Patents by Inventor Julien F. Freudiger
Julien F. Freudiger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240078343Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.Type: ApplicationFiled: September 8, 2023Publication date: March 7, 2024Inventors: Hervé Sibert, Eric D. Friedman, Erik C. Neuenschwander, Jerrold V. Hauck, Thomas P. Mensch, Julien F. Freudiger, Alan W. Yu
-
Publication number: 20230336328Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: ApplicationFiled: June 16, 2023Publication date: October 19, 2023Inventors: Christopher G. SKOGEN, Jean-Pierre CIUDAD, Julien F. FREUDIGER, Joao Pedro DE ALMEIDA FORJAZ DE LACERDA, Cyrus DABOO, Todd R. FERNANDEZ, Thomas ALSINA, Deepak IYER, Cody D. JORGENSEN, Edward T. SCHMIDT, Astrid YI
-
Patent number: 11790119Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.Type: GrantFiled: November 13, 2019Date of Patent: October 17, 2023Assignee: Apple Inc.Inventors: Hervé Sibert, Eric D. Friedman, Erik C. Neuenschwander, Jerrold V. Hauck, Thomas P. Mensch, Julien F. Freudiger, Alan W. Yu
-
Patent number: 11716193Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: GrantFiled: May 11, 2021Date of Patent: August 1, 2023Assignee: Apple Inc.Inventors: Christopher G. Skogen, Jean-Pierre Ciudad, Julien F. Freudiger, Joao Pedro De Almeida Forjaz De Lacerda, Cyrus Daboo, Todd R. Fernandez, Thomas Alsina, Deepak Iyer, Cody D. Jorgensen, Edward T. Schmidt, Astrid Yi
-
Publication number: 20210266395Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: ApplicationFiled: May 11, 2021Publication date: August 26, 2021Inventors: Christopher G. SKOGEN, Jean-Pierre CIUDAD, Julien F. FREUDIGER, Joao Pedro DE ALMEIDA FORJAZ DE LACERDA, Cyrus DABOO, Todd R. FERNANDEZ, Thomas ALSINA, Deepak IYER, Cody D. JORGENSEN, Edward T. SCHMIDT, Astrid YI
-
Patent number: 11005986Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: GrantFiled: March 30, 2020Date of Patent: May 11, 2021Assignee: Apple Inc.Inventors: Christopher G. Skogen, Jean-Pierre Ciudad, Julien F. Freudiger, Joao Pedro De Almeida Forjaz De Lacerda, Cyrus Daboo, Todd R. Fernandez, Thomas Alsina, Deepak Iyer, Cody D. Jorgensen, Edward T. Schmidt, Astrid Yi
-
Publication number: 20200228647Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: ApplicationFiled: March 30, 2020Publication date: July 16, 2020Inventors: Christopher G. SKOGEN, Jean-Pierre CIUDAD, Julien F. FREUDIGER, Joao Pedro DE ALMEIDA FORJAZ DE LACERDA, Cyrus DABOO, Todd R. FERNANDEZ, Thomas ALSINA, Deepak IYER, Cody D. JORGENSEN, Edward T. SCHMIDT, Astrid YI
-
Patent number: 10666628Abstract: Systems, methods, and computer-readable media may be provided for securely authenticating device identification and/or user identification for low throughput device-to-device wireless communication.Type: GrantFiled: August 6, 2018Date of Patent: May 26, 2020Assignee: APPLE INC.Inventors: Julien F. Freudiger, Andrew J. Ringer, Yannick L. Sierra, Farouk Belghoul, Samuel D. Post
-
Publication number: 20200159966Abstract: Techniques are disclosed relating to application verification. In various embodiments, a computing device includes a secure circuit configured to maintain a plurality of cryptographic keys of the computing device. In such an embodiment, the computing device receives, from an application, a request for an attestation usable to confirm an integrity of the application, instructs the secure circuit to use one of the plurality of cryptographic keys to supply the attestation for the application, and provides the attestation to a remote computing system in communication with the application. In some embodiments, the secure circuit is configured to verify received metadata pertaining to the identity of the application and use the cryptographic key to generate the attestation indicative of the identity of the application.Type: ApplicationFiled: November 13, 2019Publication date: May 21, 2020Inventors: Hervé Sibert, Eric D. Friedman, Erik C. Neuenschwander, Jerrold V. Hauck, Thomas P. Mensch, Julien F. Freudiger, Alan W. Yu
-
Patent number: 10609208Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: GrantFiled: September 28, 2018Date of Patent: March 31, 2020Assignee: APPLE INC.Inventors: Christopher G. Skogen, Jean-Pierre Ciudad, Julien F. Freudiger, Joao Pedro De Almeida Forjaz De Lacerda, Cyrus Daboo, Todd R. Fernandez, Thomas Alsina, Deepak Iyer, Cody D. Jorgensen, Edward T. Schmidt, Astrid Yi
-
