Patents by Inventor Philip D. Hassey

Philip D. Hassey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12355770
    Abstract: Embodiments are directed to managing access to network resources. A first mesh agent may be configured to provide a client with access to a resource via an overlay network. The first mesh agent may determine an identity and an activity associated with requests such that the identity corresponds to an entity that may be authenticated to access the overlay network and the resource. A policy container associated with the activity may be determined based on characteristics of the requests such that the policy container may include policies associated with the activity. The requests may be validated based on the policies included in the policy container such that the validated requests may be forwarded to the resource and invalidated requests may be discarded and such that persistence of the connection may be maintained during the validation.
    Type: Grant
    Filed: June 12, 2024
    Date of Patent: July 8, 2025
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
  • Patent number: 12284224
    Abstract: Embodiments are directed to managing interactions with applications. A plurality of interactions with the application that are enforced by the native security policies may be determined. A virtual policy interface may be generated to collect information associated with a plurality of other interactions with the application that may be unassociated with the native security policies. A virtual policy engine may be employed to perform further actions, including: determining activities based on the collected information associated with the plurality of other interactions; determining virtual security policies associated with the plurality of other interactions based on the activities.
    Type: Grant
    Filed: June 12, 2024
    Date of Patent: April 22, 2025
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
  • Publication number: 20250112923
    Abstract: Embodiments are directed to managing access to network resources. A first mesh agent may be configured to provide a client with access to a resource via an overlay network. The first mesh agent may determine an identity and an activity associated with requests such that the identity corresponds to an entity that may be authenticated to access the overlay network and the resource. A policy container associated with the activity may be determined based on characteristics of the requests such that the policy container may include policies associated with the activity. The requests may be validated based on the policies included in the policy container such that the validated requests may be forwarded to the resource and invalidated requests may be discarded and such that persistence of the connection may be maintained during the validation.
    Type: Application
    Filed: June 12, 2024
    Publication date: April 3, 2025
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
  • Publication number: 20250112962
    Abstract: Embodiments are directed to managing interactions with applications. A plurality of interactions with the application that are enforced by the native security policies may be determined. A virtual policy interface may be generated to collect information associated with a plurality of other interactions with the application that may be unassociated with the native security policies. A virtual policy engine may be employed to perform further actions, including: determining activities based on the collected information associated with the plurality of other interactions'; determining virtual security policies associated with the plurality of other interactions based on the activities.
    Type: Application
    Filed: June 12, 2024
    Publication date: April 3, 2025
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey, Kevin David Jamieson, Justin Allan McCarthy, Amol Kabe, Karim Fanous
  • Publication number: 20240236047
    Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.
    Type: Application
    Filed: February 26, 2024
    Publication date: July 11, 2024
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 12028321
    Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.
    Type: Grant
    Filed: February 26, 2024
    Date of Patent: July 2, 2024
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 11973752
    Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.
    Type: Grant
    Filed: August 28, 2023
    Date of Patent: April 30, 2024
    Assignee: strongDM, Inc.
    Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
  • Publication number: 20240106821
    Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.
    Type: Application
    Filed: August 28, 2023
    Publication date: March 28, 2024
    Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
  • Publication number: 20240073249
    Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.
    Type: Application
    Filed: August 21, 2023
    Publication date: February 29, 2024
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 11916885
    Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.
    Type: Grant
    Filed: January 9, 2023
    Date of Patent: February 27, 2024
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 11916968
    Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.
    Type: Grant
    Filed: August 21, 2023
    Date of Patent: February 27, 2024
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 11765159
    Abstract: Embodiments are directed to connection revocation in overlay networks. An overlay network may be employed to provide secure tunnels between clients and resources. In response to a privilege evaluation event, performing further actions, including: determining sessions associated with the secure tunnels; determining users and a portion of the resources based on the sessions such that each determined user and each determined resource are associated with a same session; comparing privilege information associated with each determined user with privilege requirements associated with each determined resource. In response to determining one or more mismatches of the privilege information and the privilege requirements based on the comparison, performing further actions, including: determining revocable sessions based on the mismatches; providing revoke messages to agents such that the agents close connections associated with the revocable sessions.
    Type: Grant
    Filed: September 28, 2022
    Date of Patent: September 19, 2023
    Assignee: strongDM, Inc.
    Inventors: Britt Vandermast Crawford, Philip D. Hassey, Alexander Chidi Okafor
  • Patent number: 11736531
    Abstract: Embodiments are directed to managing and monitoring endpoint activity in secured networks. In response to a client request being provided to an agent associated with the resource server. A driver associated with the resource server may be determined based on the client request. The client request may be provided to the resource server via a second network connection. Responses from the resource server may be provided to a server-tee module such that the server-tee module provides a copy of the responses to the server-handler module; employing the server-handler module to generate log information based on the copied responses; employing the server-tee module to modify the responses from the resource server such that the responses are forwarded to the client via the first network connection over the overlay network; or the like.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: August 22, 2023
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey