Patents by Inventor Jon Oberheide

Jon Oberheide has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10708776
    Abstract: Systems and methods are provided that include: accessing implicit authentication data from a possession factor associated with an authorized user; at the possession factor or at an authentication platform: generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user; identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction; and implementing the authentication requirement for the transaction.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: July 7, 2020
    Inventors: Michael Hanley, Jon Oberheide
  • Publication number: 20200204550
    Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
    Type: Application
    Filed: January 14, 2020
    Publication date: June 25, 2020
    Inventors: Jon Oberheide, Adam Goodman, Michael Hanley, Peter Johnson, Omar Abduljaber, James Barclay
  • Publication number: 20200186520
    Abstract: A system and method of implementing an API of an authentication service includes implementing a confirmation API, wherein the implementing includes: initiating a confirmation API request based on receiving an access request, wherein the confirmation API request operates to perform an authentication of a requestor making the access request; identifying the requestor based on a search of the requestor via the confirmation API; identifying, by one or more API endpoints of the remote authentication service: (i) a subscriber account of the subscriber maintained by the remote authentication service and (ii) identifying a user device of the requestor that is enrolled with the subscriber account based on the confirmation API request; transmitting a confirmation request to the user device; obtaining from the user device a response to the confirmation request and presenting the response to the confirmation request to the subscriber; and granting or denying the access request.
    Type: Application
    Filed: October 29, 2019
    Publication date: June 11, 2020
    Inventors: Jon Oberheide, Adam Goodman, Rich Smith, Chris Czub
  • Patent number: 10594677
    Abstract: A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: March 17, 2020
    Inventors: Jon Oberheide, Dug Song
  • Patent number: 10594692
    Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: March 17, 2020
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Adam Goodman, Michael Hanley, Peter Johnson, Omar Abduljaber, James Barclay
  • Publication number: 20200067968
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Application
    Filed: November 4, 2019
    Publication date: February 27, 2020
    Inventor: Jon Oberheide
  • Publication number: 20200067979
    Abstract: Systems and methods for hindering cyber-attacks include: modifying a target website of a remote service provider, wherein modifying the target website includes: reconfiguring a structure of the target website to include a tattler, wherein when the tattler is executed at a non-authorized copy of the target website, the tattler is configured to transmit to a cyber-attack mitigation platform tattler data associated with the non-authorized copy of the target website; receiving the tattler data, wherein the tattler data includes website monitoring data, wherein the website monitoring data comprises a URL of the non-authorized copy of the target website; using the website monitoring data to evaluate the non-authorized copy of the target website, wherein the evaluating includes identifying whether the non-authorized copy of the target website comprises an attack website; and implementing one or more attack mitigation protocols when the non-authorized copy of the target website comprises the attack website.
    Type: Application
    Filed: October 31, 2019
    Publication date: February 27, 2020
    Inventors: Jordan Wright, Jon Oberheide
  • Patent number: 10558797
    Abstract: A system and method includes at an authentication platform that is implemented via one or more computing servers: identifying compromised credential data, wherein compromised credential data comprise compromised credentials for one or more compromised accounts that have been exposed to a malicious actor via an illegitimate method, the compromised credentials including credentials that are useable for authentication to or for accessing the one or more compromised accounts; testing the compromised credentials, wherein testing compromised credentials includes using the compromised credentials to determine a useablility of the compromised credentials to attack one or more different accounts from the one or more compromised accounts; and modifying account access associated with one or more of (i) the one or more compromised accounts and (ii) the one or more different accounts.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: February 11, 2020
    Inventors: Jordan Wright, Jon Oberheide
  • Patent number: 10542030
    Abstract: An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: January 21, 2020
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Publication number: 20200005300
    Abstract: A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
    Type: Application
    Filed: September 12, 2019
    Publication date: January 2, 2020
    Inventors: Jon Oberheide, Omar Abduljaber, Boyang Zhu
  • Patent number: 10505968
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: December 10, 2019
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 10498761
