Patents by Inventor Jack Lawson Bishop, III

Jack Lawson Bishop, III has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240184920
    Abstract: Systems, computer program products, and methods are described herein for analyzing micro-anomalies in anonymized electronic data. The present disclosure is configured to import or retrieve a first data set, process the first data set to develop at least one event-outcome projection, define an outcome projection data set, import or receive a monitored user data set, anonymize the monitored user data set, define an avatar data set process the avatar data set, wherein the steps of import or receive a monitored user data set, anonymize the monitored user data set, and define an avatar data set are repeated one or more times.
    Type: Application
    Filed: December 1, 2022
    Publication date: June 6, 2024
    Applicant: BANK OF AMERICA CORPORATION
    Inventors: Jennifer Tiffany Renckert, Daniel Joseph Serna, Frank J. Yanan, Jeffrey Kyle Johnson, Benjamin Tweel, Jake Michael Yara, Robert Cain Durbin, JR., Sheng Tang Hsiang, Jack Lawson Bishop, III, James J. Siekman
  • Publication number: 20240143786
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.
    Type: Application
    Filed: January 10, 2024
    Publication date: May 2, 2024
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Patent number: 11941115
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor applies a machine learning clustering algorithm to group the code fingerprints into clusters of fingerprints that share one or more features. The processor additionally determines that both the fingerprint corresponding to the first source code segment and the fingerprint corresponding to a second source code segment belong to the same cluster. In response, the processor transmits an alert to a device of an administrator, identifying the second code segment as vulnerable to a real vulnerability, where a vulnerability finding for the first code segment has been classified as the real vulnerability through external review.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: March 26, 2024
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Patent number: 11928221
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: March 12, 2024
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Publication number: 20240070293
    Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.
    Type: Application
    Filed: November 3, 2023
    Publication date: February 29, 2024
    Applicant: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Timothy Andrew Wright, Robert Riley Zink
  • Patent number: 11874931
    Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.
    Type: Grant
    Filed: February 11, 2021
    Date of Patent: January 16, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Timothy Andrew Wright, Robert Riley Zink
  • Patent number: 11765165
    Abstract: Enhancement of web browser extension analysis capabilities, such as security application analysis, is realized by encapsulating the extension with a wrapper function that defines entry and exits points within the source code of the extension. By wrapping the web browser extension in a function that defines entry and exit points, the present invention enables the use of commercial SAST tools/engines and any other application which desires to analyze the web browser extension and/or extract data therefrom. The web browser extension is programmatically analyzed to identify the entry and exit points and, in response, the wrapper function is generated that defines the entry and exits points and the web browser extension is encapsulated with the wrapper function.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: September 19, 2023
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Timothy Andrew Wright
  • Publication number: 20230252158
    Abstract: A system includes a database, a memory, and a processor. The database stores data associated with a known security threat. The memory includes a threat model associated with a software application. The processor identifies, based on natural language processing of the data associated with the known security threat, one or more attributes of software susceptible to the known security threat. The processor also identifies, based on natural language processing of the threat model, one or more attributes of the software application. The processor additionally determines, based on a comparison between the one or more attributes of software susceptible to the known security threat and the one or more attributes of the software application, that the software application is susceptible to the known security threat. In response, the processor updates the threat model to reflect the susceptibility of the software application to the known security threat.
    Type: Application
    Filed: February 7, 2022
    Publication date: August 10, 2023
    Inventors: Jack Lawson Bishop, III, Robert Hurlbut, Jason Conrad Starin
  • Publication number: 20230169164
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor applies a machine learning clustering algorithm to group the code fingerprints into clusters of fingerprints that share one or more features. The processor additionally determines that both the fingerprint corresponding to the first source code segment and the fingerprint corresponding to a second source code segment belong to the same cluster. In response, the processor transmits an alert to a device of an administrator, identifying the second code segment as vulnerable to a real vulnerability, where a vulnerability finding for the first code segment has been classified as the real vulnerability through external review.
    Type: Application
    Filed: November 29, 2021
    Publication date: June 1, 2023
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Publication number: 20230169177
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.
    Type: Application
    Filed: November 29, 2021
    Publication date: June 1, 2023
    Inventors: Jack Lawson Bishop III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Patent number: 11610000
    Abstract: A system configured for identifying unpermitted data in source code receives a search query comprising particular keywords related to the unpermitted data. The system labels the source code with vulnerability factors and categories of those vulnerability factors, where the vulnerability factors indicate a security vulnerability and the categories provide information about the security vulnerability of the source code. The system performs a static analysis on the source code to identify instances of the particular keyword in a data flow and control flow of the source code. The system performs a vulnerability analysis on the source code to determine a vulnerability level of the source code, in which factor weights and category weights for each code portion of the source code are determined. The system calculates a weighted sum of the factor weights and category weights for each code portion, thereby detecting instances of unpermitted data in source code.
    Type: Grant
    Filed: October 7, 2020
    Date of Patent: March 21, 2023
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Kevin Dean Kirkwood
  • Publication number: 20230041068
    Abstract: A code repository stores source code. An insider threat detection system stores instructions for detecting code defects and criteria indicating predetermined types of code defects that, when present, are associated with intentional obfuscation of one or more functions of the source code. The insider threat detection system receives an entry of source code and detects, using the model, a set of code defects in the entry of source code. A defect type is determined for each code defect, thereby determining a set of defect types included in the entry of source code. If it is determined that each of the predetermined types of code defects indicated by the criteria is included in the determined set of defect types, the entry of source code is determined to include an insider threat.
