Patents by Inventor Nicola A Maiorana
Nicola A Maiorana has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12126646Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.Type: GrantFiled: May 12, 2022Date of Patent: October 22, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Nicola A. Maiorana, Bryan D. Hall, Richard Joseph Schroeder
-
Publication number: 20240340286Abstract: Systems and methods may generally be used to automatically curate a blocklist of internet protocol (IP) addresses. An example method may include using risk factor scores for a particular IP address that was blocked by a traffic control component to determine whether to add the particular IP address to a blocklist. The example method may include, in response to a determination to add the particular IP address to the blocklist, generating an IP address entry in the blocklist for the particular IP address, the IP address entry optionally including a corresponding time-based expiration. The example method may include outputting the blocklist or the IP address entry, such as in response to a request from a firewall.Type: ApplicationFiled: June 14, 2024Publication date: October 10, 2024Inventors: Upul D. Hanwella, Shawna K. Murphy Butterworth, Bryan D. Hall, James Condron Hudson, Christian Tobias Sorensen, Samantha T. Grosby, Nicola A. Maiorana, Richard Joseph Schroeder, Shailesh Hedaoo, William Norton Hebert
-
Patent number: 12058137Abstract: Systems and methods may generally be used to automatically curate a blocklist of internet protocol (IP) addresses. An example method may include using risk factor scores for a particular IP address that was blocked by a traffic control component to determine whether to add the particular IP address to a blocklist. The example method may include, in response to a determination to add the particular IP address to the blocklist, generating an IP address entry in the blocklist for the particular IP address, the IP address entry optionally including a corresponding time-based expiration. The example method may include outputting the blocklist or the IP address entry, such as in response to a request from a firewall.Type: GrantFiled: October 20, 2021Date of Patent: August 6, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Upul D. Hanwella, Shawna K. Murphy Butterworth, Bryan D. Hall, James Condron Hudson, Christian Tobias Sorensen, Samantha T. Grosby, Nicola A. Maiorana, Richard Joseph Schroeder, Shailesh Hedaoo, William Norton Hebert
-
Publication number: 20240251007Abstract: Disclosed herein are systems and methods for establishing, using, and recovering universal digital identifiers. In an embodiment, a system establishes a universal identifier (ID) associated with a user and a device of the user. The universal ID is universal with respect to a plurality of distinct entities, has at least a suspended state and an unsuspended state, and initially is in the unsuspended state. The system transmits the universal ID to the device of the user. Thereafter, the system detects an ID-suspension event in connection with the universal ID, and responsively suspends the universal ID, including placing the universal ID in the suspended state. After suspending the universal ID, the system completes an ID-recovery process for the universal ID, and responsively unsuspends the universal ID, including placing the universal ID in the unsuspended state.Type: ApplicationFiled: April 3, 2024Publication date: July 25, 2024Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 12021834Abstract: In an example aspect, a method includes receiving a plurality of login attempts from a network address over a length of time, querying log data to determine, for the network address, an average number of login failures of the plurality of login attempts over the length of time, calculating a failure rate metric based on the average number of login failures, determining that, the failure rate metric exceeds a reference number of login failures for the length of time, the reference number of login failures based on a historical average number of login failures for the length of time, and based in part on the determining, adding the network address to a system deny list.Type: GrantFiled: June 9, 2023Date of Patent: June 25, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Bryan D. Hall, Richard Joseph Schroeder, Nicola A. Maiorana
-
Publication number: 20240135004Abstract: A system determines a baseline cyberthreat-risk score for a user, and displays the baseline cyberthreat-risk score via a user interface. The system presents at least one cyberthreat-education activity via the user interface, and receives, via the user interface, at least one user input associated with the presented at least one cyberthreat-education activity. The system generates an updated cyberthreat-risk score at least in part by updating the baseline cyberthreat-risk score based at least in part on the user input, and displays the updated cyberthreat-risk score via the user interface.Type: ApplicationFiled: January 4, 2024Publication date: April 25, 2024Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Publication number: 20240098092Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.Type: ApplicationFiled: November 27, 2023Publication date: March 21, 2024Applicant: Wells Fargo Bank, N.A.Inventors: Mark David Castonguay, Upul D. Hanwella, Bryan Hall, Nicola A. Maiorana, David Lerner
-
Publication number: 20240089260Abstract: A method may include receiving a first classification of a network address associated with a login attempt as an AVA, and in response, generating a first random number, selecting a first blocking length of time from a plurality of blocking lengths of time, calculating a first deny list duration based on summing the first random number and the first blocking length of time, and adding the network address to a deny list for the first deny list duration, and adding the network address to a parole list for a parole duration, receiving a second classification of the address as an AVA during the duration; and in response selecting a second blocking length of time from a plurality of blocking lengths, calculating a second deny list duration based on summing the second random number and the second blocking length and adding the address to the deny list for the second durationType: ApplicationFiled: November 20, 2023Publication date: March 14, 2024Inventors: Bryan D. Hall, Nicola A. Maiorana, Richard Joseph Schroeder
-
Patent number: 11914719Abstract: A system determines a baseline cyberthreat-risk score for a user, and displays the baseline cyberthreat-risk score via a user interface. The system presents at least one cyberthreat-education activity via the user interface, and receives, via the user interface, at least one user input associated with the presented at least one cyberthreat-education activity. The system generates an updated cyberthreat-risk score at least in part by updating the baseline cyberthreat-risk score based at least in part on the user input, and displays the updated cyberthreat-risk score via the user interface.Type: GrantFiled: April 15, 2020Date of Patent: February 27, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 11855989Abstract: A method may include receiving a first classification of a network address associated with a login attempt as an AVA, and in response, generating a first random number, selecting a first blocking length of time from a plurality of blocking lengths of time, calculating a first deny list duration based on summing the first random number and the first blocking length of time, and adding the network address to a deny list for the first deny list duration, and adding the network address to a parole list for a parole duration, receiving a second classification of the address as an AVA during the duration; and in response selecting a second blocking length of time from a plurality of blocking lengths, calculating a second deny list duration based on summing the second random number and the second blocking length and adding the address to the deny list for the second duration.Type: GrantFiled: June 7, 2021Date of Patent: December 26, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Bryan D. Hall, Nicola A. Maiorana, Richard Joseph Schroeder
-
Patent number: 11848943Abstract: Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model.Type: GrantFiled: July 11, 2022Date of Patent: December 19, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 11831648Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.Type: GrantFiled: December 12, 2022Date of Patent: November 28, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Mark David Castonguay, Upul D. Hanwella, Bryan Hall, Nicola A. Maiorana, David Lerner
-
Publication number: 20230353537Abstract: In an example aspect, a method includes receiving a plurality of login attempts from a network address over a length of time, querying log data to determine, for the network address, an average number of login failures of the plurality of login attempts over the length of time, calculating a failure rate metric based on the average number of login failures, determining that the failure rate metric exceeds a reference number of login failures for the length of time, the reference number of login failures based on a historical average number of login failures for the length of time, and based in part on the determining, adding the network address to a system deny list.Type: ApplicationFiled: June 9, 2023Publication date: November 2, 2023Inventors: Bryan D. Hall, Richard Joseph Schroeder, Nicola A. Maiorana
-
Patent number: 11722459Abstract: In an example aspect, a method includes receiving a plurality of login attempts from a network address over a length of time, querying log data to determine, for the network address, an average number of login failures of the plurality of login attempts over the length of time, calculating a failure rate metric based on the average number of login failures, determining that the failure rate metric exceeds a reference number of login failures for the length of time, the reference number of login failures based on a historical average number of login failures for the length of time, and based in part on the determining, adding the network address to a system deny list.Type: GrantFiled: June 7, 2021Date of Patent: August 8, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Bryan D. Hall, Richard Joseph Schroeder, Nicola A. Maiorana
-
Patent number: 11601435Abstract: In an example aspect, a method includes receiving, using a hardware processing device, a first classification of a network address associated with a login attempt as an account validator actor. The method also includes based on the first classification, updating, using the hardware processing device, a system deny list to include the network address for a first length of time. The method also includes after expiration of the first length of time removing the network address from the system deny list, receiving a second of classification of the network address as an account validator actor, and updating the system deny list to include the network address for a second length of time.Type: GrantFiled: June 7, 2021Date of Patent: March 7, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Bryan D. Hall, Nicola A. Maiorana, Richard Joseph Schroeder
-
Patent number: 11528277Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.Type: GrantFiled: March 10, 2021Date of Patent: December 13, 2022Assignee: Wells Fargo Bank, N.A.Inventors: Mark David Castonguay, Upul D. Hanwella, Bryan Hall, Nicola A. Maiorana, David Lerner
-
Publication number: 20220353281Abstract: Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model.Type: ApplicationFiled: July 11, 2022Publication date: November 3, 2022Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 11394766Abstract: Disclosed herein are systems and methods for establishing, using, and recovering universal digital identifiers. In an embodiment, a system establishes a universal identifier (ID) associated with a user and a device of the user. The universal ID is universal with respect to a plurality of distinct entities, has at least a suspended state and an unsuspended state, and initially is in the unsuspended state. The system transmits the universal ID to the device of the user. Thereafter, the system detects an ID-suspension event in connection with the universal ID, and responsively suspends the universal ID, including placing the universal ID in the suspended state. After suspending the universal ID, the system completes an ID-recovery process for the universal ID, and responsively unsuspends the universal ID, including placing the universal ID in the unsuspended state.Type: GrantFiled: April 15, 2020Date of Patent: July 19, 2022Assignee: Wells Fargo Bank, N.A.Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 11388179Abstract: Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model.Type: GrantFiled: May 6, 2020Date of Patent: July 12, 2022Assignee: Wells Fargo Bank, N.A.Inventors: Chad E. Adams, Daniel Robert Caricato, Kahlidah B. Covington, Ashley Brook Godfrey, Christopher Wayne Howser, Nicola A. Maiorana, Nirali J. Patel, Richard Joseph Schroeder, Roger Daryll White
-
Patent number: 11356472Abstract: Disclosed herein are systems and methods for using machine learning for geographic analysis of access attempts. In an embodiment, a trained machine-learning model classifies source IP addresses of login attempts to a system as either blacklisted or allowed based on a set of aggregated features that correspond to login attempts to the system from the source IP addresses. The set of aggregated features includes, in association with each respective source IP address, a geographical login-attempt failure rate of login attempts to the system from each of one or more geographical areas that each correspond to the respective source IP address. Source IP addresses that are classified by the machine-learning model as blacklisted are added to a system blacklist, such that the system will disallow login attempts from such source IP addresses.Type: GrantFiled: December 16, 2019Date of Patent: June 7, 2022Assignee: Wells Fargo Bank, N.A.Inventors: Nicola A. Maiorana, Bryan D. Hall, Richard Joseph Schroeder