generated within the content iframe, whereby a first grandchild iframe is associated with the first domain and a second grandchild iframe is associated with the second domain. The plurality of grandchild iframes are sibling iframes at a same level that are enabled to communicate with each other regardless of domain.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: July 24, 2018
    Assignee: eBay Inc.
    Inventors: Matthew Jaquish, Nancy Silverstein, Ari Shapiro, Krithivasan Nagarajan, Sudhakar Chintu, Hui Chen Vivian Lee, Hemal Doshi
  • Patent number: 10033625
    Abstract: A technique for loop avoidance in repeater networks involves a first repeater, having a first node number or a first weight, connecting to a second repeater with the second repeater being a child node of the first repeater. The first repeater assigns a second node number or the first weight to the second repeater. At least a portion of the second node number of the second repeater includes the first node number of the first repeater. At least a portion of the first node number includes a node number that is an identification unique to one of a plurality of repeaters as a root node in a tree structure formed by at least some of the repeaters including the first and the second repeaters. Loops may be avoided by comparing the weights of two nodes in a repeater network that attempt to establish connection between nodes having the same weight.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: July 24, 2018
    Assignee: MediaTek Singapore Pte. Ltd.
    Inventors: Raghav Monga, Amit Kumar Shakya, Prakhar Vig, Hasan Ali Stationwala
  • Patent number: 10027696
    Abstract: According to one embodiment, an electronic device features processing circuitry and memory that includes a first logic and a second logic. When executed by the processing circuitry, the first logic organizes (i) a first plurality of indicators of compromise (IOCs) received from a first source, where the first plurality of IOCs being caused by a known origin of a malicious attack, and (ii) one or more IOCs received from a second source that is different from the first source and an origin of the one or more IOCs is unknown. The second logic conducts a predictive analysis that evaluates whether the one or more IOCs have at least a degree of correlation with the first plurality of IOCs, and determines a threat level. The threat level signifies a degree of confidence that IOCs received from the second source are caused by the known origin of the first plurality of IOCs.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: July 17, 2018
    Assignee: FireEye, Inc.
    Inventors: Alexandr Rivlin, Divyesh Mehra, Henry Uyeno, Vinay Pidathala
  • Patent number: 10027627
    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: July 17, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Hari Shankar, Constantinos Kleopa, Venkatesh N. Gautam, Gerald N. A. Selvam
  • Patent number: 10020941
    Abstract: Techniques related to virtual encryption patching are described. A security gateway includes multiple Transport Layer Security Implementations (TLSI) that can be used for creating secure communications channels to carry application-layer traffic between one or more clients and one or more server applications. In some embodiments, upon determining that one of the multiple TLSIs contains a security vulnerability, that TLSI can be disabled, leaving one or more others of the multiple TLSIs enabled and available to be used to carry traffic of new connections between the clients and server applications.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: July 10, 2018
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Itsik Mantin, Nadav Avital, Offir Zigelman, Oren Brezner, Dmitry Babich
  • Patent number: 10021051
    Abstract: Methods and apparatus related to determining non-textual reply content for a reply to an electronic communication and providing the non-textual reply content for inclusion in the reply. Some of those implementations are directed to determining, based on an electronic communication sent to a user, one or more electronic documents that are responsive to the electronic communication, and providing one or more of those electronic documents for inclusion in a reply by the user to the electronic communication. For example, the electronic documents may be automatically attached to the reply and/or link(s) to the electronic documents automatically provided in the reply.
    Type: Grant
    Filed: January 1, 2016
    Date of Patent: July 10, 2018
    Assignee: GOOGLE LLC
    Inventors: Balint Miklos, Ijeoma Emeagwali, Phillip Sharp, Prabhakar Raghavan
  • Patent number: 10021509
    Abstract: Methods, apparatus, systems and articles of manufacture to provide an update via a satellite connection are disclosed. An example method includes scanning a local area network to identify a device in communication with the local area network. A hardware address of the device is determined. The hardware address of the device is compared against a whitelist of hardware addresses included in an update schedule. In response to detecting that the hardware address of the device is included in the whitelist of hardware addresses, an update identified in the update schedule is received via a broadcast distribution system, is recorded, and is transmitted to the device.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: July 10, 2018
    Assignee: AT&T Mobility II LLC
    Inventor: Arthur Richard Brisebois
  • Patent number: 10013568
    Abstract: To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: July 3, 2018
    Assignee: DROPBOX, INC.
    Inventor: Anton Mityagin
  • Patent number: 10013729
    Abstract: Groups of users of a social networking system are categorized based on their association with a type of malicious activity. A set of predetermined malicious groups is identified. Users associated with the malicious groups are selected based on their level of interactions with the malicious groups. Other groups associated with the selected users are identified as being potentially malicious groups. The potentially malicious groups are further analyzed based on occurrences of keywords associated with the type of malicious activity and manual verification by experts. The potentially malicious groups are either classified as being malicious or non-malicious or assigned a score based on their likelihood of being associated with the type of malicious activity. The methods and system disclosed can be used for categorizing other types of social network objects based on their association with a type of malicious activity, for example, users, events, and content.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: July 3, 2018
    Assignee: Facebook, Inc.
    Inventors: Daniel Leon Kelmenson, David Stewart Willner
  • Patent number: 10015140
    Abstract: System, method and program product for managing a security policy of a firewall. The firewall receives a message packet addressed to a specified port of a destination IP address and determines that the firewall does not have a message flow rule which permits passing of the message packet to the port. The port is tested to determine if the port is open. If so, an administrator is queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. If not, an administrator is not queried whether the firewall should have a message flow rule which permits passing of the message packet to the port. There may be first and second firewalls located between the source IP address and destination IP address. Before the port is tested, a central database is checked to learn if the central database has a record of whether the first firewall should have a message flow rule which permits passing of the message packet to the port.
    Type: Grant
    Filed: February 3, 2005
    Date of Patent: July 3, 2018
    Assignee: International Business Machines Corporation
    Inventor: Andrew John Bernoth
  • Patent number: 10015191
    Abstract: Methods and systems for detecting fraudulent activity are described. A user types in a web address in his or her browser to request a webpage from a server, and the server communicates the webpage to the user. The communicated webpage includes a document object model (DOM) inspector and/or a JavaScript (JS) namespace inspector. The DOM inspector and JS namespace inspector detect anomalous DOM elements and anomalous JS namespace elements respectively. The DOM inspector and JS namespace inspector discover objects on the rendered webpage that should not be there.
    Type: Grant
    Filed: September 18, 2013
    Date of Patent: July 3, 2018
    Assignee: PAYPAL, INC.
    Inventors: Jeremy Dale Pickett, Brad Wardman
  • Patent number: 10015193
    Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: July 3, 2018
    Assignee: TOPSPIN SECURITY LTD
    Inventors: Doron Kolton, Rami Mizrahi, Manor Hemel, Omer Zohar
  • Patent number: 10013213
    Abstract: An apparatus comprises at least a first container host device implementing a plurality of containers, a storage platform coupled to the first container host device and implementing storage resources for utilization by the containers, and a container storage controller associated with the first container host device. The container storage controller is configured to provision portions of the storage resources for respective ones of the containers including for each of the containers at least one storage volume. The provisioned storage volume for a given one of the containers is partitioned into at least a data storage volume and a state storage volume, with the data storage volume being configured to store data for at least one application running in the given container, and the state storage volume being configured to store state information of the given container for use in migrating the given container from the first container host device to a second container host device.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: July 3, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Keerthana Suresh, Vaibhav Khanduja, Ashish Mehrotra
  • Patent number: 10015194
    Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: July 3, 2018
    Assignee: VOTIRO CYBERSEC LTD.
    Inventors: Aviv Grafi, Itay Glick
  • Patent number: 10015182
    Abstract: The disclosed computer-implemented method for protecting computing resources may include (i) computing a degree of commonality between pairs of users within a file sharing system based on which files the users accessed over a period of time, (ii) building a social graph that indicates at least one edge between members of an instance of the pairs of users, (iii) computing an anomaly score for a user within the instance of the pairs of users, (iv) detecting that the anomaly score deviates, according to a statistical measurement, from historical anomaly scores computed for the same user, and (v) performing, in response to detecting that the anomaly score deviates from the historical anomaly scores, a protective action to protect computing resources from anomalous behavior by the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: July 3, 2018
    Assignee: Symantec Corporation
    Inventors: Saurabh Shintre, Aleatha Parker-Wood
  • Patent number: 10012693
    Abstract: A system on chip (SoC) is provided. The system on chip includes a multiprocessor that includes multiple processors, a debugging controller that includes a debug port and retention logic configured to store an authentication result of a secure joint test action group system, and a power management unit configured to manage power supplied to the multiprocessor and the debugging controller. The power management unit changes the debug port and the retention logic into an alive power domain in response to a debugging request signal.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: July 3, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Minsoo Lim, Sungjae Lee
  • Patent number: 10009266
    Abstract: One embodiment provides a system for facilitating efficient communication of a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and a first nonce, wherein the first packet indicates a set of member interests, wherein a member interest has a name. In response to not obtaining a matching entry in a pending interest table based on the name for the first packet, the system creates a new entry in the pending interest table, wherein an entry includes a second nonce, a reference count, and a set of arrival nonces and corresponding arrival interfaces. The system sets the new entry's second nonce to a new nonce, and sets the new entry's reference count to a number of member interests indicated in the first packet. The system forwards the first packet, wherein the first nonce is replaced with the new nonce.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: June 26, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Christopher A. Wood, Glenn C. Scott
  • Patent number: 10007789
    Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: June 26, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hyun Joo Kim, Jong Hyun Kim, Ik Kyun Kim
  • Patent number: 10009362
    Abstract: Provided herein are systems and methods for targeted attack protection using predictive sandboxing. In exemplary embodiments, a method includes retrieving a URL from a message of a user and performing a preliminary determination to see if the URL can be discarded if it is not a candidate for sandboxing. The exemplary method includes computing a plurality of selection criteria factors for the URL if the URL passes the preliminary determination, each selection criteria factor having a respective factor threshold. The method can further include determining if any of the selection criteria factors for the URL exceeds the respective factor threshold for the respective selection criteria factor. Based on the determining, if any of the selection criteria factors exceeds the factor threshold for the selection criteria factor, the exemplary method includes automatically placing the URL in a sandbox for analysis.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: June 26, 2018
    Assignee: Proofpoint, Inc.
    Inventors: Steven Robert Sandke, Bryan Burns
  • Patent number: 10002249
    Abstract: Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, a method for outputting data based on anomaly detection is provided, the method comprising: receiving, using a hardware processor, an input dataset; identifying grams in the input dataset that substantially include distinct byte values; creating an input subset by removing the identified grams from the input dataset; determining whether the input dataset is likely to be anomalous based on the identified grams, and determining whether the input dataset is likely to be anomalous by applying the input subset to a binary anomaly detection model to check for an n-gram in the input subset; and outputting the input dataset based on the likelihood that the input dataset is anomalous.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: June 19, 2018
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J Stolfo, Ke Wang, Janak Parekh
  • Patent number: 10003606
    Abstract: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: June 19, 2018
    Assignee: Symantec Corporation
    Inventors: Kevin Alejandro Roundy, Michael Hart, Christopher Gates
  • Patent number: 9998592
    Abstract: A system, method, and computer readable medium for establishing communication between two devices comprises connecting, by a first computer, to an open source Private Branch Exchange (PBX) platform via a port, receiving a phone number sent by a first one of the two devices at the open source PBX platform, invoking an interface module by the open source PBX platform, where the interface module resides on the open source PBX platform, and building a Calling Name request by the interface module related to the received phone number.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: June 12, 2018
    Assignee: Open Invention Network LLC
    Inventor: Kevin V. Nguyen
  • Patent number: 9998468
    Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams