Patents by Inventor John Goodridge
John Goodridge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240037268Abstract: A computer device for managing privilege delegation to control creation of processes thereon is described. Creation of a process on a computer device is requested according to first privileges. An agent, cooperating with an operating system of the computer device, intercepts the request. The agent determines whether to create the process according to second privileges, different from the first privileges and if permitted, cause the process to be created accordingly. The agent hooks a query provided by the operating system to identify whether a control service is enabled. The agent enquires of the operating system whether to create the process according to the second privileges whereupon the hooked query is invoked. The agent confirms to the operating system that the control service is enabled, such that checks by the operating system are performed as if the operating system were enabled.Type: ApplicationFiled: October 9, 2023Publication date: February 1, 2024Inventors: John Goodridge, Georgina Shippey
-
Publication number: 20240004989Abstract: A computer device, including at least a processor and a memory, can be configured to control process components on a computer device. An agent can intercept a request to instantiate a new process component. The request can originate on the computing device from an instance of a particular process component amongst a set of process components. The agent can determine whether to permit the intercepted request by validating the relationship using a policy with rules as well as and determining a trusted owner is among the set of identified owners. The agent can permit the intercepted if the determination is to permit the intercepted request.Type: ApplicationFiled: September 15, 2023Publication date: January 4, 2024Inventors: John Goodridge, Thomas Couser, James William Maude
-
Publication number: 20230417520Abstract: In an embodiment, a photoinitiation apparatus includes: a set of illumination sources or elements configured for outputting optical energy; a body structure having a proximal body structure portion confining a proximal volume of explosive medium, an intermediate body structure portion confining an intermediate volume of explosive medium, and a distal body structure portion confining a distal volume of explosive medium, wherein the proximal volume of explosive medium is optically coupled to portions of the first volume of explosive medium, at least one of the proximal volume of explosive medium and the distal volume of explosive medium is a tertiary explosive medium, and (a) the body structure does not carry a primary explosive composition and does not carry a secondary explosive composition, and/or (b) each of the proximal, intermediate, and distal volumes of explosive media has an initiation sensitivity that is less than cyclotrimethylenetrinitramine (RDX) based explosive compositions.Type: ApplicationFiled: February 20, 2023Publication date: December 28, 2023Inventors: David Olaf JOHNSON, Rodney Wayne APPLEBY, Richard John GOODRIDGE, Ming Chung LEE, Francisco SANCHEZ, Matthew Tolliver RAWLS
-
Publication number: 20230342498Abstract: A computer device that manages privilege delegation is disclosed. The computing device can modify a virtual method table to point to a hooking function associated with an agent plugin. The agent plugin can be configured to intercept requests relating to a file using the hooking function. The computing device can intercept a request in a user account of a logged-in user to execute therein a command on the file according to first privileges assigned thereto. The computing device can obtain information related to the request and forward the information to an agent service cooperating with an operating system. The computing device can determine whether to execute the command on the file in the user account according to second privileges different from the first privileges. The computing device can cause the command to be executed on the file in the user account according to the second privileges.Type: ApplicationFiled: June 30, 2023Publication date: October 26, 2023Inventor: John Goodridge
-
Publication number: 20230342497Abstract: A computer device that manages privilege delegation is disclosed. The computing device can insert a particular command into one or more commands corresponding to a file. The computing device can intercept a request to execute the particular command on the file according to first privileges. The computing device can determine to execute the particular command on the file according to second privileges different from the first privileges based on the request to execute the particular command. The computing device can cause the particular command to be executed on the file according to the second privileges.Type: ApplicationFiled: June 30, 2023Publication date: October 26, 2023Inventor: John Goodridge
-
Patent number: 11797664Abstract: A computer device, including at least a processor and a memory, can be configured to control process components on a computer device. An agent can intercept a request to instantiate a new process component in a user account of a logged-in user. The request can originate on the computing device from an instance of a particular process component amongst a set of process components. The user account can be assigned default user privileges by a privilege access management service. The agent can determine whether to permit the intercepted request. The agent can permit the intercepted request if the relationship is validated and if a trusted owner is identified amongst the set of identified owners.Type: GrantFiled: February 24, 2021Date of Patent: October 24, 2023Assignee: Avecto LimitedInventors: John Goodridge, Thomas Couser, James William Maude
-
Patent number: 11797704Abstract: A computing device is disclosed with an agent and operating system executing thereon. The agent can determine that a user account control service is disabled by querying the operating system. In response to determining that the user account control service is disabled, the agent can hook a query provided by the operating system. The agent can receive a request to confirm whether the user account control service is enabled using the query provided by the operating system. The agent can generate a confirmation that the user account control service is enabled. The agent can determine whether to execute a process by performing a privilege check as if the user account control service were enabled based on the confirmation.Type: GrantFiled: November 9, 2021Date of Patent: October 24, 2023Assignee: Avecto LimitedInventors: John Goodridge, Georgina Shippey
-
Publication number: 20230334182Abstract: A computer device performs operations for managing registry access. The computing device can determine a set of registry access rules relevant to the user process. The computing device can perform an evaluation of a registry operation requested by the user process using the set of registry access rules. The computing device can determine an action based on the evaluation. The action can include one of blocking the registry operation in relation to a particular key in a registry of the operating system, and enabling access to a particular key in the registry of the operating system to perform the requested registry operation.Type: ApplicationFiled: June 22, 2023Publication date: October 19, 2023Inventors: John Goodridge, Ian James McLean
-
Publication number: 20230315909Abstract: A computer device that manages privilege delegation is disclosed. The computing device can insert a custom verb command into a plurality of verb commands corresponding to a file. The computing device can intercept a request to execute the custom verb command on the file by intercepting a request to create a context menu. The computer device can obtain information related to the request to execute the custom verb command by obtaining a file identifier of the file from the request to create the context menu. The computer device can determine whether to execute the custom verb command on the file according to second privileges different from the first privileges based on the information related to the request to execute the custom verb command. The computer device can cause the custom verb command to be executed on the file according to the second privileges.Type: ApplicationFiled: May 17, 2023Publication date: October 5, 2023Inventor: John Goodridge
-
Publication number: 20230315845Abstract: A computing device can capture a current access token of a user process. The computing device can perform a determination of whether the current access token for the user process differs from a particular access token of a parent process of the user process. The computing device can detect whether the user process has been subject to an escalation of privilege attack based on the determination of whether the current access token for the user process differs from the particular access token. The computing device can performing a mitigation action with respect to the user process in response to detecting that the user process has been subject to the escalation of privilege attack.Type: ApplicationFiled: June 8, 2023Publication date: October 5, 2023Inventors: John Goodridge, Thomas Couser
-
Patent number: 11720712Abstract: A computer device performs operations for managing registry access, including monitoring a user process on the computer device. The computing device can determine a set of registry access rules relevant to the user process. The computing device can perform an evaluation of a registry operation requested by the user process using the set of registry access rules. The computing device can determine an action based on the evaluation. The action can include one of blocking the registry operation in relation to a particular key in a registry of the operating system, and enabling access to a particular key in the registry of the operating system to perform the requested registry operation.Type: GrantFiled: May 3, 2022Date of Patent: August 8, 2023Assignee: Avecto LimitedInventors: John Goodridge, Ian James McLean
-
Patent number: 11714901Abstract: A computing device can receive a first notification that a process has started on the at least one computing device. The computing device can record a first access token associated with the process into the token cache. The computing device can receive a second notification that the process has interacted with the operating system to perform at least one of a set of predetermined operations on the at least one computing device. The computing device can capture a second access token from the process. The computing device can perform a comparison of the second access token captured from the process against the first access token recorded into the token cache. The computing device can determine that an escalation of privilege attack has occurred based on the comparison.Type: GrantFiled: April 26, 2022Date of Patent: August 1, 2023Assignee: Avecto LimitedInventors: John Goodridge, Thomas Couser
-
Patent number: 11687674Abstract: A computer device that manages privilege delegation is disclosed. The computing device can insert a custom verb command into a plurality of verb commands corresponding to a file. The computing device can intercept a request to execute the custom verb command on the file by intercepting a request to create a context menu. The computer device can obtain information related to the request to execute the custom verb command by obtaining a file identifier of the file from the request to create the context menu. The computer device can determine whether to execute the custom verb command on the file according to second privileges different from the first privileges based on the information related to the request to execute the custom verb command. The computer device can cause the custom verb command to be executed on the file according to the second privileges.Type: GrantFiled: June 9, 2021Date of Patent: June 27, 2023Assignee: Avecto LimitedInventor: John Goodridge
-