Publication number: 20190349469Abstract: A device receives a time-based restriction for usage by a first user with respect to an application, a website or a device-level function. The device receives encrypted data indicating a usage by the first user on a second device with respect to the application, website or device-level function. The device determines that at least one of the usage by the first user on the second device or a usage by the first user on the device with respect to the application, website or device-level function violates the time-based restriction. The device provides, in response to the determining, a notification that the time-based restriction has been violated by the first user.Type: ApplicationFiled: September 28, 2018Publication date: November 14, 2019Inventors: Christopher G. SKOGEN, Jean-Pierre CIUDAD, Julien F. FREUDIGER, Joao Pedro DE ALMEIDA FORJAZ DE LACERDA, Cyrus DABOO, Todd R. FERNANDEZ, Thomas ALSINA, Deepak IYER, Cody D. JORGENSEN, Edward T. SCHMIDT, Astrid YI
-
Publication number: 20190044930Abstract: Systems, methods, and computer-readable media may be provided for securely authenticating device identification and/or user identification for low throughput device-to-device wireless communication.Type: ApplicationFiled: August 6, 2018Publication date: February 7, 2019Inventors: Julien F. Freudiger, Andrew J. Ringer, Yannick L. Sierra, Farouk Belghoul, Samuel D. Post
-
Patent number: 9949301Abstract: A method and system for verifying Internet connectivity at an access point in a fast, secure, and privacy-friendly manner. During operation, the system may perform passive network discovery, challenge response discovery, and/or active discovery to verify Internet connectivity for a mobile device. Passive network discovery involves the mobile device using a public key of a server to decrypt a time value to verify Internet connectivity. The mobile device receives the encrypted time value as part of the server's signed timing information in an overloaded WiFi beacon frame. Challenge response discovery involves the mobile device sending an encrypted challenge to servers, and a server returns a correct response to the challenge to confirm Internet connectivity. Active discovery involves a mobile device sending HTTP GET requests to a randomly selected set of servers without including a user agent, and a server may send an HTTP REPLY to confirm Internet connectivity.Type: GrantFiled: January 20, 2016Date of Patent: April 17, 2018Assignee: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Julien F. Freudiger, Alejandro E. Brito, Shantanu Rane, Ersin Uzun
-
Patent number: 9929863Abstract: One embodiment of the present invention provides a system for enhancing security in a secure communication channel. During operation, the system collects contextual information associated with a mobile device or a user of the mobile device and determines whether a trigger condition is met based on the collected contextual information. In response to determining that the trigger condition is met, the system performs a first type of key-ratcheting operation on a current cryptographic key to update the cryptographic key. In response to determining that the trigger condition is not met, the system performs a second type of key-ratcheting operation on the current cryptographic key to update the cryptographic key. The system then encrypts a to-be-sent message using an encryption key associated with the updated cryptographic key.Type: GrantFiled: October 30, 2015Date of Patent: March 27, 2018Assignee: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Julien F. Freudiger, Ersin Uzun
-
Patent number: 9817977Abstract: One embodiment of the present invention provides a system for stable selection of collaborating partners for exchanging security data. During operation, the system receives vectors of collaboration values from a plurality of entities. A collaboration value is a measure of an expected benefit of collaborating with a respective entity. The system sorts each of the vectors by the collaboration values of the respective vector. The system then determines matching entities given a number of partners wanted by each organization in N. The system may add matching entities to lists of collaborating partners given the number of partners wanted by each organization in N. Subsequently, the system sends the lists of collaborating partners to facilitate exchanging security data with partners in the list of collaborating partners.Type: GrantFiled: April 4, 2014Date of Patent: November 14, 2017Assignee: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Julien F. Freudiger, Emiliano De Cristofaro, Alejandro E. Brito, Marshall W. Bern, Ersin Uzun
-
Publication number: 20170208631Abstract: A method and system for verifying Internet connectivity at an access point in a fast, secure, and privacy-friendly manner. During operation, the system may perform passive network discovery, challenge response discovery, and/or active discovery to verify Internet connectivity for a mobile device. Passive network discovery involves the mobile device using a public key of a server to decrypt a time value to verify Internet connectivity. The mobile device receives the encrypted time value as part of the server's signed timing information in an overloaded WiFi beacon frame. Challenge response discovery involves the mobile device sending an encrypted challenge to servers, and a server returns a correct response to the challenge to confirm Internet connectivity. Active discovery involves a mobile device sending HTTP GET requests to a randomly selected set of servers without including a user agent, and a server may send an HTTP REPLY to confirm Internet connectivity.Type: ApplicationFiled: January 20, 2016Publication date: July 20, 2017Applicant: Palo Alto Research Center IncorporatedInventors: Julien F. Freudiger, Alejandro E. Brito, Shantanu Rane, Ersin Uzun
