Monitoring Or Scanning Of Software Or Data Including Attack Prevention Patents (Class 726/22)
  • Patent number: 9866542
    Abstract: A system and method of responding to unauthorized electronic access to a vehicle includes: receiving data indicating unauthorized electronic access to electronic hardware in the vehicle; initiating an electronic hardware countermeasure in response to the unauthorized electronic access; generating a command set that instructs at least a portion of the electronic hardware to implement the electronic hardware countermeasure; and communicating the command set to the portion of the electronic hardware.
    Type: Grant
    Filed: January 28, 2015
    Date of Patent: January 9, 2018
    Assignee: GM Global Technology Operations
    Inventors: Kevin M. Baltes, Thomas M. Forest, Joseph E. Ploucha
  • Patent number: 9866577
    Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.
    Type: Grant
    Filed: May 7, 2012
    Date of Patent: January 9, 2018
    Assignee: ORANGE
    Inventors: Sylvie Laniepce, Fabien Bignon, Karel Mittig
  • Patent number: 9864660
    Abstract: The backup management system includes a storage device that retains a location management table that stores therein at least one of position specifying information uniquely specifying a location provided by a computer resource in each cloud service and an area specifying information specifying a predetermined area including the location provided without uniquely specifying the location provided, and a processing device configured to perform a process of receiving a designation related to a computer resource as a backup target and a backup requirement, from a user of the cloud service, and a process of specifying as a backup destination a computer resource that has a position relation with the computer resource as the backup target satisfying the backup requirement, based on a designation from the user and at least one of the position specifying information and the area specifying information.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: January 9, 2018
    Assignee: Hitachi, Ltd.
    Inventors: Yuki Naganuma, Yuichi Taguchi
  • Patent number: 9865102
    Abstract: A system and method to preserve the integrity of data being extracted from an electronic data recorder (“EDR”) of an electronic control module (“ECM”) makes use of a forensic link adapter and, optionally, a sensor simulator (when ECM is out of the vehicle). The forensic link adapter has one or more first microprocessors and a first software means which prevent any message being sent by an external network from corrupting the previously recorded data measurements. The data measurements are then extracted, verified, and stored in a separate file. The sensor simulator has one or more second microprocessors, a second software means, and a bank of resistors that mimic sensors normally in communication with the ECM. The simulator “tricks” the ECM into thinking it is still in the vehicle by using the replicating vehicle system values the ECM normally sees when in the vehicle.
    Type: Grant
    Filed: April 10, 2014
    Date of Patent: January 9, 2018
    Assignee: The University of Tulsa
    Inventors: Jeremy Daily, James Johnson, Andrew Kongs, Jose Corcega
  • Patent number: 9867051
    Abstract: A system and method of verifying integrity of software for verifying the integrity of software installed on a mobile terminal is provided. The system includes the mobile terminal configured to transmit mobile terminal information including a first software hash value and a software identification (ID) with respect to the software, and an office trust software monitor server configured to transmit the software ID transmitted from the mobile terminal to a software publishing server, receive a second software hash value with respect to the software corresponding to the software ID from the software publishing server, compare the first software hash value and the second software hash value, and verify the integrity of the software.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: January 9, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Su Wan Park, Geon Lyang Kim, Kyung Soo Lim, Jae Deok Lim, Jeong Nyeo Kim
  • Patent number: 9858415
    Abstract: Methods, systems, and computer program products are provided for recovering from false positives of malware detection. Malware signatures that are defective may be causing false positives during software scanning for malware. Such defective malware signatures may be detected (e.g., by user feedback, etc.) and revoked. Computers that are using the malware signatures to detect malware may be notified of the revoked signatures, and may be enabled to re-scan content identified as containing malware using malware signatures that do not include the revoked malware signatures. As such, if the content is determined during the re-scan to not be infected, the content may be re-enabled for usage on the computer (e.g., may be restored from quarantine storage).
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: January 2, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Michael Jarrett, Vishal Kapoor, Charles Turner, Joseph Johnson, Jason J. Joyce
  • Patent number: 9860270
    Abstract: Disclosed are a system and method for determining web pages modified with malicious code. An example method includes: intercepting an attempt to access a website; selecting, by a processor, one or more malicious software configuration files based on the intercepting of the attempt to access the website; creating a verification web page based on one or more code fragments from the selected one or more malicious software configuration files; opening the verification web page; and determining, by the processor, whether malicious code has been injected into the opened verification web page.
    Type: Grant
    Filed: June 24, 2016
    Date of Patent: January 2, 2018
    Assignee: AO KASPERSKY LAB
    Inventors: Vladimir A. Kuskov, Alexander A. Romanenko, Oleg V. Kupreev
  • Patent number: 9858413
    Abstract: A virus detection engine determines that a file is suspected of being malware. A property is retrieved, along with the same file property of other executable files within the same folder. If the property value is similar to property values of the other files then the suspect file is benign. If the number of matches is greater than a threshold then the suspect file is benign. Other file properties of the suspect file are compared. If no file properties are similar to properties of the other files then the suspect file is malware and an alert is generated. The longest common subsequence compares property values. The same property value may be added to files within the same folder after these files are installed on the computer but before any detection takes place. A comparison of the same property values concludes that files are not malware, even if they are suspect.
    Type: Grant
    Filed: July 3, 2013
    Date of Patent: January 2, 2018
    Assignee: TREND MICRO INC.
    Inventors: Wei Zuo, Weimin Wu, Tao Shen
  • Patent number: 9860263
    Abstract: A server receives from a mobile communication device information about a data object (e.g., application) on the device when the device cannot assess the data object. The server uses the information along with other information stored at the server to assess the data object. Based on the assessment, the device may be permitted to access the data object or the device may not be permitted to access the data object. The other information stored at the server can include data objects known to be bad, data objects known to be good, or both.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: January 2, 2018
    Assignee: LOOKOUT, INC.
    Inventors: Kevin Patrick Mahaffey, James David Burgess, David Golombek, Timothy Micheal Wyatt, Anthony McKay Lineberry, Kyle Barton, Daniel Lee Evans, David Luke Richardson, Ariel Salomon
  • Patent number: 9846775
    Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.
    Type: Grant
    Filed: March 5, 2015
    Date of Patent: December 19, 2017
    Assignee: Minerva Labs Ltd.
    Inventors: Eduard Bobritsky, Erez Breiman, Omri Moyal
  • Patent number: 9846780
    Abstract: Techniques for providing computer security vulnerability intelligence are disclosed. The techniques include obtaining distributable vulnerability data that includes, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, where the distributable vulnerability data was derived from an intelligence graph including a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges.
    Type: Grant
    Filed: February 25, 2015
    Date of Patent: December 19, 2017
    Assignee: Accenture Global Solutions Limited
    Inventors: Trevor Tonn, Ray-yu Chang
  • Patent number: 9848010
    Abstract: Systems and methods for identifying and remediating malware-compromised mobile devices are disclosed. A computer-implemented method includes accessing, by a computing device, malware risk data; determining, by the computing device, a mobile device is at risk from malware based on the malware risk data; identifying, by the computing device, a set of connections of a user of the mobile device, wherein each connection in the set of connections is associated with a user computer device; identifying, by the computing device, at least one user computer device from the set of connections at risk from the malware; and outputting, by the computer device, a malware notification for the mobile device at risk and at least one user computer device at risk.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: December 19, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Anne L. Bolgert, Richard J. Cohen, Miguel Sang, Krishna K. Yellepeddy
  • Patent number: 9842208
    Abstract: A method, apparatus and system for detecting a malicious process behavior. A detection apparatus monitors a process to obtain behavior information about a target process behavior, and then sends the behavior information to a server, which determines whether the target process behavior is a malicious process behavior. The detection apparatus can receive first operation indication information returned by the server according to a detection result of the target process behavior, and perform an operation on the target process behavior according to the first operation indication information. The target process behavior is subjected to a comprehensive detection by the server according to the behavior information, rather than depending on a specified feature analysis of a single sample of the target process behavior by the detection apparatus, so that malicious process behavior can be detected in time, thereby improving the security performance of the system.
