Patents by Inventor Sean Moore
Sean Moore has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240396871Abstract: Methods, apparatuses, systems, and machine-readable media are disclosed for improving packet filtering efficiency by reducing processing time and/or by reducing memory usage. Any of various types of data structures, such as flat hash maps and/or ruletrees, may be used by a packet filtering appliance to search for cybersecurity policy packet filtering rules that should be applied to in-transit packets. The packet filtering appliance may search the index data structures for matches of search objects, in the form of values that the packet filtering appliance extracts from in-transit packets, to threat indicator matching criteria of the policy rules. Each of the index data structures may map rule identifiers (rule IDs) of policy rules to keys that are based on (or that comprise) the matching criteria of those rules.Type: ApplicationFiled: May 23, 2024Publication date: November 28, 2024Inventors: Sean Moore, Vincent Mutolo, Alexander Chinchilli, Paul Sprague, Christopher T. Rodney, Justin Makoto Leach
-
Patent number: 12152229Abstract: An electroporation apparatus has an electroporation probe terminals for linking with electrodes. A foam is injected at the treatment site to displace blood rather than mixing with it, increasing the contact time of a higher concentration of active agent with the tissue and thus resulting in greater efficacy. With foam solutions, a lower concentration of agent can be used to obtain the same therapeutic effect as in their liquid counterpart, reducing the prevalence of side effects associated with higher concentrations. A foam solution compared to an equivalent liquid solution enables more efficient cell electroporation particularly where bipolar pulses have been employed by mitigating an increase in tissue conductivity as would normally be observed with a comparable liquid solution. A more efficient cell permeabilisation would result in better results where electroporation is being delivered alone or as a tool to aid in the uptake of molecules into the cell.Type: GrantFiled: October 18, 2023Date of Patent: November 26, 2024Assignee: MIRAI MEDICAL LIMITEDInventors: Declan Soden, Colin Forde, Sean Kinsella, Tony Moore
-
Publication number: 20240341302Abstract: Numerous fields of basic research, medicine, and technology require an understanding of the biological composition and diversity in water samples. A common approach to acquiring such information is to collect samples ‘in the field’ and to subsequently extract nucleic acids in a laboratory for sequence analyses. A challenge to this pipeline is the preservation of the abundance and quality of the nucleic acids present in and around the organisms because, once a sample is harvested, it is no longer connected to the environment that established it. Many organisms, particularly microbes, rapidly adapt to such environmental changes and the relative abundance and quality of nucleic acids within them can change in a manner of minutes. A common methodology intended to address this problem is to filter the water to collect microorganisms on site and then to store the filters in a frozen state until they are processed.Type: ApplicationFiled: August 9, 2022Publication date: October 17, 2024Inventor: Sean MOORE
-
Publication number: 20240348631Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: ApplicationFiled: February 2, 2024Publication date: October 17, 2024Inventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Patent number: 12113771Abstract: A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses.Type: GrantFiled: June 8, 2023Date of Patent: October 8, 2024Assignee: Centripetal Networks, LLCInventors: John Fenton, Peter Geremia, Richard Goodwin, Sean Moore, Vincent Mutolo, Jess P. Parnell, Jonathan R. Rogers
-
Patent number: 12113772Abstract: An enterprise organization may operate a central network and one or more remote networks, each comprising a plurality of computing devices. For protection against malicious actors, the central network may be configured to filter network traffic associated with the computing devices based on identified threats. Traffic corresponding to computing devices connected to the remote network may be tunneled to the central network for filtering by the central network. A tunnel gateway device, associated with the remote network, may efficiently identify which communications are associated with Internet threats, and tunnel such identified traffic to the central network, where actions may be taken to protect the enterprise network.Type: GrantFiled: September 15, 2023Date of Patent: October 8, 2024Assignee: Centripetal Networks, LLCInventors: Sean Moore, Peter P. Geremia
-
Patent number: 12107893Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.Type: GrantFiled: April 14, 2021Date of Patent: October 1, 2024Assignee: Centripetal Networks, LLCInventors: Steven Rogers, Sean Moore, David K. Ahn, Peter P. Geremia
-
Publication number: 20240259345Abstract: The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack.Type: ApplicationFiled: October 11, 2023Publication date: August 1, 2024Inventors: Sean Moore, Jonathan R. Rogers, Steven Rogers
