Patents by Inventor Maarten Van Horenbeeck
Maarten Van Horenbeeck has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11711390Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: GrantFiled: April 14, 2022Date of Patent: July 25, 2023Assignee: Amazon Technologies, Inc.Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 11310251Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: GrantFiled: October 31, 2019Date of Patent: April 19, 2022Assignee: Amazon Technologies, Inc.Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 10728272Abstract: A method and apparatus for risk scoring in a graph are disclosed. In the method and apparatus, a graph includes a first node that is connected with a node of a plurality of nodes using a communication link of a plurality of communication links. A plurality of link risk measures are then determined, whereby a link risk measure of the plurality of link risk measures pertains to the communication link of the plurality of communication links. Furthermore, a risk measure associated with the first node is determined based at least in part on the plurality of link risk measures. The risk measure is monitored to determine if one or more conditions placed on the risk measure are met and one or more actions are taken as a result of the one or more conditions being met.Type: GrantFiled: December 17, 2014Date of Patent: July 28, 2020Assignee: Amazon Technologies, Inc.Inventors: Danial Muhammad Ranjha, Jon Arron McClintock, Tushaar Sethi, Maarten Van Horenbeeck
-
Publication number: 20200067959Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: ApplicationFiled: October 31, 2019Publication date: February 27, 2020Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 10560338Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.Type: GrantFiled: December 1, 2017Date of Patent: February 11, 2020Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Dominique Imjya Brezinski, Tushaar Sethi, Maarten Van Horenbeeck
-
Patent number: 10511619Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: GrantFiled: May 10, 2017Date of Patent: December 17, 2019Assignee: Amazon Technologies, Inc.Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 10467423Abstract: Method and apparatus for identifying a flow of data from a first data store to a second data store are disclosed. In the method and apparatus, a service may send the data from the first data store to the second data store, whereby the service may be associated with an access control policy that specifies whether the service is permitted to send or receive the data. The access control policy may be used as a basis for the evaluation of executable instructions of the service, and evaluation of the executable instructions may be used to identify the first data store or the second data store.Type: GrantFiled: March 26, 2014Date of Patent: November 5, 2019Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Tushaar Sethi, Maarten Van Horenbeeck
-
Publication number: 20190073483Abstract: Techniques for detecting access to data classified as sensitive by plugin running on a computer system are described herein. A data event is generated that includes information about the access to the data classified as sensitive as a result of detecting the access to the data. The data event is then transmitted to a logging service over a network.Type: ApplicationFiled: October 29, 2018Publication date: March 7, 2019Inventors: Jon Arron McClintock, Tushaar Sethi, Maarten Van Horenbeeck
-
Patent number: 10187362Abstract: A method and system are provided that create a limited use secure environment (LSE) image such as a limited use operating system installation that can be booted from a removable medium (e.g. CD or flash drive). The limited use secure environment is a limited purpose OS, web browser, etc. that prevents undesired activities. When the limited use secure environment boots, it initiates a pairing operation in which a pairing code and user credentials are conveyed to an authorization server. Once the pairing code and credentials are confirmed, a provisioning service provides configuration credentials to the limited use secure environment to enable the limited use secure environment to establish a secure connection through a gateway to resources of interest.Type: GrantFiled: June 22, 2015Date of Patent: January 22, 2019Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, John Clark Coonley Duksta, Katharine Nicole Harrison, Matthew Ryan Jezorek, Brian Young Lee, Maarten Van Horenbeeck
-
Patent number: 10114960Abstract: Techniques for detecting access to computer system data by applications running on a computer system are described herein. Data access event log entries are recorded, the log entries including one or more metadata items associated with how the computer system application accessed the computer system data. The log entries are analyzed using correlations with other computer system events and, if improper access is detected, one or more operations relating to the type of data accessed and the type of violation are performed to mitigate the improper data access.Type: GrantFiled: March 20, 2014Date of Patent: October 30, 2018Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Tushaar Sethi, Maarten Van Horenbeeck
-