    Type: Application
    Filed: August 5, 2021
    Publication date: February 9, 2023
    Inventors: Jason Conrad Starin, Jack Lawson Bishop, III
  • Publication number: 20230031049
    Abstract: A prioritization system includes a memory that stores an access record with, for each of the users, an indication of a previous usage of computing applications. The memory stores a permission record with, for each of the users, an indication of the computing applications that the user is permitted to access. The memory stores user affinities that include, for each of the users, an affinity score corresponding to a predetermined ability level of the user to engage in an activity associated with one or more of the computing applications. The prioritization system determines a priority score for each of the users. In response to receiving a request for a priority of a first user of the users, the prioritization system provides a response with the priority score determined for the first user of the users.
    Type: Application
    Filed: July 27, 2021
    Publication date: February 2, 2023
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Carrie E. Gates
  • Publication number: 20230030161
    Abstract: A resource management system receives a set of application priorities. The resource management system determines, based at least in part on the received set of application priorities, a resource allocation corresponding to a proposed distribution of the computing applications and the users amongst the computing devices of a computing infrastructure. The resource management system determines, using the resource allocation, a recommended device configuration for each of the computing devices. The resource management system automatically implements the determined resource allocation using the device configuration determined for each of the computing devices.
    Type: Application
    Filed: July 27, 2021
    Publication date: February 2, 2023
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Carrie E. Gates
  • Publication number: 20220398129
    Abstract: A system includes a computing infrastructure and an application prioritization system. The computing infrastructure includes a plurality of computing devices configured to implement computing applications. The application prioritization system receives application data associated with the computing applications. A request is received for a priority of a first computing application of the computing applications compared to a second computing application of the computing applications. The application prioritization system determines, using a feedback-based machine learning model, a first priority of the first computing application and a second priority of the second computing application and an explanation of the first and second priorities. A response is provided with an indication of the larger of the first priority and second priority and the explanation.
    Type: Application
    Filed: June 10, 2021
    Publication date: December 15, 2022
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Carrie E. Gates
  • Publication number: 20220327218
    Abstract: Systems, computer program products, and methods are described herein for dynamically performing linked security tests. The present invention may be configured to determine a fingerprint of an application, perform, in an order based on the fingerprint of the application, security test sequences on the application, parse responses of the application to the security test sequences to generate results of the security test sequences, and label, with the fingerprint, the results. The present invention may be further configured to provide, to one or more machine learning models, the labeled results to determine probabilities of applications having a same fingerprint as the fingerprint of the application failing the security test sequences, update, based on the probabilities of the applications failing the security test sequences, the order, and store, in a temporary persistent storage device and based on the updated order, the security test sequences.
    Type: Application
    Filed: April 13, 2021
    Publication date: October 13, 2022
    Applicant: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Timothy Andrew Wright, Robert Riley Zink
  • Publication number: 20220253532
    Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.
    Type: Application
    Filed: February 11, 2021
    Publication date: August 11, 2022
    Applicant: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Timothy Andrew Wright, Robert Riley Zink
  • Patent number: 11366901
    Abstract: A system configured for identifying insider threats in source code conducts an automated analysis designed to identify instances of insider threats. The system performs a static analysis on results from the automated analysis to identify instances of keywords related to methods and targets of insider threats, external data being used, code layering is used to obfuscate a content. The system identifies points of correlations between instances found by performing the static analysis and assigns weight values to code portions based on the number of points of correlations found in the code portions. The system identifies code portions having weight values above a threshold value, thereby detecting instances of insider threats in source code.
    Type: Grant
    Filed: October 7, 2020
    Date of Patent: June 21, 2022
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Kevin Dean Kirkwood
  • Publication number: 20220164358
    Abstract: Email metadata, and in some embodiments other secondary data, is analyzed to identify users of interest defined as having knowledge or expertise in a subject matter. Specifically, a corpus of email metadata is analyzed to determine, at least, which subject matters are associated with users, which users received or transmitted subject matter-specific emails, the distribution groups to which users, and any other relevant email metadata. In additional embodiments, secondary data other than email metadata is also analyzed and used to identify the users of interest. The analyzed email metadate, and in some embodiments the secondary data, is used to render reputation indicator(s) for each user that indicate a level of knowledge/expertise that the user possesses on subject matter(s). A requester provides input criteria including the subject matter, and, in response, is presented a ranked user listing that is ranked based on the level of reputation indictor.
    Type: Application
    Filed: November 20, 2020
    Publication date: May 26, 2022
    Applicant: BANK OF AMERICA CORPORATION
    Inventors: Jack Lawson Bishop, III, Amela Gjishti, Michael Ogrinz, Jason Conrad Starin
  • Publication number: 20220108010
    Abstract: A system configured for identifying insider threats in source code conducts an automated analysis designed to identify instances of insider threats. The system performs a static analysis on results from the automated analysis to identify instances of keywords related to methods and targets of insider threats, external data being used, code layering is used to obfuscate a content. The system identifies points of correlations between instances found by performing the static analysis and assigns weight values to code portions based on the number of points of correlations found in the code portions.
    Type: Application
    Filed: October 7, 2020
    Publication date: April 7, 2022
    Inventors: Jack Lawson Bishop, III, Jason Conrad Starin, Kevin Dean Kirkwood