Patents by Inventor Christian L. Hunt

Christian L. Hunt has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11343355
    Abstract: An application mapping procedure obtains and aggregates application mapping information from a plurality of machines in a distributed system. A first layer of application mapping information is generated, identifying application entry points, each comprising a machine and a process executed by the identified machine. An application map is initialized with the first layer of application mapping information. A plurality of iterations of a predefined map gathering operation are performed, each iteration adding a layer of application mapping information to the application map, thereby producing an application map of the distributed processing of one or more respective applications. Each iteration sends queries, via one or more linear communication orbits, to machines in the distributed system, and obtains from the machines information identifying entities that have participated in predefined communications with entities identified in a most recently generated or added layer of application mapping information.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: May 24, 2022
    Assignee: TANIUM INC.
    Inventors: Naveen Goela, Rishi Kant, Andrew R. White, Christian L. Hunt, David Irwin
  • Patent number: 11277489
    Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: March 15, 2022
    Assignee: TANIUM INC.
    Inventors: Max Freilich, Andrew R. White, Christian L. Hunt, Peter Constantine, Peter Lincroft
  • Publication number: 20210250417
    Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.
    Type: Application
    Filed: December 21, 2020
    Publication date: August 12, 2021
    Inventors: Max Freilich, Andrew R. White, Christian L. Hunt, Peter Constantine, Peter Lincroft
  • Patent number: 10929345
    Abstract: In a distributed system, each of N machines receives a similarity search query through a linear communication orbit. The similarity search query includes token identifiers corresponding to tokens in a target document. Each machine, in response, identifies files that meet predefined similarity criteria with respect to the target document. Subsequent to receiving the similarity search query, the machine generates a first report, including a count of files stored at the machine that meet the predefined similarity criteria with respect to the target document, and/or information identifying a set of files that meet the predefined similarity criteria with respect to the target document; and sends the first report to a server through the linear communication orbit. The server produces a merged report presenting information with respect to files at a set of machines, including the N machines, that meet the predefined similarity criteria with respect to the target document.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: February 23, 2021
    Assignee: TANIUM INC.
    Inventors: Joshua F. Stoddard, John R. Coates, Naveen Goela, Aaron J. Tarter, Christian L. Hunt
  • Patent number: 10873645
    Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: December 22, 2020
    Assignee: TANIUM INC.
    Inventors: Max Freilich, Andrew R. White, Christian L. Hunt, Peter Constantine, Peter Lincroft
  • Patent number: 10841365
    Abstract: This application is directed to a mapping method performed at a computational machine in a linear communication orbit. The computational machine receives an application definition the linear communication orbit. The application definition specifies criteria for establishing whether the computational machine executes a specified application, a component of the specified application, or communicate with another node executing the specified application or a component of the specified application. While a plurality of events are occurring locally at the computational machine, the computational machine identifies one or more operations meeting the application definition in real-time. The identified one or more operations meeting the application definition, and associated metadata are stored in a local mapping database of the computational machine and returned to the server system through the linear communication orbit in response to a map request received through the linear communication orbit.
    Type: Grant
    Filed: June 3, 2019
    Date of Patent: November 17, 2020
    Assignee: TANIUM INC.
    Inventors: Andrew R. White, Zakary A. Kus, Michael W. Broome, Christian L. Hunt, Rahul R. Jaswa
  • Patent number: 10832251
    Abstract: A system and computer-readable storage medium perform a method for contextual inferring capacity for triggering a financial transaction by monitoring, via user device(s), objective contextual data of location, temporal, and volitional transaction information associated with an authorized user of a financial system. Subjective contextual data of personal calendar events, physiological data, and pacing of user interactions with the user device(s) is monitored. The objective and subjective contextual data is analyzed to create scenario(s) correlated with performing a volitional transaction. If not predictive a volitional transaction, a layer of security protocol is added for authentication prior to executing the volitional transaction. In response to determining that the current context is predictive of a volitional transaction, a determination is made whether the subjective contextual data satisfies criterion for incapacity to perform a volitional transaction.
