Patents by Inventor Jon Oberheide

Jon Oberheide has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20180183828
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Application
    Filed: February 20, 2018
    Publication date: June 28, 2018
    Inventor: Jon Oberheide
  • Patent number: 10009344
    Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: June 26, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Adam Goodman, Michael Hanley, Peter Johnson, Omar Abduljaber, James Barclay
  • Publication number: 20180176205
    Abstract: A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
    Type: Application
    Filed: February 14, 2018
    Publication date: June 21, 2018
    Inventors: Jon Oberheide, Dug Song
  • Publication number: 20180173881
    Abstract: An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.
    Type: Application
    Filed: February 14, 2018
    Publication date: June 21, 2018
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9996343
    Abstract: A system and method that include collecting device version profiles from a plurality of device sources; classifying the device version profiles into a device profile repository; receiving a component version query request; querying the device profile repository according to the version query request; and responding to the query request with results of the query.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: June 12, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9998282
    Abstract: A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: June 12, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9992194
    Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: June 5, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song, Adam Goodman
  • Patent number: 9979719
    Abstract: A method comprising includes detecting, in response to a user access attempt on an electronic access device, a one-time passcode authentication event; receiving, at an electronic authenticating device, notification of the one-time passcode authentication event; retrieving, in response to the notification, a one-time passcode from the authenticating device; transmitting the one-time passcode from the authenticating device to a facilitator software instance operating on the access device; and enabling population, using the facilitator software instance, of a one-time passcode entry form with the one-time passcode.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: May 22, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Adam Goodman, Chris Czub, Patrick Garrity
  • Patent number: 9961101
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: May 1, 2018
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 9942048
    Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: April 10, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 9935970
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: April 3, 2018
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 9930060
    Abstract: An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: March 27, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9930025
    Abstract: A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: March 27, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song
  • Publication number: 20180063190
    Abstract: Systems and methods for hindering cyber-attacks include: modifying a target website of a remote service provider, wherein modifying the target website includes: reconfiguring a structure of the target website to include a tattler, wherein when the tattler is executed at a non-authorized copy of the target website, the tattler is configured to transmit to a cyber-attack mitigation platform tattler data associated with the non-authorized copy of the target website; receiving the tattler data, wherein the tattler data includes website monitoring data, wherein the website monitoring data comprises a URL of the non-authorized copy of the target website; using the website monitoring data to evaluate the non-authorized copy of the target website, wherein the evaluating includes identifying whether the non-authorized copy of the target website comprises an attack website; and implementing one or more attack mitigation protocols when the non-authorized copy of the target website comprises the attack website.
    Type: Application
    Filed: August 22, 2017
    Publication date: March 1, 2018
    Inventors: Jordan Wright, Jon Oberheide
  • Publication number: 20180046796
    Abstract: A system and method includes at an authentication platform that is implemented via one or more computing servers: identifying compromised credential data, wherein compromised credential data comprise compromised credentials for one or more compromised accounts that have been exposed to a malicious actor via an illegitimate method, the compromised credentials including credentials that are useable for authentication to or for accessing the one or more compromised accounts; testing the compromised credentials, wherein testing compromised credentials includes using the compromised credentials to determine a useablility of the compromised credentials to attack one or more different accounts from the one or more compromised accounts; and modifying account access associated with one or more of (i) the one or more compromised accounts and (ii) the one or more different accounts.
    Type: Application
    Filed: July 26, 2017
    Publication date: February 15, 2018
    Inventors: Jordan Wright, Jon Oberheide
  • Publication number: 20180027413
    Abstract: Systems and methods are provided that include: accessing implicit authentication data from a possession factor associated with an authorized user; at the possession factor or at an authentication platform: generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user; identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction; and implementing the authentication requirement for the transaction
    Type: Application
    Filed: September 18, 2017
    Publication date: January 25, 2018
    Inventors: Michael Hanley, Jon Oberheide
  • Publication number: 20180026796
    Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
    Type: Application
    Filed: September 26, 2017
    Publication date: January 25, 2018
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Publication number: 20180027013
    Abstract: Systems and methods for mitigating cyber intrusions includes: receiving target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate phishing attack domain names; using the target domain name input to generate the phishing attack domain names, wherein the phishing attack domain names include a plurality of domain names each having a phishing value comprising a likelihood or a probability of being used in a phishing campaign against the digital resources, where the likelihood or the probability satisfies a predetermined phishing value threshold; arranging the phishing attack domain names in a hierarchical order; and implementing one or more digital resources security protocols that mitigates the likelihood or the probability that selected domain names of the phishing attack domain names may be used in the phishing campaign against the digital resources.
    Type: Application
    Filed: July 12, 2017
    Publication date: January 25, 2018
    Inventors: Jordan Wright, Jon Oberheide
  • Publication number: 20180006812
    Abstract: A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.
    Type: Application
    Filed: August 29, 2017
    Publication date: January 4, 2018
    Inventors: Jon Oberheide, Douglas Song
  • Publication number: 20180007025
    Abstract: A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
    Type: Application
    Filed: August 24, 2017
    Publication date: January 4, 2018
    Inventors: Jon Oberheide, Adam Goodman