Patents by Inventor Peter A. Thayer
Peter A. Thayer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11916934Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.Type: GrantFiled: May 16, 2022Date of Patent: February 27, 2024Assignee: MUSARUBRA US LLCInventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Publication number: 20220353280Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.Type: ApplicationFiled: May 16, 2022Publication date: November 3, 2022Inventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Patent number: 11336665Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.Type: GrantFiled: September 30, 2019Date of Patent: May 17, 2022Assignee: Musarubra US LLCInventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Patent number: 11290489Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.Type: GrantFiled: March 7, 2019Date of Patent: March 29, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Yalan Xing, Joseph Carl Nelson Blackbird, Francis Allan Tan Seng, Prachi Rathee, Peter Thayer
-
Patent number: 11196759Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.Type: GrantFiled: June 26, 2019Date of Patent: December 7, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Peter A. Thayer, Jagannathan Deepak Manohar, Jason Matthew Conradt, Karthik Selvaraj, Donald J. Ankney
-
Publication number: 20200412751Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.Type: ApplicationFiled: June 26, 2019Publication date: December 31, 2020Inventors: Peter A. THAYER, Jagannathan Deepak MANOHAR, Jason Matthew CONRADT, Karthik SELVARAJ, Donald J. ANKNEY
-
Publication number: 20200287938Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.Type: ApplicationFiled: March 7, 2019Publication date: September 10, 2020Inventors: Yalan XING, Joseph Carl Nelson BLACKBIRD, Francis Allan TAN SENG, Prachi RATHEE, Peter THAYER
-
Publication number: 20200106786Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.Type: ApplicationFiled: September 30, 2019Publication date: April 2, 2020Inventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Publication number: 20200028871Abstract: Features of the present disclosure solve the above-identified problem by implementing user and entity behavior analytics (UEBA) system to group one or more computer machines into different clusters based on monitored behavior of the one or more computer machines. Specifically, a network device (e.g., administrator computer system) may monitor the activity of the one or more computer machines for a predetermined time period in order to identify the applications that the computer machines utilize. Based on the clustering and the identifying, the network device may automatically apply different access control policies for different clusters of machines and review those access control policies against future behavior periodically. By clustering machines based on usage behavior patterns and automatically recommending a rule set for deployment, the UEBA system may reduce potential points of failure for cybersecurity breaches.Type: ApplicationFiled: April 17, 2018Publication date: January 23, 2020Inventors: Peter THAYER, Deepak Jagannathan MANOHAR, Kambiz KOULADJIE, Joseph Carl Nelson BLACKBIRD, Prachi RATHEE
-
Patent number: 10440037Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.Type: GrantFiled: March 31, 2017Date of Patent: October 8, 2019Assignee: McAfee, LLCInventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Publication number: 20180288074Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Peter Thayer, Gabriel G. Infante-Lopez, Leandro J. Ferrado, Alejandro Houspanossian
-
Patent number: 7802729Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.Type: GrantFiled: June 24, 2008Date of Patent: September 28, 2010Assignee: Xata CorporationInventor: Peter A. Thayer
-
Patent number: 7784707Abstract: In an embodiment, the invention is directed to a device including an environmental condition sensor, a light sensor; and a control module. The control module associates a light intensity above a defined threshold with an open-door status of a container. In another embodiment, a device includes an environmental condition sensor, a rewriteable memory that stores environmental condition data from the environmental condition sensor, and a wireless communication module that transmits stored environmental condition data. Embodiments of the invention may be useful to provide techniques for monitoring environmental conditions within a container, such as a refrigerated trailer.Type: GrantFiled: May 18, 2006Date of Patent: August 31, 2010Assignee: Xata CorporationInventors: Eric J. Witty, Peter A. Thayer, Brett A. Landrum, Dennis A. Quy
-
Publication number: 20080251588Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.Type: ApplicationFiled: June 24, 2008Publication date: October 16, 2008Inventor: Peter A. Thayer
-
Patent number: 7401741Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.Type: GrantFiled: May 18, 2006Date of Patent: July 22, 2008Assignee: Xata CorporationInventor: Peter A. Thayer
-
Publication number: 20070267509Abstract: In an embodiment, the invention is directed to a device comprising an environmental condition sensor, a light sensor; and a control module, wherein the control module associates a light intensity above a defined threshold with an open-door status of a container. In another embodiment, a device comprises an environmental condition sensor, a rewriteable memory that stores environmental condition data from the environmental condition sensor, and a wireless communication module that transmits stored environmental condition data. Embodiments of the invention may be useful to provide techniques for monitoring environmental conditions within a container, such as a refrigerated trailer.Type: ApplicationFiled: May 18, 2006Publication date: November 22, 2007Applicant: Xata CorporationInventors: Eric J. Witty, Peter A. Thayer, Brett A. Landrum, Dennis A. Quy
-
Publication number: 20070267473Abstract: A portable data storage module comprises a control module, a wireless communication module, a rewriteable memory and a data transfer button. When the data transfer button is actuated, the portable data storage module wakes from a sleep mode and the control module initiates a data transfer via the wireless communication module with a device. After the data transfer, the portable data storage module reenters the sleep mode. The portable data storage module may be configured to transfer data, such as a trip plan, between a network host and an in-cab driver communication module. The portable data storage module may also store and maintain additional data, such as a driver log.Type: ApplicationFiled: May 18, 2006Publication date: November 22, 2007Applicant: Xata CorporationInventor: Peter A. Thayer
-
Publication number: 20070086482Abstract: A system and method for managing wireless vehicular communications include a system and method for vehicle protocol conversion. The system and method for vehicle protocol conversion have the ability to receive messages through a vehicle bus connector according to a vehicle bus protocol, analyze the messages to determine whether they should be transmitted, and transmit the messages over a wireless link if they should be transmitted.Type: ApplicationFiled: October 17, 2006Publication date: April 19, 2007Applicant: ELECTRONIC DATA SYSTEMS CORPORATIONInventors: Brian Pruzan, Peter Thayer, Steven Enyart, Paul Phillips, Leonid Shlayen, Timothy Hans
-
Patent number: 7158764Abstract: A system and method for sending high fidelity sound between wireless units include the capability to receive audible sounds at a wireless unit and generate signals that represent the audible sounds. The system and method also include the capability to encode a first portion of the signals and encode a second portion of the signals. The system and method further include the capability to transmit the first encoded portion over a first synchronous channel and transmit the second encoded portion over a second synchronous channel.Type: GrantFiled: December 13, 2001Date of Patent: January 2, 2007Assignee: Electronic Data Systems CorporationInventors: Peter A. Thayer, Dale J. Horan, Leonid Shlayen
-
Patent number: 7149206Abstract: A system and method for managing wireless vehicular communications include a system and method for vehicle protocol conversion. The system and method for vehicle protocol conversion have the ability to receive messages through a vehicle bus connector according to a vehicle bus protocol, analyze the messages to determine whether they should be transmitted, and transmit the messages over a wireless link if they should be transmitted.Type: GrantFiled: February 8, 2002Date of Patent: December 12, 2006Assignee: Electronic Data Systems CorporationInventors: Brian M. Pruzan, Peter A. Thayer, Steven J. Enyart, Paul S. Phillips, Leonid Shlayen, Timothy A. Hans