Patents by Inventor Conor P. Cahill
Conor P. Cahill has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150012991Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: ApplicationFiled: July 16, 2014Publication date: January 8, 2015Inventor: Conor P. Cahill
-
Publication number: 20150012996Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: ApplicationFiled: July 16, 2014Publication date: January 8, 2015Inventor: Conor P. Cahill
-
Publication number: 20140366111Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.Type: ApplicationFiled: March 15, 2013Publication date: December 11, 2014Inventors: Micah J. Sheller, Conor P. Cahill, Jason Martin, Ned M. Smith, Brandon Baker
-
Patent number: 8893239Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: GrantFiled: September 14, 2012Date of Patent: November 18, 2014Assignee: Facebook, Inc.Inventor: Conor P. Cahill
-
Patent number: 8874901Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: GrantFiled: September 14, 2012Date of Patent: October 28, 2014Assignee: Facebook, Inc.Inventor: Conor P. Cahill
-
Publication number: 20140282945Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Inventors: Ned M. Smith, Conor P. Cahill, Micah J. Sheller, Jason Martin
-
Patent number: 8838986Abstract: Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.Type: GrantFiled: September 23, 2011Date of Patent: September 16, 2014Assignee: Google Inc.Inventor: Conor P. Cahill
-
Publication number: 20140189807Abstract: Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.Type: ApplicationFiled: November 18, 2011Publication date: July 3, 2014Inventors: Conor P. Cahill, Vinay Phegade, Jason Martin, Anand Rajan, Nikhil M. Deshpande, Radia Perlman
-
Publication number: 20140181888Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.Type: ApplicationFiled: December 20, 2012Publication date: June 26, 2014Inventors: Hong C. Li, Mark D. Boucher, Conor P. Cahill, Manohar R. Castelino, Steve Orrin, Vinay Phegade, John E. Simpson, JR.
-
Publication number: 20140181925Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.Type: ApplicationFiled: December 20, 2012Publication date: June 26, 2014Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
-
Publication number: 20140089665Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.Type: ApplicationFiled: December 2, 2013Publication date: March 27, 2014Applicant: AOL Inc.Inventors: David F. PARE, David L. BIDERMAN, Stephen LOOMIS, Scott K. BROWN, Michael WISE, David WEXELBLAT, Conor P. CAHILL, David S. BILL
-
Patent number: 8634552Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.Type: GrantFiled: October 9, 2009Date of Patent: January 21, 2014Assignee: AOL Inc.Inventors: David F. Pare, David L. Biderman, Stephen Loomis, Scott K. Brown, Michael Wise, David Wexelblat, Conor P. Cahill, David S. Bill
-
Publication number: 20140006163Abstract: An embodiment of the invention provides context aware messaging. Such context aware messaging may include delivering communications (e.g., coupons, promotions) to mobile device users based on the device user's context (e.g., physical location, time of day and week, habits, tendencies, and the like). An embodiment includes sensing an environmental condition for a user; wirelessly communicating the sensed condition to a remotely located node; and receiving a context based communication in response to communicating the sensed condition to the remotely located node; wherein the context based communication corresponds to the sensed environmental condition. Other embodiments are described herein.Type: ApplicationFiled: March 30, 2012Publication date: January 2, 2014Inventors: Uttam K. Sengupta, Mark A. McCorkle, Conor P. Cahill, Kyle A. Short
-
Patent number: 8576730Abstract: Content is distributed from a source to a sink only if the sink is within a predetermined geographic locality. In one embodiment, a signature request is sent to the sink. The sink obtains an actual signature compares it to the requested signature, and if the requested signature and the actual signature resemble each other sufficiently closely, then the content is sent to the sink The signature is compiled from parameters obtained from appropriate parameter detectors. The parameter detectors generate, detect and monitor various signals required for determining the locality of the sink.Type: GrantFiled: March 30, 2005Date of Patent: November 5, 2013Assignee: Time Warner, Inc.Inventors: Spencer Stephens, Kenneth W. Long, Craig Davis Cuttner, Conor P. Cahill
-
Publication number: 20130174232Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: ApplicationFiled: September 14, 2012Publication date: July 4, 2013Inventor: Conor P. Cahill
-
Publication number: 20130174233Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: ApplicationFiled: September 14, 2012Publication date: July 4, 2013Inventor: Conor P. Cahill
-
Publication number: 20130173921Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.Type: ApplicationFiled: September 14, 2012Publication date: July 4, 2013Inventors: DAVID F. PARE, DAVID L. BIDERMAN, STEPHEN E. LOOMIS, SCOTT K. BROWN, MICHAEL WISE, DAVID WEXELBLAT, CONOR P. CAHILL, DAVID S. BILL
-
Patent number: 8429726Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.Type: GrantFiled: August 29, 2011Date of Patent: April 23, 2013Assignee: Facebook, Inc.Inventor: Conor P Cahill
-
Publication number: 20130073936Abstract: Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.Type: ApplicationFiled: September 14, 2012Publication date: March 21, 2013Inventor: Conor P. Cahill
-
Publication number: 20120317467Abstract: Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.Type: ApplicationFiled: May 7, 2012Publication date: December 13, 2012Inventor: Conor P. Cahill