Patent Grant
12301632
The present disclosure relates generally to network security technology, and more particularly, to systems and methods of network security for preventing and reducing risk of unauthorized access.
Network security is becoming increasingly challenging. For example, wireless or WIFI networks are publically discoverable by any device picking up the signal of that network. Even though those networks are secured by personalized passwords, the fact that they are publically available renders those networks vulnerable. If someone is trying to gain access to a network, that person can search for a network signal and try to access it by guessing the password of that network.
However, with enough attempts, it is likely a hacker or an otherwise unauthorized person can overcome basic security protections and gain access to the network. Once the network has been accessed, the hacker or unauthorized person can compromise network and data security, take unauthorized actions, and cause damage to the other users' accounts or to the entity that owns or operates the network. Particularly, with the expanding Internet of Things (IOT) and the increasing connectedness of applicants and other products to networks, network vulnerabilities are increasing and unauthorized network access may cause significant damage in a number of ways.
Accordingly, there is a need to provide systems and methods of enhancing network security for detecting unauthorized access attempts and preventing damages from occurring to the networks.
Embodiments of the present disclosure provide a security system for a network. The security system comprises: a processor; and a memory storing instructions executable by the processor. Upon execution of the instructions by the processor, the processor is configured to: detect one or more failed authentication attempts to access the network by at least one user device; determine a number of the one or more failed authentication attempts; determine a first risk score for the at least one user device based on the number of the one or more failed authentication attempts; determine whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold; in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generate a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network; transmit the first notification to an administrator of the network; determine whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected; and in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, apply a first set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the first set of network activity restrictions.
Embodiments of the present disclosure provide a method for network security. The method comprises: detecting, by a server, one or more failed authentication attempts to access a network by at least one user device; determining, by the server, a number of the one or more failed authentication attempts; determining, by the server, a first risk score for the at least one user device based on the number of the one or more failed authentication attempts; determining, by the server, whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold; in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generating, by the server, a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network; transmitting, by the server, the first notification to an administrator of the network; determining, by the server, whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected; and in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, applying, by the server, a first set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the first set of network activity restrictions.
Embodiments of the present disclosure provide a non-transitory computer-accessible medium having stored thereon computer-executable instructions for providing network security. The computer arrangement is configured to perform procedures comprising: detecting one or more failed authentication attempts to access a network by at least one user device; determining a number of the one or more failed authentication attempts; determining a first risk score for the at least one user device based on the number of the one or more failed authentication attempts; determining whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold; in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, generating a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network; transmitting the first notification to an administrator of the network; determining whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected; and in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, applying a first set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the first set of network activity restrictions.
Further features of the disclosed systems and methods, and the advantages offered thereby, are explained in greater detail hereinafter with reference to specific example embodiments illustrated in the accompanying drawings.
The following description of embodiments provides non-limiting representative examples referencing numerals to particularly describe features and teachings of different aspects of the invention. The embodiments described should be recognized as capable of implementation separately, or in combination, with other embodiments from the description of the embodiments. A person of ordinary skill in the art reviewing the description of embodiments should be able to learn and understand the different described aspects of the invention. The description of embodiments should facilitate understanding of the invention to such an extent that other implementations, not specifically covered but within the knowledge of a person of skill in the art having read the description of embodiments, would be understood to be consistent with an application of the invention.
In order to reduce the chances that hackers or unauthorized actors can access a network without permission, an application programming interface (API) may be used to alert an administrator of the network if a user attempts to sign in to the network and gets the password wrong. The hackers or unauthorized actors may try to, for example, gain network access by submitting multiple password attempts from one or more devices. In other examples, hackers or unauthorized actors may try to overcome password security by brute force attacks, phishing attacks, sniffing, or by obtaining compromised credentials. If, and when, alerted to such activities, the administrator of the network may take some precautions. For example, the administrator may change passwords or increase the password security requirements. The administrator may freeze accounts if the administrator determines there is a vulnerability. In some embodiments, the API may be directed to freeze the network owner's account for a certain amount of time to prevent unauthorized access and activity.
The administrator of the network may implement additional security controls. For example, the administrator may set up a network module including the API that tracks failed authentication attempts per device so the device can be identified by a media access control address (MAC) of the device or an Internet protocol (IP) address of the device. The module may be configured to track and count the number of failed password attempts. And each one of those failed attempts would modify a calculated risk score that is assigned at the device level. For example, every device may first be assigned a neutral risk score. If a device misspells a password once, the risk score associated with that device can go down a certain amount. If that device continues to misspell passwords, the risk score associated with that device continues to drop. When the risk score is above a certain risk score threshold, the administrator of the network may be notified that a new party is attempting to gain unauthorized access onto the network. As such, the administrator can be alerted in advance without waiting until a hacker or unauthorized actor is on the network.
The risk score threshold can be a number or a numerical range. For example, on a scale of 1 through 100 for risk score, if a device with a risk score below 30 or 50 is attempting multiple authentication attempts, then the administrator of the network may be notified. In some embodiments, a bad actor may not be using one machine to try to access a network, and may be using many machines trying to access the network. In such scenarios, a multi-device implementation of this disclosure may be used. For example, if a collective number of lower risk devices are together creating a cumulatively significant risk event, for example, clusters of bad login attempts or failed login attempts within a time window, which can be a trigger for notifying the administrator of the network. The time window could be a couple of minutes, a couple of hours, or one day.
In some embodiments, predefined network restrictions may be applied to devices when hackers gets onto the network using the devices, in addition to notifying the administrator of the network. For example, if a device successfully authenticates when the risk score of that device is above a certain risk score threshold, restricted network settings can be enforced on that device. The restriction settings may include, but not be limited to, throttling the network connection of that device so that its network connection is slow and it is more time-consuming, difficulty, and/or impossible to perform certain actions, restricting the IP address that that device is allowed to ping so that device cannot go to certain sites, and limiting that device's ability to adjust settings on the network.
The invention disclosed herein may embody a third-party module including APIs that can be downloaded and configured on a network. The module may embedded on a network hardware device, such as modems and routers. The module can be stored in memory on that network device, such as firmware. Alternatively, the module may be downloadable and then implemented as a network security layer.
Accordingly, the present disclosure advantageously maintains and promotes network security, which in turn increases data security, security of operations, and reduces the potential for hackers or unauthorized actors to cause damage or disruption legitimate network activity. In addition to these benefits, the present disclosure allows for the efficient monitoring of networks and access attempts and can reduce the resources (e.g., network system resources as well as time, cost, and personnel) necessary to perform these functions. Thus, a higher level of network security and operation continuity can be obtained while conserving resources and potentially allocating the conserved resources to other activities.
The first user device 110 may be configured to have a web browser in which a browser extension may be installed and/or a mobile application installed thereon. A user (e.g., an administrator or owner of a network) may use the web browser or the mobile application on the first user device 110 to communicate with the server 120. The server 120 may be associated with the network for managing the network and be configured to receive data from the first user device 110 and the second user device 140. The second user device 140 may a device used by a bad actor to perform unauthorized attempts to access the network. The database 130 may contain data associated with the network.
The first user device 110 may be a network-enabled computer device. Exemplary network-enabled computer devices include, without limitation, a server, a network appliance, a personal computer, a workstation, a phone, a handheld personal computer, a personal digital assistant, a thin client, a fat client, an Internet browser, a mobile device, a kiosk, a contactless card, or other a computer device or communications device. For example, network-enabled computer devices may include an iPhone, iPod, iPad from Apple® or any other mobile device running Apple's iOS® operating system, any device running Microsoft's Windows® Mobile operating system, any device running Google's Android® operating system, and/or any other smartphone, tablet, or like wearable mobile device.
The first user device 110 may include a processor 111, a memory 112, and an application 113. The processor 111 may be a processor, a microprocessor, or other processor, and the first user device 110 may include one or more of these processors. The processor 111 may include processing circuitry, which may contain additional components, including additional processors, memories, error and parity/CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives and tamper-proofing hardware, as necessary to perform the functions described herein.
The processor 111 may be coupled to the memory 112. The memory 112 may be a read-only memory, write-once read-multiple memory or read/write memory, e.g., RAM, ROM, and EEPROM, and the user device 110 may include one or more of these memories. A read-only memory may be factory programmable as read-only or one-time programmable. One-time programmability provides the opportunity to write once then read many times. A write-once read-multiple memory may be programmed at a point in time after the memory chip has left the factory. Once the memory is programmed, it may not be rewritten, but it may be read many times. A read/write memory may be programmed and re-programed many times after leaving the factory. It may also be read many times. The memory 112 may be configured to store one or more software applications, such as the application 113, and other data, such as user's private data and financial account information.
The application 113 may comprise one or more software applications, such as a mobile application and a web browser, comprising instructions for execution on the first user device 110. In some examples, the first user device 110 may execute one or more applications, such as software applications, that enable, for example, network communications with one or more components of the system 100, transmit and/or receive data, and perform the functions described herein. Upon execution by the processor 111, the application 113 may provide the functions described in this specification, specifically to execute and perform the steps and functions in the process flows described below. Such processes may be implemented in software, such as software modules, for execution by computers or other machines. The application 113 may provide graphical user interfaces (GUIs) through which a user may view and interact with other components and devices within the system 100. The GUIs may be formatted, for example, as web pages in HyperText Markup Language (HTML), Extensible Markup Language (XML) or in any other suitable form for presentation on a display device depending upon applications used by users to interact with the system 100.
The first user device 110 may further include a display 114 and input devices 115. The display 114 may be any type of device for presenting visual information such as a computer monitor, a flat panel display, and a mobile device screen, including liquid crystal displays, light-emitting diode displays, plasma panels, and cathode ray tube displays. The input devices 115 may include any device for entering information into the user device 110 that is available and supported by the user device 110, such as a touch-screen, keyboard, mouse, cursor-control device, touch-screen, microphone, digital camera, video recorder or camcorder. These devices may be used to enter information and interact with the software and other devices described herein.
The server 120 may be a network-enabled computer device. Exemplary network-enabled computer devices include, without limitation, a server, a network appliance, a personal computer, a workstation, a phone, a handheld personal computer, a personal digital assistant, a thin client, a fat client, an Internet browser, a mobile device, a kiosk, a contactless card, or other a computer device or communications device. For example, network-enabled computer devices may include an iPhone, iPod, iPad from Apple® or any other mobile device running Apple's iOS® operating system, any device running Microsoft's Windows® Mobile operating system, any device running Google's Android® operating system, and/or any other smartphone, tablet, or like wearable mobile device.
The server 120 may include a processor 121, a memory 122, and an application 123. The processor 121 may be a processor, a microprocessor, or other processor, and the server 120 may include one or more of these processors. The processor 121 may include processing circuitry, which may contain additional components, including additional processors, memories, error and parity/CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives and tamper-proofing hardware, as necessary to perform the functions described herein.
The processor 121 may be coupled to the memory 122. The memory 122 may be a read-only memory, write-once read-multiple memory or read/write memory, e.g., RAM, ROM, and EEPROM, and the server 120 may include one or more of these memories. A read-only memory may be factory programmable as read-only or one-time programmable. One-time programmability provides the opportunity to write once then read many times. A write-once read-multiple memory may be programmed at a point in time after the memory chip has left the factory. Once the memory is programmed, it may not be rewritten, but it may be read many times. A read/write memory may be programmed and re-programed many times after leaving the factory. It may also be read many times. The memory 122 may be configured to store one or more software applications, such as the application 123, and other data, such as user's private data and financial account information.
The application 123 may comprise one or more software applications comprising instructions for execution on the server 120. In some examples, the server 120 may execute one or more applications, such as software applications, that enable, for example, network communications with one or more components of the system 100, transmit and/or receive data, and perform the functions described herein. Upon execution by the processor 121, the application 123 may provide the functions described in this specification, specifically to execute and perform the steps and functions in the process flows described below. For example, the application 123 may be executed to perform transmitting an alert notification to the first user device 110, tracking authentication attempts from the second user device 140, determining a risk score for the second user device 140, and applying a set of network activity restrictions to the second user device 140. Such processes may be implemented in software, such as software modules, for execution by computers or other machines. The application 123 may provide GUIs through which a user may view and interact with other components and devices within the system 100. The GUIs may be formatted, for example, as web pages in HyperText Markup Language (HTML), Extensible Markup Language (XML) or in any other suitable form for presentation on a display device depending upon applications used by users to interact with the system 100.
The server 120 may further include a display 124 and input devices 125. The display 124 may be any type of device for presenting visual information such as a computer monitor, a flat panel display, and a mobile device screen, including liquid crystal displays, light-emitting diode displays, plasma panels, and cathode ray tube displays. The input devices 125 may include any device for entering information into the server 120 that is available and supported by the server 120, such as a touch-screen, keyboard, mouse, cursor-control device, touch-screen, microphone, digital camera, video recorder or camcorder. These devices may be used to enter information and interact with the software and other devices described herein.
The database 130 may be one or more databases configured to store data, including without limitation, private data of users, financial accounts of users, identities of users, transactions of users, risk scores of devices, failed authentication attempts of devices, sets of network restrictions applicable to devices, and certified and uncertified documents. The database 130 may comprise a relational database, a non-relational database, or other database implementations, and any combination thereof, including a plurality of relational databases and non-relational databases. In some examples, the database 130 may comprise a desktop database, a mobile database, or an in-memory database. Further, the database 130 may be hosted internally by the server 120 or may be hosted externally of the server 120, such as by a server, by a cloud-based platform, or in any storage device that is in data communication with the server 120.
The second user device 140 may be a network-enabled computer device. Exemplary network-enabled computer devices include, without limitation, a server, a network appliance, a personal computer, a workstation, a phone, a handheld personal computer, a personal digital assistant, a thin client, a fat client, an Internet browser, a kiosk, a contactless card, or other a computer device or communications device. For example, network-enabled computer devices may include an iPhone, iPod, iPad from Apple® or any other mobile device running Apple's iOS® operating system, any device running Microsoft's Windows® Mobile operating system, any device running Google's Android® operating system, and/or any other smartphone, tablet, or like wearable mobile device.
The second user device 140 may include a processor 141, a memory 142, and an application 143. The processor 141 may be a processor, a microprocessor, or other processor, and the second user device 140 may include one or more of these processors. The processor 141 may include processing circuitry, which may contain additional components, including additional processors, memories, error and parity/CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives and tamper-proofing hardware, as necessary to perform the functions described herein.
The processor 141 may be coupled to the memory 142. The memory 142 may be a read-only memory, write-once read-multiple memory or read/write memory, e.g., RAM, ROM, and EEPROM, and the second user device 140 may include one or more of these memories. A read-only memory may be factory programmable as read-only or one-time programmable. One-time programmability provides the opportunity to write once then read many times. A write-once read-multiple memory may be programmed at a point in time after the memory chip has left the factory. Once the memory is programmed, it may not be rewritten, but it may be read many times. A read/write memory may be programmed and re-programed many times after leaving the factory. It may also be read many times. The memory 142 may be configured to store one or more software applications, such as the application 143, and other data, such as user's private data and financial account information.
The application 143 may comprise one or more software applications comprising instructions for execution on the second user device 140. In some examples, the second user device 140 may execute one or more applications, such as software applications, that enable, for example, network communications with one or more components of the system 100, transmit and/or receive data, and perform the functions described herein. Upon execution by the processor 141, the application 143 may provide the functions described in this specification, specifically to execute and perform the steps and functions in the process flows described below. Such processes may be implemented in software, such as software modules, for execution by computers or other machines. The application 143 may provide GUIs through which a user may view and interact with other components and devices within the system 100. The GUIs may be formatted, for example, as web pages in HyperText Markup Language (HTML), Extensible Markup Language (XML) or in any other suitable form for presentation on a display device depending upon applications used by users to interact with the system 100.
The second user device 140 may further include a display 144 and input devices 145. The display 144 may be any type of device for presenting visual information such as a computer monitor, a flat panel display, and a mobile device screen, including liquid crystal displays, light-emitting diode displays, plasma panels, and cathode ray tube displays. The input devices 145 may include any device for entering information into the second user device 140 that is available and supported by the second user device 140, such as a touch-screen, keyboard, mouse, cursor-control device, touch-screen, microphone, digital camera, video recorder or camcorder. These devices may be used to enter information and interact with the software and other devices described herein.
The system 100 may include one or more networks 150. In some examples, the network 150 may be one or more of a wireless network, a wired network or any combination of wireless network and wired network, and may be configured to connect the first user device 110, the server 120, the database 130 and the second user device 140. For example, the network 150 may include one or more of a fiber optics network, a passive optical network, a cable network, an Internet network, a satellite network, a wireless local area network (LAN), a Global System for Mobile Communication, a Personal Communication Service, a Personal Area Network, Wireless Application Protocol, Multimedia Messaging Service, Enhanced Messaging Service, Short Message Service, Time Division Multiplexing based systems, Code Division Multiple Access based systems, D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE 802.11b, 802.15.1, 802.11n and 802.11g, Bluetooth, NFC, Radio Frequency Identification (RFID), Wi-Fi, and/or the like.
As used herein, the network 150 may be a wired network or a wireless network (e.g., WIFI), and the administrator of the network 150 may be an owner and/or operator of the network 150. In addition, the network 150 may include, without limitation, telephone lines, fiber optics, IEEE Ethernet 902.3, a wide area network, a wireless personal area network, a LAN, or a global network such as the Internet. In addition, the network 150 may support an Internet network, a wireless communication network, a cellular network, or the like, or any combination thereof. The network 150 may further include one network, or any number of the exemplary types of networks mentioned above, operating as a stand-alone network or in cooperation with each other. The network 150 may utilize one or more protocols of one or more network elements to which they are communicatively coupled. The network 150 may translate to or from other protocols to one or more protocols of network devices. Although the network 150 is depicted as a single network, it should be appreciated that according to one or more examples, the network 150 may comprise a plurality of interconnected networks, such as, for example, the Internet, a service provider's network, a cable television network, corporate networks, such as credit card association networks, and home networks. The network 150 may further comprise, or be configured to create, one or more front channels, which may be publicly accessible and through which communications may be observable, and one or more secured back channels, which may not be publicly accessible and through which communications may not be observable.
In some examples, communications between the first user device 110, the server 120, the database 130, and the second user device 140 using the network 150 may occur using one or more front channels and one or more secure back channels. A front channel may be a communication protocol that employs a publicly accessible and/or unsecured communication channel such that a communication sent to the first user device 110, the server 120, the database 130, and/or the second user device 140 may originate from any other device, whether known or unknown to the first user device 110, the server 120, the database 130, and/or the second user device 140, if that device possesses the address (e.g., network address, Internet Protocol (IP) address) of the first user device 110, the server 120, the database 130, and/or the second user device 140. Exemplary front channels include, without limitation, the Internet, an open network, and other publicly-accessible communication networks. In some examples, communications sent using a front channel may be subject to unauthorized observation by another device. In some examples, front channel communications may comprise Hypertext Transfer Protocol (HTTP) secure socket layer (SSL) communications, HTTP Secure (HTTPS) communications, and browser-based communications with a server or other device.
A secure back channel may be a communication protocol that employs a secured and/or publicly inaccessible communication channel. A secure back channel communication sent to the first user device 110, the server 120, the database 130, and/or the second user device 140 may not originate from any device, and instead may only originate from a selective number of parties. In some examples, the selective number of devices may comprise known, trusted, or otherwise previously authorized devices. Exemplary secure back channels include, without limitation, a closed network, a private network, a virtual private network, an offline private network, and other private communication networks. In some examples, communications sent using a secure back channel may not be subject to unauthorized observation by another device. In some examples, secure back channel communications may comprise Hypertext Transfer Protocol (HTTP) secure socket layer (SSL) communications, HTTP Secure (HTTPS) communications, and browser-based communications with a server or other device.
In step 210, the first user device 110 may perform one or more authentication attempts of accessing a network associated with the server 120. When the network is publically discoverable, for example, a WIFI signal, a user of the first user device 110 may try to gain access to the network through searching for the WIFI signal. The user of the first user device 110 may be a bad actor. As used herein, a bad actor can be a user who is attempting to gain access onto the network without prior permission of the owner or administrator of the network, e.g., a hacker or an unauthorized actor. The prior permission may include a login credential (e.g., password) verified, authenticated, or approved by the owner or administrator of the network.
In step 215, the server 120 may detect and store failed authentication attempts of accessing the network by the first user device 110. For example, the user of the first user device 110 may randomly guess passwords for logging onto the network. As another example the user of the first user device 110 may guess passwords using information obtained in an unauthorized way, e.g., from phishing attacks, data breaches, and packet capture. The server 120 may monitor and detect the authentication attempts tried by the user of the first user device 110, for example, by identifying the first user device 110 using a MAC address of the first user device 110. The server 120 may also save the failed authentication attempts into the database 130. The database 130 may further contain personal data of authorized users of the network, such as names, home addresses, phone numbers, dates of birth, logging credentials, and financial accounts. The database 130 may further store successful access attempts and a history of network activities performed by authorized users and bad actors.
In step 220, the server 120 may track and count the failed authentication attempts from the first user device 110 to determine a number of the failed authentication attempts and may further maintain a counter for failed authentication attempts. The server 120 may store the determined number or counter in the database and associate it with the first user device 110.
In step 225, the server 120 may determine a first risk score for the first user device 110 based on the determined number of the failed authentication attempts. The first risk score may be determined based solely on the determined number of the failed authentication attempts. For example, one score may be assigned to one failed authentication attempt (e.g., 1 score=1 failed authentication), or a half score may be assigned to one failed authentication (e.g., 0.5 score=1 failed authentication), and so forth. In such case, the first risk score may correspond to or be associated with the number of failed authentication attempts. For example, if there are 20 failed authentication attempts, the first risk score may be determined to be 20.
In addition, the first risk score may be determined based on the determined number of failed authentication attempts and other factors as well (which will be described below). Further, the server 120 may store the determined first risk score in the database 130. In step 230, the server 120 may determine whether the first risk score of the first user device 110 is equal to or greater than a first risk score threshold. For example, the first risk score threshold may be 10, so the determined first risk score (20) of the first user device 110 is greater than the first risk score threshold (10). The first risk score threshold may a neutral number (e.g., 5) or a neutral number within a range (e.g., 5 out of 10) assigned to the first user device 110. The first user device 110 may be categorized as a low risk device if the determined first risk score is less than the neutral number, and may be categorized as a high risk device if the determined first risk score is equal to or greater than the neutral number. In some examples, the first risk score threshold can be a Boolean value.
In step 235, when the first risk score of the first user device 110 is determined to be equal to or greater than the first risk score threshold, the server 120 may generate a first notification indicating that the first user device 110 is attempting to gain unauthorized access onto the network. The server 120 may store the first notification in the database 130 and associate it with the first user device 110.
In step 240, the server 120 may transmit the first notification to an administrator or owner of the network. The administrator may use the second user device 140, so the first notification may be transmitted to the second user device 140 to alert the administrator. The administrator may perform some actions based on the first notification, for example, changing the login password of the network.
In some embodiments, the first user device 110 may eventually successfully log onto the network after many failed authentication attempts, for example, by guessing the network login password correctly. In step 245, the server 120 may determine that the first user device 110 is successfully authenticated to access the network after the number of the failed authentication attempts have been detected.
