Patents by Inventor Andrey Kolishchak
Andrey Kolishchak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210173919Abstract: Systems and methods are disclosed herein for determining one or more rights for processing of authorization procedures by an authorization system using a computing device. The computing device can create a copy of the one or more rights. The computing device can modify the one or more rights to generate one or more customized rights for processing of the authorization procedures. The computing device can receive a call to perform a particular operation associated with a particular file. The computing device can determine a property associated with the particular file. The computing device can determine whether to authorize the call to perform the particular operation based on the one or more customized rights and the property.Type: ApplicationFiled: February 12, 2021Publication date: June 10, 2021Inventor: Andrey KOLISHCHAK
-
Patent number: 10977361Abstract: Systems and methods for controlling privileged operations. The system and method may comprise the steps of: providing a kernel module having a kernel authorization subsystem, the kernel module being loadable to a client computer system and configured to intercept file operations, wherein the kernel authorization subsystem may manage authorization of the one or more file operations; registering a listener for the kernel authorization subsystem; monitoring the file operations for a file access, and calling the registered listener by the kernel authorization subsystem when the kernel authorization subsystem detects the file access; calling a privileged daemon by the kernel module, when identifying the file access; and checking a policy, by the privileged daemon, and determining, based on the policy, whether at least one applied rule is applicable. If the at least one applied rule is applicable, the privileged daemon may initialize a launcher module, which may launch the target application.Type: GrantFiled: May 16, 2017Date of Patent: April 13, 2021Inventor: Andrey Kolishchak
-
Publication number: 20180336360Abstract: Systems and methods for controlling privileged operations. The system and method may comprise the steps of: providing a kernel module having a kernel authorization subsystem, the kernel module being loadable to a client computer system and configured to intercept file operations, wherein the kernel authorization subsystem may manage authorization of the one or more file operations; registering a listener for the kernel authorization subsystem; monitoring the file operations for a file access, and calling the registered listener by the kernel authorization subsystem when the kernel authorization subsystem detects the file access; calling a privileged daemon by the kernel module, when identifying the file access; and checking a policy, by the privileged daemon, and determining, based on the policy, whether at least one applied rule is applicable. If the at least one applied rule is applicable, the privileged daemon may initialize a launcher module, which may launch the target application.Type: ApplicationFiled: May 16, 2017Publication date: November 22, 2018Inventor: Andrey Kolishchak
-
Patent number: 9594898Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: GrantFiled: October 23, 2014Date of Patent: March 14, 2017Assignee: BeyondTrust Software, Inc.Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Patent number: 9558343Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: GrantFiled: September 30, 2014Date of Patent: January 31, 2017Assignee: BeyondTrust Software, Inc.Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Publication number: 20150074828Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: ApplicationFiled: September 30, 2014Publication date: March 12, 2015Applicant: BeyondTrust Software, Inc.Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Publication number: 20150047025Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: ApplicationFiled: October 23, 2014Publication date: February 12, 2015Applicant: BEYONDTRUST SOFTWARE, INC.Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Patent number: 8850549Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: GrantFiled: May 3, 2010Date of Patent: September 30, 2014Assignee: BeyondTrust Software, Inc.Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Publication number: 20120210388Abstract: Various embodiments provide systems and methods for preventing or detecting data leakage. For example, systems and methods may prevent or detect data leakage by profiling the behavior of computer users, computer programs, or computer systems. Systems and methods may use a behavior model in monitoring or verifying computer activity executed by a particular computer user, group of computer users, computer program, group of computer programs, computer system, or group of computer systems, and detect or prevent the computer activity when such computer activity deviates from standard behavior. Depending on the embodiment, standard behavior may be established on past computer activity executed by the computer user, or past computer activity executed by a group of computer users.Type: ApplicationFiled: February 10, 2012Publication date: August 16, 2012Inventor: Andrey KOLISHCHAK
-
Publication number: 20110030045Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a token of a process. The rule may include an application-criterion set and changes to be made to the groups and/or privileges of the token. The rule may be set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers or users. When a GPO containing a rule is applied to a computer, a driver installed on the computer may access the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule, the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: ApplicationFiled: May 3, 2010Publication date: February 3, 2011Inventors: Peter David Beauregard, Andrey Kolishchak, Shannon E. Jennings, Robert F. Hogan
-
Patent number: 7849514Abstract: A system and method for securing data on a mass storage device. A centralized device permission store contains device identifiers for the mass storage devices to be secured along with keys of a symmetric cipher that have been encrypted with public keys or pass phrases of authorized users of the devices. A list of these users also contained in the store. A helper module provides the private key or pass phrase, for imported keys, needed to decrypt the key of the symmetric cipher, which is used to encrypt and decrypt blocks of data stored on the mass storage device. When a read request is made, a protection module intercepts the request, obtains the block from the mass storage device and decrypts the block. When a write request is made, the protection module intercepts the request, encrypts the block and has it stored on the mass storage device.Type: GrantFiled: April 22, 2005Date of Patent: December 7, 2010Assignee: Lumension Security, Inc.Inventors: Viacheslav Usov, Andrey Kolishchak
-
Publication number: 20050246778Abstract: A system and method for securing data on a mass storage device. A centralized device permission store contains device identifiers for the mass storage devices to be secured along with keys of a symmetric cipher that have been encrypted with public keys or pass phrases of authorized users of the devices. A list of these users also contained in the store. A helper module provides the private key or pass phrase, for imported keys, needed to decrypt the key of the symmetric cipher, which is used to encrypt and decrypt blocks of data stored on the mass storage device. When a read request is made, a protection module intercepts the request, obtains the block from the mass storage device and decrypts the block. When a write request is made, the protection module intercepts the request, encrypts the block and has it stored on the mass storage device.Type: ApplicationFiled: April 22, 2005Publication date: November 3, 2005Inventors: Viacheslav Usov, Andrey Kolishchak