Patents by Inventor John S. Flowers
John S. Flowers has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160315951Abstract: A digital security threat management system is disclosed. The system detects the presence of a computing system, on a network, that has been compromised by an undetected and/or unknown digital security threat. The digital security threat management system recognizes characteristic emanations from a computer system that has been compromised. Because the characteristic emanations that result from a known threat can be the same as the characteristic emanations that result from an undetected and/or unknown threat, the digital security threat management system can learn to detect a computing system that has been compromised by an unknown threat if the security threat management system recognizes characteristic emanations from a previous attack, based on a known threat, of the computing system. In this way, the system can detect the presence of a compromised computing system, even if the cause of the compromise remains undetected and/or unknown. Appropriate remedial action may be taken upon detection.Type: ApplicationFiled: April 24, 2016Publication date: October 27, 2016Inventors: John S. FLOWERS, Ridgely C. EVERS
-
Patent number: 9350707Abstract: A digital security threat management system is disclosed. The system detects the presence of a computing system, on a network, that has been compromised by an undetected and/or unknown digital security threat. The digital security threat management system recognizes characteristic emanations from a computer system that has been compromised. Because the characteristic emanations that result from a known threat can be the same as the characteristic emanations that result from an undetected and/or unknown threat, the digital security threat management system can learn to detect a computing system that has been compromised by an unknown threat if the security threat management system recognizes characteristic emanations from a previous attack, based on a known threat, of the computing system. In this way, the system can detect the presence of a compromised computing system, even if the cause of the compromise remains undetected and/or unknown. Appropriate remedial action may be taken upon detection.Type: GrantFiled: September 18, 2014Date of Patent: May 24, 2016Assignee: TRUSTPIPE LLCInventors: John S. Flowers, Ridgely C. Evers
-
Publication number: 20150163230Abstract: A network activity detection system is trained to detect network activities of interest such as threats by malicious computer data. The training involves distilling the characteristics of known network activities of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a minimal set of meta-expressions. At run-time, the network activity detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known network activities of interest, as well as their unknown variants, among an unknown set of network activity. The network activity detection system may produce appropriate responses upon the detection of network activities of interest.Type: ApplicationFiled: December 28, 2012Publication date: June 11, 2015Inventor: John S. Flowers
-
Patent number: 9021574Abstract: Network activity detectors, such as firewalls, communicate with one another to form a Unified Threat Management System. A first network activity detector sends a request for configuration settings to a second network activity detector. The second network activity detector sends a set of configuration settings in response to the request. The configuration settings include information for detecting digital security threats and/or for responding to detected digital security threats. In this way, configuration settings are propagated from one network activity detector to another so that network activity detectors within a UTMS system are configured consistently, e.g., have up-to-date information for detecting and/or responding to digital security threats.Type: GrantFiled: March 12, 2014Date of Patent: April 28, 2015Assignee: TrustPipe LLCInventor: John S. Flowers
-
Publication number: 20150020187Abstract: A digital security threat management system is disclosed. The system detects the presence of a computing system, on a network, that has been compromised by an undetected and/or unknown digital security threat. The digital security threat management system recognizes characteristic emanations from a computer system that has been compromised. Because the characteristic emanations that result from a known threat can be the same as the characteristic emanations that result from an undetected and/or unknown threat, the digital security threat management system can learn to detect a computing system that has been compromised by an unknown threat if the security threat management system recognizes characteristic emanations from a previous attack, based on a known threat, of the computing system. In this way, the system can detect the presence of a compromised computing system, even if the cause of the compromise remains undetected and/or unknown. Appropriate remedial action may be taken upon detection.Type: ApplicationFiled: September 18, 2014Publication date: January 15, 2015Inventors: JOHN S. FLOWERS, RIDGELY C. EVERS
-
Patent number: 8856324Abstract: A digital security threat management system is disclosed. The system detects the presence of a computing system, on a network, that has been compromised by an undetected and/or unknown digital security threat. The digital security threat management system recognizes characteristic emanations from a computer system that has been compromised. Because the characteristic emanations that result from a known threat can be the same as the characteristic emanations that result from an undetected and/or unknown threat, the digital security threat management system can learn to detect a computing system that has been compromised by an unknown threat if the security threat management system recognizes characteristic emanations from a previous attack, based on a known threat, of the computing system. In this way, the system can detect the presence of a compromised computing system, even if the cause of the compromise remains undetected and/or unknown. Appropriate remedial action may be taken upon detection.Type: GrantFiled: January 28, 2013Date of Patent: October 7, 2014Assignee: TrustPipe LLCInventors: John S. Flowers, Ridgely C. Evers
-
Publication number: 20130318611Abstract: A network activity detection system is trained to detect network activities of interest such as threats by malicious computer data. The training involves distilling the characteristics of known network activities of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a minimal set of meta-expressions. At run-time, the network activity detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known network activities of interest, as well as their unknown variants, among an unknown set of network activity. The network activity detection system may produce appropriate responses upon the detection of network activities of interest.Type: ApplicationFiled: December 10, 2012Publication date: November 28, 2013Applicant: TrustPipe LLCInventor: John S. FLOWERS
-
Patent number: 8347391Abstract: A network activity detection system is trained to detect network activities of interest such as threats by malicious computer data. The training involves distilling the characteristics of known network activities of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a minimal set of meta-expressions. At run-time, the network activity detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known network activities of interest, as well as their unknown variants, among an unknown set of network activity. The network activity detection system may produce appropriate responses upon the detection of network activities of interest.Type: GrantFiled: May 23, 2012Date of Patent: January 1, 2013Assignee: TrustPipe LLCInventor: John S. Flowers
-
Patent number: 8176544Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: GrantFiled: February 3, 2011Date of Patent: May 8, 2012Assignee: nCircle Network Security, Inc.Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Patent number: 8020211Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: GrantFiled: September 1, 2009Date of Patent: September 13, 2011Assignee: nCircle Network Security, Inc.Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Publication number: 20110131644Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: ApplicationFiled: February 3, 2011Publication date: June 2, 2011Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Publication number: 20100169352Abstract: The present invention is directed to systems and methods for encoding and retrieving information from a variety of sources using novel search techniques. The systems and methods of the invention are capable of extracting all types of structural and relational information from a query or a source data allowing for the recognition of subtle differences in meaning. The capability of discerning subtle differences in meaning that are beyond the search systems and methods presently available, the invention described herein is capable of repeatedly providing accurate and meaningful responses to a diverse set of queries.Type: ApplicationFiled: December 31, 2008Publication date: July 1, 2010Inventors: John S. Flowers, Michael Farmer, Martin A. Quiroga, Gordon H. Fischer, John A. DeSanto
-
Publication number: 20090320138Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: ApplicationFiled: September 1, 2009Publication date: December 24, 2009Applicant: c/o nCircle Network Security, Inc.Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Patent number: 7594273Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: GrantFiled: February 16, 2007Date of Patent: September 22, 2009Assignee: nCircle Network Security, Inc.Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Patent number: 7555475Abstract: There is provided a sentence module that handles pronouns in sentences. Each pronoun is replaced by one or more nouns. These replaced nouns are used to form statements that populate the structured representation, in order to produce precise answers to queries, as part of a search engine application.Type: GrantFiled: September 9, 2005Date of Patent: June 30, 2009Assignee: Jiles, Inc.Inventors: Martin A. Quiroga, Gordon H. Fischer, John S. Flowers
-
Patent number: 7509681Abstract: A system in accordance with an embodiment of the invention includes a vulnerability detection system (VDS) and an intrusion detection system (IDS). The intrusion detection system leverages off of information gathered about a network, such as vulnerabilities, so that it only examines and alerts the user to potential intrusions that could actually affect the particular network. In addition, both the VDS and IDS may use rules in performing their respective analyses that are query-based and that are easy to construct. In particular, these rules may be based on a set of templates, which represent various entities or processes on the network.Type: GrantFiled: January 8, 2007Date of Patent: March 24, 2009Assignee: nCircle Network Security, Inc.Inventors: John S. Flowers, Thomas C. Stracener
-
Publication number: 20090077180Abstract: The present invention is directed to systems and methods for encoding and retrieving information from a variety of sources using novel search techniques. The systems and methods of the invention are capable of extracting all types of structural and relational information from a query or a source data allowing for the recognition of subtle differences in meaning. The capability of discerning subtle differences in meaning that are beyond the search systems and methods presently available, the invention described herein is capable of repeatedly providing accurate and meaningful responses to a diverse set of queries.Type: ApplicationFiled: September 14, 2007Publication date: March 19, 2009Inventors: John S. Flowers, Michael Farmer, Martin A. Quiroga, Gordon H. Fischer, John A. DeSanto
-
Patent number: 7447683Abstract: There is provided a search engine or other electronic search application that receives an inputted query in natural language. The search engine then analyzes the query in accordance with the syntactic relationships of the natural language in which it was presented, weights the syntactic relationships, and generates a result to the query as output, corresponding to the syntactic relationship of the greatest weight. The outputted result is typically an answer, in the form of a sentence or a phrase, along with the document from which the sentence or phrase is taken, including a hypertext link for the document.Type: GrantFiled: April 28, 2005Date of Patent: November 4, 2008Assignee: Jiles, Inc.Inventors: Martin A. Quiroga, John A. DeSanto, John S. Flowers
-
Patent number: 7181769Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attach signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.Type: GrantFiled: June 6, 2003Date of Patent: February 20, 2007Assignee: nCircle Network Security, Inc.Inventors: Timothy D. Keanini, Martin A. Quiroga, Brian W. Buchanan, John S. Flowers
-
Patent number: 7162742Abstract: A system in accordance with an embodiment of the invention includes a vulnerability detection system (VDS) and an intrusion detection system (IDS). The intrusion detection system leverages off of information gathered about a network, such as vulnerabilities, so that it only examines and alerts the user to potential intrusions that could actually affect the particular network. In addition both the VDS and IDS use rules in performing their respective analyses that are query-based and that are easy to construct. In particular these rules are based on a set of templates, which represent various entities or processes on the network.Type: GrantFiled: November 12, 2004Date of Patent: January 9, 2007Assignee: nCircle Network Security, Inc.Inventors: John S. Flowers, Thomas C. Stracener