Patents by Inventor Jon Oberheide

Jon Oberheide has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20170339164
    Abstract: Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
    Type: Application
    Filed: July 27, 2017
    Publication date: November 23, 2017
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9825765
    Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
    Type: Grant
    Filed: March 21, 2017
    Date of Patent: November 21, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 9801066
    Abstract: Systems and methods are provided that include: accessing implicit authentication data from a possession factor associated with an authorized user; at the possession factor or at an authentication platform: generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user; identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction; and implementing the authentication requirement for the transaction.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: October 24, 2017
    Assignee: Duo Security, Inc.
    Inventors: Michael Hanley, Jon Oberheide
  • Patent number: 9774448
    Abstract: A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.
    Type: Grant
    Filed: October 27, 2014
    Date of Patent: September 26, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9774579
    Abstract: A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: September 26, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Adam Goodman
  • Patent number: 9762590
    Abstract: Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
    Type: Grant
    Filed: April 16, 2015
    Date of Patent: September 12, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Publication number: 20170237765
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Application
    Filed: May 4, 2017
    Publication date: August 17, 2017
    Inventor: Jon Oberheide
  • Publication number: 20170195123
    Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
    Type: Application
    Filed: March 21, 2017
    Publication date: July 6, 2017
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 9674213
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: June 6, 2017
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Publication number: 20170126730
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Application
    Filed: October 28, 2016
    Publication date: May 4, 2017
    Applicant: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Publication number: 20170126729
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Application
    Filed: October 28, 2016
    Publication date: May 4, 2017
    Applicant: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 9641341
    Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: May 2, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 9608814
    Abstract: A system and method for distributing key pair credentials that includes receiving a public key message at a key master service, wherein the public key message originates from a first client application; associating a key identifier with the public key; storing the public key at the key master service indexed at least by a key identifier; receiving a request for a public key from an outside service, wherein the request specifies a key identifier; and responding to the request with a public key according to the key identifier.
    Type: Grant
    Filed: September 10, 2014
    Date of Patent: March 28, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9607156
    Abstract: A system and method that includes identifying a vulnerability in a computing device; accessing a vulnerability exploitation mapped to the identified vulnerability; at the computing device, executing the vulnerability exploitation and entering an operating mode of escalated privileges; and while in the operating mode of escalated privileges, updating the system with a vulnerability resolution.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: March 28, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Publication number: 20170078280
    Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.
    Type: Application
    Filed: November 29, 2016
    Publication date: March 16, 2017
    Applicant: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song, Adam Goodman
  • Publication number: 20170068958
    Abstract: A method of completing a transaction that requires authorization by an authority agent includes registering an authority device as associated with the authority agent, receiving a transaction request from a service provider; pushing an authentication notification to the authenticating application of the authority device; displaying the authentication notification, including a prompt to supply agent verification data, on the authority device; collecting and verifying the agent verification data; in response to verification of the agent verification data, transmitting an authority agent response from the authority device to the authentication platform, and, at the authentication platform, authenticating the authority agent response; and in response to authenticating the authority agent response, transmitting a transaction confirmation from the authentication platform to the service provider.
    Type: Application
    Filed: November 18, 2016
    Publication date: March 9, 2017
    Applicant: Duo Security, Inc.
    Inventors: Jon Oberheide, Omar Abduljaber, Boyang Zhu
  • Publication number: 20170034141
    Abstract: A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
    Type: Application
    Filed: June 27, 2016
    Publication date: February 2, 2017
    Inventors: Jon Oberheide, Adam Goodman
  • Publication number: 20170026374
    Abstract: A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider.
    Type: Application
    Filed: October 6, 2016
    Publication date: January 26, 2017
    Applicant: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 9544143
    Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.
    Type: Grant
    Filed: March 2, 2011
    Date of Patent: January 10, 2017
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song, Adam Goodman
  • Publication number: 20160381063
    Abstract: A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.
    Type: Application
    Filed: September 8, 2016
    Publication date: December 29, 2016
    Inventors: Jon Oberheide, Dug Song, Adam Goodman