Upon the determination by the server 120 that the first user device 110 is successfully authenticated to access the network after the number of the failed authentication attempts have been detected, in step 250, the server 120 may apply a first set of network activity restrictions or security control to the first user device 110 to restrict network activities that the first user device 110 can perform on the network.
The first set of network activity restrictions or security control may be predefined by the administrator or owner of the network. The first set of network activity restrictions may include limiting the abilities of the first user device 110 for changing user types or perform any admin changes. For example, the first user device 110 may not be allowed to: change a password on the network; change settings relating to the first user device 110; change settings relating to the network; access certain categories or types of data; access certain files or folders; edit data, files, or folders; delete data, files, or folders; move data, files, or folders; download data, files, or folders; and/or invite additional users to login onto the network. With the first set of network activity restrictions placed on the first user device 110, potential damages caused by the first user device 110 can be reduced and/or eliminated.
In some embodiments, multiple first user devices 110 may be used by the bad actor. If the bad actor guesses the network password correctly once, he/she can then share the network password among the multiple first user devices 110 or authenticate on other devices. By applying the first set of network activity restrictions on one of the multiple first user devices 110 that authenticates onto the network, the others of the multiple first user devices 110 can be restricted from being authenticated onto the network.
Alternatively, upon the determination by the server 120 that the first user device 110 is successfully authenticated to access the network after the number of the failed authentication attempts have been detected, the server 120 may perform some actions to block or remove the first user device 110 from the network.
In step 305, the server 120 may detect one or more failed authentication attempts to access the network by at least one user device. The at least one user device may include the first user device 110. The network may be at least one selected from the group of a wireless network and a wired network. The at least one user device may be identified by at least one selected from the group of a MAC address of the at least one user device and an IP address of the at least one user device.
In step 310, the server 120 may determine a number of the one or more failed authentication attempts. The server 120 may track and count how many failed authentication attempts have been detected from the at least one user device. The server 120 may further store the number of the one or more failed authentication attempts in the database 130.
In step 315, the server 120 may determine a first risk score for the at least one user device based on the number of the one or more failed authentication attempts. The first risk score for the at least one user device may be determined based on the number of the one or more failed authentication attempts and other factors, which will be described with reference to
In step 320, the server 120 may determine whether the first risk score of the at least one user device is equal to or greater than a first risk score threshold. The first risk score threshold may be a numerical value or a Boolean value (e.g., true or false) depending on the first risk score of the at least one user device.
In step 325, in response to a determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, the server 120 may generate a first notification indicating that the at least one user device is attempting to gain unauthorized access onto the network. The server 120 may further store the first notification in the database 130.
In step 330, the server 120 may transmit the first notification to an administrator or owner of the network. For example, the administrator or owner of the network may be associated with the second user device 140. The server 120 may then transmit the first notification to the second user device 140 to alert the administrator or owner of the network. The first notification may be a text message including the MAC and/or IP address of the at least one user device.
In some embodiments, in response to the determination that the first risk score of the at least one user device is equal to or greater than the first risk score threshold, the server 120 may generate a second notification indicating that the at least one user device is attempting to gain unauthorized access onto the network, and then transmit the second notification to an external party other than the administrator of the network.
The external party may include, but not limited to, police, FBI, banks of the owner or administrator of the network, a third-party security provider, or any other party who would care about the network security. For example, the server 120 may send an API call to the banks of the owner or administrator of the network to have the financial accounts of the owner or administrator restricted, frozen and/or cancelled.
In step 335, the server 120 may determine whether the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected. The server 120 may continue to detect and monitor the at least one user device after the first and/or second notification is transmitted. The at least one user device may continue the authentication attempts until the at least one user device is successfully authenticated to access the network.
In step 340, in response to a determination that the at least one user device is successfully authenticated to access the network after the number of the one or more failed authentication attempts have been detected, the server 120 may apply a first set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the first set of network activity restrictions.
The first set of network activity restrictions may include, but not limited to, reducing network connection speed of the at least one user device, restricting IP addresses that the at least one user is allowed to ping, and limiting ability of the at least one user device to adjust settings of the network.
As described above, the first user device 110 may be successfully authenticated after many failed authentication attempts. Instead of removing the first user device 110 from the network after the first user device 110 successfully logs onto the network, in step 405, the server 120 may monitor network activities of the at least one user device (e.g., the first user device 110) when the at least one user device is accessing the network under the first set of network activity restrictions.
The monitored network activities of the at least one user device may include, but not limited to, downloading a large amount of data, exporting a large amount of data outside of the network, visiting an unexpected website, and visiting a restricted website.
In step 410, the server 120 may determine a second risk score for the at least one user device based on the monitored network activities. The second risk score may be determined in a similar method as the first risk score. The second risk score may also referred to as a post-authentication risk score.
In step 415, the server 120 may determine whether the second risk score is equal to or greater than a second risk score threshold. The second risk score threshold may be a numerical value or a Boolean value (e.g., true or false) depending on the second risk score of the at least one user device.
In step 420, When the second risk score is determined to be equal to or greater than the second risk score threshold, the server 120 may apply a second set of network activity restrictions to the at least one user device, such that the at least one user device is restricted to access the network under the second set of network activity restrictions. The second set of network activity restrictions may be same as, similar to, or different than the first set of network activity restrictions. The second set of network activity restrictions may include disconnecting the at least one user device from the network.
In step 425, the server 120 may generate a notification indicating that the at least one user device is performing unusual network activities on the network. The server 120 may further store the notification in the database 130.
In step 430, the server 120 may transmit the notification to the administrator of the network. For example, the administrator or owner of the network may be associated with the second user device 140. The server 120 may then transmit the notification to the second user device 140 to alert the administrator or owner of the network. The notification may be a text message including the MAC and/or IP address of the at least one user device.
In step 505, the server 120 may receive the number of failed authentication attempts. As described above, the server 120 may track and count the number of failed authentication attempts by the first user device 110. Herein, the server 120 may retrieve from the database 130 the number of failed authentication attempts associated with the first user device 110.
In step 510, the server 120 may detect or receive network signal strength at which the at least one user device (the user device 110) is attempting to access the network. For example, a distance from a router of the network may be determined to assess the network signal strength. A bad actor may be trying to access the network from that distance, which may be a distance beyond a normal distance from which an authorized user can access the network. For example, a potential network intruder may skim or sniff network signals just outside a room or down the hallway which is enough for accessing the network but at the same time it would not be someone sitting in the room where the network is set up.
In some examples, the network signal strength may be determined based on how fast a ping rate is going to the first user device 110. The network signal strength may also be determined based on the router type of the network. The network signal strength may be grouped as low, medium, and high strength.
In step 515, the server 120 may receive or detect a network connection type of the at least one user device. For example, the first user device 110 may be plugged directly in to a router or to a modem of the network, which may indicate the first user device 110 is at a lower risk.
In step 520, the server 120 may detect or receive a network connection location of the at least one user device in a building. For example, in an office facility with a map and the layout of the physical network setting on which different security levels are assigned to different access points at different locations. The network connection location may be, without limitation, an interior office access port, a conference room access point, a restricted area access point, or an access point in the lobby of the facility.
In step 525, the server 120 may retrieve from the database 130 an authentication history of the at least one user device. If a user had been a good standing member on the network for, for example, two years, the risk score associated with the user may be still low even though the user misspelled all the passwords once on the first attempt. The same MAC address or that same unique identifier for the device used by the user may be stored in the database 130, such that authentication history associated with that device can be tracked and retrieved by the server 120.
In step 530, the server 120 may determine credential/password similarities between the one or more failed authentication attempts. For example, if someone misspelled the password by one character, then that maybe a lower risk event than if someone is just guessing random passwords that are in their iterate. For example, someone may randomly try password123, password345, or passwordABC that looks really suspicious. By performing actual character similarity or password similarity, the risk score associated with the first user device 110 can be determined reflecting the effect of password spelling.
In step 535, the server 120 may employ one or more machine learning algorithms to determine the first risk score. Exemplary machine learning algorithms include, without limitation, gradient boosting machine, logistic regressions, and neural networks. For example, the one or more machine learning algorithms may determine the first risk score by taking as inputs the network signal strength at which the at least one user device is attempting to access the network, the network connection type of the at least one user device, the network connection location of the at least one user device in a building, the authentication history of the at least one user device, and the computed credential similarities. Each of the inputs may be assigned a different weight reflecting how much impact that input can have on the first risk score.
In some examples, the server 120 can utilize information described herein, such as the inputs noted above, and various models can be generated. The server 120 can then apply the generated models to determine the first risk score.
Server 120 can utilize various neural networks, such as convolutional neural networks (“CNNs”) or recurrent neural networks (“RNNs”), to generate the models. A CNN can include one or more convolutional layers (e.g., often with a subsampling step) and then followed by one or more fully connected layers as in a standard multilayer neural network. CNNs can utilize local connections, and can have tied weights followed by some form of pooling which can result in translation invariant features.
A RNN is a class of artificial neural network where connections between nodes form a directed graph along a sequence. This facilitates the determination of temporal dynamic behavior for a time sequence. Unlike feedforward neural networks, RNNs can use their internal state (e.g., memory) to process sequences of inputs. A RNN can generally refer to two broad classes of networks with a similar general structure, where one is finite impulse and the other is infinite impulse. Both classes of networks exhibit temporal dynamic behavior. A finite impulse recurrent network can be, or can include, a directed acyclic graph that can be unrolled and replaced with a strictly feedforward neural network, while an infinite impulse recurrent network can be, or can include, a directed cyclic graph that may not be unrolled. Both finite impulse and infinite impulse recurrent networks can have additional stored state, and the storage can be under the direct control of the neural network. The storage can also be replaced by another network or graph, which can incorporate time delays or can have feedback loops. Such controlled states can be referred to as gated state or gated memory, and can be part of long short-term memory networks (“LSTMs”) and gated recurrent units.
RNNs can be similar to a network of neuron-like nodes organized into successive “layers,” each node in a given layer being connected with a directed e.g., (one-way) connection to every other node in the next successive layer. Each node (e.g., neuron) can have a time-varying real-valued activation. Each connection (e.g., synapse) can have a modifiable real-valued weight. Nodes can either be (i) input nodes (e.g., receiving data from outside the network), (ii) output nodes (e.g., yielding results), or (iii) hidden nodes (e.g., that can modify the data en route from input to output). RNNs can accept an input vector x and give an output vector y. However, the output vectors are based not only by the input just provided in, but also on the entire history of inputs that have been provided in in the past.
For supervised learning in discrete time settings, sequences of real-valued input vectors can arrive at the input nodes, one vector at a time. At any given time step, each non-input unit can compute its current activation (e.g., result) as a nonlinear function of the weighted sum of the activations of all units that connect to it. Supervisor-given target activations can be supplied for some output units at certain time steps. For example, if the input sequence is a speech signal corresponding to a spoken digit, the final target output at the end of the sequence can be a label classifying the digit. In reinforcement learning settings, no teacher provides target signals. Instead, a fitness function, or reward function, can be used to evaluate the RNNs performance, which can influence its input stream through output units connected to actuators that can affect the environment. Each sequence can produce an error as the sum of the deviations of all target signals from the corresponding activations computed by the network. For a training set of numerous sequences, the total error can be the sum of the errors of all individual sequences.
