Patents by Inventor Dwayne Carson
Dwayne Carson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230222207Abstract: Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.Type: ApplicationFiled: March 20, 2023Publication date: July 13, 2023Inventor: Dwayne A. Carson
-
Patent number: 11609984Abstract: Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.Type: GrantFiled: February 14, 2018Date of Patent: March 21, 2023Assignee: Digital Guardian LLCInventor: Dwayne A. Carson
-
Patent number: 11269989Abstract: Provided herein are systems and methods for protecting data from injected malware. In some embodiments, a virtual memory validator may execute in user mode memory space on a computing device. The virtual memory validator may monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource. The virtual memory validator may determine that the memory address refers to a memory region that is designated as executable. The virtual memory validator may determine that the memory address is outside memory regions identified in a memory range map. The virtual memory validator may, responsive to the determination, identify the process as a potential malware process.Type: GrantFiled: April 3, 2020Date of Patent: March 8, 2022Assignee: DIGITAL GUARDIAN LLCInventor: Dwayne A. Carson
-
Patent number: 10929537Abstract: The present disclosure pertains to methods and systems for protecting data or other resources from malware. A driver executing in kernel mode of an operating system on a computing device may monitor one or more processes allowed to execute on the computing device. The one or more processes may include a first executing process. The driver may detect an attempt by a first thread of execution of the first executing process to access a protected file. The driver, responsive to the detection may identify a file type of the protected file. The driver, responsive to the identification of the file type, may determine whether the process is in a list of processes allowed for the file type. The drive may, responsive to determination, determine whether to deny or allow the first thread to access the protected file while allowing another thread of the executing process to execute on the computing device.Type: GrantFiled: July 29, 2016Date of Patent: February 23, 2021Assignee: Digital Guardian, Inc.Inventor: Dwayne A. Carson
-
Publication number: 20200250300Abstract: Provided herein are systems and methods for protecting data from injected malware. In some embodiments, a virtual memory validator may execute in user mode memory space on a computing device. The virtual memory validator may monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource. The virtual memory validator may determine that the memory address refers to a memory region that is designated as executable. The virtual memory validator may determine that the memory address is outside memory regions identified in a memory range map. The virtual memory validator may, responsive to the determination, identify the process as a potential malware process.Type: ApplicationFiled: April 3, 2020Publication date: August 6, 2020Applicant: Digital Guardian, Inc.Inventor: Dwayne A. Carson
-
Patent number: 10614210Abstract: Provided herein are systems and methods for protecting data from injected malware. In some embodiments, a virtual memory validator may execute in user mode memory space on a computing device. The virtual memory validator may monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource. The virtual memory validator may determine that the memory address refers to a memory region that is designated as executable. The virtual memory validator may determine that the memory address is outside memory regions identified in a memory range map. The virtual memory validator may, responsive to the determination, identify the process as a potential malware process.Type: GrantFiled: July 29, 2016Date of Patent: April 7, 2020Assignee: Digital Guardian, Inc.Inventor: Dwayne A. Carson
-
Publication number: 20190251251Abstract: Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.Type: ApplicationFiled: February 14, 2018Publication date: August 15, 2019Inventor: Dwayne A. Carson
-
Publication number: 20190108355Abstract: Provided herein are systems and methods for preventing or controlling data movement. A learning engine may detect capabilities of a computing environment for allowing data access or transfer, and activities relating to data access or transfer from the computing environment. Data assets of the computing environment that are protected may be identified, according to metadata of the data assets. The learning engine may, according to the identified data assets and at least one of the detected capabilities or activities, determine a situation within the computing environment that represents potential or actual exfiltration of one of the identified data assets. A rule engine may perform an action to prevent or control the potential or actual data movement of the one of the identified data assets, responsive to applying one or more rules to the determined situation.Type: ApplicationFiled: October 9, 2017Publication date: April 11, 2019Inventor: Dwayne A. Carson
-
Publication number: 20170032123Abstract: The present disclosure pertains to methods and systems for protecting data or other resources from malware. A driver executing in kernel mode of an operating system on a computing device may monitor one or more processes allowed to execute on the computing device. The one or more processes may include a first executing process. The driver may detect an attempt by a first thread of execution of the first executing process to access a protected file. The driver, responsive to the detection may identify a file type of the protected file. The driver, responsive to the identification of the file type, may determine whether the process is in a list of processes allowed for the file type. The drive may, responsive to determination, determine whether to deny or allow the first thread to access the protected file while allowing another thread of the executing process to execute on the computing device.Type: ApplicationFiled: July 29, 2016Publication date: February 2, 2017Inventor: Dwayne A. Carson
-