Patent number: 9960975Abstract: Techniques for analyzing a dataset may be provided. For example, a configuration file may be accessed. The dataset may be analyzed based on a condition identified in the configuration file. A report may be generated and transmitted based on the analysis. Another report generated based on an analysis of another dataset according to another configuration file may be accessed. The dataset may be further analyzed based on this report to determine if a reported observation may also be associated with the dataset. If so, a confirmation may be generated and transmitted.Type: GrantFiled: November 5, 2014Date of Patent: May 1, 2018Assignee: Amazon Technologies, Inc.Inventors: Maarten Van Horenbeeck, Matthew Ryan Jezorek
-
Publication number: 20180091375Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.Type: ApplicationFiled: December 1, 2017Publication date: March 29, 2018Inventors: Jon Arron McClintock, Dominique Imjya Brezinski, Tushaar Sethi, Maarten Van Horenbeeck
-
Patent number: 9838260Abstract: A method and apparatus for path detection are disclosed. In the method and apparatus, a data path may link two path-end nodes in a network. Event data for the network may be received and may be used to determine, for each node resident on the path, proximity measures to each path-end node. The proximity measure of network nodes may be evaluated to determine whether a path exists between the two path-end nodes.Type: GrantFiled: March 25, 2014Date of Patent: December 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Jon Arron McClintock, Dominique Imjya Brezinski, Tushaar Sethi, Maarten Van Horenbeeck
-
Patent number: 9756058Abstract: Techniques for analyzing access to a network-based document may be provided. For example, the network-based document may be configured for direct access from client device. Based on an access of a client device to the network-based document, information associated with this access may be recorded. The information may be analyzed to determine whether a condition associated with the direct access may be violated. An issue may be detected with the client device access based on a determination that the condition may be violated.Type: GrantFiled: September 29, 2014Date of Patent: September 5, 2017Assignee: Amazon Technologies, Inc.Inventors: Matthew Ryan Jezorek, Maarten Van Horenbeeck, Richie Lai
-
Publication number: 20170244739Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: ApplicationFiled: May 10, 2017Publication date: August 24, 2017Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 9661011Abstract: Techniques described and suggested herein include various systems and methods for determining risk levels associated with transiting data, and routing portions of the data in accordance with the determined risk levels. For example, a risk analyzer may apply risk classifiers to transiting data to determine overall risk levels of some or all of the transiting data. A traffic router may route transiting data according to determined risk profiles for the data. A sandbox may be implemented to compare, for a given input, expected and observed outputs for a subset of transiting data, so as to determine risk profiles associated with at least the subset.Type: GrantFiled: December 17, 2014Date of Patent: May 23, 2017Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Maarten Van Horenbeeck, Christopher Michael Anderson, Katharine Nicole Harrison, Matthew Ryan Jezorek, Jon Arron McClintock, Tushaar Sethi
-
Patent number: 9473516Abstract: Techniques for analyzing access to a network-based document may be provided. For example, a portion of the network-based document for hashing may be identified. A client hash of the portion may be accessed. The client hash may be based on an access of a client to the network-based document over a network. A provider hash of the portion may be also accessed. The provider hash may be based on a trusted version of the portion. The client hash and the provider hash may be compared. Based on the comparison, an issue associated with the access to the network-based document over the network may be detected.Type: GrantFiled: September 29, 2014Date of Patent: October 18, 2016Assignee: Amazon Technologies, Inc.Inventors: Matthew Ryan Jezorek, Maarten Van Horenbeeck, Richie Lai
-
Patent number: 9426171Abstract: Techniques for analyzing access to a network-based resource may be provided. For example, a client record associated with the access to the network-based resource over a network may be compared to a provider record. The client record may indicate an address of the network based resource and can be received from a computing resource. The provider record can also indicate the address and can be received from a trusted computing resource. Based on the comparison, an issue associated with the access to the network-based resource over the network may be detected.Type: GrantFiled: September 29, 2014Date of Patent: August 23, 2016Assignee: Amazon Technologies, Inc.Inventors: Matthew Ryan Jezorek, Maarten Van Horenbeeck, Richie Lai
-
Patent number: 8966659Abstract: A computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site.Type: GrantFiled: March 14, 2013Date of Patent: February 24, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Muhammad Umar Janjua, Yogesh A. Mehta, Maarten Van Horenbeeck, Anooshiravan Saboori, Nelly Porter, Vassil D. Bakalov, Bryston Nitta
-
Publication number: 20140283054Abstract: A computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Applicant: MICROSOFT CORPORATIONInventors: Muhammad Umar Janjua, Yogesh A. Mehta, Maarten Van Horenbeeck, Anooshiravan Saboori, Nelly Porter, Vassil D. Bakalov, Bryston Nitta