Nicholas Stamos, 46Nashua, NH

7100047, Aug 29, 2006

Dec 31, 2003

10/750321

Nicholas Stamos - Belmont MA, US
Donato Buccella - Watertown MA, US
Dwayne A. Carson - Mendon MA, US

Verdasys, Inc. - Waltham MA

H04L 9/00
G06F 12/14

713165, 713164, 713167, 726 1, 726 3, 726 27, 726 30, 709246, 705 51

A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.

7409547, Aug 5, 2008

Aug 28, 2006

11/510891

Nicholas Stamos - Belmont MA, US
Donato Buccella - Watertown MA, US
Dwayne A. Carson - Mendon MA, US

Verdasys, Inc. - Waltham MA

H04L 9/00
G06F 12/14

713165, 713164, 713167, 726 30, 726 27, 726 3, 726 1, 709246, 705 51

A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.

7472272, Dec 30, 2008

Nov 18, 2003

10/716336

Nicholas Stamos - Belmont MA, US
Seth N. Birnbaum - Boston MA, US
Tomas Revesz, Jr. - Waltham MA, US
Donato Buccella - Watertown MA, US
Keith A. MacDonald - Watertown MA, US
Dwayne A. Carson - Mendon MA, US
William E. Fletcher - Acton MA, US

Verdasys, Inc. - Waltham MA

H04L 9/00

713164, 726 7

A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.

7496575, Feb 24, 2009

Nov 22, 2004

10/995020

Donato Buccella - Watertown MA, US
Seth N. Birnbaum - Boston MA, US
Nicholas Stamos - Belmont MA, US
Leonard F. Halio - Westford MA, US
Dwayne Carson - Mendon MA, US
Luis M. Fernandes - Berkley MA, US

Verdasys, Inc. - Waltham MA

G06F 7/00
G06F 17/30
G06F 15/173
G06F 9/44

707 9, 709224, 717127

A data processing application logging, recording, and reporting process and infrastructure. Compliance with regulatory directives such as HIPAA, internal organizational and corporate, personal information privacy, and other security policies can thus be enforced without the need to recode legacy application software. In one preferred embodiment, a core agent process provides “listener” functionality that captures user input events, such as keyboard and mouse interactions, between a user and a legacy application of interest. The agent obtains instructions for how to deal with such events, accessing information that describes the application's behavior as already captured by an application profiler tool. Keyboard and mouse data entry sequences, screen controls and fields of interest are tagged during application profiling process. This data is stored in application profile developed for each mode of a legacy application.

7814021, Oct 12, 2010

Nov 12, 2003

10/706871

Nicholas Stamos - Belmont MA, US
Seth N. Birnbaum - Boston MA, US
Tomas Revesz, Jr. - Waltham MA, US
Donato Buccella - Watertown MA, US
Keith A. MacDonald - Watertown MA, US
Dwayne A. Carson - Mendon MA, US
William E. Fletcher - Acton MA, US

Verdasys, Inc. - Waltham MA

G06F 21/00

705 57, 705 51, 705 52, 705 54

A technique for establishing usage control over digital assets such as computer files. The system model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when policy violations occur.

7934091, Apr 26, 2011

Dec 9, 2008

12/316125

Nicholas Stamos - Belmont MA, US
Seth N. Birnbaum - Boston MA, US
Tomas Revesz, Jr. - Waltham MA, US
Donato Buccella - Watertown MA, US
Keith A. MacDonald - Watertown MA, US
Dwayne A. Carson - Mendon MA, US
William E. Fletcher - Acton MA, US

Verdasys, Inc. - Waltham MA

H04L 9/00

713164, 726 7, 726 26, 726 27, 705 51

A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.

2005014, Jul 7, 2005

Sep 10, 2004

10/938756

Paul Bleicher - Newton MA, US
Nicholas Stamos - Belmont MA, US
Jeffrey Klofft - Marlborough MA, US
Richard Dale - Newton MA, US

Phase Forward Inc. - Waltham MA

G06F017/21

715501100, 715513000

A system and method for managing clinical trial data includes dynamically generating, at a server, a data entry form to be displayed at a client. The data entry form is generated dynamically in a SGML-derived language. Control elements within the form comprise images which are used to construct the control elements and larger controls. The form is generated from a protocol database and a context received from the client, is populated from the data database, and is published to the client. Templates based on the protocol database comprise several frames including intermediate frames for displaying frame borders which are non-horizontal and non-vertical. If the trial protocol changes during a trial, the generated form is based on the protocol version active at the time data was entered into the form. Inadvertent use of the application is discouraged requiring an authentication procedure and displaying a picture of the authenticated user. Furthermore, help is provided by creating a link between the text of each question and information about the question. The source of help may be any or all of a protocol document, an investigative brochure, and a study guide. In addition, a user, upon logging in, is presented with a dashboard screen which provides information or links to information such as trial-related news, alerts, statistical information, progress reports and a list of work to be completed.

2008018, Jul 31, 2008

Jan 25, 2008

12/011475

Nicholas Stamos - Belmont MA, US
Dwayne A. Carson - Mendon MA, US
John Paglierani - Lunenburg MA, US

H04L 9/00

726 11

A trusted transaction architecture that provides security from a client side input device to a merchant server by installing a secure custom browser process on the client side computer via an ActiveX control or the equivalent. This Secure Browser Process (SBP) may then be inspected to ensure that no external codes exist in its application space, that no subsequently loaded Dynamic Link Library (DLL), or equivalent, has been tampered with or modified, that no Application Programming Interface (API) has been overwritten or redirected, and that no input device driver has been hooked by a digital signature. The SBP then creates a secure channel to the input device(s) that are used to enter data into the browser application, and creates a secure channel to the merchant's destination server to ensure that data cannot be intercepted, even on the client side computer.