专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10333924B2 Reliable selection of security countermeasures 有权
公开(公告)号：US10333924B2
公开(公告)日：2019-06-25
申请号：US15805073
申请日：2017-11-06
申请人： Shape Security, Inc.
发明人： Siying Yang
IPC分类号： H04L29/06 , G06F21/55 , G06F21/14 , H04L29/08
摘要： Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.

2. 发明授权

US10212130B1 Browser extension firewall 有权
公开(公告)号：US10212130B1
公开(公告)日：2019-02-19
申请号：US14942769
申请日：2015-11-16
申请人： Shape Security, Inc.
发明人： Siying Yang , Sergey Shekyan
IPC分类号： H04L29/06
摘要： Methods and apparatus are described for detecting browser extensions. Specific implementations relate to configurable security policies and automated actions performed in response to the detection of browser extensions.

3. 发明授权

US10129289B1 Mitigating attacks on server computers by enforcing platform policies on client computers 有权
公开(公告)号：US10129289B1
公开(公告)日：2018-11-13
申请号：US15068468
申请日：2016-03-11
申请人： Shape Security, Inc.
发明人： Siying Yang , Shuman Ghosemajumder
IPC分类号： G06F21/00 , H04L29/06 , G06F21/56
摘要： In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

4. 发明授权

US09438625B1 Mitigating scripted attacks using dynamic polymorphism 有权
标题翻译：使用动态多态性减轻脚本攻击
公开(公告)号：US09438625B1
公开(公告)日：2016-09-06
申请号：US14481835
申请日：2014-09-09
申请人： SHAPE SECURITY, INC.
发明人： Siying Yang
IPC分类号： H04L29/06 , G06F21/54
CPC分类号： H04L63/1441 , G06F21/54 , H04L63/062 , H04L63/1491 , H04L63/168 , H04L2209/16
摘要： In an embodiment, a data processing system comprises one or more processors; script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer; script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer; wherein the script code is configured to improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements. As a result, the system and method herein improve resistance of the client computer to attacks.
摘要翻译：在一个实施例中，数据处理系统包括一个或多个处理器; 脚本分析逻辑，其耦合到所述一个或多个处理器并且被配置为从服务器计算机获取特定电子文档; 脚本注入逻辑，其耦合到所述一个或多个处理器并且被配置为将一组脚本代码插入到所述电子文档的源代码中，以在将修改的电子文档提供给客户端计算机之前导致产生修改的电子文档; 其中所述脚本代码被配置为通过在所述客户端计算机中加载时运行来改善所述客户端计算机的攻击的阻力，并且当在所述客户端计算机中运行时，使所述脚本代码变为所述源代码的一个或多个元素的一个或多个值电子文档成为一个或多个元素的混淆值。结果，这里的系统和方法提高了客户端计算机的攻击阻力。

5. 发明授权

US09325734B1 Distributed polymorphic transformation of served content 有权
公开(公告)号：US09325734B1
公开(公告)日：2016-04-26
申请号：US14570632
申请日：2014-12-15
申请人： Shape Security, Inc.
发明人： Timothy Dylan Peacock , Justin D. Call , Siying Yang , Sumit Agarwal
IPC分类号： G06F7/04 , H04L29/06
CPC分类号： H04L63/145 , G06F17/2247 , G06F17/2264 , H04L63/1466 , H04L63/168
摘要： A computer-implemented method includes receiving, at a computer security server system located between the Internet and a client computing device that makes requests over the Internet, a request for content directed to a particular content server system; forwarding the received request, with the computer security server system, to the particular content server system; receiving code from the particular server system in response to the request; applying a security countermeasure to the received code to created transformed code; providing the transformed code to the client computing device; receiving a communication from the client computing device; and determining that software on the client computing device has attempted to interact with the received code rather than the transformed code.

6. 发明申请

US20160099966A1 DISRUPTING AUTOMATED ATTACKS ON CLIENT-SERVER INTERACTIONS USING POLYMORPHIC APPLICATION PROGRAMMING INTERFACES 审中-公开
标题翻译：使用多态应用编程接口来消除客户端服务器交互的自动攻击
公开(公告)号：US20160099966A1
公开(公告)日：2016-04-07
申请号：US14968460
申请日：2015-12-14
申请人： Shape Security, Inc.
发明人： Siying Yang
IPC分类号： H04L29/06
CPC分类号： H04L63/1466 , G06F21/50 , G06F21/554 , G06F2221/2133 , H04L67/42
摘要： An app interacts with a human user of a user device that is executing the app while the app is also interacting over a network connection to an API server by making API calls to the API server and using the responses. An intermediary is provided between the API server and user devices/clients that modifies application programming interface interactions to disrupt automated attacks on those client-server interactions, at least as to those API interfaces that are known to be human-interaction API interfaces. The human-interaction API calls are disassociated to thwart automated attacks using those API calls. The disassociation can be provided through the use of user interface builder packages to provide instructions to the app as to performing human user interaction. Disassociating can be done by separating labels from their meaning, such as by assigning random values to the labels or other methods of obfuscating relations and structure.
摘要翻译：一个应用程序与正在执行应用程序的用户设备的人类用户交互，同时通过对API服务器进行API调用并使用响应，应用程序也通过网络连接与API服务器进行交互。 API服务器和用户设备/客户端之间提供了一个中介，修改应用程序接口交互以破坏对这些客户端 - 服务器交互的自动攻击，至少对于已知是人机交互API接口的API接口。人员交互API调用被取消关联，以阻止使用这些API调用的自动化攻击。可以通过使用用户界面构建器包来提供解除关联，以向应用程序提供执行人类用户交互的指令。可以通过将标签与其含义分离，例如通过为标签或其他混淆关系和结构的方法分配随机值来完成脱离。