Publication number: 20170032118Abstract: Provided herein are systems and methods for protecting data from injected malware. In some embodiments, a virtual memory validator may execute in user mode memory space on a computing device. The virtual memory validator may monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource. The virtual memory validator may determine that the memory address refers to a memory region that is designated as executable. The virtual memory validator may determine that the memory address is outside memory regions identified in a memory range map. The virtual memory validator may, responsive to the determination, identify the process as a potential malware process.Type: ApplicationFiled: July 29, 2016Publication date: February 2, 2017Inventor: Dwayne A. Carson
-
Patent number: 7934091Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.Type: GrantFiled: December 9, 2008Date of Patent: April 26, 2011Assignee: Verdasys, Inc.Inventors: Nicholas Stamos, Seth N. Birnbaum, Tomas Revesz, Jr., Donato Buccella, Keith A. MacDonald, Dwayne A. Carson, William E. Fletcher
-
Patent number: 7814021Abstract: A technique for establishing usage control over digital assets such as computer files. The system model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when policy violations occur.Type: GrantFiled: November 12, 2003Date of Patent: October 12, 2010Assignee: Verdasys, Inc.Inventors: Nicholas Stamos, Seth N. Birnbaum, Tomas Revesz, Jr., Donato Buccella, Keith A. MacDonald, Dwayne A. Carson, William E. Fletcher
-
Publication number: 20090198765Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.Type: ApplicationFiled: December 9, 2008Publication date: August 6, 2009Applicant: Verdasys, Inc.Inventors: Nicholas Stamos, Seth N. Birnbaum, Tomas Revesz, JR., Donato Buccella, Keith A. MacDonald, Dwayne A. Carson, William E. Fletcher
-
Patent number: 7509356Abstract: A system for backing up desired data includes a communication link configured to transfer information between the system and a backup storage for storing backed up data, and a processor coupled to the communication link and configured to: determine associated substantive data of the desired data, compare the associated substantive data of the desired data with stored data, and transfer the associated substantive data over the communication link for storage based on the comparison of the associated substantive data with the stored data.Type: GrantFiled: September 5, 2002Date of Patent: March 24, 2009Assignee: Iron Mountain IncorporatedInventors: David A. Cane, Gurami Palagashvili, Michael R. Boucher, Dwayne A. Carson
-
Patent number: 7496575Abstract: A data processing application logging, recording, and reporting process and infrastructure. Compliance with regulatory directives such as HIPAA, internal organizational and corporate, personal information privacy, and other security policies can thus be enforced without the need to recode legacy application software. In one preferred embodiment, a core agent process provides “listener” functionality that captures user input events, such as keyboard and mouse interactions, between a user and a legacy application of interest. The agent obtains instructions for how to deal with such events, accessing information that describes the application's behavior as already captured by an application profiler tool. Keyboard and mouse data entry sequences, screen controls and fields of interest are tagged during application profiling process. This data is stored in application profile developed for each mode of a legacy application.Type: GrantFiled: November 22, 2004Date of Patent: February 24, 2009Assignee: Verdasys, Inc.Inventors: Donato Buccella, Seth N. Birnbaum, Nicholas Stamos, Leonard F. Halio, Dwayne Carson, Luis M. Fernandes
-
Patent number: 7490116Abstract: A technique for efficient representation of dependencies between electronically-stored documents, such as in an enterprise data processing system. A document distribution path is developed as a directional graph that is a representation of the historic dependencies between documents, which is constructed in real time as documents are created. The system preferably maintains a lossy hierarchical representation of the documents indexed in such a way that allows for fast queries for similar but not necessarily equivalent documents. A distribution path, coupled with a document similarity service, can be used to provide a number of applications, such as a security solution that is capable of finding and restricting access to documents that contain information that is similar to other existing files that are known to contain sensitive information.Type: GrantFiled: December 17, 2003Date of Patent: February 10, 2009Assignee: Verdasys, Inc.Inventors: Dwayne A. Carson, Donato Buccella, Michael Smolsky
-
Patent number: 7472272Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.Type: GrantFiled: November 18, 2003Date of Patent: December 30, 2008Assignee: Verdasys, Inc.Inventors: Nicholas Stamos, Seth N. Birnbaum, Tomas Revesz, Jr., Donato Buccella, Keith A. MacDonald, Dwayne A. Carson, William E. Fletcher
-
Patent number: 7409547Abstract: A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.Type: GrantFiled: August 28, 2006Date of Patent: August 5, 2008Assignee: Verdasys, Inc.Inventors: Nicholas Stamos, Donato Buccella, Dwayne A. Carson
-
Publication number: 20080184358Abstract: A trusted transaction architecture that provides security from a client side input device to a merchant server by installing a secure custom browser process on the client side computer via an ActiveX control or the equivalent. This Secure Browser Process (SBP) may then be inspected to ensure that no external codes exist in its application space, that no subsequently loaded Dynamic Link Library (DLL), or equivalent, has been tampered with or modified, that no Application Programming Interface (API) has been overwritten or redirected, and that no input device driver has been hooked by a digital signature. The SBP then creates a secure channel to the input device(s) that are used to enter data into the browser application, and creates a secure channel to the merchant's destination server to ensure that data cannot be intercepted, even on the client side computer.Type: ApplicationFiled: January 25, 2008Publication date: July 31, 2008Inventors: Nicholas Stamos, Dwayne A. Carson, John Paglierani
-
Publication number: 20060294373Abstract: A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.Type: ApplicationFiled: August 28, 2006Publication date: December 28, 2006Applicant: Verdasys, Inc.Inventors: Nicholas Stamos, Donato Buccella, Dwayne Carson