-
Publication number: 20170126409Abstract: One embodiment of the present invention provides a system for enhancing security in a secure communication channel. During operation, the system collects contextual information associated with a mobile device or a user of the mobile device and determines whether a trigger condition is met based on the collected contextual information. In response to determining that the trigger condition is met, the system performs a first type of key-ratcheting operation on a current cryptographic key to update the cryptographic key. In response to determining that the trigger condition is not met, the system performs a second type of key-ratcheting operation on the current cryptographic key to update the cryptographic key. The system then encrypts a to-be-sent message using an encryption key associated with the updated cryptographic key.Type: ApplicationFiled: October 30, 2015Publication date: May 4, 2017Applicant: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Julien F. Freudiger, Ersin Uzun
-
Patent number: 9477839Abstract: One embodiment of the present invention provides a system to facilitate collaboration for mitigating network threats. During operation, the system receives encrypted data sets from a plurality of entities. The data sets including data describing threats to network security. The system performs privacy-preserving operations on the encrypted data sets, such as private set intersection. The system then computes one or more metrics based on results of the private set intersection computations. The system may generate a similarity matrix based on the one or more metrics, and returns one or more similarity values from the similarity matrix to one or more entities of the plurality of entities.Type: GrantFiled: April 4, 2014Date of Patent: October 25, 2016Assignee: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Julien F. Freudiger, Emiliano De Cristofaro, Alejandro E. Brito, Marshall W. Bern, Ersin Uzun
-
Patent number: 9275237Abstract: One embodiment of the present invention provides a system for privacy-preserving sharing of data for secure collaboration. During operation, the system obtains a first set of data describing network events associated with one or more network addresses. Next, the system negotiates with a potential partner to determine a metric for deciding whether to share data. The potential partner is associated with a second set of data describing network events. The system then computes a value for the metric in a privacy-preserving way, based on the first set of data and the second set of data. Subsequently, the system determines whether the metric value exceeds a predetermined threshold, and, responsive to determining that the metric value exceeds the predetermined threshold, the system shares the first set of data with the potential partner, while controlling how the data should be shared to optimize benefits and risks of collaboration.Type: GrantFiled: December 9, 2013Date of Patent: March 1, 2016Assignee: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Emiliano De Cristofaro, Julien F. Freudiger, Ersin Uzun, Alejandro E. Brito, Marshall W. Bern
-
Publication number: 20150371059Abstract: One embodiment of the present invention provides a system for privacy-sensitive ranking of aggregated data. During operation, the system distributes secret keys to a plurality of devices. The system then generates a plurality of probability density functions in a privacy-preserving way using encrypted data received from a subset of the plurality of devices. The encrypted data is data that has been encrypted with one or more of the secret keys by the subset of devices. The system then generates a plurality of probability mass functions, each probability mass function associated with a corresponding probability density function. Subsequently, the system computes a plurality of distance values, each respective distance value being a measure of distance from a probability mass function to a second distribution. The system then ranks the probability mass functions and/or associated attributes according to their respective distance from the second distribution.Type: ApplicationFiled: June 18, 2014Publication date: December 24, 2015Inventors: Igor Bilogrevic, Julien F. Freudiger, Emiliano De Cristofaro, Ersin Uzun