公开(公告)号：US10333924B2

公开(公告)日：2019-06-25

申请号：US15805073

申请日：2017-11-06

Applicant: Shape Security, Inc.

Inventor： Siying Yang

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/14 ,  H04L29/08

Abstract: Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.

公开(公告)号：US10212130B1

公开(公告)日：2019-02-19

申请号：US14942769

申请日：2015-11-16

Applicant: Shape Security, Inc.

Inventor： Siying Yang ,  Sergey Shekyan

IPC: H04L29/06

Abstract: Methods and apparatus are described for detecting browser extensions. Specific implementations relate to configurable security policies and automated actions performed in response to the detection of browser extensions.

公开(公告)号：US10129289B1

公开(公告)日：2018-11-13

申请号：US15068468

申请日：2016-03-11

Applicant: Shape Security, Inc.

Inventor： Siying Yang ,  Shuman Ghosemajumder

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/56

Abstract: In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

公开(公告)号：US09438625B1

公开(公告)日：2016-09-06

申请号：US14481835

申请日：2014-09-09

Applicant: SHAPE SECURITY, INC.

Inventor： Siying Yang

IPC: H04L29/06 ,  G06F21/54

CPC classification number: H04L63/1441 ,  G06F21/54 ,  H04L63/062 ,  H04L63/1491 ,  H04L63/168 ,  H04L2209/16

Abstract: In an embodiment, a data processing system comprises one or more processors; script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer; script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer; wherein the script code is configured to improve resistance of the client computer to attacks by running upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements. As a result, the system and method herein improve resistance of the client computer to attacks.

Abstract translation: 在一个实施例中，数据处理系统包括一个或多个处理器; 脚本分析逻辑，其耦合到所述一个或多个处理器并且被配置为从服务器计算机获取特定电子文档; 脚本注入逻辑，其耦合到所述一个或多个处理器并且被配置为将一组脚本代码插入到所述电子文档的源代码中，以在将修改的电子文档提供给客户端计算机之前导致产生修改的电子文档; 其中所述脚本代码被配置为通过在所述客户端计算机中加载时运行来改善所述客户端计算机的攻击的阻力，并且当在所述客户端计算机中运行时，使所述脚本代码变为所述源代码的一个或多个元素的一个或多个值 电子文档成为一个或多个元素的混淆值。 结果，这里的系统和方法提高了客户端计算机的攻击阻力。

公开(公告)号：US09325734B1

公开(公告)日：2016-04-26

申请号：US14570632

申请日：2014-12-15

Applicant: Shape Security, Inc.

Inventor： Timothy Dylan Peacock ,  Justin D. Call ,  Siying Yang ,  Sumit Agarwal

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/145 ,  G06F17/2247 ,  G06F17/2264 ,  H04L63/1466 ,  H04L63/168

Abstract: A computer-implemented method includes receiving, at a computer security server system located between the Internet and a client computing device that makes requests over the Internet, a request for content directed to a particular content server system; forwarding the received request, with the computer security server system, to the particular content server system; receiving code from the particular server system in response to the request; applying a security countermeasure to the received code to created transformed code; providing the transformed code to the client computing device; receiving a communication from the client computing device; and determining that software on the client computing device has attempted to interact with the received code rather than the transformed code.

公开(公告)号：US20160099966A1

公开(公告)日：2016-04-07

申请号：US14968460

申请日：2015-12-14

Applicant: Shape Security, Inc.

Inventor： Siying Yang

IPC: H04L29/06

CPC classification number: H04L63/1466 ,  G06F21/50 ,  G06F21/554 ,  G06F2221/2133 ,  H04L67/42

Abstract: An app interacts with a human user of a user device that is executing the app while the app is also interacting over a network connection to an API server by making API calls to the API server and using the responses. An intermediary is provided between the API server and user devices/clients that modifies application programming interface interactions to disrupt automated attacks on those client-server interactions, at least as to those API interfaces that are known to be human-interaction API interfaces. The human-interaction API calls are disassociated to thwart automated attacks using those API calls. The disassociation can be provided through the use of user interface builder packages to provide instructions to the app as to performing human user interaction. Disassociating can be done by separating labels from their meaning, such as by assigning random values to the labels or other methods of obfuscating relations and structure.

