David W Dewey

US Patent:

8010522, Aug 30, 2011

Filed:

Dec 7, 2007

Appl. No.:

11/952322

Inventors:

David Bryan Dewey - Alpharetta GA, US
David Charles Means - Woodstock GA, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/00

US Classification:

707714, 707724, 707754

Abstract:

System, method and program product for detecting a malicious SQL query in a parameter value field of a request. The parameter value field is searched for query operands, characters and/or symbols and combinations of query operands, characters and/or symbols indicative of malicious SQL injection. A respective score assigned to each of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field is added to yield a total score for at least two of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field. Responsive to the total score exceeding a threshold, the request is blocked.

US Patent:

8201245, Jun 12, 2012

Filed:

Dec 5, 2007

Appl. No.:

11/950603

Inventors:

David Bryan Dewey - Alpharetta GA, US
Robert G. Freeman - Atlanta GA, US
Paul Elliott Griswold - Lawrenceville GA, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 11/00

US Classification:

726 22

Abstract:

Detecting obfuscated attacks on a computer. A first program function is invoked to render static components of a web page and identify program code within the web page or associated file. In response, before executing the identified program code, a malicious-code detector is invoked to scan the identified program code for malicious code. If the malicious-code detector identifies malicious code in the identified program code, the identified program code is not executed. If no malicious code is detected, a second program function generates revised program code from execution of the identified, program code. In response, before executing the revised program code, the malicious-code detector is invoked to scan the revised program code for malicious code. If the malicious-code detector identifies malicious code in the revised program code, the revised program code is not executed.

US Patent:

20110167263, Jul 7, 2011

Filed:

Jan 6, 2010

Appl. No.:

12/652973

Inventors:

Thomas J. Cross - Atlanta GA, US
David B. Dewey - Atlanta GA, US
Takehiro Takahashi - Atlanta GA, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

H04L 9/00
H04W 4/00
H04K 1/00

US Classification:

713168, 370328, 380270

Abstract:

A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point.

US Patent:

20120096536, Apr 19, 2012

Filed:

Oct 13, 2010

Appl. No.:

12/903495

Inventors:

David B. Dewey - Alpharetta GA, US
Darrell O. Swope - Norcross GA, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 17/00
G06F 11/00

US Classification:

726 11, 726 22

Abstract:

A method, computer system, and computer program product for validating data contained in a request sent by a requestor to a server application. A computer receives the request from the requestor before receipt of the request by the server application. The computer identifies a set of data validation rules to apply to the data in the request based on a data format specification contained in the request sent by the requestor. The computer determines whether the data is valid based on the identified set of data validation rules. The computer forwards the request to the server application in response to the computer determining that the data is valid based on the identified set of data validation rules.

US Patent:

20130227693, Aug 29, 2013

Filed:

Feb 24, 2012

Appl. No.:

13/404572

Inventors:

David Bryan Dewey - Milton GA, US

International Classification:

G06F 21/00

US Classification:

726 25

Abstract:

In one implementation, an object analysis system identifies an object within a software module, and determines a size of the object based on at least one operation within the software module. The object analysis system identifies the object and determines the size of the object without reference to source code of the software module.

US Patent:

20130291113, Oct 31, 2013

Filed:

Apr 26, 2012

Appl. No.:

13/456385

Inventors:

David Bryan Dewey - Milton GA, US

International Classification:

G06F 21/00
G06F 9/45

US Classification:

726 25, 717151, 717156

Abstract:

Embodiments disclosed herein relate to a process flow optimized directed graph traversal. In one embodiment, a processor performs a depth first traversal of the optimized directed graph where a node from a first node is not traversed until the nodes before the first node are traversed. The processor may output information associated with the nodes based on the traversal.

US Patent:

20140007117, Jan 2, 2014

Filed:

Jun 12, 2013

Appl. No.:

13/916293

Inventors:

David Dewey - Milton GA, US

International Classification:

G06F 9/44

US Classification:

718102

Abstract:

A computer-implemented method for executing a modified version of a software application in a computing system programmed to perform the method including initiating in the computing system, execution of a software application comprising an initial version of a function, wherein the initial version of the function consists of computer executable code, receiving in the computing system, a modified version of the function, wherein the modified version of the function which can be machine code, taking in human-readable configuration data and using that to direct operation, receiving in the computing system, a request to execute the function from within the software application, in response to the request to execute the function, the method includes inhibiting in the computing system, execution of the version of the function, and interpreting in the computing system, the modified version of the function to thereby execute the function.

US Patent:

20220337924, Oct 20, 2022

Filed:

Jul 5, 2022

Appl. No.:

17/857618

Inventors:

- Atlanta GA, US
Scott Strong - Atlanta GA, US
John Cornwell - Atlanta GA, US
Hassan Kingravi - Atlanta GA, US
David Dewey - Atlanta GA, US

Assignee:

Pindrop Security, Inc. - Atlanta GA

International Classification:

H04Q 3/70
H04M 3/22
H04M 7/12
H04Q 1/45
G10L 25/51
H04L 25/02
H04M 3/493

Abstract:

Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.