Patent number: 11585643Abstract: In an embodiment, a photoinitiation apparatus includes: a set of illumination sources or elements configured for outputting optical energy; a body structure having a proximal body structure portion confining a proximal volume of explosive medium, an intermediate body structure portion confining an intermediate volume of explosive medium, and a distal body structure portion confining a distal volume of explosive medium, wherein the proximal volume of explosive medium is optically coupled to portions of the first volume of explosive medium, at least one of the proximal volume of explosive medium and the distal volume of explosive medium is a tertiary explosive medium, and (a) the body structure does not carry a primary explosive composition and does not carry a secondary explosive composition, and/or (b) each of the proximal, intermediate, and distal volumes of explosive media has an initiation sensitivity that is less than cyclotrimethylenetrinitramine (RDX) based explosive compositions.Type: GrantFiled: March 8, 2019Date of Patent: February 21, 2023Assignee: ORICA INTERNATIONAL PTE LTDInventors: David Olaf Johnson, Rodney Wayne Appleby, Richard John Goodridge, Ming Chung Lee, Francisco Sanchez, Matthew Tolliver Rawls
-
Publication number: 20220349693Abstract: Disclosed is a system for assisting blasting. The system includes at least one wireless blasting-related device that is deployable or deployed proximate to or within a portion of physical media intended to be blasted as part of a commercial blasting operation. The blasting-related device includes a device-based magnetic induction (MI) signal receiver with a magnetometer configured for through the earth (TTE) MI communication, and the blasting-related device includes a device-based MI signal source with a device-based antenna configured for TTE MI communication. The device-based MI signal source is configured to communicate with a vehicle-based MI signal receiver in a blast support vehicle that includes a set of vehicle-based magnetometers.Type: ApplicationFiled: June 26, 2020Publication date: November 3, 2022Inventors: Kresten Lukas Coffey NIELSEN, Kieren Peter RASMUSSEN, Johann ZANK, Richard John GOODRIDGE
-
Publication number: 20220335125Abstract: A computing device can receive a first notification that a process has started on the at least one computing device. The computing device can record a first access token associated with the process into the token cache. The computing device can receive a second notification that the process has interacted with the operating system to perform at least one of a set of predetermined operations on the at least one computing device. The computing device can capture a second access token from the process. The computing device can perform a comparison of the second access token captured from the process against the first access token recorded into the token cache. The computing device can determine that an escalation of privilege attack has occurred based on the comparison.Type: ApplicationFiled: April 26, 2022Publication date: October 20, 2022Inventors: John Goodridge, Thomas Couser
-
Publication number: 20220277092Abstract: A server device for managing privilege delegation to control execution of commands thereon is described. Execution of a command, according to first privileges, by a remote management (RM) server on the server device is requested from a RM client on a client device. An agent plug-in, chained to a command execution plug-in of the RM server, intercepts the request and forwards related information to an agent service cooperating with an operating system of the server device. The agent service determines whether to execute the command according to second privileges, different from the first privileges and if permitted, delegates the second privileges to the command, and causes, via the agent plug-in chained to the command execution plug-in, the command to be executed according to the second privileges.Type: ApplicationFiled: May 17, 2022Publication date: September 1, 2022Inventors: John Goodridge, Thomas Couser
-
Publication number: 20220261504Abstract: A computer device performs operations for managing registry access, including monitoring a user process on the computer device. The computing device can determine a set of registry access rules relevant to the user process. The computing device can perform an evaluation of a registry operation requested by the user process using the set of registry access rules. The computing device can determine an action based on the evaluation. The action can include one of blocking the registry operation in relation to a particular key in a registry of the operating system, and enabling access to a particular key in the registry of the operating system to perform the requested registry operation.Type: ApplicationFiled: May 3, 2022Publication date: August 18, 2022Inventors: John Goodridge, Ian James McLean
-
Patent number: 11379622Abstract: A server device for managing privilege delegation to control execution of commands thereon is described. Execution of a command, according to first privileges, by a remote management (RM) server on the server device is requested from a RM client on a client device. An agent plug-in, chained to a command execution plug-in of the RM server, intercepts the request and forwards related information to an agent service cooperating with an operating system of the server device. The agent service determines whether to execute the command according to second privileges, different from the first privileges and if permitted, delegates the second privileges to the command, and causes, via the agent plug-in chained to the command execution plug-in, the command to be executed according to the second privileges.Type: GrantFiled: January 28, 2019Date of Patent: July 5, 2022Assignee: AVECTO LIMITEDInventors: John Goodridge, Thomas Couser
-
Patent number: 11366931Abstract: A computer device performs operations for managing registry access, including monitoring a user process on the computer device and, in response, establishing a set of registry access rules relevant to the user process. Each registry operation requested by the user process is evaluated and, in response, an appropriate action determined. Such action suitably includes at least one of: blocking the registry operation in relation to a particular key in a registry of the operating system, and enabling access to a particular key in the registry of the operating system to perform the requested registry operation. In particular, the operations may be performed using a registry filter driver in a kernel mode of an operating system of the computer device.Type: GrantFiled: February 11, 2019Date of Patent: June 21, 2022Inventors: John Goodridge, Ian James McLean