Patents by Inventor MICHAEL RAZIEL
MICHAEL RAZIEL has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10819780Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a broadcast query from a network element, receive information from a plurality of devices, process the information, and generate an integrated group response, wherein the integrated group response summarizes the information about the plurality of devices and removes identification information that could allow data to be linked to a specific device from the plurality of devices. The integrated group response can be communicated back to the network element in response to the query.Type: GrantFiled: December 24, 2015Date of Patent: October 27, 2020Assignee: McAfee, LLCInventors: Oleg Pogorelik, Alex Nayshtut, Ned M. Smith, Igor Muttik, Michael Raziel
-
Patent number: 10255425Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.Type: GrantFiled: September 10, 2018Date of Patent: April 9, 2019Assignee: Intel CorporationInventors: Michael Raziel, Abhilasha Bhargav-Spantzel, Hormuzd M. Khosravi
-
Publication number: 20190034616Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.Type: ApplicationFiled: September 10, 2018Publication date: January 31, 2019Applicant: Intel CorporationInventors: MICHAEL RAZIEL, ABHILASHA BHARGAV-SPANTZEL, HORMUZD M. KHOSRAVI
-
Patent number: 10073964Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.Type: GrantFiled: September 25, 2015Date of Patent: September 11, 2018Assignee: Intel CorporationInventors: Michael Raziel, Abhilasha Bhargav-Spantzel, Hormuzd M. Khosravi
-
Publication number: 20180089519Abstract: Various systems and methods for providing a mechanism for multi-modal user authentication are described herein. An authentication system for multi-modal user authentication includes a memory including image data captured by a camera array, the image data including a hand of a user; and an image processor to: determine a hand geometry of the hand based on the image data; determine a palm print of the hand based on the image data; determine a gesture performed by the hand based on the image data; and determine a bio-behavioral movement sequence performed by the hand based on the image data; and an authentication module to construct a user biometric template using the hand geometry, palm print, gesture, and bio-behavioral movement sequence.Type: ApplicationFiled: September 26, 2016Publication date: March 29, 2018Inventors: Michael Raziel, Alex Nayshtut, Oleg Pogorelik, Amit Bleiweiss, Eliyahu Elhadad
-
Patent number: 9807610Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.Type: GrantFiled: March 26, 2015Date of Patent: October 31, 2017Assignee: Intel CorporationInventors: Yasser Rasheed, Abhilasha Bhargav-Spantzel, Hormuzd M. Khosravi, Michael Raziel
-
Patent number: 9798895Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.Type: GrantFiled: September 25, 2014Date of Patent: October 24, 2017Assignee: McAfee, Inc.Inventors: Alex Nayshtur, Ned Smith, Avishay Sharaga, Oleg Pogorelik, Abhilasha Bhargav-Spantzel, Michael Raziel, Avi Priev, Adi Shaliv, Igor Muttik
-
Publication number: 20170289153Abstract: Systems, apparatuses and methods may provide for generating, at a computing device, a challenge message in response to a recovery request and conducting a verification of one or more responses to the challenge message based on an encryption key stored in a hardware-based trusted execution environment (TEE) of the computing device. Additionally, an authentication template associated with a multifactor authentication service may be unlocked if the verification is successful.Type: ApplicationFiled: April 1, 2016Publication date: October 5, 2017Inventors: Michael Raziel, Abhilasha Bhargav-Spantzel, Hormuzd M. Khosravi, Ned M. Smith
-
Publication number: 20170187799Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a broadcast query from a network element, receive information from a plurality of devices, process the information, and generate an integrated group response, wherein the integrated group response summarizes the information about the plurality of devices and removes identification information that could allow data to be linked to a specific device from the plurality of devices. The integrated group response can be communicated back to the network element in response to the query.Type: ApplicationFiled: December 24, 2015Publication date: June 29, 2017Applicant: McAfee, Inc.Inventors: Oleg Pogorelik, Alex Nayshtut, Ned M. Smith, Igor Muttik, Michael Raziel
-
Patent number: 9654903Abstract: Techniques for connecting using NFC communications are provided. Specifically, methods are presented, that when taken alone or together, provide a device or group of devices with a secure way of transferring data from a wireless device to a reader. The present disclosure includes a method that provides a wireless device with network connectivity options that enable a more secure means for using NFC communications for completing a secure transaction using a secondary code.Type: GrantFiled: December 23, 2014Date of Patent: May 16, 2017Assignee: INTEL CORPORATIONInventors: Oleg Olegp Pogorelik, Alex Nayshtut, Avi Apriev Priev, Shahar Porat, Michael Raziel
-
Publication number: 20170091438Abstract: An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Applicant: Intel CorporationInventors: MICHAEL RAZIEL, ABHILASHA BHARGAV-SPANTZEL, HORMUZD M. KHOSRAVI
-
Publication number: 20160350761Abstract: A method for managing a reference template for authentication includes generating the reference template using gait data collected during a training period. A user is authenticated utilizing the reference template. A universal background model (UBM) is generated using gait data collected after the training period. The reference template is updated using the UBM.Type: ApplicationFiled: May 28, 2015Publication date: December 1, 2016Inventors: Michael Raziel, Ned M. Smith, Alex Nayshtut, Hormuzd M. Khosravi, Abhilasha Bhargav-Spantzel, Meir Shaked
-
Publication number: 20160286393Abstract: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.Type: ApplicationFiled: March 26, 2015Publication date: September 29, 2016Inventors: Yasser Rasheed, Abhilasha Bhargav-Spantzel, Hormuzd M. Khosravi, Michael Raziel
-
Publication number: 20160183032Abstract: Techniques for connecting using NFC communications are provided. Specifically, methods are presented, that when taken alone or together, provide a device or group of devices with a secure way of transferring data from a wireless device to a reader. The present disclosure includes a method that provides a wireless device with network connectivity options that enable a more secure means for using NFC communications for completing a secure transaction using a secondary code.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventors: Oleg Olegp POGORELIK, Alex NAYSHTUT, Avi Apriev PRIEV, Shahar PORAT, Michael RAZIEL
-
Publication number: 20160092697Abstract: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.Type: ApplicationFiled: September 25, 2014Publication date: March 31, 2016Inventors: Alex Nayshtut, Ned Smith, Avishay Sharaga, Oleg Pogorelik, Abhilasha Bhargav-Spantzel, Michael Raziel, Avi Priev, Adi Shaliv, Igor Muttik
-
Publication number: 20160066184Abstract: In an embodiment, an apparatus includes a security engine to operate in a trusted execution environment to perform security operations and to authenticate a user of the apparatus, and a pairing logic to receive an indication of discovery of a peer device and to determine whether the user of the apparatus corresponds to a user of the peer device, and if so to enable a pairing with the peer device according to a first security ring if the correspondence is determined, and to enable the pairing with the peer device according to a second security ring if no correspondence is detected and the user of the apparatus is authenticated. Other embodiments are described and claimed.Type: ApplicationFiled: August 29, 2014Publication date: March 3, 2016Inventors: Abhilasha Bhargav-Spantzel, Ned M. Smith, Hormuzd M. Khosravi, Michael Raziel, Alex Nayshtut
-
Patent number: 9246678Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.Type: GrantFiled: March 14, 2013Date of Patent: January 26, 2016Assignee: Intel CorporationInventors: Alex Nayshtut, Edward V. Jimison, Omer Ben-Shalom, Michael Raziel
-
Publication number: 20140281477Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Inventors: ALEX NAYSHTUT, EDWARD JIMISON, OMER BEN-SHALOM, MICHAEL RAZIEL