Patents by Inventor Jason Crabtree

Jason Crabtree has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240080318
    Abstract: A system for risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.
    Type: Application
    Filed: September 11, 2023
    Publication date: March 7, 2024
    Inventors: Jason Crabtree, Andrew Sellers, Ian MacLeod
  • Publication number: 20240078263
    Abstract: A system and method for technology analysis utilizing high-performance, scalable, multitenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multitenant co-existence with no possibility of data leakage or cross-over. The system uses a cyber-physical graph to represent an enterprise's cyber-physical system and can provide graph analysis, graph security, and graph fusion related tasks to identify potential operational risks.
    Type: Application
    Filed: November 10, 2023
    Publication date: March 7, 2024
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20240080338
    Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.
    Type: Application
    Filed: November 3, 2023
    Publication date: March 7, 2024
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11924251
    Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.
    Type: Grant
    Filed: December 31, 2021
    Date of Patent: March 5, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Joe Gray, Michael James, Richard Kelley, Andrew Sellers, Farooq Shaikh
  • Publication number: 20240064159
    Abstract: A system and methods for detecting and mitigating SAML forgery and manipulation attacks against services is provided, comprising a policy manager configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a unique identifier for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid unique identifier.
    Type: Application
    Filed: October 28, 2023
    Publication date: February 22, 2024
    Inventors: Jason Crabtree, Richard Kelley, Angadbir Singh Salaria, Andrew Sellers, Farooq Israr Ahmed Shaikh, Randy Clayton, Luka Jurukovski
  • Publication number: 20240064179
    Abstract: A system and method for providing time-series geospatial data and a world-scale simulation platform used to generate simulated-world environments by rendering data-dense geographical regions corresponding to heterogenous sourced data and formats for highly scalable parallel simulations, and comprised of a multi-dimensional time-series database used for enabling query support across multiple simulations via individual simulation and entity swimlanes for cyber, physical and cyber-physical entities and regions.
    Type: Application
    Filed: October 30, 2023
    Publication date: February 22, 2024
    Inventors: Jason Crabtree, Andrew Sellers
  • Publication number: 20240048586
    Abstract: A system and methods for mitigating Kerberos ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.
    Type: Application
    Filed: October 18, 2023
    Publication date: February 8, 2024
    Inventors: Jason Crabtree, Andrew Sellers
  • Publication number: 20240048596
    Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict key elements of their composite behavior. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models via ongoing search and testing against observed data from the real-world systems.
    Type: Application
    Filed: October 17, 2023
    Publication date: February 8, 2024
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11886507
    Abstract: A system and method for cybersecurity analysis utilizing high-performance, scalable, multi-tenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multi-tenant co-existence with no possibility of data leakage or cross-over. The system uses a cyber-physical graph to represent an enterprise's cyber-physical system and can provide graph analysis, graph security, and graph fusion related tasks to identify potential cybersecurity threats.
    Type: Grant
    Filed: November 7, 2022
    Date of Patent: January 30, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20240022547
    Abstract: A system and method that uses midservers located between an enterprise network and an external network to provide mass scanning network traffic detection and analysis capabilities for the enterprise network. The midserver may be loaded with configurations that allow it to operate as a mass scan event detector capable of detecting network sniffers, botnets, and malicious peer-to-peer connections which can lead to security vulnerabilities. In such configurations, midserver may receive and analyze network traffic to determine if the network traffic is suspicious based on heuristic and signature-based techniques, and then generate an appropriate response action which can be implemented to mitigate the risk.
    Type: Application
    Filed: July 29, 2023
    Publication date: January 18, 2024
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20240022546
    Abstract: A system and method for implementation of zero trust computer network security combined with stateful authentication object tracking, authentication object manipulation and forgery detection, and assessment of authentication and identity attack surface. The methodology involves gathering all authentication objects issued by a network, storing the authentication objects in a master ledger for use in stateful deterministic authentication object tracking, and running detection functions that compare authentication objects presented for access to network resources with the master ledger. In an embodiment, an authentication object agent is installed at the domain controller level. In another embodiment, a log extension utility is installed at the local host computer level to provide additional log data for additional cyberattack detections.
    Type: Application
    Filed: July 29, 2023
    Publication date: January 18, 2024
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20230421593
    Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.
    Type: Application
    Filed: September 4, 2023
    Publication date: December 28, 2023
    Inventors: Jason Crabtree, Andrew Sellers
  • Publication number: 20230412620
    Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information and trigger-based network remediation to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Triggers may be based on risks or anomalous behavior and associated with a remediation action executed on the network by a security mitigation engine.
    Type: Application
    Filed: July 29, 2023
    Publication date: December 21, 2023
    Inventors: Jason Crabtree, Richard Kelley
  • Patent number: 11848966
    Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict their behavior with a high degree of accuracy. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models testing them against in-situ data from the real-world systems represented by the high-fidelity models.
    Type: Grant
    Filed: April 30, 2021
    Date of Patent: December 19, 2023
    Assignee: QOMPLX, INC.
    Inventors: Jason Crabtree, Andrew Sellers
  • Publication number: 20230388278
    Abstract: A system for detecting and mitigating forged authentication object attacks in federated environments using attestation is provided, comprising an event inspector to monitor logs and detect vulnerable events, an authentication object inspector configured to observe a new authentication object generated by an identity provider, and intercept the new authentication object; and a hashing engine configured to calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in the SAML response; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.
    Type: Application
    Filed: July 29, 2023
    Publication date: November 30, 2023
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20230388277
    Abstract: A system and method for predictive cyber-physical resource management, including a business operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and the ability to represent data in Markov State Models and finite state machines.
    Type: Application
    Filed: April 21, 2023
    Publication date: November 30, 2023
    Inventors: Jason Crabtree, Richard Kelley
  • Patent number: 11831682
    Abstract: A system and method for a highly scalable distributed connection interface for data capture from multiple network service sources. The connection interface is designed to enable simple to initiate, performant and highly available input/output from a large plurality of external networked service's and application's application programming interfaces (API) to the modules of an integrated predictive business operating system. To handle the high volume of information exchange, the connection interface is distributed and designed to be scalable and self-load-balancing. The connection interface possesses robust expressive scripting capabilities that allow highly specific handling rules to be generated for the routing, transformation, and output of data within the business operating system.
    Type: Grant
    Filed: October 20, 2020
    Date of Patent: November 28, 2023
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Angadbir Salaria, Andrew Sellers, Marian Trnkus
  • Publication number: 20230370500
    Abstract: A system and method for a highly scalable distributed connection interface for data capture from multiple network service sources. The connection interface is designed to enable simple to initiate, performant and highly available input/output from a large plurality of external networked service's and application's application programming interfaces (API) to the modules of an integrated predictive business operating system. To handle the high volume of information exchange, the connection interface is distributed and designed to be scalable and self-load-balancing. The connection interface possesses robust expressive scripting capabilities that allow highly specific handling rules to be generated for the routing, transformation, and output of data within the business operating system.
    Type: Application
    Filed: July 27, 2023
    Publication date: November 16, 2023
    Inventors: Jason Crabtree, Angadbir Salaria, Andrew Sellers, Marian Trnkus
  • Publication number: 20230370491
    Abstract: A system and method for cyber exploitation path analysis and response using federated networks to minimize network exposure and maximize network resilience, with the ability to simulate complex and large scale network traffic through the use of federated training networks, by gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network.
    Type: Application
    Filed: July 24, 2023
    Publication date: November 16, 2023
    Inventors: Jason Crabtree, Richard Kelley
  • Publication number: 20230368076
    Abstract: A system for multitemporal data analysis is provided, comprising a directed computation graph service module configured to receive input data from a plurality of sources, analyze the input data to determine a best course of action for analyzing the input data, and split the input data for queueing to a general transformer service module or a decomposable service module based at least in part by analysis of the input data; a general transformer service module configured to receive data from the directed computation graph service module, and perform analysis on the received data; and a general transformer service module configured to receive data from directed computational graph module, and perform analysis on the received data.
    Type: Application
    Filed: July 10, 2023
    Publication date: November 16, 2023
    Inventors: Jason Crabtree, Andrew Sellers