    Type: Grant
    Filed: October 4, 2017
    Date of Patent: November 10, 2020
    Assignee: Wells Fargo Bank, N.A
    Inventors: Glenn W. Pike, Christian L. Hunt, Scott R. Kinney, Steven M. Trudeau, Stephen W. Krause, Jason Avery
  • Patent number: 10824729
    Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.
    Type: Grant
    Filed: July 11, 2018
    Date of Patent: November 3, 2020
    Assignee: TANIUM INC.
    Inventors: James B. Hoscheit, Kevin N. Smathers, Connor J. Hindley, Christian L. Hunt
  • Publication number: 20200028890
    Abstract: This application is directed to a mapping method performed at a computational machine in a linear communication orbit. The computational machine receives an application definition the linear communication orbit. The application definition specifies criteria for establishing whether the computational machine executes a specified application, a component of the specified application, or communicate with another node executing the specified application or a component of the specified application. While a plurality of events are occurring locally at the computational machine, the computational machine identifies one or more operations meeting the application definition in real-time. The identified one or more operations meeting the application definition, and associated metadata are stored in a local mapping database of the computational machine and returned to the server system through the linear communication orbit in response to a map request received through the linear communication orbit.
    Type: Application
    Filed: June 3, 2019
    Publication date: January 23, 2020
    Inventors: Andrew R. White, Zakary A. Kus, Michael W. Broome, Christian L. Hunt, Rahul R. Jaswa
  • Publication number: 20200007642
    Abstract: A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.
    Type: Application
    Filed: September 9, 2019
    Publication date: January 2, 2020
    Inventors: Max Freilich, Andrew R. White, Christian L. Hunt, Peter Constantine, Peter Lincroft
  • Patent number: 10498744
    Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: December 3, 2019
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs, Michael Smith
  • Publication number: 20190361843
    Abstract: In a distributed system, each of N machines receives a similarity search query through a linear communication orbit. The similarity search query includes token identifiers corresponding to tokens in a target document. Each machine, in response, identifies files that meet predefined similarity criteria with respect to the target document. Subsequent to receiving the similarity search query, the machine generates a first report, including a count of files stored at the machine that meet the predefined similarity criteria with respect to the target document, and/or information identifying a set of files that meet the predefined similarity criteria with respect to the target document; and sends the first report to a server through the linear communication orbit. The server produces a merged report presenting information with respect to files at a set of machines, including the N machines, that meet the predefined similarity criteria with respect to the target document.
    Type: Application
    Filed: August 5, 2019
    Publication date: November 28, 2019
    Inventors: Joshua F. Stoddard, John R. Coates, Naveen Goela, Aaron J. Tarter, Christian L. Hunt
  • Patent number: 10482242
    Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: November 19, 2019
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Patent number: 10372904
    Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: August 6, 2019
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Thomas W. Savage
  • Publication number: 20190018965
    Abstract: A local environment verification method, performed by a server of a computer network, includes injecting, into a linear communication orbit, a bundle of information items regarding deployment of a respective local environment verification framework at each of a first subset of nodes in the computer network. The bundle of information items is distributed to a respective node of the first subset of nodes through the linear communication orbit, and used to establish the respective local environment verification framework at the respective node of the first subset of nodes. The respective node of the first subset of nodes is configured to perform a set of local environment verifications using the respective local environment verification framework. The method further includes injecting, into the linear communication orbit, a query message to collect respective local results of the set of local environment verifications from the first subset of nodes.
    Type: Application
    Filed: July 11, 2018
    Publication date: January 17, 2019
    Inventors: James B. Hoscheit, Kevin N. Smathers, Connor J. Hindley, Christian L. Hunt
  • Patent number: 10095864
    Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: October 9, 2018
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Publication number: 20180013768
    Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.
    Type: Application
    Filed: September 22, 2017
    Publication date: January 11, 2018
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs, Michael Smith
  • Publication number: 20170264588
    Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Publication number: 20170264589
    Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Publication number: 20170264627
    Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Thomas W. Savage