Symantec Patent Grants

Systems and methods for smart cipher selection

Granted: January 17, 2017
Patent Number: 9548971
A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a…

Systems and methods for attributing potentially malicious email campaigns to known threat groups

Granted: January 17, 2017
Patent Number: 9548988
The disclosed computer-implemented method for attributing potentially malicious email campaigns to known threat groups may include (1) identifying a potentially malicious email campaign targeting at least one organization, (2) detecting, within the potentially malicious email campaign, an incriminating feature that has been linked to a known threat group, (3) determining, based at least in part on detecting the incriminating feature linked to the known threat group, that the known threat…

Systems and methods for recognizing behavorial attributes of software in real-time

Granted: January 10, 2017
Patent Number: 9542535
A computer-implemented method for recognizing behavioral attributes of software in real-time is described. An executable file is executed. One or more runtime events associated with a behavior of the executable file are traced. The one or more traced runtime events are translated to a high level language. A recognizable pattern of the translated traced runtime events is produced. The pattern is a unique behavioral set of the translated traced runtime events.

Systems and methods for performing authentication at a network device

Granted: January 10, 2017
Patent Number: 9544287
The disclosed computer-implemented method for performing authentication at a network device may include (1) storing, at a network device that handles traffic for at least one endpoint device within a network, an authentication credential associated with a user of the endpoint device, (2) detecting, at the network device, a communication between the endpoint device within the network and a cloud-based application outside the network, (3) determining, at the network device, that access to…

Systems and methods for filtering shortcuts from user profiles

Granted: January 10, 2017
Patent Number: 9544390
A method for filtering shortcuts may include: 1) identifying a user logged onto a computing system; 2) identifying a profile of the user that stores data associated with the user; 3) searching the user's profile for one or more shortcuts that target one or more computing resources; 4) for each computing resource targeted by one or more shortcuts in the user's profile, searching the computing system for the computing resource; 5) determining, based on a result of the search, that at least…

Apparatus and method for network traffic classification and policy enforcement

Granted: January 3, 2017
Patent Number: 9535868
A machine has a bus, an input port connected to the bus to receive inbound network traffic, an output port connected to the bus to convey outbound network traffic and a processor complex connected to the bus. The processor complex is configured as a pipeline with individual processor cores assigned individual network traffic processing tasks. The pipeline includes a first set of processor cores to construct network traffic trees characterizing the inbound network traffic and the outbound…

Transmitting encoded digital certificate data to certificate authority using mobile device

Granted: January 3, 2017
Patent Number: 9537854
Techniques are disclosed for managing a digital certificate enrollment process. A certificate assistant on a server is configured to encode certificate enrollment data in a barcode graphic, such as a quick response (QR) code. A mobile phone application can then scan the barcode graphic using a camera to recover and transmit the enrollment data to a certificate authority. Doing so allows a system administrator (or other user) to complete the certificate enrollment process in cases where…

Systems and methods for securely accessing encrypted data stores

Granted: December 27, 2016
Patent Number: 9529733
The disclosed computer-implemented method for securely accessing encrypted data stores may include (1) receiving, from a data storage service, a request to permit authenticated access to an encrypted data store administered by the data storage service, the request including a cryptographic element associated with the encrypted data store that has been encrypted using a public key associated with the authentication device, (2) decrypting the cryptographic element associated with the…

Systems and methods for performing data-loss-prevention scans

Granted: December 27, 2016
Patent Number: 9529977
A computer-implemented method for performing data-loss-prevention scans may include identifying a subset of data-storage locations on a first computing system that are likely to contain sensitive information. The method may also include performing a quick scan on the first computing system by scanning the subset of data-storage locations that are likely to contain sensitive data and excluding other locations from the quick scan. The method may further include identifying sensitive data…

Systems and methods for validating login attempts based on user location

Granted: December 27, 2016
Patent Number: 9529990
A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based…

Systems and methods for providing secure access to local network devices

Granted: December 20, 2016
Patent Number: 9525664
A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the…

Systems and methods for obscuring network services

Granted: December 20, 2016
Patent Number: 9525665
A computer-implemented method for obscuring network services may include (1) identifying a local network comprising at least one client and at least one host, where the host provides a service that is not bound to any routable address on the local network and the client is expected to send messages to the service, (2) provisioning the client with a proxy that intercepts the messages directed to the service by the client, identifies the host that provides the service, and adds at least…

Systems and methods for identifying malware

Granted: December 13, 2016
Patent Number: 9519780
A computer-implemented method for identifying malware may include (1) determining, for multiple commands within bytecode associated with a malware program, whether each command constitutes an invocation command, (2) filtering, based on the determination, invocation commands from the bytecode, (3) adding, for each invocation command filtered from the bytecode, an opcode, a format code, and a function prototype to a collection of opcodes, format codes, and function prototypes, (4)…

Systems and methods for protecting files from malicious encryption attempts

Granted: December 6, 2016
Patent Number: 9514309
A computer-implemented method for protecting files from malicious encryption attempts may include (1) detecting an attempt to alter a file, (2) identifying at least one characteristic of the attempt to alter the file, (3) determining, based on the characteristic of the attempt to alter the file, that the attempt to alter the file represents a malicious attempt by a third party to encrypt the file, and (4) performing a security action in response to determining that the attempt to alter…

Low-memory footprint fingerprinting and indexing for efficiently measuring document similarity and containment

Granted: December 6, 2016
Patent Number: 9514312
A method and system for low-memory footprint fingerprinting and indexing for efficiently measuring document similarity and containment are described. A method may include extracting, by a processor, content from a set of one or more data files. The method may also determine a size of the content and apply a hash function to the content to generate multiple hashes. The method selects a constrained set of the hashes to generate a fixed-size fingerprint representative of the content when…

Secure and scalable detection of preselected data embedded in electronically transmitted messages

Granted: December 6, 2016
Patent Number: 9515998
A method and apparatus for detecting preselected data embedded in electronically transmitted messages is described. In one embodiment, the method comprises monitoring messages electronically transmitted over a network for embedded preselected data and performing content searches on the messages to detect the presence of the embedded preselected data using an abstract data structure derived from the preselected data.

Systems and methods for authorizing attempts to access shared libraries

Granted: November 29, 2016
Patent Number: 9509697
The disclosed computer-implemented method for authorizing attempts to access shared libraries may include (1) detecting an attempt by a process to access a shared library, (2) identifying a call stack of the process, (3) inspecting the call stack to determine whether a method that initiated the attempt is authorized to access the shared library, and (4) causing the attempt to be allowed if the method is authorized to access the shared library or blocked if the method is not authorized to…

Techniques for print monitoring

Granted: November 22, 2016
Patent Number: 9501251
Techniques for print monitoring are disclosed. In one embodiment, the techniques may be realized as a method including monitoring a spool directory associated with a printing system; identifying, for a print job file, a file management call that is made before the print job file is submitted to a printer driver to carry out a print job; blocking the file management call; analyzing the print job file for sensitive data; in response to determining that the print job file does not include…

Systems and methods for determining potential impacts of applications on the security of computing systems

Granted: November 22, 2016
Patent Number: 9501649
A computer-implemented method for determining potential impacts of applications on the security of computing systems may include (1) identifying an application subject to a security vulnerability assessment, (2) requesting information that identifies a potential impact of the application on a vulnerability of at least one computing system to at least one exploit associated with the application, (3) receiving the information that identifies the potential impact of the application on the…