Patents by Inventor Tom Jurgenson
Tom Jurgenson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818228Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: GrantFiled: September 22, 2016Date of Patent: November 14, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Patent number: 10735432Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.Type: GrantFiled: January 18, 2019Date of Patent: August 4, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Nadav Bar, Tom Jurgenson
-
Patent number: 10623234Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.Type: GrantFiled: June 8, 2017Date of Patent: April 14, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Sivan Krigsman, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
-
Publication number: 20190327237Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which ay comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.Type: ApplicationFiled: January 18, 2019Publication date: October 24, 2019Inventors: Nadav Bar, Tom Jurgenson
-
Patent number: 10333944Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.Type: GrantFiled: November 3, 2016Date of Patent: June 25, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Tom Jurgenson, Sivan Krigsman, Michael Dubinsky, Tal Arieh Be'ery, Idan Plotnik, Gil David
-
Patent number: 10298699Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.Type: GrantFiled: September 8, 2016Date of Patent: May 21, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tom Jurgenson, Tal Arieh Be'ery, Idan Plotnik, Michael Dubinsky, Sivan Krigsman, Gil David
-
Patent number: 10187394Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.Type: GrantFiled: March 31, 2016Date of Patent: January 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Nadav Bar, Tom Jurgenson
-
Publication number: 20180359136Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.Type: ApplicationFiled: June 8, 2017Publication date: December 13, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Sivan KRIGSMAN, Tal Be'ery, Itai Grady, Yaron Kaner, Amit Rosenzweig, Tom Jurgenson
-
Patent number: 10068277Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.Type: GrantFiled: June 17, 2014Date of Patent: September 4, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Tom Jurgenson, Royi Ronen, Elad Ziklik, Oran Brill
-
Publication number: 20180124065Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.Type: ApplicationFiled: November 3, 2016Publication date: May 3, 2018Inventors: Tom Jurgenson, Sivan Krigsman, Michael Dubinsky, Tal Arieh Be'ery, Idan Plotnik, Gil David
-
Publication number: 20180084069Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Publication number: 20180069934Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.Type: ApplicationFiled: September 8, 2016Publication date: March 8, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Tom Jurgenson, Tal Arieh Be'ery, Idan Plotnik, Michael Dubinsky, Sivan Krigsman, Gil David
-
Publication number: 20170289168Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventors: Nadav Bar, Tom Jurgenson
-
Publication number: 20150363863Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.Type: ApplicationFiled: June 17, 2014Publication date: December 17, 2015Inventors: Tom Jurgenson, Royi Ronen, Elad Ziklik, Oran Brill