Patents by Inventor Troy Jacob Ronda
Troy Jacob Ronda has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10735397Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.Type: GrantFiled: January 22, 2019Date of Patent: August 4, 2020Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
-
Patent number: 10547643Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.Type: GrantFiled: February 27, 2017Date of Patent: January 28, 2020Assignee: SecureKey Technologies Inc.Inventors: Michael Varley, Troy Jacob Ronda, Dmitry Barinov, Gregory Howard Wolfond, Pierre Antoine Roberge
-
Publication number: 20190158481Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.Type: ApplicationFiled: January 22, 2019Publication date: May 23, 2019Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
-
Patent number: 10237259Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.Type: GrantFiled: February 28, 2017Date of Patent: March 19, 2019Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
-
Patent number: 10210489Abstract: A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.Type: GrantFiled: April 8, 2011Date of Patent: February 19, 2019Assignee: SecureKey Technologies Inc.Inventors: Andre Michel Boysen, Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Gregory Howard Wolfond
-
Patent number: 9860245Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.Type: GrantFiled: June 29, 2015Date of Patent: January 2, 2018Assignee: Secure Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Gregory Howard Wolfond, Andre Michael Boysen
-
Publication number: 20170250972Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.Type: ApplicationFiled: February 28, 2017Publication date: August 31, 2017Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
-
Publication number: 20170251025Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.Type: ApplicationFiled: February 27, 2017Publication date: August 31, 2017Inventors: Michael Varley, Troy Jacob Ronda, Dmitry Barinov, Gregory Howard Wolfond, Pierre Antoine Roberge
-
Patent number: 9300665Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.Type: GrantFiled: May 29, 2012Date of Patent: March 29, 2016Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Andre Boysen, Afshin Rezayee, Malcolm Ronald Smith, Mikhael Khaymov, Kshitiz Vadera, Murat Cat
-
Patent number: 9225754Abstract: A method of ad-hoc network communications comprises a computer server transmitting a communications session request to a primary logical communications device of a logical ad-hoc communications network. The logical ad-hoc communications network comprises the primary logical communications device and at least one secondary logical communications device that is registered to the primary logical communications device. The communications session request requests a communications session with one of the at least one secondary logical communications devices. Upon receipt of the communications session request, the primary logical communications device transmits to the one secondary logical communications device a session initiate message requesting the one secondary logical communications device initiate the communications session with the computer server.Type: GrantFiled: March 5, 2012Date of Patent: December 29, 2015Assignee: SECUREKEY TECHNOLOGIES INC.Inventors: Andre Michel Boysen, Patrick Hans Engel, Troy Jacob Ronda, Pierre Antoine Roberge, Gregory Howard Wolfond
-
Publication number: 20150304319Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.Type: ApplicationFiled: June 29, 2015Publication date: October 22, 2015Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene Mclve, Gregory Howard Wolfond, Andre Michael Boysen
-
Patent number: 9160732Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.Type: GrantFiled: October 31, 2013Date of Patent: October 13, 2015Assignee: SECUREKEY TECHNOLOGIES INC.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Greg Wolfond, Andre Boysen
-
Patent number: 9083533Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.Type: GrantFiled: August 19, 2011Date of Patent: July 14, 2015Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Gregory Howard Wolfond, Andre Michel Boysen
-
Methods and systems for using derived credentials to authenticate a device across multiple platforms
Patent number: 9053304Abstract: Methods and systems for adapting existing service provider servers to support two-factor authentication by leveraging an authentication server, which may be operated by a third party. Where a user desires to access content or services offered by a service provider server, the user may employ a client agent (for example, a web browser) in order to authenticate with the service provider server. Service provider server can redirect client agent to an authentication server to process at least a second factor or derived credential.Type: GrantFiled: July 13, 2012Date of Patent: June 9, 2015Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Andre Boysen, Abhishek Das, Michael Varley, Hugh Cumming -
Patent number: 8943311Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by the computer server.Type: GrantFiled: November 4, 2009Date of Patent: January 27, 2015Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Gregory Howard Wolfond, Andre Michel Boysen
-
Patent number: 8863308Abstract: A method of identity attribute validation at a computer server involves the computer server receiving an identity attribute validation request from a communication terminal. The computer server further receives a credential, and is configured with an attribute disclosure profile of attributes authorized for disclosure to the communication terminal. The computer server determines the validity of the credential, and provides the communication terminal with a response to the identity attribute validation request based on an outcome of the credential validity determination. The attribute validation response includes attributes data associated with the credential authorized for disclosure by the attribute disclosure profile but excludes attributes data associated with the credential not authorized for disclosure by the attribute disclosure profile.Type: GrantFiled: December 1, 2010Date of Patent: October 14, 2014Assignee: SecureKey Technologies Inc.Inventors: Andre Michel Boysen, Gregory Wolfond, Pierre Antoine Roberge, Patrick Hans Engel, Troy Jacob Ronda
-
Patent number: 8756674Abstract: A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.Type: GrantFiled: February 19, 2010Date of Patent: June 17, 2014Assignee: SecureKey Technologies Inc.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Gregory Howard Wolfond, Andre Michel Boysen
-
Publication number: 20140101734Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.Type: ApplicationFiled: May 29, 2012Publication date: April 10, 2014Applicant: Securekey Technologies Inc.Inventors: Troy Jacob Ronda, Andre Boysen, Afshin Rezayee, Malcolm Ronald Smith, Mikhael Khaymov, Kshitiz Vadera, Murat Cat
-
Publication number: 20140059348Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.Type: ApplicationFiled: October 31, 2013Publication date: February 27, 2014Applicant: SECUREKEY TECHNOLOGIES INC.Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Rene McIver, Greg Wolfond, Andre Boysen
-
METHODS AND SYSTEMS FOR USING DERIVED CREDENTIALS TO AUTHENTICATE A DEVICE ACROSS MULTIPLE PLATFORMS
Publication number: 20140020073Abstract: Methods and systems for adapting existing service provider servers to support two-factor authentication by leveraging an authentication server, which may be operated by a third party. Where a user desires to access content or services offered by a service provider server, the user may employ a client agent (for example, a web browser) in order to authenticate with the service provider server. Service provider server can redirect client agent to an authentication server to process at least a second factor or derived credential.Type: ApplicationFiled: July 13, 2012Publication date: January 16, 2014Inventors: Troy Jacob Ronda, Andre Boysen, Abhishek Das, Michael Varley, Hugh Cumming