公开(公告)号：US20190251276A1

公开(公告)日：2019-08-15

申请号：US15895720

申请日：2018-02-13

Applicant: Bank of America Corporation

Inventor： John Howard Kling ,  Brandon Sloane ,  Regina Yee Cadavid ,  Rachel Yun Kim Bierner ,  Ronald James Kuhlmeier

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  G06F17/30

CPC classification number: G06F21/6218 ,  G06F16/288 ,  G06F16/335 ,  G06F21/604 ,  G06F2221/2141 ,  H04L63/102

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

公开(公告)号：US10003598B2

公开(公告)日：2018-06-19

申请号：US15099654

申请日：2016-04-15

Applicant: BANK OF AMERICA CORPORATION

Inventor： John Howard Kling ,  Mark Earl Brubaker ,  Cora Yan Quon ,  Rachel Yun Kim Bierner ,  Armen Moloian ,  Ronald James Kuhlmeier

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/1416

Abstract: Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.

公开(公告)号：US20250165612A1

公开(公告)日：2025-05-22

申请号：US18516873

申请日：2023-11-21

Applicant: BANK OF AMERICA CORPORATION

Inventor： John Howard Kling ,  Charles Edward Dudley ,  Jason T. Yeung

IPC: G06F21/57 ,  G06F21/64

Abstract: Systems, methods, and computer program products are provided herein for data security model based anomaly determinations. An example method includes receiving a product evaluation request that is associated with a first product dataset including product data entries and accessing a data security model. The data security model includes a plurality of data objects including one or more data entries where each data object defines an associated model level indicative of the hierarchical position of the data object within the data security model and one or more links between the data objects that define data object interdependency parameters. The example method includes determining data objects of the data security model applicable to the first product dataset and determining one or more anomalies associated with the first product dataset based on a comparison between the one or more product data entries and the applicable data objects of the data security model.

公开(公告)号：US12105794B2

公开(公告)日：2024-10-01

申请号：US18125420

申请日：2023-03-23

Applicant: BANK OF AMERICA CORPORATION

Inventor： Brandon Sloane ,  John Howard Kling

IPC: G06F21/54 ,  G06F21/31 ,  G06F21/60

CPC classification number: G06F21/54 ,  G06F21/31 ,  G06F21/604

Abstract: A system is provided for electronic data obfuscation and protection using independent destructible data objects. The system may split a set of data into a data portion and a key portion, where the data portion may be stored in a database separately from the key portion. The data portion may further comprise a set of executable code for a time or iteration based destructible data object, where the data object may incrementally decrease a countdown value based on the passage of time and/or iterations. If the countdown value reaches a threshold value without being refreshed, the data object may automatically execute one or more processes to protect the set of data. In this way, the system provides a secure way to prevent unauthorized access to sensitive data.

公开(公告)号：US11968215B2

公开(公告)日：2024-04-23

申请号：US17552571

申请日：2021-12-16

Applicant: BANK OF AMERICA CORPORATION

Inventor： Brandon Sloane ,  Richard Gar Bentley ,  Michael Ogrinz ,  John Howard Kling

IPC: H04L9/40 ,  G06F21/30 ,  G06F21/31 ,  G06F21/32

CPC classification number: H04L63/105 ,  G06F21/30 ,  G06F21/31 ,  H04L63/08 ,  H04L63/104 ,  H04L63/107 ,  H04L63/1416 ,  G06F21/32 ,  H04L2463/082

Abstract: Embodiments of the present invention provide a system for monitoring a cybersecurity mesh network comprising a distributed sensor grid and a plurality of devices for detection of one or more security incidents. In response to determining that one of the one or more security incidents has occurred, and in response to receiving the request from an identified device that requires the first level of authentication, transmitting to the identified device a request for authentication credentials that meet a second level of authentication, wherein the second level of authentication is more strict than the first level of authentication.

公开(公告)号：US11720602B2

公开(公告)日：2023-08-08

申请号：US17315583

申请日：2021-05-10

Applicant: BANK OF AMERICA CORPORATION

Inventor： Brandon Sloane ,  John Howard Kling

IPC: G06F16/00 ,  G06F16/28 ,  G06F16/23

CPC classification number: G06F16/285 ,  G06F16/2379

Abstract: Embodiments of the present invention provide a system for analyzing and correlating layered electronic data logs for monitored events on a network. The system is configured for identifying one or more entity resources associated with an entity, continuously monitoring the one or more entity resources, identifying at least a first event and a second event associated with at least one entity resource of the one or more entity resources, and performing a correlation analysis at the entity resource prior to transferring the data to a centralized data lake. In this way, the system streamlines the process for correlative analysis by performing resource heavy analysis at the edge of the network and later consolidating such data for further review.

公开(公告)号：US20220345472A1

公开(公告)日：2022-10-27

申请号：US17238774

申请日：2021-04-23

Applicant: BANK OF AMERICA CORPORATION

Inventor： John Howard Kling ,  Charles Edward Dudley

IPC: H04L29/06 ,  G06N20/00

Abstract: An enterprise-wise means for determining monitoring requirements for technology resources, such as, software, hardware, firmware, network or the like and implementing the monitoring. Artificial Intelligence (AI) is implemented to determine monitoring requirements based on characteristics of the technology resource that is to be monitored. In this regard, the characteristics of the technology resource serve to define the problem(s), such as cyber threats and/or performance issues that the technology resource currently faces or will face in the future. By determining the monitoring requirements based on the technology resource's characteristics, including the technological environment, the invention serves to describe what needs to be monitored in terms of the problems that the technology resource currently faces or will face.

公开(公告)号：US20200167495A1

公开(公告)日：2020-05-28

申请号：US16777466

申请日：2020-01-30

Applicant: Bank of America Corporation

Inventor： John Howard Kling ,  Brandon Sloane ,  Regina Yee Cadavid ,  Rachel Yun Kim Bierner ,  Ronald James Kuhlmeier

IPC: G06F21/62 ,  G06F16/335 ,  G06F16/28 ,  G06F21/60 ,  H04L29/06

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

公开(公告)号：US10664498B2

公开(公告)日：2020-05-26

申请号：US15958515

申请日：2018-04-20

Applicant: BANK OF AMERICA CORPORATION

Inventor： Brandon Sloane ,  Rachel Yun Kim Bierner ,  Mark Earl Brubaker ,  Regina Yee Cadavid ,  John Brian Costello ,  John Howard Kling ,  Cora Yan Quon ,  Tracie Buffington Wescott

IPC: G06F7/00 ,  G06F16/28 ,  G06F16/23 ,  G06F16/245 ,  G06F16/248

Abstract: The invention provides an interconnected graph database system, method and computer program product structured for identifying and remediating conflicts in resource deployment. In some embodiments, the present invention is configured to identify a source node of a plurality of first nodes of a first graph database system. The source node is typically associated with a first information technology operational activity. In addition, the present invention is configured for determining a lateral relationship between the source node of the first graph database system and a target node of a plurality of second nodes of a second graph database system. Moreover, the present invention is configured for determining that the lateral relationship between the source node and the target node comprises a conflict, and in response, blocking initiation of the first information technology operational activity.

公开(公告)号：US20170302668A1

公开(公告)日：2017-10-19

申请号：US15099654

申请日：2016-04-15

Applicant: BANK OF AMERICA CORPORATION

Inventor： John Howard Kling ,  Mark Earl Brubaker ,  Cora Yan Quon ,  Rachel Yun Kim Bierner ,  Armen Moloian ,  Ronald James Kuhlmeier

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/1416

Abstract: Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.