Abstract translation: 一个应用程序与正在执行应用程序的用户设备的人类用户交互，同时通过对API服务器进行API调用并使用响应，应用程序也通过网络连接与API服务器进行交互。 API服务器和用户设备/客户端之间提供了一个中介，修改应用程序接口交互以破坏对这些客户端 - 服务器交互的自动攻击，至少对于已知是人机交互API接口的API接口。 人员交互API调用被取消关联，以阻止使用这些API调用的自动化攻击。 可以通过使用用户界面构建器包来提供解除关联，以向应用程序提供执行人类用户交互的指令。 可以通过将标签与其含义分离，例如通过为标签或其他混淆关系和结构的方法分配随机值来完成脱离。

公开(公告)号：US20190394228A1

公开(公告)日：2019-12-26

申请号：US16559315

申请日：2019-09-03

Applicant: Shape Security, Inc.

Inventor： Siying Yang ,  Shuman Ghosemajumder

IPC: H04L29/06 ,  G06F21/56

Abstract: In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

公开(公告)号：US20170118241A1

公开(公告)日：2017-04-27

申请号：US14922436

申请日：2015-10-26

Applicant: Shape Security, Inc.

Inventor： Justin D. Call ,  Ariya Hidayat ,  Timothy Dylan Peacock ,  Siying Yang

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1441 ,  H04L67/02 ,  H04L67/04 ,  H04L67/20 ,  H04L67/22 ,  H04L67/2833 ,  H04L67/42

Abstract: A computer-implemented security method includes receiving, at a server sub-system, reports from a plurality of clients that were served content served by a web server system, the different versions of content varying from each other by polymorphic transformation that inserts varying content at common locations in the content; determining, with the server sub-system, an effectiveness level of security countermeasures applied to the content, using the received reports; selecting an updated security countermeasure package determined to address malware identified using data from the reports; and providing to the web server system information causing the web server system to switch to the updated security countermeasure package.

公开(公告)号：US20170063923A1

公开(公告)日：2017-03-02

申请号：US14841013

申请日：2015-08-31

Applicant: Shape Security, Inc.

Inventor： Siying Yang ,  Jarrod Overson ,  Ben Vinegar ,  Bei Zhang

IPC: H04L29/06

CPC classification number: H04L63/1483 ,  G06F21/54 ,  G06F21/56 ,  H04L63/1466

Abstract: This document generally relates to systems, method, and other techniques for identifying and interfering with the operation of computer malware, as a mechanism for improving system security. Some implementations include a computer-implemented method by which a computer security server system performs actions including receiving a request for content directed to a particular content server system; forwarding the request to the particular content server system; receiving executable code from the particular content server system; inserting executable injection code into at least one file of the executable code; applying a security countermeasure to the combined executable code and executable injection code to create transformed code; and providing the transformed code to a client computing device.

Abstract translation: 本文件通常涉及用于识别和干扰计算机恶意软件操作的系统，方法和其他技术，作为提高系统安全性的机制。 一些实现包括计算机实现的方法，通过该方法，计算机安全服务器系统执行动作，包括接收针对特定内容服务器系统的内容的请求; 将请求转发到特定内容服务器系统; 从所述特定内容服务器系统接收可执行代码; 将可执行注入代码插入到所述可执行代码的至少一个文件中; 对组合的可执行代码和可执行注入代码应用安全对策以创建转换的代码; 以及将转换的代码提供给客户端计算设备。

公开(公告)号：US20160182534A1

公开(公告)日：2016-06-23

申请号：US15052951

申请日：2016-02-25

Applicant: Shape Security, Inc.

Inventor： Siying Yang

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/14

CPC classification number: H04L63/083 ,  G06F21/14 ,  G06F21/55 ,  H04L63/105 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02

Abstract: Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.