Proactive intrusion protection system

US 10,447,722 B2
Filed: 11/24/2015
Issued: 10/15/2019
Est. Priority Date: 11/24/2015
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:

receiving, from the remote system, data identifying a plurality of compromising entities, where the data comprises at least one device identifier and intrusion tactics;

identifying an incoming communication within a network initiated by the remote device;

identifying information regarding the incoming communication, where the information comprises;

information regarding a source of the incoming communication,a MAC address for the source of the incoming communication, andbehavior characteristics of a sender for the incoming communication;

determining an entity associated with the source of the incoming communication by analyzing the information regarding the incoming communication;

determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities based, at least in part, on comparing the data identifying the plurality of compromising entities to the entity associated with the source of the incoming communication;

comparing the behavior characteristics to the stored intrusion tactics in response to determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities;

determining that the behavior characteristics match, at least in part, the stored intrusion tactics;

generating a signal configured to block the incoming communication in response to determining that the behavior characteristics match, at least in part, the stored intrusion tactics; and

tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to generating the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application associated with a remote device executes logic to receive, from a remote system, data identifying a plurality of compromising entities, identify an incoming communication initiated by the remote device, and identify information regarding a source of the incoming communication. Additionally, the logic determines an entity associated with the source of the incoming communication and determines that the entity associated with the source matches at least one of the plurality of compromising entities based on comparing the data identifying the plurality of compromising entities and the entity associated with the source of the incoming communication. In addition, the logic generates a signal configured to block the incoming communication.

Citations

20 Claims

1. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
- receiving, from the remote system, data identifying a plurality of compromising entities, where the data comprises at least one device identifier and intrusion tactics;
  
  identifying an incoming communication within a network initiated by the remote device;
  
  identifying information regarding the incoming communication, where the information comprises;
  
  information regarding a source of the incoming communication,a MAC address for the source of the incoming communication, andbehavior characteristics of a sender for the incoming communication;
  
  determining an entity associated with the source of the incoming communication by analyzing the information regarding the incoming communication;
  
  determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities based, at least in part, on comparing the data identifying the plurality of compromising entities to the entity associated with the source of the incoming communication;
  
  comparing the behavior characteristics to the stored intrusion tactics in response to determining that the entity associated with the source of the incoming communication matches at least one of the plurality of compromising entities;
  
  determining that the behavior characteristics match, at least in part, the stored intrusion tactics;
  
  generating a signal configured to block the incoming communication in response to determining that the behavior characteristics match, at least in part, the stored intrusion tactics; and
  
  tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to generating the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The one or more non-transitory computer-readable media of claim 1, further comprising:
    - identifying a pending outgoing communication initiated by the remote device;
      
      identifying information regarding the outgoing communication, where the information comprises information regarding a destination of the outgoing communication;
      
      determining an entity associated with the destination of the outgoing communication by analyzing the information regarding the outgoing communication;
      
      determining that the entity associated with the destination of the outgoing communication matches at least one of the plurality of compromising entities based, at least in part, on comparing;
      
      the data identifying the plurality of compromising entities; and
      
      the entity associated with the destination of the outgoing communication; and
      
      generating a second signal configured to block the outgoing communication, where the signal is generated before the outgoing communication is sent.
  - 3. The one or more non-transitory computer-readable media of claim 1, further comprising sending, to the remote system, a message indicating that the signal was generated.
  - 4. The one or more non-transitory computer-readable media of claim 1, further comprising:
    - blocking the incoming communication; and
      
      displaying an alert on the remote device indicating that the incoming communication was blocked.
  - 5. The one or more non-transitory computer-readable media of claim 1, further comprising adding the source of the incoming communication to a blocked contacts list associated with the remote device.
  - 6. The one or more non-transitory computer-readable media of claim 4, where the alert further presents options on the remote device comprising one or more of:
    - sending the incoming communication;
      
      blocking the incoming communication; and
      
      adding the source of the incoming communication to a blocked contacts list associated with the remote device.

7. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
- identifying an incoming communication within a network initiated by the remote device;
  
  sending, to the remote system, information regarding the incoming communication, where the information comprises;
  
  information regarding a source of the incoming communication,a MAC address for the source of the incoming communication, andbehavior characteristics of a sender for the incoming communication;
  
  receiving;
  
  from the remote system, a signal configured to block the incoming communication, wherein the signal is generated in response to a match, at least in part, between the behavior characteristics and intrusion tactics stored in the remote system; and
  
  tracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to receiving the signal for blocking the incoming communication, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The one or more non-transitory computer-readable media of claim 7, further comprising:
    - identifying a pending outgoing communication initiated by the remote device;
      
      sending, to the remote system, information regarding the outgoing communication, where the information comprises information regarding a destination of the outgoing communication; and
      
      receiving, from the remote system, a second signal configured to block the outgoing communication, where the signal is received before the outgoing communication is sent.
  - 9. The one or more non-transitory computer-readable media of claim 7, wherein the signal is received as part of a communication formatted to be protected by at least one of one of SSL (secure sockets layer) and tokenization.
  - 10. The one or more non-transitory computer-readable media of claim 7, further comprising sending, to the remote system, an authentication message confirming that the signal was received.
  - 11. The one or more non-transitory computer-readable media of claim 7, further comprising blocking the remote device from sending the incoming communication, based at least in part on the signal.
  - 12. The one or more non-transitory computer-readable media of claim 7, further comprising adding the source of the incoming communication to a blocked contacts list associated with the remote device.
  - 13. The one or more non-transitory computer-readable media of claim 11, further comprising:
    - displaying an alert on the remote device, where the alert;
      
      indicates that the incoming communication was blocked; and
      
      presents options on the remote device comprising one or more of;
      
      sending the incoming communication;
      
      blocking the incoming communication;
      
      adding the source of the incoming communication to a blocked contacts list associated with the remote device.

14. One or more non-transitory computer-readable media comprising logic corresponding to an application associated with a remote device and a remote system, the logic when executed by one or more processors is operable to perform operations comprising:
- identifying an incoming communication within a network initiated by the remote device;
  
  sending, to the remote system, information regarding the incoming communication, where the information comprises;
  
  information regarding a source of the incoming communication,a MAC address for the source of the incoming communication, andbehavior characteristics of a sender for the incoming communication;
  
  receiving, from the remote system, an alert indicating that the source of the incoming communication matches a compromising entity and the behavior characteristics match intrusion tactics stored in the remote system, andtracking the source of the incoming communication based on the MAC address of the source of the incoming communication in response to receiving the alert, wherein tracking the source of the incoming communication removes the ability for the source of the incoming communication to access the network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The one or more non-transitory computer-readable media of claim 14, further comprising:
    - identifying a pending outgoing communication initiated by the remote device;
      
      sending, to the remote system, information regarding the outgoing communication, where the information comprises information regarding a destination of the outgoing communication; and
      
      receiving, from the remote system, a second alert indicating that the destination of the outgoing communication matches a compromising entity, where the alert is received before the outgoing communication is sent.
  - 16. The one or more non-transitory computer-readable media of claim 14, wherein the alert is received as part of a communication formatted to be protected by at least one of one of SSL (secure sockets layer) and tokenization.
  - 17. The one or more non-transitory computer-readable media of claim 14, further comprising sending, to the remote system, an authentication message confirming that the alert was received.
  - 18. The one or more non-transitory computer-readable media of claim 14, further comprising displaying the alert on the remote device.
  - 19. The one or more non-transitory computer-readable media of claim 14, further comprising adding the source of the incoming communication to a blocked contacts list associated with the remote device.
  - 20. The one or more non-transitory computer-readable media of claim 14, further comprising:
    - suspending the incoming communication, based at least in part on the alert; and
      
      displaying the alert on the remote device, where the alert;
      
      indicates that the incoming communication was suspended; and
      
      presents options on the remote device comprising one or more of;
      
      sending the incoming communication;
      
      blocking the incoming communication; and
      
      adding the source of the incoming communication to a blocked contacts list associated with the remote device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Hillis, David N., Kurian, Manu J.
Primary Examiner(s)
To, Baotran N
Assistant Examiner(s)
Gyorfi, Thomas A

Application Number

US14/950,891
Publication Number

US 20170149818A1
Time in Patent Office

1,421 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04W 12/08   Access security

Proactive intrusion protection system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Proactive intrusion protection system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links