&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11861563.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,861,563 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Business email compromise detection system</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Umalatha Batchu,  Cupertino, CA (US);  Torsten Zeppenfeld,  Emerald Hills, CA (US);  Blake Darche,  Finksburg, MD (US); and  Philip Syme,  Ellicott City, MD (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  CLOUDFLARE, INC.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  CLOUDFLARE, INC.,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jan.  15, 2021, as Appl. No. 17/150,853.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0230142 A1, Jul.  21, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06Q 10/107</b></i> (2023.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>G06Q 30/018</b></i> (2023.01); <i><b>G06Q 40/02</b></i> (2023.01); <i><b>G06F 40/205</b></i> (2020.01); <i><b>G06N 7/01</b></i> (2023.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06Q 10/107</b></i> (2013.01)&#xa0;[<i><b>G06F 40/205</b></i> (2020.01); <i><b>G06N 7/01</b></i> (2023.01); <i><b>G06Q 30/018</b></i> (2013.01); <i><b>G06Q 40/02</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11861563-20240102-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method of detecting compromised digital electronic messages, the method comprising, executed by one or more business email compromise (BEC) detection computers:<div class="claim_text">receiving, from a digital electronic computer network, a digital electronic message that is directed to a recipient computer from a sender computer;</div>
                <div class="claim_text">obtaining domain data and message data from the digital electronic message and storing the domain data and message data, the domain data comprising a triple identifier associated with the sender computer, the triple identifier being comprised of a display name, an email address, and an email domain associated with the sender computer, the message data comprising a plurality of text features;</div>
                <div class="claim_text">comparing the triple identifier associated with the sender computer with one or more digitally stored triple identifiers in a domain database associated with the one or more BEC detection computers;</div>
                <div class="claim_text">determining, in response to comparing the triple identifier with the one or more stored triple identifiers, a name score for the triple identifier indicating a probability that the digital electronic message associated with the sender computer is compromised;</div>
                <div class="claim_text">parsing the plurality of text features of the message data;</div>
                <div class="claim_text">inputting the plurality of text features of the message data into a plurality of classifiers, each classifier corresponding to a respective particular message type and having been machine-learned to determine a probability that a digital electronic message is associated with that respective particular message type;</div>
                <div class="claim_text">determining, based on output of the plurality of classifiers, a message type of the digital electronic message; and</div>
                <div class="claim_text">determining whether the digital electronic message is a BEC attack based on the name score for the triple identifier associated with the sender computer and the message type of the digital electronic message.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>