The one or more machine learning algorithms may be trained using training data. For example, the training data may include previous instances of hackers gaining access, their access attempts and methods, and the activities on the network they conducted. The training data may also include “white hat” data generated by authorized hackers retained by the administrator of the network to test network security. The models described herein may be trained on one or more training datasets, each of which may comprise one or more types of data. In some examples, the training datasets may comprise previously-collected data, such as data collected from previous uses of the same type of systems described herein and data collected from different types of systems. In other examples, the training datasets may comprise continuously-collected data based on the current operation of the instant system and continuously-collected data from the operation of other systems. In some examples, the training dataset may include anticipated data, such as anticipated future workloads (e.g., network monitoring and access attempts), currently scheduled workloads, and planned future workloads, for the instant system and/or other systems. In other examples, the training datasets can include previous predictions for the instant system and other types of system, and may further include results data indicative of the accuracy of the previous predictions. In accordance with these examples, the predictive models described herein may be trained prior to use and the training may continue with updated data sets that reflect additional information.
In step 540, the server 120 may display, present, and/or transmit the first risk score for the at least one user device to the owner or administrator of the network. Specifically, the server 120 may transmit the determined first risk score for the at least one user device to the second user device 140 associated with the owner or administrator of the network.
As shown in
In some examples, exemplary procedures in accordance with the present disclosure described herein may be performed by a processing arrangement and/or a computing arrangement (e.g., computer hardware arrangement). Such processing/computing arrangement may be, for example entirely or a part of, or include, but not limited to, a computer/processor that may include, for example one or more microprocessors, and use instructions stored on a computer-accessible medium (e.g., RAM, ROM, hard drive, or other storage device). For example, a computer-accessible medium may be part of the memory of the first user device 110, the server 120, and/or the second user device 140 or other computer hardware arrangement.
In some examples, a computer-accessible medium (e.g., as described herein above, a storage device such as a hard disk, floppy disk, memory stick, CD-ROM, RAM, ROM, etc., or a collection thereof) may be provided (e.g., in communication with the processing arrangement). The computer-accessible medium may contain executable instructions thereon. In addition or alternatively, a storage arrangement may be provided separately from the computer-accessible medium, which may provide the instructions to the processing arrangement so as to configure the processing arrangement to execute certain exemplary procedures, processes, and methods, as described herein above, for example.
Throughout the disclosure, the following terms take at least the meanings explicitly associated herein, unless the context clearly dictates otherwise. The term “or” is intended to mean an inclusive “or.” Further, the terms “a,” “an,” and “the” are intended to mean one or more unless specified otherwise or clear from the context to be directed to a singular form.
In this description, numerous specific details have been set forth. It is to be understood, however, that implementations of the disclosed technology may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. References to “some examples,” “other examples,” “one example,” “an example,” “various examples,” “one embodiment,” “an embodiment,” “some embodiments,” “example embodiment,” “various embodiments,” “one implementation,” “an implementation,” “example implementation,” “various implementations,” “some implementations,” etc., indicate that the implementation(s) of the disclosed technology so described may include a particular feature, structure, or characteristic, but not every implementation necessarily includes the particular feature, structure, or characteristic. Further, repeated use of the phrases “in one example,” “in one embodiment,” or “in one implementation” does not necessarily refer to the same example, embodiment, or implementation, although it may.
As used herein, unless otherwise specified the use of the ordinal adjectives “first,” “second,” “third,” etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While certain implementations of the disclosed technology have been described in connection with what is presently considered to be the most practical and various implementations, it is to be understood that the disclosed technology is not to be limited to the disclosed implementations, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
This written description uses examples to disclose certain implementations of the disclosed technology, including the best mode, and also to enable any person skilled in the art to practice certain implementations of the disclosed technology, including making and using any devices or systems and performing any incorporated methods. The patentable scope of certain implementations of the disclosed technology is defined in the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal language of the claims.
This application is a continuation of U.S. patent application Ser. No. 17/352,054 filed Jun. 18, 2021, the complete disclosure of which is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5764918 | Poulter | Jun 1998 | A |
| 5875430 | Koether | Feb 1999 | A |
| 6088451 | He et al. | Jul 2000 | A |
| 6145083 | Shaffer | Nov 2000 | A |
| 6735630 | Gelvin | May 2004 | B1 |
| 6826607 | Gelvin | Nov 2004 | B1 |
| 6832251 | Gelvin | Dec 2004 | B1 |
| 6859831 | Gelvin | Feb 2005 | B1 |
| 7100195 | Underwood | Aug 2006 | B1 |
| 7133846 | Ginter | Nov 2006 | B1 |
| 7143290 | Ginter | Nov 2006 | B1 |
| 7640590 | McCorkendale | Dec 2009 | B1 |
| 7870153 | Croft | Jan 2011 | B2 |
| 7934254 | Graham | Apr 2011 | B2 |
| 7996912 | Spalink | Aug 2011 | B2 |
| 8010993 | Bartholomay | Aug 2011 | B1 |
| 8065714 | Budko | Nov 2011 | B2 |
| 8090839 | Kumar | Jan 2012 | B2 |
| 8170953 | Tullis et al. | May 2012 | B1 |
| 8245315 | Cassett | Aug 2012 | B2 |
| 8271642 | Sankararaman | Sep 2012 | B1 |
| 8316442 | Prahalad | Nov 2012 | B2 |
| 8346672 | Weiner | Jan 2013 | B1 |
| 8407682 | Reisman | Mar 2013 | B2 |
| 8554912 | Reeves | Oct 2013 | B1 |
| 8595794 | Van | Nov 2013 | B1 |
| 8683563 | van Dijk | Mar 2014 | B1 |
| 8719568 | Antypas, III | May 2014 | B1 |
| 8726390 | Martini | May 2014 | B1 |
| 8739286 | Martini | May 2014 | B1 |
| 8745698 | Ashfield | Jun 2014 | B1 |
| 8751793 | Ginter | Jun 2014 | B2 |
| 8776175 | Hermes | Jul 2014 | B1 |
| 8819769 | van Dijk | Aug 2014 | B1 |
| 8819829 | Martini | Aug 2014 | B1 |
| 8832832 | Visbal | Sep 2014 | B1 |
| 8856869 | Brinskelle | Oct 2014 | B1 |
| 8875255 | Dotan | Oct 2014 | B1 |
| 8955076 | Faibish | Feb 2015 | B1 |
| 8966075 | Chickering | Feb 2015 | B1 |
| 9065826 | Colvin | Jun 2015 | B2 |
| 9066230 | Paczkowski | Jun 2015 | B1 |
| 9143529 | Qureshi | Sep 2015 | B2 |
| 9178880 | Dotan | Nov 2015 | B1 |
| 9237143 | Dotan | Jan 2016 | B1 |
| 9246899 | Durney | Jan 2016 | B1 |
| 9288190 | Brinskelle | Mar 2016 | B1 |
| 9292881 | Alperovitch | Mar 2016 | B2 |
| 9294498 | Yampolskiy | Mar 2016 | B1 |
| 9300661 | O'Malley | Mar 2016 | B1 |
| 9306960 | Aziz | Apr 2016 | B1 |
| 9342691 | Maestas | May 2016 | B2 |
| 9356968 | Dotan | May 2016 | B1 |
| 9369433 | Paul | Jun 2016 | B1 |
| 9444824 | Balazs et al. | Sep 2016 | B1 |
| 9471775 | Wagner | Oct 2016 | B1 |
| 9485655 | Pirrotta | Nov 2016 | B1 |
| 9497212 | Turnbull | Nov 2016 | B2 |
| 9503467 | Lefebvre | Nov 2016 | B2 |
| 9509688 | Magi Shaashua | Nov 2016 | B1 |
| 9516010 | Avital | Dec 2016 | B1 |
| 9537857 | Koved et al. | Jan 2017 | B1 |
| 9584252 | Salyers | Feb 2017 | B1 |
| 9602536 | Brown, Jr. | Mar 2017 | B1 |
| 9628440 | Baum | Apr 2017 | B2 |
| 9633322 | Burger | Apr 2017 | B1 |
| 9667613 | Wisemon | May 2017 | B1 |
| 9680852 | Wager | Jun 2017 | B1 |
| 9680858 | Boyer | Jun 2017 | B1 |
| 9681360 | Salyers | Jun 2017 | B1 |
| 9747434 | Avital | Aug 2017 | B1 |
| 9876804 | Dulkin | Jan 2018 | B2 |
| 9887995 | Rotter et al. | Feb 2018 | B2 |
| 9934376 | Ismael | Apr 2018 | B1 |
| 9967236 | Ashley | May 2018 | B1 |
| 9980213 | Lynch et al. | May 2018 | B2 |
| 9985786 | Bhabbur | May 2018 | B1 |
| 10003607 | Kolman | Jun 2018 | B1 |
| 10015153 | Dotan | Jul 2018 | B1 |
| 10015185 | Kolman | Jul 2018 | B1 |
| 10057291 | Glotzer | Aug 2018 | B1 |
| 10062273 | Raji | Aug 2018 | B2 |
| 10063549 | Dotan | Aug 2018 | B1 |
| 10063654 | Kirti | Aug 2018 | B2 |
| 10069886 | Lundsgaard | Sep 2018 | B1 |
| 10079839 | Bryan | Sep 2018 | B1 |
| 10091230 | Machani | Oct 2018 | B1 |
| 10102369 | Healy | Oct 2018 | B2 |
| 10154007 | Viswanathan | Dec 2018 | B1 |
| 10164982 | Lazarovitz | Dec 2018 | B1 |
| 10192262 | Snell | Jan 2019 | B2 |
| 10225278 | Kandasamy | Mar 2019 | B1 |
| 10237237 | Dawes | Mar 2019 | B2 |
| 10243963 | Benameur | Mar 2019 | B1 |
| 10313386 | Roturier | Jun 2019 | B1 |
| 10356120 | Raviv | Jul 2019 | B1 |
| 10360367 | Mossoba | Jul 2019 | B1 |
| 10360408 | Kincaid | Jul 2019 | B1 |
| 10367835 | Raviv | Jul 2019 | B1 |
| 10387980 | Shahidzadeh | Aug 2019 | B1 |
| 10389736 | Dawes | Aug 2019 | B2 |
| 10396985 | Nagelberg et al. | Aug 2019 | B1 |
| 10404684 | Chittireddy et al. | Sep 2019 | B1 |
| 10412052 | Bone | Sep 2019 | B2 |
| 10423309 | Kitchen | Sep 2019 | B2 |
| 10425432 | Raviv | Sep 2019 | B1 |
| 10432605 | Lester | Oct 2019 | B1 |
| 10454950 | Aziz | Oct 2019 | B1 |
| 10462184 | Gu | Oct 2019 | B1 |
| 10474813 | Ismael | Nov 2019 | B1 |
| 10484429 | Fawcett | Nov 2019 | B1 |
| 10505967 | Schwartz | Dec 2019 | B1 |
| 10506426 | Rule et al. | Dec 2019 | B1 |
| 10511621 | Thomson et al. | Dec 2019 | B1 |
| 10536357 | Deen | Jan 2020 | B2 |
| 10554493 | Kompella | Feb 2020 | B2 |
| 10560845 | Manepalli | Feb 2020 | B1 |
| 10567402 | Comeaux | Feb 2020 | B1 |
| 10572684 | LaFever | Feb 2020 | B2 |
| 10572947 | Berends et al. | Feb 2020 | B1 |
| 10623233 | McConnell | Apr 2020 | B1 |
| 10623446 | Stoler | Apr 2020 | B1 |
| 10623961 | Manepalli | Apr 2020 | B1 |
| 10628228 | Theunissen | Apr 2020 | B1 |
| 10652282 | Sim | May 2020 | B2 |
| 10721195 | Jakobsson | Jul 2020 | B2 |
| 10721236 | Kronrod | Jul 2020 | B1 |
| 10721624 | Marass | Jul 2020 | B2 |
| 10742674 | McLinden | Aug 2020 | B1 |
| 10749867 | Litani | Aug 2020 | B1 |
| 10755281 | Yip et al. | Aug 2020 | B1 |
| 10789367 | Joseph Durairaj | Sep 2020 | B2 |
| 10791138 | Siddiqui | Sep 2020 | B1 |
| 10805265 | Murthy | Oct 2020 | B2 |
| 10848501 | Deters | Nov 2020 | B2 |
| 10893067 | Geil | Jan 2021 | B1 |
| 10949428 | Poirel | Mar 2021 | B2 |
| 10977354 | Depaolo | Apr 2021 | B1 |
| 10978176 | Cha et al. | Apr 2021 | B2 |
| 10979389 | Baum | Apr 2021 | B2 |
| 10999254 | Baum | May 2021 | B2 |
| 10999325 | Chandana | May 2021 | B1 |
| 11025638 | Ford | Jun 2021 | B2 |
| 11025659 | Sarzynski | Jun 2021 | B2 |
| 11061667 | Gujarathi | Jul 2021 | B1 |
| 11070593 | Brannon | Jul 2021 | B2 |
| 11075930 | Xavier | Jul 2021 | B1 |
| 11080109 | Poirel | Aug 2021 | B1 |
| 11082442 | Kolman | Aug 2021 | B1 |
| 11094202 | Gong | Aug 2021 | B2 |
| 11101986 | Carmignani et al. | Aug 2021 | B2 |
| 11102244 | Jakobsson | Aug 2021 | B1 |
| 11120456 | Gong | Sep 2021 | B2 |
| 11126736 | Levin | Sep 2021 | B2 |
| 11126745 | Sankuratripati et al. | Sep 2021 | B1 |
| 11128654 | Joyce | Sep 2021 | B1 |
| 11132461 | Swafford | Sep 2021 | B2 |
| 11134086 | Brannon | Sep 2021 | B2 |
| 11134102 | Raleigh | Sep 2021 | B2 |
| 11146472 | Sinks | Oct 2021 | B1 |
| 11146569 | Brooker | Oct 2021 | B1 |
| 11164269 | Locke et al. | Nov 2021 | B1 |
| 11165783 | Eiers | Nov 2021 | B1 |
| 11171980 | Coffey | Nov 2021 | B2 |
| 11171990 | Yenamandra | Nov 2021 | B1 |
| 11190589 | Ron | Nov 2021 | B1 |
| 11196555 | Mouraveiko | Dec 2021 | B1 |
| 11202254 | Chaki | Dec 2021 | B1 |
| 11206278 | Veeramany | Dec 2021 | B2 |
| 11206282 | Gorodissky | Dec 2021 | B2 |
| 11218878 | Dawes | Jan 2022 | B2 |
| 11223623 | Kolman | Jan 2022 | B1 |
| 11223646 | Cunningham | Jan 2022 | B2 |
| 11228620 | Brannon | Jan 2022 | B2 |
| 11232870 | Shaashua et al. | Jan 2022 | B1 |
| 11244071 | Barday | Feb 2022 | B2 |
| 11244072 | Barday | Feb 2022 | B2 |
| 11277448 | Brannon | Mar 2022 | B2 |
| 11310199 | Baum | Apr 2022 | B2 |
| 11310282 | Zhang | Apr 2022 | B1 |
| 11314787 | Poirel | Apr 2022 | B2 |
| 11323450 | Suzuki | May 2022 | B2 |
| 11328092 | Barday | May 2022 | B2 |
| 11343380 | Dawes | May 2022 | B2 |
| 11366786 | Barday | Jun 2022 | B2 |
| 11379913 | Perelli-Minetti et al. | Jul 2022 | B1 |
| 11410153 | Zhang | Aug 2022 | B1 |
| 11411973 | Luiggi | Aug 2022 | B2 |
| 11423756 | Dawes | Aug 2022 | B2 |
| 11429697 | Poirel | Aug 2022 | B2 |
| 11436512 | Poirel | Sep 2022 | B2 |
| 11444951 | Patil | Sep 2022 | B1 |
| 11481709 | Liao | Oct 2022 | B1 |
| 11483339 | Kaimal | Oct 2022 | B1 |
| 11503061 | Lin | Nov 2022 | B1 |
| 11509693 | Sharifi Mehr | Nov 2022 | B2 |
| 11516225 | Marty | Nov 2022 | B2 |
| 11520928 | Brannon | Dec 2022 | B2 |
| 11522700 | Auerbach | Dec 2022 | B1 |
| 11537706 | Sharifi Mehr | Dec 2022 | B1 |
| 11544390 | Shih | Jan 2023 | B2 |
| 11546338 | Charnauski et al. | Jan 2023 | B1 |
| 11568136 | Poirel | Jan 2023 | B2 |
| 11575680 | Challey | Feb 2023 | B1 |
| 11586426 | Kibel et al. | Feb 2023 | B2 |
| 11597156 | Luan et al. | Mar 2023 | B2 |
| 11601810 | Dawes | Mar 2023 | B2 |
| 11630901 | Koganti | Apr 2023 | B2 |
| 11675929 | Brannon | Jun 2023 | B2 |
| 11699155 | Dutt et al. | Jul 2023 | B2 |
| 11748757 | Segal | Sep 2023 | B1 |
| 11755585 | Poirel | Sep 2023 | B2 |
| 11810012 | Poirel | Nov 2023 | B2 |
| 11816323 | Sundermeyer | Nov 2023 | B2 |
| 11818159 | Miller | Nov 2023 | B2 |
| 11836265 | Poirel | Dec 2023 | B2 |
| 11888859 | Cunningham | Jan 2024 | B2 |
| 11900755 | Bueche, Jr. | Feb 2024 | B1 |
| 11902306 | Satish | Feb 2024 | B1 |
| 11941118 | Shila | Mar 2024 | B2 |
| 11973797 | Murphy | Apr 2024 | B2 |
| 11985111 | Holtmanns | May 2024 | B2 |
| 12063220 | Dawes | Aug 2024 | B2 |
| 12074876 | Felice-Steele | Aug 2024 | B2 |
| 12130908 | Ross | Oct 2024 | B2 |
| 20020098840 | Hanson | Jul 2002 | A1 |
| 20020184357 | Traversat | Dec 2002 | A1 |
| 20030004950 | Wils | Jan 2003 | A1 |
| 20030069973 | Ganesan | Apr 2003 | A1 |
| 20030195861 | McClure | Oct 2003 | A1 |
| 20030212779 | Boyter | Nov 2003 | A1 |
| 20030217039 | Kurtz | Nov 2003 | A1 |
| 20040015728 | Cole | Jan 2004 | A1 |
| 20040030932 | Juels et al. | Feb 2004 | A1 |
| 20040078384 | Keir | Apr 2004 | A1 |
| 20040088542 | Daude | May 2004 | A1 |
| 20040093492 | Daude | May 2004 | A1 |
| 20040111639 | Schwartz | Jun 2004 | A1 |
| 20040209634 | Hrastar | Oct 2004 | A1 |
| 20040225898 | Frost | Nov 2004 | A1 |
| 20040230530 | Searl | Nov 2004 | A1 |
| 20050120082 | Hesselink et al. | Jun 2005 | A1 |
| 20050128989 | Bhagwat | Jun 2005 | A1 |
| 20050138110 | Redlich | Jun 2005 | A1 |
| 20050138426 | Styslinger | Jun 2005 | A1 |
| 20050149443 | Torvinen | Jul 2005 | A1 |
| 20060026682 | Zakas | Feb 2006 | A1 |
| 20060053290 | Randle | Mar 2006 | A1 |
| 20060114872 | Hamada | Jun 2006 | A1 |
| 20060153153 | Bhagwat | Jul 2006 | A1 |
| 20060155865 | Brandt | Jul 2006 | A1 |
| 20060233166 | Bou-Diab | Oct 2006 | A1 |
| 20070011319 | McClure | Jan 2007 | A1 |
| 20070130294 | Nishio | Jun 2007 | A1 |
| 20070130350 | Alperovitch | Jun 2007 | A1 |
| 20070130473 | Mazotas | Jun 2007 | A1 |
| 20070143827 | Nicodemus | Jun 2007 | A1 |
| 20070143851 | Nicodemus | Jun 2007 | A1 |
| 20070206741 | Tiliks | Sep 2007 | A1 |
| 20070220614 | Ellis et al. | Sep 2007 | A1 |
| 20070253553 | Abdul Rahman | Nov 2007 | A1 |
| 20070293210 | Strub | Dec 2007 | A1 |
| 20070294209 | Strub | Dec 2007 | A1 |
| 20070294253 | Strub | Dec 2007 | A1 |
| 20080022384 | Yee | Jan 2008 | A1 |
| 20080040509 | Werb | Feb 2008 | A1 |
| 20080109871 | Jacobs | May 2008 | A1 |
| 20080120699 | Spear | May 2008 | A1 |
| 20080168135 | Redlich | Jul 2008 | A1 |
| 20080175226 | Alperovitch | Jul 2008 | A1 |
| 20080178259 | Alperovitch | Jul 2008 | A1 |
| 20080222706 | Renaud | Sep 2008 | A1 |
| 20090064334 | Holcomb | Mar 2009 | A1 |
| 20090089079 | Goldhaber et al. | Apr 2009 | A1 |
| 20090089869 | Varghese | Apr 2009 | A1 |
| 20090174551 | Quinn | Jul 2009 | A1 |
| 20090177675 | Trumbull | Jul 2009 | A1 |
| 20090241167 | Moore | Sep 2009 | A1 |
| 20090254969 | Parker | Oct 2009 | A1 |
| 20090325615 | McKay | Dec 2009 | A1 |
| 20100027551 | Arkin | Feb 2010 | A1 |
| 20100057485 | Luft | Mar 2010 | A1 |
| 20100067390 | Pereira Valente | Mar 2010 | A1 |
| 20100094981 | Cordray | Apr 2010 | A1 |
| 20100100962 | Boren | Apr 2010 | A1 |
| 20100115578 | Nice | May 2010 | A1 |
| 20100153146 | Angell et al. | Jun 2010 | A1 |
| 20100153147 | Angell et al. | Jun 2010 | A1 |
| 20100192212 | Raleigh | Jul 2010 | A1 |
| 20100195503 | Raleigh | Aug 2010 | A1 |
| 20100217837 | Ansari | Aug 2010 | A1 |
| 20100250497 | Redlich | Sep 2010 | A1 |
| 20110065419 | Book | Mar 2011 | A1 |
| 20110086614 | Brisebois | Apr 2011 | A1 |
| 20110167474 | Sinha | Jul 2011 | A1 |
| 20110202969 | Warn | Aug 2011 | A1 |
| 20110219035 | Korsunsky | Sep 2011 | A1 |
| 20110252459 | Walsh et al. | Oct 2011 | A1 |
| 20110270756 | Tullis et al. | Nov 2011 | A1 |
| 20110277019 | Pritchard, Jr. | Nov 2011 | A1 |
| 20110296179 | Templin et al. | Dec 2011 | A1 |
| 20110302408 | McDermott | Dec 2011 | A1 |
| 20110302638 | Cha et al. | Dec 2011 | A1 |
| 20110314145 | Raleigh | Dec 2011 | A1 |
| 20110314290 | Fort et al. | Dec 2011 | A1 |
| 20120023558 | Rafiq | Jan 2012 | A1 |
| 20120084866 | Stolfo | Apr 2012 | A1 |
| 20120101952 | Raleigh | Apr 2012 | A1 |
| 20120124664 | Stein et al. | May 2012 | A1 |
| 20120159632 | Barriga | Jun 2012 | A1 |
| 20120180135 | Hodges | Jul 2012 | A1 |
| 20120203877 | Bartholomay | Aug 2012 | A1 |
| 20120215911 | Raleigh | Aug 2012 | A1 |
| 20120222089 | Whelan | Aug 2012 | A1 |
| 20120240183 | Sinha | Sep 2012 | A1 |
| 20120260310 | Kramarenko | Oct 2012 | A1 |
| 20130024238 | Nielson et al. | Jan 2013 | A1 |
| 20130117847 | Friedman | May 2013 | A1 |
| 20130132854 | Raleigh | May 2013 | A1 |
| 20130197381 | Charlton et al. | Aug 2013 | A1 |
| 20130204690 | Liebmann | Aug 2013 | A1 |
| 20130227714 | Gula | Aug 2013 | A1 |
| 20130246639 | Nedbal | Sep 2013 | A1 |
| 20130254875 | Sama | Sep 2013 | A1 |
| 20130268994 | Cooper | Oct 2013 | A1 |
| 20130275486 | Dickinson | Oct 2013 | A1 |
| 20130276053 | Hugard, IV | Oct 2013 | A1 |
| 20130305357 | Ayyagari | Nov 2013 | A1 |
| 20130317399 | Ribble et al. | Nov 2013 | A1 |
| 20130318589 | Ford | Nov 2013 | A1 |
| 20140007048 | Qureshi | Jan 2014 | A1 |
| 20140026179 | Devarajan | Jan 2014 | A1 |
| 20140026187 | Johnson et al. | Jan 2014 | A1 |
| 20140047510 | Belton et al. | Feb 2014 | A1 |
| 20140047560 | Meyer | Feb 2014 | A1 |
| 20140094159 | Raleigh | Apr 2014 | A1 |
| 20140098671 | Raleigh | Apr 2014 | A1 |
| 20140137188 | Bartholomay | May 2014 | A1 |
| 20140140213 | Raleigh | May 2014 | A1 |
| 20140164249 | Guerrino | Jun 2014 | A1 |
| 20140189483 | Awan | Jul 2014 | A1 |
| 20140189818 | Meyer | Jul 2014 | A1 |
| 20140189829 | McLachlan et al. | Jul 2014 | A1 |
| 20140196115 | Pelykh | Jul 2014 | A1 |
| 20140198687 | Raleigh | Jul 2014 | A1 |
| 20140245015 | Velamoor | Aug 2014 | A1 |
| 20140272911 | York et al. | Sep 2014 | A1 |
| 20140304836 | Velamoor | Oct 2014 | A1 |
| 20140325220 | Tunnell | Oct 2014 | A1 |
| 20140337243 | Dutt et al. | Nov 2014 | A1 |
| 20150006695 | Gupta | Jan 2015 | A1 |
| 20150026786 | Alexander | Jan 2015 | A1 |
| 20150073987 | Dutt et al. | Mar 2015 | A1 |
| 20150101048 | Sridhara | Apr 2015 | A1 |
| 20150105049 | Golaup et al. | Apr 2015 | A1 |
| 20150135300 | Ford | May 2015 | A1 |
| 20150143456 | Raleigh | May 2015 | A1 |
| 20150163206 | McCarthy | Jun 2015 | A1 |
| 20150128205 | Mahaffey et al. | Jul 2015 | A1 |
| 20150188927 | Santhi | Jul 2015 | A1 |
| 20150188949 | Mahaffey et al. | Jul 2015 | A1 |
| 20150206126 | Zeinecker | Jul 2015 | A1 |
| 20150222604 | Ylonen | Aug 2015 | A1 |
| 20150237071 | Maher | Aug 2015 | A1 |
| 20150254452 | Kohlenberg | Sep 2015 | A1 |
| 20150281277 | May | Oct 2015 | A1 |
| 20150310188 | Ford | Oct 2015 | A1 |
| 20150324559 | Boss | Nov 2015 | A1 |
| 20150324606 | Grodin et al. | Nov 2015 | A1 |
| 20150326601 | Grodin et al. | Nov 2015 | A1 |
| 20150326613 | Devarajan | Nov 2015 | A1 |
| 20150341361 | Fransen | Nov 2015 | A1 |
| 20150347683 | Ansari | Dec 2015 | A1 |
| 20150347740 | O'Malley | Dec 2015 | A1 |
| 20150350914 | Baxley | Dec 2015 | A1 |
| 20150363769 | Ronca et al. | Dec 2015 | A1 |
| 20150363770 | Ronca et al. | Dec 2015 | A1 |
| 20150363772 | Ronca et al. | Dec 2015 | A1 |
| 20150363773 | Ronca et al. | Dec 2015 | A1 |
| 20150363777 | Ronca et al. | Dec 2015 | A1 |
| 20150363778 | Ronca et al. | Dec 2015 | A1 |
| 20150363782 | Ronca et al. | Dec 2015 | A1 |
| 20150363783 | Ronca et al. | Dec 2015 | A1 |
| 20150363876 | Ronca et al. | Dec 2015 | A1 |
| 20150365283 | Ronca et al. | Dec 2015 | A1 |
| 20160014159 | Schrecker | Jan 2016 | A1 |
| 20160021117 | Harmon | Jan 2016 | A1 |
| 20160029221 | Suarez Garcia | Jan 2016 | A1 |
| 20160036833 | Ardeli | Feb 2016 | A1 |
| 20160057150 | Choi | Feb 2016 | A1 |
| 20160065601 | Gong | Mar 2016 | A1 |
| 20160065608 | Futty | Mar 2016 | A1 |
| 20160066189 | Mahaffey et al. | Mar 2016 | A1 |
| 20160078229 | Gong | Mar 2016 | A1 |
| 20160080355 | Greenspan et al. | Mar 2016 | A1 |
| 20160099960 | Gerritz | Apr 2016 | A1 |
| 20160110528 | Gupta | Apr 2016 | A1 |
| 20160127367 | Jevans | May 2016 | A1 |
| 20160127931 | Baxley | May 2016 | A1 |
| 20160162900 | Dutt et al. | Jun 2016 | A1 |
| 20160173520 | Foster | Jun 2016 | A1 |
| 20160174072 | Allyn | Jun 2016 | A1 |
| 20160198341 | Fransen | Jul 2016 | A1 |
| 20160212115 | Hamlin et al. | Jul 2016 | A1 |
| 20160226981 | McCann et al. | Aug 2016 | A1 |
| 20160234229 | Carpenter | Aug 2016 | A1 |
| 20160261425 | Horton | Sep 2016 | A1 |
| 20160291940 | Searle et al. | Oct 2016 | A1 |
| 20160291959 | Searle et al. | Oct 2016 | A1 |
| 20160294605 | Searle et al. | Oct 2016 | A1 |
| 20160294614 | Searle et al. | Oct 2016 | A1 |
| 20160294800 | Oppenheim, Jr. | Oct 2016 | A1 |
| 20160294858 | Woolward | Oct 2016 | A1 |
| 20160295410 | Gupta | Oct 2016 | A1 |
| 20160300054 | Turgeman et al. | Oct 2016 | A1 |
| 20160330233 | Hart | Nov 2016 | A1 |
| 20160337386 | Ford | Nov 2016 | A1 |
| 20160337390 | Sridhara | Nov 2016 | A1 |
| 20160344604 | Raleigh | Nov 2016 | A1 |
| 20160359904 | Ben Ezra et al. | Dec 2016 | A1 |
| 20160381030 | Chillappa | Dec 2016 | A1 |
| 20160381064 | Chan | Dec 2016 | A1 |
| 20170004274 | Mehta et al. | Jan 2017 | A1 |
| 20170004275 | Mehta et al. | Jan 2017 | A1 |
| 20170026343 | Wardman | Jan 2017 | A1 |
| 20170032113 | Tunnell | Feb 2017 | A1 |
| 20170032673 | Scofield | Feb 2017 | A1 |
| 20170041296 | Ford | Feb 2017 | A1 |
| 20170041338 | Martini et al. | Feb 2017 | A1 |
| 20170048215 | Straub | Feb 2017 | A1 |
| 20170048269 | York et al. | Feb 2017 | A1 |
| 20170048319 | Straub | Feb 2017 | A1 |
| 20170053108 | Jakobsson | Feb 2017 | A1 |
| 20170054711 | Shen | Feb 2017 | A1 |
| 20170063900 | Muddu | Mar 2017 | A1 |
| 20170078922 | Raleigh | Mar 2017 | A1 |
| 20170083704 | Nie | Mar 2017 | A1 |
| 20170094519 | Salyers | Mar 2017 | A1 |
| 20170094520 | Salyers | Mar 2017 | A1 |
| 20170094521 | Salyers | Mar 2017 | A1 |
| 20170094534 | Salyers | Mar 2017 | A1 |
| 20170104790 | Meyers | Apr 2017 | A1 |
| 20170149775 | Bachar | May 2017 | A1 |
| 20170171231 | Reybok, Jr. | Jun 2017 | A1 |
| 20170180339 | Cheng | Jun 2017 | A1 |
| 20170199979 | Reiner | Jul 2017 | A1 |
| 20170201850 | Raleigh | Jul 2017 | A1 |
| 20170213145 | Pathak et al. | Jul 2017 | A1 |
| 20170223017 | Kohli | Aug 2017 | A1 |
| 20170228558 | Le Rudulier | Aug 2017 | A1 |
| 20170228635 | Diev et al. | Aug 2017 | A1 |
| 20170230323 | Jakobsson | Aug 2017 | A1 |
| 20170237741 | Bell | Aug 2017 | A1 |
| 20170244731 | Hu | Aug 2017 | A1 |
| 20170251013 | Kirti | Aug 2017 | A1 |
| 20170289134 | Bradley et al. | Oct 2017 | A1 |
| 20170295159 | Arora | Oct 2017 | A1 |
| 20170302635 | Humphries | Oct 2017 | A1 |
| 20170302653 | Ortner | Oct 2017 | A1 |
| 20170310686 | Ray | Oct 2017 | A1 |
| 20170324758 | Hart | Nov 2017 | A1 |
| 20170325749 | Shah et al. | Nov 2017 | A1 |
| 20170329966 | Koganti | Nov 2017 | A1 |
| 20170331816 | Votaw | Nov 2017 | A1 |
| 20170331817 | Votaw | Nov 2017 | A1 |
| 20170331827 | Salyers | Nov 2017 | A1 |
| 20170344703 | Ansari | Nov 2017 | A1 |
| 20170345003 | Spears | Nov 2017 | A1 |
| 20170346837 | Vaswani | Nov 2017 | A1 |
| 20170353459 | Lawrence | Dec 2017 | A1 |
| 20170353496 | Pai | Dec 2017 | A1 |
| 20170359370 | Humphries | Dec 2017 | A1 |
| 20170374076 | Pierson | Dec 2017 | A1 |
| 20180004948 | Martin | Jan 2018 | A1 |
| 20180018747 | Krishnan et al. | Jan 2018 | A1 |
| 20180027006 | Zimmermann | Jan 2018 | A1 |
| 20180033089 | Goldman | Feb 2018 | A1 |
| 20180046796 | Wright | Feb 2018 | A1 |
| 20180084012 | Joseph | Mar 2018 | A1 |
| 20180097841 | Stolarz | Apr 2018 | A1 |
| 20180124068 | Ruhlen et al. | May 2018 | A1 |
| 20180124096 | Schwartz | May 2018 | A1 |
| 20180139227 | Martin | May 2018 | A1 |
| 20180157524 | Saxena | Jun 2018 | A1 |
| 20180176186 | Chao | Jun 2018 | A1 |
| 20180176254 | Lam | Jun 2018 | A1 |
| 20180183766 | Crabtree | Jun 2018 | A1 |
| 20180189697 | Thomson | Jul 2018 | A1 |
| 20180191759 | Baijal | Jul 2018 | A1 |
| 20180191766 | Holeman | Jul 2018 | A1 |
| 20180198824 | Pulapaka | Jul 2018 | A1 |
| 20180204152 | Achtner | Jul 2018 | A1 |
| 20180212960 | Sundeep et al. | Jul 2018 | A1 |
| 20180212989 | Mavani | Jul 2018 | A1 |
| 20180218157 | Price | Aug 2018 | A1 |
| 20180220301 | Gallagher | Aug 2018 | A1 |
| 20180234459 | Kung | Aug 2018 | A1 |
| 20180240112 | Castinado et al. | Aug 2018 | A1 |
| 20180248863 | Kao | Aug 2018 | A1 |
| 20180253737 | Hanis et al. | Sep 2018 | A1 |
| 20180255102 | Ward | Sep 2018 | A1 |
| 20180277246 | Zhong et al. | Sep 2018 | A1 |
| 20180288060 | Jackson | Oct 2018 | A1 |
| 20180288063 | Koottayi | Oct 2018 | A1 |
| 20180288070 | Price | Oct 2018 | A1 |
| 20180288077 | Siddiqui | Oct 2018 | A1 |
| 20180295148 | Mayorgo | Oct 2018 | A1 |
| 20180309752 | Villavicencio | Oct 2018 | A1 |
| 20180309778 | Sugarbaker | Oct 2018 | A1 |
| 20180314833 | Vittal | Nov 2018 | A1 |
| 20180329693 | Eksten | Nov 2018 | A1 |
| 20180332061 | Terada | Nov 2018 | A1 |
| 20180337914 | Mohamad Abdul et al. | Nov 2018 | A1 |
| 20180338241 | Li | Nov 2018 | A1 |
| 20180351944 | Cho | Dec 2018 | A1 |
| 20180359244 | Cockerill | Dec 2018 | A1 |
| 20180359269 | Caceres | Dec 2018 | A1 |
| 20180375861 | Isola | Dec 2018 | A1 |
| 20180375862 | Isola | Dec 2018 | A1 |
| 20180375867 | Isola | Dec 2018 | A1 |
| 20180375873 | Isola | Dec 2018 | A1 |
| 20180375886 | Kirti | Dec 2018 | A1 |
| 20180375893 | Jordan | Dec 2018 | A1 |
| 20190020478 | Girish | Jan 2019 | A1 |
| 20190036937 | Cullison | Jan 2019 | A1 |
| 20190044942 | Gordon | Feb 2019 | A1 |
| 20190044978 | Barday et al. | Feb 2019 | A1 |
| 20190052659 | Weingarten | Feb 2019 | A1 |
| 20190068604 | Legault et al. | Feb 2019 | A1 |
| 20190068627 | Thampy | Feb 2019 | A1 |
| 20190068643 | Locke | Feb 2019 | A1 |
| 20190080189 | Van Os et al. | Mar 2019 | A1 |
| 20190081983 | Teal | Mar 2019 | A1 |
| 20190087822 | Vasu et al. | Mar 2019 | A1 |
| 20190089677 | Ashley | Mar 2019 | A1 |
| 20190095320 | Biswas | Mar 2019 | A1 |
| 20190096217 | Pourmohammad et al. | Mar 2019 | A1 |
| 20190098037 | Shenoy, Jr. | Mar 2019 | A1 |
| 20190102533 | Sagar | Apr 2019 | A1 |
| 20190116184 | Neser | Apr 2019 | A1 |
| 20190124097 | Thomas et al. | Apr 2019 | A1 |
| 20190124112 | Thomas | Apr 2019 | A1 |
| 20190132740 | De | May 2019 | A1 |
| 20190138512 | Pourmohammad et al. | May 2019 | A1 |
| 20190141032 | Tunnell | May 2019 | A1 |
| 20190141183 | Chandrasekaran | May 2019 | A1 |
| 20190156191 | Cordes et al. | May 2019 | A1 |
| 20190182287 | Hanley | Jun 2019 | A1 |
| 20190188389 | Peled | Jun 2019 | A1 |
| 20190197220 | Anderson | Jun 2019 | A1 |
| 20190197911 | Anderson | Jun 2019 | A1 |
| 20190205511 | Zhan | Jul 2019 | A1 |
| 20190206569 | Shelton, IV | Jul 2019 | A1 |
| 20190222577 | Eliyahu | Jul 2019 | A1 |
| 20190228140 | Arroyo et al. | Jul 2019 | A1 |
| 20190230065 | Panchapakesan | Jul 2019 | A1 |
| 20190238506 | Shaw | Aug 2019 | A1 |
| 20190238538 | Shaw | Aug 2019 | A1 |
| 20190238591 | Shaw | Aug 2019 | A1 |
| 20190250898 | Yang | Aug 2019 | A1 |
| 20190253431 | Atanda | Aug 2019 | A1 |
| 20190260785 | Jenkinson | Aug 2019 | A1 |
| 20190260804 | Beck | Aug 2019 | A1 |
| 20190261203 | Raleigh | Aug 2019 | A1 |
| 20190138727 | Dontov et al. | Sep 2019 | A1 |
| 20190281066 | Simons | Sep 2019 | A1 |
| 20190281076 | Watson | Sep 2019 | A1 |
| 20190297097 | Gong | Sep 2019 | A1 |
| 20190306153 | Girdhar | Oct 2019 | A1 |
| 20190306731 | Raghuramu | Oct 2019 | A1 |
| 20190312839 | Grimm | Oct 2019 | A1 |
| 20190312905 | Green | Oct 2019 | A1 |
| 20190318100 | Bhatia | Oct 2019 | A1 |
| 20190318358 | Chamberlain et al. | Oct 2019 | A1 |
| 20190319987 | Levy | Oct 2019 | A1 |
| 20190332767 | Wardman | Oct 2019 | A1 |
| 20190334896 | Pratt | Oct 2019 | A1 |
| 20190334943 | Arvanites | Oct 2019 | A1 |
| 20190347666 | Bermudez-Cisneros | Nov 2019 | A1 |
| 20190349350 | Valites | Nov 2019 | A1 |
| 20190349770 | Andres et al. | Nov 2019 | A1 |
| 20190387021 | Wyatt et al. | Dec 2019 | A1 |
| 20190392173 | Brannon et al. | Dec 2019 | A1 |
| 20190392177 | Brannon et al. | Dec 2019 | A1 |
| 20200004968 | Brannon et al. | Jan 2020 | A1 |
| 20200004985 | Brannon et al. | Jan 2020 | A1 |
| 20200007395 | Fainberg | Jan 2020 | A1 |
| 20200007397 | Fainberg | Jan 2020 | A1 |
| 20200007536 | Piel | Jan 2020 | A1 |
| 20200007570 | Lam | Jan 2020 | A1 |
| 20200012814 | Brannon et al. | Jan 2020 | A1 |
| 20200012978 | Brannon et al. | Jan 2020 | A1 |
| 20200019905 | Shin et al. | Jan 2020 | A1 |
| 20200021591 | Hecht | Jan 2020 | A1 |
| 20200021620 | Purathepparambil | Jan 2020 | A1 |
| 20200042723 | Krishnamoorthy et al. | Feb 2020 | A1 |
| 20200045064 | Bindal et al. | Feb 2020 | A1 |
| 20200045519 | Raleigh | Feb 2020 | A1 |
| 20200053111 | Jakobsson | Feb 2020 | A1 |
| 20200057848 | Hecht | Feb 2020 | A1 |
| 20200067789 | Khuti | Feb 2020 | A1 |
| 20200074059 | Beckett, Jr. | Mar 2020 | A1 |
| 20200076812 | Spurlock | Mar 2020 | A1 |
| 20200076813 | Felice-Steele | Mar 2020 | A1 |
| 20200089848 | Abdelaziz | Mar 2020 | A1 |
| 20200090510 | Nagarajan et al. | Mar 2020 | A1 |
| 20200094092 | Skaaksrud | Mar 2020 | A1 |
| 20200099682 | Alexander | Mar 2020 | A1 |
| 20200104852 | Douglas, Jr. | Apr 2020 | A1 |
| 20200127858 | Stohr et al. | Apr 2020 | A1 |
| 20200128047 | Biswas | Apr 2020 | A1 |
| 20200134165 | Boodaei | Apr 2020 | A1 |
| 20200137067 | Nambiar | Apr 2020 | A1 |
| 20200137097 | Zimmermann et al. | Apr 2020 | A1 |
| 20200145425 | Chauhan | May 2020 | A1 |
| 20200145447 | Coffey | May 2020 | A1 |
| 20200162515 | Dubinsky | May 2020 | A1 |
| 20200169581 | Chalmandrier-Perna | May 2020 | A1 |
| 20200177590 | Levy | Jun 2020 | A1 |
| 20200210622 | Brannon et al. | Jul 2020 | A1 |
| 20200213116 | Fattal | Jul 2020 | A1 |
| 20200213329 | Simons | Jul 2020 | A1 |
| 20200213352 | Fainberg | Jul 2020 | A1 |
| 20200220876 | Suzuki et al. | Jul 2020 | A1 |
| 20200220901 | Barday et al. | Jul 2020 | A1 |
| 20200236114 | Patil | Jul 2020 | A1 |
| 20200242254 | Velur et al. | Jul 2020 | A1 |
| 20200244656 | Manepalli | Jul 2020 | A1 |
| 20200244693 | Ghorbani | Jul 2020 | A1 |
| 20200252422 | Davis | Aug 2020 | A1 |
| 20200264598 | Sheng et al. | Aug 2020 | A1 |
| 20200267146 | Nambiar | Aug 2020 | A1 |
| 20200272717 | Figueredo de Santana et al. | Aug 2020 | A1 |
| 20200280592 | Ithal | Sep 2020 | A1 |
| 20200285770 | Brannon et al. | Sep 2020 | A1 |
| 20200287888 | Moore | Sep 2020 | A1 |
| 20200287920 | Mandrychenko | Sep 2020 | A1 |
| 20200287924 | Zhang | Sep 2020 | A1 |
| 20200296139 | Fainberg | Sep 2020 | A1 |
| 20200304503 | Zerrad et al. | Sep 2020 | A1 |
| 20200322363 | Huang | Oct 2020 | A1 |
| 20200322369 | Raghuramu | Oct 2020 | A1 |
| 20200329072 | Dubois | Oct 2020 | A1 |
| 20200334365 | Buck et al. | Oct 2020 | A1 |
| 20200344602 | Li | Oct 2020 | A1 |
| 20200358804 | Crabtree | Nov 2020 | A1 |
| 20200364242 | Martin | Nov 2020 | A1 |
| 20200364369 | Brannon et al. | Nov 2020 | A1 |
| 20200382547 | Basballe Sorensen | Dec 2020 | A1 |
| 20200404502 | Trivellato | Dec 2020 | A1 |
| 20200404573 | Athlur | Dec 2020 | A1 |
| 20200412728 | Gupta | Dec 2020 | A1 |
| 20200412758 | Trivellato | Dec 2020 | A1 |
| 20200412764 | May | Dec 2020 | A1 |
| 20210004356 | Trim et al. | Jan 2021 | A1 |
| 20210004808 | Goyal et al. | Jan 2021 | A1 |
| 20210004809 | Goyal et al. | Jan 2021 | A1 |
| 20210006542 | Myneni | Jan 2021 | A1 |
| 20210014231 | Durbin | Jan 2021 | A1 |
| 20210014233 | Kuppannan | Jan 2021 | A1 |
| 20210350022 | Brannon et al. | Jan 2021 | A1 |
| 20210035116 | Berrington | Feb 2021 | A1 |
| 20210044611 | Norrie | Feb 2021 | A1 |
| 20210051168 | Mei | Feb 2021 | A1 |
| 20210056477 | Ahire | Feb 2021 | A1 |
| 20210058374 | Smith | Feb 2021 | A1 |
| 20210058395 | Jakobsson | Feb 2021 | A1 |
| 20210135943 | Andrews et al. | Feb 2021 | A1 |
| 20210059616 | Abrol et al. | Mar 2021 | A1 |
| 20210092019 | Fang | Mar 2021 | A1 |
| 20210276270 | Luan et al. | Mar 2021 | A1 |
| 20210110343 | Lagneaux | Apr 2021 | A1 |
| 20210112068 | Harris | Apr 2021 | A1 |
| 20210144149 | Simons | May 2021 | A1 |
| 20210152414 | Busbee | May 2021 | A1 |
| 20210152555 | Djosic | May 2021 | A1 |
| 20210157933 | Turano et al. | May 2021 | A1 |
| 20210168148 | Boodaei | Jun 2021 | A1 |
| 20210173907 | Keith, Jr. | Jun 2021 | A1 |
| 20210173915 | Keith, Jr. | Jun 2021 | A1 |
| 20210174333 | Keith, Jr. | Jun 2021 | A1 |
| 20210176066 | Keith, Jr. | Jun 2021 | A1 |
| 20210176218 | Keith, Jr. | Jun 2021 | A1 |
| 20210176235 | Keith, Jr. | Jun 2021 | A1 |
| 20210176260 | Pan | Jun 2021 | A1 |
| 20210182863 | Doraiswamy et al. | Jun 2021 | A1 |
| 20210194883 | Badhwar | Jun 2021 | A1 |
| 20210195022 | Sarwar | Jun 2021 | A1 |
| 20210197720 | Houston et al. | Jul 2021 | A1 |
| 20210203673 | dos Santos | Jul 2021 | A1 |
| 20210211349 | Grant et al. | Jul 2021 | A1 |
| 20210218571 | Ansari | Jul 2021 | A1 |
| 20210224799 | Ongpin | Jul 2021 | A1 |
| 20210232687 | Sasaki et al. | Jul 2021 | A1 |
| 20210233654 | Arthur et al. | Jul 2021 | A1 |
| 20210240838 | Sasaki et al. | Aug 2021 | A1 |
| 20210241871 | Burnett et al. | Aug 2021 | A1 |
| 20210258329 | Clayton | Aug 2021 | A1 |
| 20210266294 | Chechik | Aug 2021 | A1 |
| 20210266310 | Moore | Aug 2021 | A1 |
| 20210271770 | Keene | Sep 2021 | A1 |
| 20210273951 | Wang | Sep 2021 | A1 |
| 20210273957 | Boyer | Sep 2021 | A1 |
| 20210273961 | Humphrey | Sep 2021 | A1 |
| 20210280027 | Wen et al. | Sep 2021 | A1 |
| 20210286899 | Schroeder | Sep 2021 | A1 |
| 20210288981 | Numainville | Sep 2021 | A1 |
| 20210297258 | Keith, Jr. | Sep 2021 | A1 |
| 20210297447 | Crabtree | Sep 2021 | A1 |
| 20210297448 | Keith, Jr. | Sep 2021 | A1 |
| 20210297455 | Keith, Jr. | Sep 2021 | A1 |
| 20210200902 | Brannon et al. | Oct 2021 | A1 |
| 20210312441 | Dawson, V | Oct 2021 | A1 |
| 20210344726 | Sharifi Mehr | Nov 2021 | A1 |
| 20210352064 | Tsarfati | Nov 2021 | A1 |
| 20210358251 | MacLean | Nov 2021 | A1 |
| 20210360027 | Boyer | Nov 2021 | A1 |
| 20210377212 | Holtmanns | Dec 2021 | A1 |
| 20210385069 | Reid et al. | Dec 2021 | A1 |
| 20210392135 | Rao | Dec 2021 | A1 |
| 20210392500 | Pollington | Dec 2021 | A1 |
| 20210397903 | Raj et al. | Dec 2021 | A1 |
| 20210406255 | Raghuramu | Dec 2021 | A1 |
| 20210406398 | Brannon et al. | Dec 2021 | A1 |
| 20210406720 | Song | Dec 2021 | A1 |
| 20210409411 | Chen Kaidi | Dec 2021 | A1 |
| 20210409939 | Baskaran | Dec 2021 | A1 |
| 20220006651 | Soundararajan | Jan 2022 | A1 |
| 20220006842 | Wadhwa | Jan 2022 | A1 |
| 20220014512 | Raleigh | Jan 2022 | A1 |
| 20220014554 | Vasu | Jan 2022 | A1 |
| 20220014560 | Crabtree | Jan 2022 | A1 |
| 20220014561 | Caceres | Jan 2022 | A1 |
| 20220027921 | Handelman | Jan 2022 | A1 |
| 20220030023 | Soman | Jan 2022 | A1 |
| 20220030382 | Klasson | Jan 2022 | A1 |
| 20220035952 | Brannon et al. | Feb 2022 | A1 |
| 20220051802 | Fong et al. | Feb 2022 | A1 |
| 20220067743 | Wong | Mar 2022 | A1 |
| 20220068480 | Manzi | Mar 2022 | A1 |
| 20220070201 | Almaz | Mar 2022 | A1 |
| 20220070222 | Rao | Mar 2022 | A1 |
| 20220070673 | Shaw | Mar 2022 | A1 |
| 20220078209 | V | Mar 2022 | A1 |
| 20220103588 | Shaw | Mar 2022 | A1 |
| 20220108318 | Ramasamy et al. | Apr 2022 | A1 |
| 20220108701 | Gupta et al. | Apr 2022 | A1 |
| 20220109701 | Zeng | Apr 2022 | A1 |
| 20220121777 | Brannon et al. | Apr 2022 | A1 |
| 20220141188 | Apger | May 2022 | A1 |
| 20220157141 | Hasan et al. | May 2022 | A1 |
| 20220157147 | Hasan et al. | May 2022 | A1 |
| 20220171856 | Bhatt et al. | Jun 2022 | A1 |
| 20220180406 | Palty | Jun 2022 | A1 |
| 20220182379 | Budman et al. | Jun 2022 | A1 |
| 20220182397 | Romero Zambrano | Jun 2022 | A1 |
| 20220210173 | Katmor | Jun 2022 | A1 |
| 20220210656 | Shaw | Jun 2022 | A1 |
| 20220222089 | Joshi | Jul 2022 | A1 |
| 20220225093 | Sasi | Jul 2022 | A1 |
| 20220232020 | Kandachar Sridhara Rao | Jul 2022 | A1 |
| 20220239689 | Kaidi | Jul 2022 | A1 |
| 20220272117 | Maheve | Aug 2022 | A1 |
| 20220275966 | Schoch et al. | Sep 2022 | A1 |
| 20220277103 | Brannon et al. | Sep 2022 | A1 |
| 20220286476 | Carroll | Sep 2022 | A1 |
| 20220292343 | Manuel-Devadoss | Sep 2022 | A1 |
| 20220303116 | Manuel-Devadoss | Sep 2022 | A1 |
| 20220303289 | Townsend et al. | Sep 2022 | A1 |
| 20220321596 | Weizman | Oct 2022 | A1 |
| 20220329612 | Verma et al. | Oct 2022 | A1 |
| 20220360560 | Velugu | Nov 2022 | A1 |
| 20220368686 | Bhala | Nov 2022 | A1 |
| 20220368699 | Thomson | Nov 2022 | A1 |
| 20220385656 | Gujarathi | Dec 2022 | A1 |
| 20220385681 | Argoety | Dec 2022 | A1 |
| 20220395236 | Buddi et al. | Dec 2022 | A1 |
| 20220400118 | Jiang | Dec 2022 | A1 |
| 20220400965 | Schneider et al. | Dec 2022 | A1 |
| 20220407893 | Maiman et al. | Dec 2022 | A1 |
| 20220414662 | Cao et al. | Dec 2022 | A1 |
| 20220414665 | Gelda et al. | Dec 2022 | A1 |
| 20230199063 | Tartan | Jun 2023 | A1 |
| 20240015175 | Hakala | Jan 2024 | A1 |
| Number | Date | Country |
|---|---|---|
| 2007068992 | Jun 2007 | WO |
| Entry |
|---|
| Prisha et al “Identity Risk Analysis in Mobile Commerce: A Novel Approach,” IEEE, pp. 185-190 (Year: 2018). |
| Paintsil et al “Towards Automation of Privacy and Security Risks Analysis in Identity Management Systems,” 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE Computer Society, pp. 720-727 (Year: 2013). |
| Paintsil et al “Evaluation of Privacy and Security Risks Analysis Construct for Identity Management Systems,” IEEE Systems Journal, vol. 7, No. 2, pp. 189-198 (Year: 2013). |
| Taylor et al “Network-based Classification of Authentication Attempts using Machine Learning,” 2019 International Conference on Computing, Networking and Communications (ICNC): Machine Learning for Communication and Networking, p. 669-673 (Year: 2019). |
| Misbahuddin et al “Design of a Risk Based Authentication System using Machine Learning Techniques,” IEEE, pp. 1-6 (Year: 2017). |
| Shultz et al “A Passive Network Appliance for Real Time Network Monitoring,” 2011 Seventh ACM/IEEE Symposium for Networking and Communications Systems, IEEE Computer Society, pp. 239-249 (Year: 2011). |
| Vaarandi et al “Detecting Anomalous Network Traffic in Organizational Private Networks,” 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 285-292 (Year: 2019). |
| Seify et al “A Methodology for Mobile Network Security Risk Management,” 2009 Sixth International Conference on Information Technology: New Generations, IEEE Computer Society, pp. 1572-1573 (Year: 2009). |
| Liao et al “Research on Real-Time Network Security Risk Assessment and Forecast,” 2010 International Conference on Intelligent Computation Technology and Automation, IEEE Computer Society, pp. 84-87 (Year: 2010). |
| Bazaz et al “Comparative Study of Risk Assessment Models Corresponding to Risk Elements,” IEEE International Conference on Advances in Engineering, Science, and Management, IEEE pp. 61-66 (Year: 2012). |
| Kinder et al “A Model Based Approach to System of Systems Risk Management,” 2015 10th System of Systems Engineering Conference, IEEE, pp. 122-127 (Year: 2015). |
| Mokhor et al “Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects,” IEEE International Conference on Problems of Infocommunications, Science and Technology, IEEE, pp. 19-22, (Year: 2020). |
| Gkroumas et al., “Cross Network Behavioral Clustering for Managed Security Service Providers” 14th International Conference on Network and Service Management (CNSM 2018), pp. 37-44 (Year: 2018). |
| Misbahuddin et al., “Design of a Risk Based Authentication System using Machine Learning Techniques” 2017, IEEE, pp. 1-6) (Year: 2017). |
| Khodabacchus et al., “Risk Score Calculation for Cloud Biometric Authentication,” 2016 IEEE International Conference on Emerging Technologies and Innovative Business Practices for the Transformation of Societies (EmergiTech), pp. 1-4 (Year: 2016). |
| Crandall “Risk Assessments: A Weighted Score Approach to Improving Risk Management Decisions,” 2020 Intermountain Engineering, Technology and Computing (IETC), pp. 1-5, (Year: 2020). |
| Anikin “Information Security Risk Assessment and Management Method in Computer Networks,” 2015 International Siberian Conference on Control and Communications (SIBCON), pp. 1-5 (Year: 2015). |
| Rezvani et al., “Iterative Security Risk Analysis for Network Flows Based on Provenance and Interdependency,” 2013 IEEE International Conference on Distributed Computing in Sensor Systems, pp. 286-288 (Year: 2013). |
| Number | Date | Country | |
|---|---|---|---|
| 20240179189 A1 | May 2024 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 17352054 | Jun 2021 | US |
| Child | 18381561 | US |
