Patents by Inventor Philip D. Hassey
Philip D. Hassey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12355770Abstract: Embodiments are directed to managing access to network resources. A first mesh agent may be configured to provide a client with access to a resource via an overlay network. The first mesh agent may determine an identity and an activity associated with requests such that the identity corresponds to an entity that may be authenticated to access the overlay network and the resource. A policy container associated with the activity may be determined based on characteristics of the requests such that the policy container may include policies associated with the activity. The requests may be validated based on the policies included in the policy container such that the validated requests may be forwarded to the resource and invalidated requests may be discarded and such that persistence of the connection may be maintained during the validation.Type: GrantFiled: June 12, 2024Date of Patent: July 8, 2025Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
-
Patent number: 12284224Abstract: Embodiments are directed to managing interactions with applications. A plurality of interactions with the application that are enforced by the native security policies may be determined. A virtual policy interface may be generated to collect information associated with a plurality of other interactions with the application that may be unassociated with the native security policies. A virtual policy engine may be employed to perform further actions, including: determining activities based on the collected information associated with the plurality of other interactions; determining virtual security policies associated with the plurality of other interactions based on the activities.Type: GrantFiled: June 12, 2024Date of Patent: April 22, 2025Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
-
Publication number: 20250112923Abstract: Embodiments are directed to managing access to network resources. A first mesh agent may be configured to provide a client with access to a resource via an overlay network. The first mesh agent may determine an identity and an activity associated with requests such that the identity corresponds to an entity that may be authenticated to access the overlay network and the resource. A policy container associated with the activity may be determined based on characteristics of the requests such that the policy container may include policies associated with the activity. The requests may be validated based on the policies included in the policy container such that the validated requests may be forwarded to the resource and invalidated requests may be discarded and such that persistence of the connection may be maintained during the validation.Type: ApplicationFiled: June 12, 2024Publication date: April 3, 2025Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
-
Publication number: 20250112962Abstract: Embodiments are directed to managing interactions with applications. A plurality of interactions with the application that are enforced by the native security policies may be determined. A virtual policy interface may be generated to collect information associated with a plurality of other interactions with the application that may be unassociated with the native security policies. A virtual policy engine may be employed to perform further actions, including: determining activities based on the collected information associated with the plurality of other interactions'; determining virtual security policies associated with the plurality of other interactions based on the activities.Type: ApplicationFiled: June 12, 2024Publication date: April 3, 2025Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
-
Publication number: 20240236047Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.Type: ApplicationFiled: February 26, 2024Publication date: July 11, 2024Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
-
Patent number: 12028321Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.Type: GrantFiled: February 26, 2024Date of Patent: July 2, 2024Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
-
Patent number: 11973752Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.Type: GrantFiled: August 28, 2023Date of Patent: April 30, 2024Assignee: strongDM, Inc.Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
-
Publication number: 20240106821Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.Type: ApplicationFiled: August 28, 2023Publication date: March 28, 2024Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
-
Publication number: 20240073249Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.Type: ApplicationFiled: August 21, 2023Publication date: February 29, 2024Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
-
Patent number: 11916885Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.Type: GrantFiled: January 9, 2023Date of Patent: February 27, 2024Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
-
Patent number: 11916968Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.Type: GrantFiled: August 21, 2023Date of Patent: February 27, 2024Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
-
Patent number: 11765159Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.Type: GrantFiled: September 28, 2022Date of Patent: September 19, 2023Assignee: strongDM, Inc.Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
-
Patent number: 11736531Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.Type: GrantFiled: August 31, 2022Date of Patent: August 22, 2023Assignee: strongDM, Inc.Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey