The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jul. 22, 2025
Filed:
Mar. 20, 2023
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Fredric W. Pullen, Iii, Carnation, CA (US);
Michael David McCormack, Redmond, WA (US);
Nerses Ghevondyan, Duvall, WA (US);
Cristian C Berejan, Redmond, WA (US);
Shreya Salikram Chowdhary, Lynnwood, WA (US);
Mara Beth Fortini, Sammamish, WA (US);
Devanshi M Gajjar, Redmond, WA (US);
Millen May T Angeles, Issaquah, WA (US);
Brian Keith Catlin, Kilauea, HI (US);
Paresh Maisuria, Sammamish, WA (US);
Charles J Strempler, Seattle, WA (US);
Abhishek Sagar, Wake Forest, NC (US);
Svetoslav G Paregov, Coconut Creek, FL (US);
Christian Stockwell, Seattle, WA (US);
Jason Joseph Weber, Medina, WA (US);
Sinclaire Renee Hamilton, Sammamish, WA (US);
Richard Joseph Murillo, Covington, WA (US);
MICROSOFT TECHNOLOGY LICENSING, LLC, Remond, WA (US);
Abstract
Embodiments of the technology described herein identify and mitigate phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. When the threat assessment results in an unknown classification or when the snapshot is otherwise requested, a snapshot is captured to supplement the threat assessment. Based on user settings, the snapshot is consumed by a snapshot phishing machine learning model. Various mitigation actions may be taken when a threat is detected.