    Type: Grant
    Filed: December 29, 2014
    Date of Patent: December 12, 2017
    Assignee: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Yinming Mei, Yizhi Xie, Huaming Yue, Hanzhong Hu, Tingli Bi
  • Patent number: 9843594
    Abstract: The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: December 12, 2017
    Assignee: Symantec Corporation
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 9836757
    Abstract: A data visualization method and a data visualization device. The data visualization method includes the following steps: capturing a clickstream that includes a plurality of click data; generating a similarity value for each of the plurality of click data by comparing a first sequential segment of each of the plurality of click data with a segment pattern; capturing the click data having the maximum similarity among the plurality of click data and capturing a second sequence segment of each of the click data having the maximum similarity; visualizing the second sequential segments in a 2D space to present the visualized sequence data of each of the second sequence segments, and setting a position of the click data, having the maximum similarity, in the visualized sequence data to be at a datum point in a first dimension of the 2D space.
    Type: Grant
    Filed: April 15, 2016
    Date of Patent: December 5, 2017
    Assignee: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE
    Inventor: Tan-Chi Ho
  • Patent number: 9838405
    Abstract: The disclosed computer-implemented method for determining types of malware infections on computing devices may include (1) identifying multiple types of security events generated by a group of endpoint devices that describe suspicious activities on the endpoint devices, each of the endpoint devices having one or more types of malware infections, (2) determining correlations between each type of security event generated by the group of endpoint devices and each type of malware infection within the group of endpoint devices, (3) identifying a set of security events generated on a target endpoint device that potentially has a malware infection, and (4) detecting, based on both the set of security events generated on the target endpoint device and the correlations between the types of malware infections and the types of security events, at least one type of malware infection likely present on the target endpoint device.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: December 5, 2017
    Assignee: Symantec Corporation
    Inventors: Fanglu Guo, Kevin Roundy
  • Patent number: 9838426
    Abstract: A device comprises a processor. The processor is configured to generate a first signal using a first communication protocol. The first signal corresponds to data received by the processor. The processor is configured to generate a second signal using a second communication protocol. The second signal comprises fabricated data generated by the processor. Additionally, the processor is configured to transmit the first signal. The processor is also configured to transmit the second signal.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: December 5, 2017
    Assignee: General Electric Company
    Inventor: Matthew Richard Schwartz
  • Patent number: 9838394
    Abstract: A resource-access management system detects whether a user is authorized to access resources. The system may include a user device being configured to include a sensor that detects sensor data associated with the user. Further, the system includes a client qualification engine that determines whether or not a client is authorized to access the resources by comparing the sensor data with a plurality of patterns for evaluating whether or not the user is an authorized user. User scores are generated based on the compared sensor data and the plurality of patterns. Further, a composite score corresponding to the user is generated using the sensor data, plurality of patterns, and one or more additional criteria. Whether the user is granted access to the resources, presented with unauthorized user tests, or blocked from access to the resources depends on the composite score and threshold values.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: December 5, 2017
    Assignee: Live Nation Entertainment, Inc.
    Inventors: Fengpei Du, Michael Lane, Kenneth Ives-Halperin
  • Patent number: 9830452
    Abstract: The invention discloses a scanning device, a cloud management device, a method and system for checking and killing a malicious program.
    Type: Grant
    Filed: November 29, 2013
    Date of Patent: November 28, 2017
    Assignee: Beijing Qihoo Technology Company Limited
    Inventors: Aijun Jiang, Zhifeng Liu, Qinglong Kong, Bo Zhang, Tong Yao
  • Patent number: 9830431
    Abstract: A method for protecting digital media content from unauthorized use on a client, is described. The method comprising the steps of receiving from a server on the client a list of processes, instructions, activity descriptions or data types that must not be active simultaneously with playback of the digital media content (“the blacklist”). The method further comprising checking, on the client, for the presence of any items on the list; and continuing interaction with the server, key management and playback of protected content only if no items on the list are detected on the client. A system is also described.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: November 28, 2017
    Assignee: GOOGLE TECHNOLOGY HOLDINGS LLC
    Inventors: Anton Valerievich Koukine, Owen Michael Means, Sean Joseph Higgins, Paul Osborne
  • Patent number: 9832209
    Abstract: A computer-implemented method for managing network security may include identifying a set of trusted Internet domains, identifying traffic information that indicates Internet traffic volume for each trusted Internet domain in the set of trusted Internet domains, and analyzing the traffic information to select, from the set of trusted Internet domains, a subset of trusted Internet domains that each have higher Internet traffic volume than one or more other trusted Internet domains in the set of trusted Internet domains. The method may also include including the selected subset of trusted Internet domains in an Internet domain whitelist. The method may further include configuring a network gateway system to perform a less intensive scan on Internet traffic that originates from an Internet domain identified in the Internet domain whitelist than on traffic that originates from other Internet domains. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 10, 2013
    Date of Patent: November 28, 2017
    Assignee: Symantec Corporation
    Inventors: Shaun Cooley, Jeffrey Wilhelm
  • Patent number: 9830453
    Abstract: A system for detecting unusual code operating in a browser agent comprises a processor and a memory. The processor is to: determine that a block of code is running on a web page; parse the block of code into a parsed template; obtain indicia associated with the block of code; and determine that the parsed template is unusual based at least in part on the parsed template and the indicia. The memory is coupled with the processor and is configured to provide the processor with instructions.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: November 28, 2017
    Assignee: tCell.io, Inc.
    Inventors: Michael Feiertag, Garrett Held, Blake Livingston
  • Patent number: 9832210
    Abstract: The disclosure discloses a multi-core browser and a method for intercepting a malicious network address in a multi-core browser, wherein a malicious network address determining module is arranged in the multi-core browser. The method comprises: obtaining URL information of a webpage currently requested to be loaded; after determining a core for rendering the webpage to be loaded according to the URL information, initiating a request to the malicious network address determining module arranged at the multi-core browser side for judging whether a network address is a malicious network address; and intercepting loading access to a network address which is determined as a malicious network address at the multi-core browser side.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: November 28, 2017
    Assignee: BEIJING QIHOO TECHNOLOGY COMPANY LIMITED
    Inventors: Yongjian Cai, Zhigang Wang, Huan Ren
  • Patent number: 9832204
    Abstract: There is provided a method and system for managing security compatibility of electronic content. The method includes: receiving electronic content; parsing the electronic content into one or more elements; determining a content security profile of the electronic content; determining an element security profile of the one or more elements of the electronic content; determining whether the element security profile of the one or more elements is compatible with the content security profile; and for each of the one or more elements: if the element security profile is not compatible with the content security profile, modifying the element to have a compatible element security profile, otherwise, not modifying the element.
    Type: Grant
    Filed: September 19, 2014
    Date of Patent: November 28, 2017
    Assignee: D2L Corporation
    Inventors: Brian Cepuran, Ali Ghassemi, Nicholas Dingle, Jeffrey Geurts, David Lockhart, Matthew Campbell, Jeffrey Avis, David Batiste, Victor Sumner, Rylan Cottrell, Sean Yo, Johnson Hsu, Eric Xu
  • Patent number: 9832214
    Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: November 28, 2017
    Assignee: Cybereason Inc.
    Inventors: Yonatan Striem Amit, Elan Pavlov
  • Patent number: 9825976
    Abstract: A non-transitory computer readable storage medium having stored thereon instructions executable by a processor to perform operations including: responsive to determining that a correlation between a representation of the first portion of network traffic and a representation of a known exploit kit results in a score above a first prescribed score value, classifying the representation of the first portion of the received network traffic into an exploit kit family corresponding to the representation the known exploit kit; and responsive to determining that the score is below the first prescribed score value and above a second prescribed score value, (i) analyzing the representation of the first portion of the received network traffic, and (ii) processing, within a virtual machine, a second portion of the received network traffic to determine whether processing of the received network traffic results in behavior indicative of an exploit kit is shown.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: November 21, 2017
    Assignee: FireEye, Inc.
    Inventors: Joshua Lewis Gomez, Abhishek Singh
  • Patent number: 9824225
    Abstract: Methods, apparatus and articles of manufacture for protecting virtual machines processing sensitive information are provided herein. A method includes processing a request for uninterrupted virtual machine execution of a designated section of code by a first virtual machine; enabling uninterrupted virtual machine execution of the designated section of code by the first virtual machine on a selected core of a central processing unit based on said request; and disabling said uninterrupted virtual machine execution of the designated section of code by the first virtual machine based on an indication that the first virtual machine completed execution of the designated section of code.
    Type: Grant
    Filed: September 20, 2013
    Date of Patent: November 21, 2017
    Assignee: EMC IP Holding Company LLC
    Inventor: Robert M. Polansky
  • Patent number: 9824332
    Abstract: A system comprises connection handler circuitry and privacy enforcement circuitry of a first email subsystem. The connection handler circuitry is operable to receive the email message from a mail user agent. The privacy enforcement circuitry is operable to, after the reception of the email message by the connection handler circuitry and before relaying of the email message to a second email subsystem: detect tracking code in the email message; and replace the detected tracking code with replacement content. The connection handler circuitry is operable to send the email message to the second email subsystem after the replacement of the detected tracking code in the email message. The tracking code may comprise a first uniform resource locator (URL), and the replacement content may comprise a second URL.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: November 21, 2017
    Inventors: Paul R Everton, Chad M Gilles, Tian Wang
  • Patent number: 9826100
    Abstract: Various of the disclosed embodiments concern computer systems, methods, and programs for brokering logins to software as a service (SaaS) applications and tracking usage of the SaaS applications. First, a user, e.g. employee of an enterprise, logs into a SaaS usage proxy using a first set of credentials. The first set of credentials is known by the user, e.g. preexisting credentials for an enterprise-wide authentication system. Once a SaaS application is selected by the user, the SaaS usage proxy logs into the SaaS application using a second set of credentials. However, the second set of login credentials is encrypted and not known by the user, which causes the SaaS application to be accessible only through the SaaS usage proxy. This allows the SaaS usage proxy to monitor all usage of the SaaS application, even if multiple network-accessible devices are used to log into the SaaS usage proxy.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: November 21, 2017
    Assignee: Flexera Software LLC
    Inventors: Paul Hughes, Peter Westhorp, Peter Allfrey, Eddie Sholl
  • Patent number: 9824198
    Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: November 21, 2017
    Assignee: DocuSign, Inc.
    Inventors: Ashley Carroll, Michael Strickland, Thomas H. Gonser, Donald G. Peterson, Douglas P. Rybacki
  • Patent number: 9817976
    Abstract: Various embodiments are generally directed to techniques for detecting malware in a manner that mitigates the consumption of processing and/or storage resources of a processing device. An apparatus may include a first processor component of a processing device to generate entries in a chronological order within a first page modification log maintained within a first storage divided into multiple pages, each entry to indicate a write access made by the first processor component to a page of the multiple pages; a retrieval component of a graphics controller of the processing device to recurringly retrieve indications from the first page modification log of at least one recently written page of the multiple pages; and a scan component of the graphics controller to recurringly scan the at least one recently written page to detect malware within the at least one recently written page.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: November 14, 2017
    Assignee: INTEL CORPORATION
    Inventors: Michael Lemay, David M. Durham
  • Patent number: 9819691
    Abstract: A disclosed network monitoring method includes: obtaining, by a first apparatus, packets from a node outside a network to a first terminal in the network, and packets from the first terminal to a second terminal in the network; transmitting, by the first apparatus and to a third apparatus, information on first plural packets that satisfy a first condition; obtaining, by a second apparatus, packets from the first terminal to the second terminal, and packets from the second terminal to the node; transmitting, by the second apparatus and to the third apparatus, information on second plural packets that satisfy a second condition; receiving, by the third apparatus, the information on the first and second plural packets; and determining, by the third apparatus, whether an attack from outside the network occurred, based on whether a same packet is included in the first and second plural packets.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: November 14, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Masahiro Yamada, Masanobu Morinaga
  • Patent number: 9817968
    Abstract: Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine.
    Type: Grant
    Filed: October 31, 2012
    Date of Patent: November 14, 2017
    Assignee: Unisys Corporation
    Inventors: Ralph Farina, Ted Hinaman, Robert A. Johnson, Steven Rajcan, James Trocki, Mark Vallevand
  • Patent number: 9813369
    Abstract: Tracking messages in a mentoring environment includes presenting to a reviewer a computer-based activity tracking form that is populated with data from an underlying relational database. The underlying relational database includes a content of e-mail messages addressed to an adult mentor and a content of e-mail messages addressed to a juvenile protégé. The underlying relational database also includes a status of e-mail messages between the adult mentor and juvenile protégé as determined by an e-mail interceptor. A status of an e-mail, between the adult mentor and the juvenile protégé, which has been intercepted by the e-mail monitor is displayed. In response to a displayed status indicating that the e-mail has not been reviewed, transmission of the e-mail to an intended recipient is blocked. In response to the displayed status indicating that the e-mail has been reviewed, transmission of the e-mail to the intended recipient is enabled.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: November 7, 2017
    Assignee: International Business Machines Corporation
    Inventor: Stella Lee Taylor
  • Patent number: 9813454
    Abstract: A cybersecurity training system uses lures and training actions to help train a user of an electronic device to recognize and act appropriately in situations that could compromise electronic device security. The system includes a library of cybersecurity training actions and a library of brand items. The system retrieves a template for a cybersecurity training action from the first library, automatically modifies the retrieved template to include a brand or branded content from the second library, and causes the cybersecurity training action according to the modified template instantiated with the branded content to be sent to the user's electronic device.
    Type: Grant
    Filed: June 17, 2016
    Date of Patent: November 7, 2017
    Assignee: WOMBAT SECURITY TECHNOLOGIES, INC.
    Inventors: Norman Sadeh-Koniecpol, Kurt Wescoe, Joseph A. Ferrara
  • Patent number: 9811348
    Abstract: The present disclosure provides an information processing apparatus effective in detecting an unauthorized use or misuse of the information processing apparatus from when the OS is shut down to when the OS is started. An information processing apparatus controlled by an operating system comprises: an operation history generating section which creates an operation history of the information processing apparatus after the operating system is shut down before the operating system is started; and a storage unit which stores information including the created operation history.
    Type: Grant
    Filed: September 10, 2013
    Date of Patent: November 7, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventor: Shunsuke Saito
  • Patent number: 9813371
    Abstract: Embodiments of the present application relate to a method for classifying emails, a sending terminal for classifying emails, a receiving terminal for classifying emails, and a computer program product for classifying emails. A method for classifying emails is provided. The method includes acquiring an email composed by a user, a classification tag corresponding to the email, and an identification code corresponding to the email, including the classification tag corresponding to the email and an identification code corresponding to the email in the email, and sending the email to receiving terminals.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: November 7, 2017
    Assignee: Alibaba Group Holding Limited
    Inventor: Zhiyong She
  • Patent number: 9807604
    Abstract: Technologies for location privacy management include a mobile computing device to determine whether an application is authorized to obtain the location of the mobile computing device based on a determined location and location access policy of the mobile computing device. The location access policy includes policy rules that identify whether the application is authorized to obtain the location of the mobile computing device. If the mobile computing device determines that the application is not authorized to obtain the location of the mobile computing device, the mobile computing device blocks the application from obtaining the location.
    Type: Grant
    Filed: July 19, 2013
    Date of Patent: October 31, 2017
    Assignee: Intel Corporation
    Inventors: Xiaoyong Pan, Justin Lipman, Yuhuan Huang, Yong Jiang, Ke Ding, Dzinh J. Nguyen, Robert A. Colby
  • Patent number: 9807226
    Abstract: Proximity of a user/device to a designated location or other user/device can be determined and used to trigger automatic reconfiguration of a telephone ring list associated with the user/device. Accordingly, there is no need for manual reconfiguration to accommodate changes in the user's location or schedule. Specific phone numbers may be added or removed from a user's ring list based on proximity information, and the ring list may be reconfigured as the user arrives at or departs from a designated location. The user's desired phones will automatically ring for incoming calls based on the ring list and/or an identification of the incoming call.
    Type: Grant
    Filed: October 8, 2010
    Date of Patent: October 31, 2017
    Assignee: CSC HOLDINGS, LLC
    Inventor: Jonathan Greenfield
  • Patent number: 9805056
    Abstract: The disclosed embodiments disclose techniques for synchronizing file updates between two cloud controllers of a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller receives a request from a client to access a file in the distributed filesystem. The cloud controller sends a synchronization update request for the file to a second cloud controller and in response receives a synchronization update for the file from the second cloud controller.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: October 31, 2017
    Assignee: PANZURA, INC.
    Inventors: Brian Christopher Parkison, Andrew P. Davis, John Richard Taylor
  • Patent number: 9800600
    Abstract: The subject matter described herein includes methods, systems, and computer program products for data traffic signature-based detection and protection against malware. According to one method, data traffic and behavior associated with a computing device is monitored and a device activity signature is created that includes an abstraction of the data traffic. A classification of the device activity signature is determined and a policy decision for the computing device is applied based on the determined classification.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: October 24, 2017
    Assignee: Seven Networks, LLC
    Inventor: Ross Bott
  • Patent number: 9798875
    Abstract: Among other things, embodiments of the present disclosure help provide entities with the ability to remotely detect behavior associated with malware and identify compromised user-sessions, regardless of the malware variant or family, and independently of the page structure.
    Type: Grant
    Filed: May 19, 2015
    Date of Patent: October 24, 2017
    Assignee: EASY SOLUTIONS ENTERPRISES CORP.
    Inventors: Ivan Dario Fajardo Verano, Claudio Deiro, Javier Fernando Vargas Gonzalez
  • Patent number: 9800596
    Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain data characterizing login events for multiple user identifiers. The data associated with a given one of the user identifiers is processed to generate a login profile for a corresponding user, and likelihood statistics are generated for respective ones of multiple time bins based on the login profile. Data characterizing one or more additional login events for the given user identifier is obtained, and a confidence measure is generated for a given one of the additional login events based on one or more of the likelihood statistics and a time bin associated with the given additional login event. The confidence measure is compared to a threshold and an alert relating to the given additional login event is generated and transmitted to a security agent. The processing device may be implemented in a network security system.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: October 24, 2017
    Assignee: EMC IP Holding Company LLC
    Inventor: Richard Chiles
  • Patent number: 9798883
    Abstract: The present disclosure is directed to a system, method, and computer program for detecting and assessing security risks in an enterprise's computer network. A behavior model is built for a user in the network based on the user's interactions with the network, wherein a behavior model for a user indicates client device(s), server(s), and resources used by the user. The user's behavior during a period of time is compared to the user's behavior model. A risk assessment is calculated for the period of time based at least in part on the comparison between the user's behavior and the user's behavior model, wherein any one of certain anomalies between the user's behavior and the user's behavior model increase the risk assessment.
    Type: Grant
    Filed: October 6, 2014
    Date of Patent: October 24, 2017
    Assignee: Exabeam, Inc.
    Inventors: Sylvain Gil, Domingo Mihovilovic, Nir Polak, Magnus Stensmo, Sing Yip
  • Patent number: 9798885
    Abstract: Determining which snapshot deltas tend to occur in: (i) healthy virtual machines (VMs) that have been subject to an attack yet remained healthy, and/or (ii) unhealthy VMs that have apparently been adversely affected by an attack. Snapshot deltas that occur in at least some (or more preferably all) of the healthy VM subset provide information about software changes (for example, updates, configuration changes) that may be helpful. Snapshot deltas that occur in at least some (or more preferably all) of the unhealthy VM subsets provide information about software changes (for example, updates, configuration changes) that may be unhelpful.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: October 24, 2017
    Assignee: International Business Machines Corporation
    Inventors: Yu Deng, Ruchi Mahindru, HariGovind V. Ramasamy, Lakshminarayanan Renganarayana, Soumitra Sarkar, Long Wang
  • Patent number: 9794293
    Abstract: A system is provided that includes one or more computing servers and a processing circuit for monitoring data transactions of the computing servers. Each of the computing servers is configured to provide respective services to remote users. The processing circuit is configured to monitor data transactions of at least one of the computing servers, which is associated with a user account. A security policy of the user account includes a set of conditions that are indicative of unauthorized access when the conditions are satisfied by various characteristics of the monitored data. The processing circuit is configured to determine a threat level based on the characteristics of the data transactions and the conditions of the security policy. In response to the threat level exceeding a first threshold level indicated in the security policy of the user account, the processing circuit sends a notification to an authorized user of the user account.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: October 17, 2017
    Assignee: 8x8, Inc.
    Inventors: Bryan Martin, Zhishen Liu, Qing Zhao
  • Patent number: 9792200
    Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: October 17, 2017
    Assignee: SAP SE
    Inventors: Henrik Plate, Serena Ponta, Antonino Sabetta
  • Patent number: 9794275
    Abstract: Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: October 17, 2017
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan S. Evans
  • Patent number: 9794158
    Abstract: An event analysis system receives events in a time-series from a set of monitored systems and identifies a set of alert threshold values for each of the types of events to identify outliers in the time-series at an evaluated time. Portions of historic event data is selected to identify windows of event data near the evaluated time at a set of seasonally-adjusted times to predict the value of the event type. The alert threshold value may also account for a prediction based on recent, higher-frequency events. Using the alert threshold values for a plurality of event types, the event data is compared with the alert threshold values to determine an alert level for the data. The event data types are also clustered and displayed with the alert levels to provide a visualization of the event data and identify outliers when the new event data is received.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: October 17, 2017
    Assignee: UBER TECHNOLOGIES, INC.
    Inventors: Franziska Bell, David Purdy, Laszlo Korsos, Shan He
  • Patent number: 9793939
    Abstract: Provided are techniques for automatically protecting portable and wearable electronic devices from potential hazards by predicting when such hazards may occur. Techniques may include monitoring a plurality of sensors on the mobile computing device; receiving, on the mobile computing device, context data from a plurality of context-service applications; selecting a set of device-protection policies based upon an availability of the plurality of sensors and the plurality of context-service applications, wherein the set of device-protection policies are configured to determine a level of risk to the mobile computing device based on sensor data received from the plurality of sensors and the context data; applying the sensor data and the context data to the set of device-protection policies to generate the level of risk; and triggering a self-protection action if the level of risk exceeds a pre-determined threshold level of risk.
    Type: Grant
    Filed: August 5, 2015
    Date of Patent: October 17, 2017
    Assignee: International Business Machines Corporation
    Inventors: Maggie Phung, Eric J. Rozner, Chin Ngai Sze, Zhennan Wang