Symantec Patent Grants

Dynamic call tracking method based on CPU interrupt instructions to improve disassembly quality of indirect calls

Granted: September 19, 2017
Patent Number: 9767004
Embodiments presented herein describe techniques to track and correct indirect function calls in disassembled object code. Assembly language source code is generated from a binary executable object. The assembly language source code may include indirect function calls. Memory addresses associated with the function calls are identified. A central processing unit (CPU) interrupt instruction is inserted in the disassembled source code at each indirect function call. The disassembled source…

Techniques for providing dynamic account and device management

Granted: September 19, 2017
Patent Number: 9769086
Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority…

Multi-algorithm key generation and certificate install

Granted: September 19, 2017
Patent Number: 9769151
Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA…

Systems and methods for efficiently allocating resources for behavioral analysis

Granted: September 19, 2017
Patent Number: 9769195
A computer-implemented method for efficiently allocating resources for behavioral analysis may include (1) determining a file type of a first file subject to behavioral analysis, (2) loading the first file within an environment for behavioral analysis to observe at least one behavior within the environment attributable to the first file, (3) observing a malicious behavior within the environment and attributing the malicious behavior to the first file, (4) determining a timing of the…

Automatic generation of generic file signatures

Granted: September 12, 2017
Patent Number: 9762593
Systems and methods to automatically generate signatures used to detect malware are provided. The systems and methods use machine learning techniques, to build an over-trained heuristic model to analyze software, cluster identified patterns, validate the clusters against known reputational metrics, automatically create signatures and, in some examples, deploy such signatures to remote computing devices.

Mobile application identification and control through WiFi access points

Granted: September 12, 2017
Patent Number: 9763096
A network access point secures a WiFi network, and acts as a picocell, by identifying applications running on computer-based devices, such as mobile phones, tablet computers, and the like, that seek to access the Internet (or another network) via the access point and applying network access policies to data communications by those applications according to application, location, context, device and/or user characteristics.

Systems and methods for customizing privacy control systems

Granted: September 5, 2017
Patent Number: 9754086
The disclosed computer-implemented method for customizing privacy control systems may include (1) identifying a data entry, from within a set of data entries stored on a computing device, that has been selected to be inaccessible by an application installed on the computing device, (2) marking the data with an indication that the data entry has been selected to be inaccessible by the application, (3) intercepting an attempt made by the application to access the data entry, (4)…

Systems and methods for classifying security events as targeted attacks

Granted: September 5, 2017
Patent Number: 9754106
The disclosed computer-implemented method for classifying security events as targeted attacks may include (1) detecting a security event in connection with at least one organization, (2) comparing the security event against a targeted-attack taxonomy that identifies a plurality of characteristics of targeted attacks, (3) determining that the security event is likely targeting the organization based at least in part on comparing the security event against the targeted-attack taxonomy, and…

Systems and methods for managing access

Granted: September 5, 2017
Patent Number: 9754109
A computer-implemented method for managing access may include (1) identifying an attempt to perform, within a computing environment, an action that involves a specific entity, (2) determining that the attempted action is anomalous for the specific entity, (3) identifying a quota of allowed anomalous actions for the specific entity, (4) determining that the attempted action causes a count of anomalous actions to exceed the quota of allowed anomalous actions, and (5) performing a security…

Aggregate network resource utilization control scheme

Granted: September 5, 2017
Patent Number: 9755984
Methods, apparatuses and systems directed to an aggregate bandwidth utilization control scheme including fair share bandwidth allocation and dynamic allocation of bandwidth in response to detected traffic utilization. In one implementation, the present invention includes a weighted, fair share aggregate bandwidth allocation mechanism that dynamically responds to observed bandwidth utilization to provide unutilized or excess bandwidth to flows and partitions that require it. In another…

Systems and methods for detecting compromised messaging accounts

Granted: September 5, 2017
Patent Number: 9756007
A computer-implemented method for detecting compromised messaging accounts may include maintaining a behavior database that associates a plurality of messaging accounts with messaging behaviors that typify each of the messaging accounts. The method may also include detecting an attempt by a user to send a message from a messaging account. In addition, the method may include determining that the messaging account has potentially been compromised by comparing features of the message with…

Systems and methods for utilizing authentication requests for on-demand provisioning of access-point accounts

Granted: September 5, 2017
Patent Number: 9756505
The disclosed computer-implemented method for on-demand provisioning of access-point accounts may include receiving, at an access point, a first request from an unknown guest to access a secured network. The guest may not yet have an account with the access point that allows the guest to access the secured network, and the first request may include authentication information that was generated from a credential of the unknown guest that is required by the access point to provision the…

Systems and methods for image-based encryption of cloud data

Granted: August 29, 2017
Patent Number: 9749299
The disclosed computer-implemented method for image-based encryption of cloud data may include (1) identifying a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, (2) receiving an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a…

Context based conditional access for cloud services

Granted: August 29, 2017
Patent Number: 9749331
A cloud service access and information gateway receives a first authentication factor for a user in a single sign-on system. The single sign-on system provides access to a plurality of cloud services. The gateway receives, from a user device, a request to access a cloud service of the plurality of cloud services. The gateway compares a context of the request to an access policy for the single sign-on system and grants conditional access to the cloud service based on the access policy.

Method for consolidated environment computing

Granted: August 29, 2017
Patent Number: 9749446
A method of dynamically servicing a client request is provided. A consolidated computing environment receives a client request at a single front end service. Desired environment parameters, including usage parameter information are parsed from the request. Resources are allocated in accordance with this usage parameter information, and the allocated computing resources cooperate to create a virtual environment. The client request is executed in this virtual environment.

Wireless router

Granted: August 22, 2017
Patent Number: D795232

Securely storing and provisioning security telemetry of multiple organizations for cloud based analytics

Granted: August 22, 2017
Patent Number: 9740876
A cloud based system receives multiple types of security telemetry from multiple participating organizations. The received security telemetry can be pseudonymized by replacing fields containing sensitive information with corresponding pseudonyms. Two data stores can be maintained, a first for raw telemetry, and a second for pseudonymized telemetry. Each data store can comprise a directory structure organized according to factors such as originating organization, administrative unit,…

Systems and methods for securely authenticating users via facial recognition

Granted: August 22, 2017
Patent Number: 9740920
The disclosed computer-implemented method for securely authenticating users via facial recognition may include (1) identifying a request from a user to complete an authentication process on the computing device via a facial-recognition system, (2) sending the user a randomized unique identifier to display to a camera on the computing device, (3) simultaneously observing, via the camera on the computing device, both the user and the randomized unique identifier that was sent to the user,…

Seamless authentication mechanism for user processes and web services residing on common host

Granted: August 22, 2017
Patent Number: 9742759
Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the…

Systems and methods for preventing the execution of online malvertising

Granted: August 22, 2017
Patent Number: 9742801
A computer-implemented method for preventing the execution of online malvertising may include (1) maintaining a database of software version information for at least one client device, (2) detecting a request from the client device to access a website that contains active advertising content, (3) identifying, by querying the database of software version information, a vulnerability in at least one software element on the client device that may be used to deliver the active advertising…