-
Patent number: 12034710Abstract: Systems, devices, and methods are disclosed for selectively decrypting SSL/TLS communications. Contents of the decrypted communications that may result in some action; for example, to terminate the communications, or to log and store the plaintext packets of the communications for subsequent content inspection and analysis. A SSL/TLS proxy may examine the information contained in the TLS handshake protocol and/or examine other information associated with the connection. Based on the examination, a proxy may determine whether or not to decrypt the encrypted communications. The proxy may take additional actions based on content inspection.Type: GrantFiled: December 20, 2021Date of Patent: July 9, 2024Assignee: Centripetal Networks, LLCInventor: Sean Moore
-
Patent number: 12028311Abstract: Network devices that are inserted inline into network links and process in-transit packets may significantly improve their packet-throughput performance by not assigning L3 IP addresses and L2 MAC addresses to their network interfaces and thereby process packets through a logical fast path that bypasses the slow path through the operating system kernel. When virtualizing such Bump-In-The-Wire (BITW) devices for deployment into clouds, the network interfaces must have L3 IP and L2 MAC addresses assigned to them. Thus, packets are processed through the slow path of a virtual BITW device, significantly reducing the performance. By adding new logic to the virtual BITW device and/or configuring proxies, addresses, subnets, and/or routing tables, a virtual BITW device can process packets through the fast path and potentially improve performance accordingly. For example, the virtual BITW device may be configured to enforce a virtual path (comprising the fast path) through the virtual BITW device.Type: GrantFiled: June 21, 2023Date of Patent: July 2, 2024Assignee: Centripetal Networks, LLCInventors: Richard Goodwin, Paul Sprague, Peter Geremia, Sean Moore
-
Patent number: 12019745Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.Type: GrantFiled: September 20, 2023Date of Patent: June 25, 2024Assignee: Centripetal Networks, LLCInventors: Sean Moore, Jonathan R. Rogers, Jess P. Parnell, Zachary Ehnerd
-
Patent number: 12021835Abstract: A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet.Type: GrantFiled: April 7, 2021Date of Patent: June 25, 2024Assignee: Centripetal Networks, LLCInventors: Sean Moore, Jonathan R. Rogers, Steven Rogers
-
Patent number: 12015626Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.Type: GrantFiled: September 8, 2023Date of Patent: June 18, 2024Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
-
Patent number: 12015590Abstract: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.Type: GrantFiled: June 10, 2022Date of Patent: June 18, 2024Assignee: Centripetal Networks, LLCInventors: Sean Moore, Peter P. Geremia
-
Patent number: 12010135Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.Type: GrantFiled: September 19, 2023Date of Patent: June 11, 2024Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Sean Moore, Douglas M. Disabello
-
Publication number: 20240187422Abstract: Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function.Type: ApplicationFiled: February 13, 2024Publication date: June 6, 2024Inventors: Vincent Mutolo, Alexander Chinchilli, Sean Moore, Matthew Sparrow, Connor Tess
-
Patent number: 11997109Abstract: Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function.Type: GrantFiled: July 17, 2023Date of Patent: May 28, 2024Assignee: Centripetal Networks, LLCInventors: Vincent Mutolo, Alexander Chinchilli, Sean Moore, Matthew Sparrow, Connor Tess
-
Publication number: 20240171542Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.Type: ApplicationFiled: November 13, 2023Publication date: May 23, 2024Applicant: Centripetal Networks, LLCInventors: Sean Moore, Vincent Mutolo, Jonathan R. Rogers
-
Publication number: 20240154977Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.Type: ApplicationFiled: October 13, 2023Publication date: May 9, 2024Inventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia
-
Patent number: 11956338Abstract: A computing system may identify packets received by a network device from a host located in a first network and may generate log entries corresponding to the packets received by the network device. The computing system may identify packets transmitted by the network device to a host located in a second network and may generate log entries corresponding to the packets transmitted by the network device. Utilizing the log entries corresponding to the packets received by the network device and the log entries corresponding to the packets transmitted by the network device, the computing system may correlate the packets transmitted by the network device with the packets received by the network device.Type: GrantFiled: May 19, 2023Date of Patent: April 9, 2024Assignee: Centripetal Networks, LLCInventors: David K. Ahn, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry