Patents by Inventor Jahanshah Moreh
Jahanshah Moreh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8315393Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.Type: GrantFiled: July 20, 2010Date of Patent: November 20, 2012Assignee: Proofpoint, IncInventors: Jahanshah Moreh, Logan O'Sullivan Bruns
-
Publication number: 20110110524Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.Type: ApplicationFiled: July 20, 2010Publication date: May 12, 2011Applicant: PROOFPOINT, INC.Inventors: Jahanshah Moreh, Logan O'Sullivan Bruns
-
Patent number: 7783044Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.Type: GrantFiled: May 27, 2003Date of Patent: August 24, 2010Assignee: Proofpoint, Inc.Inventors: Jahanshah Moreh, Logan O'Sullivan Bruns
-
Patent number: 7594116Abstract: A system for communicating a message securely between a sender and a receiver. The sender provides a key server with a string specifying the receiver. The key server obtains a message key and a particular envelope encryption key corresponding with a particular envelope decryption key, encrypts the message key with the envelope encryption key (creating the envelope), and provides the envelope to the sender-client. The sender-client encrypts the message with the message key and provides it and the envelope to the receiver. The receiver-client receives these and asks an authentication server for the envelope decryption key. The authentication server obtains the envelope decryption key and provides it to the receiver. The receiver then decrypts the envelope with the envelope decryption key, to get the message key, and decrypts the message.Type: GrantFiled: April 28, 2005Date of Patent: September 22, 2009Assignee: Proofpoint, Inc.Inventors: Logan O'Sullivan Bruns, Jahanshah Moreh
-
Patent number: 7461257Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.Type: GrantFiled: September 21, 2004Date of Patent: December 2, 2008Assignee: Proofpoint, Inc.Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
-
Patent number: 7457958Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).Type: GrantFiled: September 21, 2004Date of Patent: November 25, 2008Assignee: Proofprint, Inc.Inventors: Terry M. Olkin, Jeffrey C. Olkin, Jahanshah Moreh
-
Patent number: 7376835Abstract: A communication system (410) wherewith sources (414) and targets (416) employ a key server (420) to exchange transactions (424). A first request to the key server includes a source assertion (422) from an authentication authority (418), and optionally a key (430). The key server provides a transaction ID (428), and the key if not already provided, in reply to this request. The key server stores the transaction ID and source assertion. The source encrypts the transaction and sends it with the transaction ID to the targets. A second request to the key server includes a target assertion and the transaction ID. The key server provides the key in reply to this request. The key server also stores the target assertion in association with the transaction ID. The respective assertions then establish the source and targets of the transaction in a manner that cannot plausibly be repudiated.Type: GrantFiled: November 25, 2003Date of Patent: May 20, 2008Assignee: Secure Data In Motion, Inc.Inventors: Terry M. Olkin, Jahanshah Moreh
-
Patent number: 7325127Abstract: A security server system and method permitting participants acting as the source or destinations for a message or a conversation with multiple messages to securely communicate the messages. The messages have a message header and a message content. A message router connects the participants via a network and delivers the message between the participants based on the message header. A key server creates, stores, and releases conversation keys that the participants use to protect the message content of the message.Type: GrantFiled: November 26, 2002Date of Patent: January 29, 2008Assignee: Secure Data In Motion, Inc.Inventors: Terry M. Olkin, Jahanshah Moreh
-
Patent number: 7277549Abstract: A key server (320) based communication system (310) wherewith communicating parties, originators (312) and recipients (314), exchange encrypted communications (324). An originator requests or provides a key (330) to the key server, optionally with an assertion (322) from an authentication authority (318). Based on attributes (326) from the originator or elsewhere, the key server sets controlling events (340) for the communication. The originator encrypts and sends the communication to one or more recipients. A recipient may or may not request the key to decrypt the message. Positive events (342) are determined based on the controlling events and when and how many such requests occur. Negative events (344) are determined based on the absence of any requests or all requests being untimely.Type: GrantFiled: November 25, 2003Date of Patent: October 2, 2007Assignee: Secure Data In Motion, Inc.Inventors: Terry M. Olkin, Jahanshah Moreh
-
Patent number: 7194547Abstract: A federated authentication service technology (10) for authenticating a subject (20) residing in a subject domain (12) on a network to a server application (38) residing in a server domain (18), wherein an authentication mechanism (32) residing in an authentication domain (16) affects the service provided by the server application (38). A client (22), which may be integrated non-human instances of the subject (20), authenticates the subject (20) and a protocol proxy (34) mediates with the authentication mechanism (32) to obtain a name assertion which the client can use to access the server application (38). When multiple authentication mechanisms (32) are available, an optional agent (24), mechanism resolution process (26) and mechanism repository (28), all residing in an agent domain (14), may be used to resolve to one suitable authentication mechanism (32).Type: GrantFiled: October 24, 2005Date of Patent: March 20, 2007Assignee: Secure Data In Motion, Inc.Inventors: Jahanshah Moreh, Terry Michael Olkin, Logan O'Sullivan Bruns, Trevor Scott Perrin
-
Publication number: 20060248336Abstract: A system for communicating a message securely between a sender and a receiver. The sender provides a key server with a string specifying the receiver. The key server obtains a message key and a particular envelope encryption key corresponding with a particular envelope decryption key, encrypts the message key with the envelope encryption key (creating the envelope), and provides the envelope to the sender-client. The sender-client encrypts the message with the message key and provides it and the envelope to the receiver. The receiver-client receives these and asks an authentication server for the envelope decryption key. The authentication server obtains the envelope decryption key and provides it to the receiver. The receiver then decrypts the envelope with the envelope decryption key, to get the message key, and decrypts the message.Type: ApplicationFiled: April 28, 2005Publication date: November 2, 2006Applicant: SECURE DATA IN MOTION, INC.Inventors: Logan Bruns, Jahanshah Moreh
-
Publication number: 20060075473Abstract: A federated authentication service technology (10) for authenticating a subject (20) residing in a subject domain (12) on a network to a server application (38) residing in a server domain (18), wherein an authentication mechanism (32) residing in an authentication domain (16) affects the service provided by the server application (38). A client (22), which may be integrated non-human instances of the subject (20), authenticates the subject (20) and a protocol proxy (34) mediates with the authentication mechanism (32) to obtain a name assertion which the client can use to access the server application (38). When multiple authentication mechanisms (32) are available, an optional agent (24), mechanism resolution process (26) and mechanism repository (28), all residing in an agent domain (14), may be used to resolve to one suitable authentication mechanism (32).Type: ApplicationFiled: October 24, 2005Publication date: April 6, 2006Applicant: SECURE DATA IN MOTION, INC.Inventors: Jahanshah Moreh, Terry Olkin, Logan Bruns, Trevor Perrin
-
Patent number: 6959336Abstract: A federated authentication service technology (10) for authenticating a subject (20) residing in a subject domain (12) on a network to a server application (38) residing in a server domain (18), wherein an authentication mechanism (32) residing in an authentication domain (16) affects the service provided by the server application (38). A client (22), which may be integrated non-human instances of the subject (20), authenticates the subject (20) and a protocol proxy (34) mediates with the authentication mechanism (32) to obtain a name assertion which the client can use to access the server application (38). When multiple authentication mechanisms (32) are available, an optional agent (24), mechanism resolution process (26) and mechanism repository (28), all residing in an agent domain (14), may be used to resolve to one suitable authentication mechanism (32).Type: GrantFiled: April 7, 2001Date of Patent: October 25, 2005Assignee: Secure Data In Motion, Inc.Inventors: Jahanshah Moreh, Terry Michael Olkin, Logan O'Sullivan Bruns, Trevor Scott Perrin
-
Publication number: 20050076222Abstract: A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.Type: ApplicationFiled: September 21, 2004Publication date: April 7, 2005Applicant: SECURE DATA IN MOTION, INC.Inventors: Terry Olkin, Jeffrey Olkin, Jahanshah Moreh
-
Publication number: 20050076221Abstract: A system (50, 150) for assisting a user (14) to determine whether an email (18) comes from a purported originator (16). A computerized system having a display unit is provided. Logic (54) in the computerized system determines whether the email (18) includes an authenticity mark (52) including an originator identifier (102) and encrypted data (104). Logic (54) in the computerized system then decrypts the encrypted data (104) into decrypted data (108-14), based on the originator identifier (102). Logic (54) in the computerized system then presents to the user (14), on the display, whether the email (18) includes the authenticity mark (52), whether the encrypted data (104) decrypts successfully, and information based on the authenticity mark (52) and the decrypted data (108-14).Type: ApplicationFiled: September 21, 2004Publication date: April 7, 2005Applicant: SECURE DATA IN MOTION, INC.Inventors: Terry Olkin, Jeffrey Olkin, Jahanshah Moreh
-
Publication number: 20040221158Abstract: A digital signature verification system wherein a signature system may sign a conversational message, as might be used in a chat, instant messaging or enterprise instant messaging dialog, and a verification system may then verify the signature. The signature system may include a signing entity and a vault, wherein the signing entity provides the message and credentials and the vault creates the signature based on a first hash of the message that is further encrypted with a signature key. The verification system may include a validating entity and a verifier, wherein the validating entity provides the message, the signature, and assertions to the verifier and the verifier then forms a second hash of the message, uses a verification key corresponding with the signature key to decrypt the signature and obtain the first hash, and compares the two hashes to determine a proper validation response.Type: ApplicationFiled: May 2, 2003Publication date: November 4, 2004Applicant: SECURE DATA IN MOTION, INC.Inventors: Terry M. Olkin, Jahanshah Moreh, Jeffrey C. Olkin
-
Publication number: 20040165727Abstract: A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.Type: ApplicationFiled: May 27, 2003Publication date: August 26, 2004Applicant: SECURE DATA IN MOTION, INC.Inventors: Jahanshah Moreh, Logan O?apos;Sullivan Bruns
-
Publication number: 20040151323Abstract: A communication system (410) wherewith sources (414) and targets (416) employ a key server (420) to exchange transactions (424). A first request to the key server includes a source assertion (422) from an authentication authority (418), and optionally a key (430). The key server provides a transaction ID (428), and the key if not already provided, in reply to this request. The key server stores the transaction ID and source assertion. The source encrypts the transaction and sends it with the transaction ID to the targets. A second request to the key server includes a target assertion and the transaction ID. The key server provides the key in reply to this request. The key server also stores the target assertion in association with the transaction ID. The respective assertions then establish the source and targets of the transaction in a manner that cannot plausibly be repudiated.Type: ApplicationFiled: November 25, 2003Publication date: August 5, 2004Applicant: SECURE DATA IN MOTION, INC.Inventors: Terry M. Olkin, Jahanshah Moreh
-
Publication number: 20040148500Abstract: A key server (320) based communication system (310) wherewith communicating parties, originators (312) and recipients (314), exchange encrypted communications (324). An originator requests or provides a key (330) to the key server, optionally with an assertion (322) from an authentication authority (318). Based on attributes (326) from the originator or elsewhere, the key server sets controlling events (340) for the communication. The originator encrypts and sends the communication to one or more recipients. A recipient may or may not request the key to decrypt the message. Positive events (342) are determined based on the controlling events and when and how many such requests occur. Negative events (344) are determined based on the absence of any requests or all requests being untimely.Type: ApplicationFiled: November 25, 2003Publication date: July 29, 2004Applicant: SECURE DATA IN MOTION, INC.Inventors: Terry M. Olkin, Jahanshah Moreh
-
Patent number: 6584564Abstract: A secure e-mail system (10) permitting a sender (12) to send a secure e-mail (14) to one or more receivers (16). The sender (12) employs a sending unit (18) having a software module (26) to compose the secure e-mail (14), to send data about it to a security server (24), to receive back from that security server (24) a messageKey (102e) for encrypting the secure e-mail (14), and for sending it conventionally to an e-mail server (22). The receivers (16) employ receiving units (20) also having software modules (26) to receive the secure e-mail (14), to send data about it to the security server (24), and to receive back from the security server (24) the messageKey (102e) for decrypting the secure e-mail (14). The security server (24) stores a user id (102a) and password (102b) for the sender (12) and the receivers (16); a messageId (104a), a sealSalt (104j), and the messageKey (104g) for the secure e-mail (14); and a receiver address (106b) in a database (100).Type: GrantFiled: April 25, 2000Date of Patent: June 24, 2003Assignee: Sigaba CorporationInventors: Terry M. Olkin, Jahanshah Moreh