7. 发明授权

US10216488B1 Intercepting and injecting calls into operations and objects 有权
公开(公告)号：US10216488B1
公开(公告)日：2019-02-26
申请号：US15069667
申请日：2016-03-14
申请人： Shape Security, Inc.
发明人： Jarrod Overson , Siying Yang
IPC分类号： G06F9/44 , G06F8/30 , H04L29/06
摘要： A computer implemented method for improving security of a server computer that is configured to deliver computer program instructions to a remote client computer, and comprising, using an intermediary computer that is topologically interposed between the server computer and the remote client computer is provided. The intermediary computer is configured to intercept a first set of source code instructions from the server computer. The intermediary computer identifies first party operations that include operations on objects and the objects themselves. The intermediary computer identifies a first set of operations within the first party operations that are configured to define values for one or more objects based on one or more constants. The intermediary computer then generates a second set of operations, where the second set of operations are configured to define same values for the one or more objects, when executed by a web browser on the client computer. The intermediary computer transforms the first party operations into transformed first party operations by substituting the first set of operations with the second set of operations. The intermediary computer generates a second set of source code instructions that are based on the first set of source code instructions and the transformed first party operations. The intermediary computer then sends the second set of source code instructions to the client computer.

8. 发明授权

US09479529B2 Polymorphic security policy action 有权
公开(公告)号：US09479529B2
公开(公告)日：2016-10-25
申请号：US14679596
申请日：2015-04-06
申请人： SHAPE SECURITY, INC.
发明人： Siying Yang
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： H04L63/20 , G06F21/55 , H04L63/0227 , H04L63/0263 , H04L63/1416 , H04L63/1441
摘要： In one embodiment, a method of improving the security of a computing device comprises using a computing device that has received one or more messages that have been determined as unauthorized, obtaining a plurality of state data values from one or more of the computing device, the one or more messages, and a second computer; before admitting the one or more messages to a data communications network that the computing device is configured to protect: using the computing device and pseudo-random selection logic, based on the state data values, pseudo-randomly selecting a particular policy action from among a plurality of different stored policy actions; using the computing device, acting upon the one or more messages using the particular policy action; wherein the method is performed using one or more computing devices.

9. 发明申请

US20160011732A1 DISRUPTING AUTOMATED ATTACKS ON CLIENT-SERVER INTERACTIONS USING POLYMORPHIC APPLICATION PROGRAMMING INTERFACES 审中-公开
公开(公告)号：US20160011732A1
公开(公告)日：2016-01-14
申请号：US14329718
申请日：2014-07-11
申请人： Shape Security, Inc.
发明人： Siying Yang
IPC分类号： G06F3/0484
CPC分类号： H04L63/1466 , G06F21/50 , G06F21/554 , G06F2221/2133 , H04L67/42
摘要： An app interacts with a human user of a user device that is executing the app while the app is also interacting over a network connection to an API server by making API calls to the API server and using the responses. An intermediary is provided between the API server and user devices/clients that modifies application programming interface interactions to disrupt automated attacks on those client-server interactions, at least as to those API interfaces that are known to be human-interaction API interfaces. The human-interaction API calls are disassociated to thwart automated attacks using those API calls. The disassociation can be provided through the use of user interface builder packages to provide instructions to the app as to performing human user interaction. Disassociating can be done by separating labels from their meaning, such as by assigning random values to the labels or other methods of obfuscating relations and structure.

10. 发明申请

US20160006750A1 RELIABLE SELECTION OF SECURITY COUNTERMEASURES 有权
标题翻译：可靠选择安全对策
公开(公告)号：US20160006750A1
公开(公告)日：2016-01-07
申请号：US14790738
申请日：2015-07-02
申请人： Shape Security Inc.
发明人： Siying Yang
IPC分类号： H04L29/06
CPC分类号： H04L63/083 , G06F21/14 , G06F21/55 , H04L63/105 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L63/168 , H04L63/20 , H04L67/02
摘要： Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.
摘要翻译：除此之外，本文档描述了计算机实现的安全方法，例如用于认证选择安全对策并且可靠地识别计算设备。该方法可以包括由计算系统接收来自用于电子资源的计算设备的请求。计算系统可以识别从发出请求的设备接收到的安全令牌。基于安全令牌，可以选择应用于响应于该请求而被服务的电子资源的特定的安全对策。当所服务的电子资源在计算设备上时，对策可以用于干扰恶意软件与所服务的电子资源交互的能力。可以使用所选择的特定安全对策来重新编码将要在计算设备上执行的电子资源的部分。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式