Dennis Vance Pollutro, 59Cheektowaga, NY

7644434, Jan 5, 2010

Apr 25, 2003

10/423444

Dennis Vance Pollutro - Clymer NY, US
Andrew Almquist - Jamestown NY, US

Applied Identity, Inc. - San Francisco CA

H04L 29/06

726 7, 726 6, 726 12

A method of providing access to an authenticated user, and restricting access to an unauthorized user, of a computer system, is provided. The method includes determining whether a user is authenticated to access at least one resource included in the computer system. The method also includes establishing a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource. The method also includes changing the session identifier each time the user completes an interaction with the computer system during the session.

8234699, Jul 31, 2012

Dec 22, 2004

10/583578

Dennis Vance Pollutro - Clymer NY, US
Andrew A. Almquist - Jamestown NY, US

Citrix Systems, Inc. - Fort Lauderdale FL

G06F 7/04
G06F 15/16
G06F 17/30
H04L 29/06

726 7, 726 6, 726 12, 709238, 709237, 709226, 709232, 709245, 709220, 709223, 709206, 455445, 455428, 4554321, 713153, 719328, 370397

A method of identifying the originator of a message transmitted between a client and a server system is provided. The method includes modifying a message to be transmitted between a client and a server system to include a session identification flag and/or a session identifier (e. g. , at an end of the message). The method optionally includes one or more of the steps of re-computing a control portion of the message to reflect the inclusion of the session identification flag and the session identifier , transmitting the message between the client and the server system , and checking the transmitted message for the session identification flag , reading the session identifier of the transmitted message to determine the originator of the message , removing the session identification flag and/or the session identifier from the transmitted message , and re-computing the control portion of the message to reflect the removal of the session identification flag and/or the session identifier.

2009032, Dec 31, 2009

Jun 27, 2008

12/163292

Dennis Vance Pollutro - Clymer NY, US
Kiet Tuan Tran - Saratoga CA, US
Srinivas Kumar - Cupertino CA, US

G06F 11/00
G06F 17/00

726 13

A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.

2012013, May 24, 2012

Nov 11, 2011

13/294794

Daniel A. Madey - Crownsville MD, US
Dennis V. Pollutro - Clymer NY, US
Guy Levy-Yurista - Rockville MD, US

G06F 15/177

709220

Systems and methods dynamically adapt network policies for mobile devices by accessing context-based values to allocate or restrict capabilities on the mobile devices or within the network. Context-based values may include position or velocity as well as more general environment features such as proximity of other devices, the presence or absence of other wireless signals or network traffic, parameters measured by local or remote sensors, user credentials, or unique user or signal inputs to the device. Relevant capabilities may include access to hardware and software interfaces and related parameter sets including priority settings.

2013006, Mar 14, 2013

May 11, 2012

13/469392

Guy Levy-Yurista - Rockville MD, US
Daniel A. Madey - Crownsville MD, US
Dennis V. Pollutro - Clymer NY, US

AirPatrol Corporation - Columbia MD

G06F 15/177

709220

Signals from an unidentified device at a location related to a communications network are correlated with identification patterns of managed devices to identify whether or not the unidentified device corresponds to a managed or unmanaged device in the communications network. Both managed and unmanaged devices can be tracked, and network interaction can be managed for devices that are identified as managed devices.

2013029, Nov 7, 2013

Jul 27, 2012

13/559692

Srinivas Kumar - Cupertino CA, US
Dennis Pollutro - Clymer NY, US

Taasera, Inc. - Erie PA

G06F 21/00

726 3, 726 25

Instrumented networks, computer systems and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for calculating security risks by determining subject reputation scores. In an embodiment, a system receives a query for a reputation score of a subject, initiates directed queries to external information management systems to interrogate attributes associated with the subject, and analyzes responses. The system receives a hierarchical subject reputation score based on a calculus of risk and returns a reputation token. In another embodiment, a method provides real time attestation of a subject's reputation to a service provider using an endpoint trust agent, and a trust orchestrator comprising a reputation broker and a trust broker.

2013029, Nov 7, 2013

Jul 27, 2012

13/559732

Srinivas KUMAR - Cupertino CA, US
Dennis POLLUTRO - Clymer NY, US

Taasera, Inc. - Erie PA

G06F 21/00

726 22

Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for network flow and device/platform remediation in response to reconnaissance-based intelligence correlation based on network monitoring, to accomplish network flow remediation and device/platform remediation. In an embodiment, a system receives system warnings and endpoint threat intelligence. The system correlates risk based on inputs from sensory inputs that monitor network activity, system configuration, resource utilization, and device integrity. The system then performs a calculus of risk on a global security context including endpoint assessment reports and sends system warnings based upon the endpoint threat intelligence. The system includes a remediation engine for receiving real time directives to control the device.

2013029, Nov 7, 2013

Jul 27, 2012

13/559665

Srinivas KUMAR - Cupertino CA, US
Dennis Pollutro - Clymer NY, US

Taasera, Inc. - Erie PA

G06F 21/00

726 25

Instrumented networks, machines and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects (including mobile devices) and applications on the instrumented target platform. Methods and systems are disclosed for dynamic attestation of mobile device integrity based upon subject reputation scores. In an embodiment, a method scores trustworthiness of a mobile device based on reputation scores for users associated with the device and/or a device reputation score. The method generates runtime integrity alerts regarding execution anomalies for applications executing on the device, calculates risks based on a ruleset, and determines a calculus of risk for the device. The method sends endpoint events comprising data and content of the integrity warnings to a trust orchestrator, which generates an integrity profile based on the endpoint events.