US 12,229,278 B2
Computational risk analysis and intermediation
Russell Sherman, Oakland, CA (US); and Paul Valente, Oakland, CA (US)
Assigned to Valente Sherman, Inc., Oakland, CA (US)
Filed by Valente Sherman, Inc., Oakland, CA (US)
Filed on Nov. 29, 2023, as Appl. No. 18/523,810.
Application 18/523,810 is a continuation of application No. 17/337,678, filed on Jun. 3, 2021, granted, now 11,868,480.
Application 17/337,678 is a continuation of application No. 15/720,271, filed on Sep. 29, 2017, granted, now 11,055,415, issued on Jul. 6, 2021.
Prior Publication US 2024/0095373 A1, Mar. 21, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/00 (2006.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06Q 10/0635 (2023.01)
CPC G06F 21/577 (2013.01) [G06F 21/561 (2013.01); G06Q 10/0635 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving security practices information at a communications interface from a vendor computing system via a network, wherein the security practices information characterizes security measures in place at the vendor computing system;
receiving computing services interaction information at the communications interface from a client computing system via the network, wherein the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system;
determining a risk profile for the vendor computing system by using a processor to analyze third-party audit information documenting the result of an audit of security measures associated with the vendor computing system, wherein the processor is configured to access security practices information associated with a plurality of vendors providing computing services, wherein determining the risk profile comprises estimating a dimensional risk factor for each of a plurality of security dimensions associated with the security practices information;
determining based on the risk profile and the computing services interaction information, an estimate of an information security risk associated with transmitting the data from the client computing system to the vendor computing system;
transmitting a risk assessment message to the client computing system, the risk assessment message including the estimate of the information security risk, where the risk assessment is client-specific to the client computing system and depends on the type of information to be transmitted to the vendor computing system; and
detecting a change in security practices information at the vendor computing system, wherein a weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information.