    Abstract: Systems and methods for hindering cyber-attacks include: modifying a target website of a remote service provider, wherein modifying the target website includes: reconfiguring a structure of the target website to include a tattler, wherein when the tattler is executed at a non-authorized copy of the target website, the tattler is configured to transmit to a cyber-attack mitigation platform tattler data associated with the non-authorized copy of the target website; receiving the tattler data, wherein the tattler data includes website monitoring data, wherein the website monitoring data comprises a URL of the non-authorized copy of the target website; using the website monitoring data to evaluate the non-authorized copy of the target website, wherein the evaluating includes identifying whether the non-authorized copy of the target website comprises an attack website; and implementing one or more attack mitigation protocols when the non-authorized copy of the target website comprises the attack website.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: December 3, 2019
    Inventors: Jordan Wright, Jon Oberheide
  • Patent number: 10445732
    Abstract: A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: October 15, 2019
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Omar Abduljaber, Boyang Zhu
  • Patent number: 10440016
    Abstract: A method for multi-factor authentication with a first client includes receiving a request associated with the first client, initiating an authentication transaction, generating a digital fingerprint based on a set of client properties collected in association with the first client, identifying a second client from data associated with the authentication transaction, analyzing a digital fingerprint based on a set of stored digital fingerprints; generating a concern metric based on the analysis; and notifying an entity that the login request may have originated from an unauthorized source.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: October 8, 2019
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 10412113
    Abstract: A system and method that enables the configuration of computer security of a subject entity at a computer security platform includes collecting a corpus of security data relating to one or more security configurations of the network maintained by the subject entity, analyzing the corpus of security data to determine one or more vulnerability factors and one or more security behaviors relating to the subject entity, generating a security assessment for the subject entity based on the analysis of the corpus of security data, generating a computer security policy for the security environment based on the security assessment, and providing, to the subject entity, a security policy recommendation incorporating at least a subset of the generated computer security policy.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: September 10, 2019
    Assignee: Duo Security, Inc.
    Inventors: Michael Hanley, Olabode Anise, Kyle Lady, Jon Oberheide
  • Patent number: 10348756
    Abstract: A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: July 9, 2019
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Publication number: 20190182287
    Abstract: A system and method that enables the configuration of computer security of a subject entity at a computer security platform includes collecting a corpus of security data relating to one or more security configurations of the network maintained by the subject entity, analyzing the corpus of security data to determine one or more vulnerability factors and one or more security behaviors relating to the subject entity, generating a security assessment for the subject entity based on the analysis of the corpus of security data, generating a computer security policy for the security environment based on the security assessment, and providing, to the subject entity, a security policy recommendation incorporating at least a subset of the generated computer security policy.
    Type: Application
    Filed: December 10, 2018
    Publication date: June 13, 2019
    Inventors: Michael Hanley, Olabode Anise, Kyle Lady, Jon Oberheide
  • Publication number: 20190116182
    Abstract: A system and method that include receiving a service provider identity request through a protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; determining a proxy identity assertion based on the identity assertion; and transmitting the proxy identity assertion to the service provider.
    Type: Application
    Filed: December 20, 2018
    Publication date: April 18, 2019
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 10248782
    Abstract: A method and system includes: receiving an access request for a protected web application server by the requesting browser application; returning a web page embedded with code that initiates a browser testing session between the requesting web browser and a remote access control server; generating a browser identity inspector based on a selection of two or more predetermined browser identity tests; executing the browser identity inspector to collect runtime environment data of the requesting web browser based on an execution of the selected two or more predetermined browser identity tests at the requesting web browser; compiling the collected runtime environment data into a browser digital fingerprint of the requesting web browser; using the browser digital fingerprint to: identify a browser version and type of the requesting web browser; calculating a browser identity confidence score that indicates a likelihood or a probability that the identified browser version and type is accurate.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: April 2, 2019
    Assignee: Duo Security, Inc.
    Inventors: Mujtaba Hussain, Jon Oberheide, Jonathan Hurshman
  • Patent number: 10248414
    Abstract: A system and method that include collecting device version profiles from a plurality of device sources; classifying the device version profiles into a device profile repository; receiving a component version query request; querying the device profile repository according to the version query request; and responding to the query request with results of the query.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: April 2, 2019
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song