Patents by Inventor John Edward Tyrone Shaw
John Edward Tyrone Shaw has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11741222Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: December 15, 2020Date of Patent: August 29, 2023Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20220286481Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: ApplicationFiled: April 15, 2022Publication date: September 8, 2022Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11310275Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: GrantFiled: January 31, 2018Date of Patent: April 19, 2022Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11134056Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: September 28, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11095609Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: August 17, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 11019056Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: May 25, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Patent number: 10986092Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: GrantFiled: January 31, 2018Date of Patent: April 20, 2021Assignee: Sophos LimitedInventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20210097171Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: ApplicationFiled: December 15, 2020Publication date: April 1, 2021Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 10896254Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, for example, in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: GrantFiled: June 29, 2016Date of Patent: January 19, 2021Assignee: Sophos LimitedInventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Patent number: 10691824Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: GrantFiled: January 15, 2019Date of Patent: June 23, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 10657277Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: GrantFiled: November 20, 2017Date of Patent: May 19, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 10650154Abstract: Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. If the remediation is successful, access by the process to the plurality of files may be restored.Type: GrantFiled: February 12, 2016Date of Patent: May 12, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Patent number: 10558800Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: GrantFiled: May 3, 2018Date of Patent: February 11, 2020Assignee: Sophos LimitedInventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
-
Publication number: 20190238591Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190238506Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190238538Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
-
Publication number: 20190228172Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.Type: ApplicationFiled: January 15, 2019Publication date: July 25, 2019Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
-
Publication number: 20190213325Abstract: Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, e.g., in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.Type: ApplicationFiled: June 29, 2016Publication date: July 11, 2019Inventors: Ross McKerchar, John Edward Tyrone Shaw, Andrew J. Thomas, Russell Humphries, Kenneth D. Ray, Daniel Salvatore Schiappa
-
Publication number: 20190123904Abstract: Security is improved by adding a security heartbeat for and endpoint as a factor in a multi-factor authentication system. The security heartbeat may be used directly as an authentication factor, e.g., where the heartbeat provides a reliable and verifiable indication of identity, or the security heartbeat may be used as a gating input for some other verification method, e.g., where a text message with a temporary security code can only be transmitted to a user when the user's endpoint is providing a secure heartbeat.Type: ApplicationFiled: December 18, 2018Publication date: April 25, 2019Inventors: Karl Ackerman, John Edward Tyrone Shaw, Craig Paradis, Andrew J. Thomas, Kenneth D. Ray
-
Publication number: 20180276378Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.Type: ApplicationFiled: May 3, 2018Publication date: September 27, 2018Inventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry