Patents by Inventor Yossi GILAD
Yossi GILAD has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10171451Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: GrantFiled: June 13, 2018Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Patent number: 10164965Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: GrantFiled: June 13, 2018Date of Patent: December 25, 2018Assignee: International Business Machines CorporationInventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Patent number: 10164964Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: GrantFiled: June 13, 2018Date of Patent: December 25, 2018Assignee: International Business Machines CorporationInventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20180302396Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: ApplicationFiled: June 13, 2018Publication date: October 18, 2018Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20180295123Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: ApplicationFiled: June 13, 2018Publication date: October 11, 2018Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20180295122Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: ApplicationFiled: June 13, 2018Publication date: October 11, 2018Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20180227321Abstract: A method and system for calculating and ascribing reputation scores to Domain Name System (DNS) domain names, the method including capturing domain names appearing in a network during a predefined time frame and extracting features of each of the captured domain names, and calculating a reputation score for each of the captured domain names by assessing an expected life duration of each of the captured domain names based on the domain name features.Type: ApplicationFiled: February 5, 2017Publication date: August 9, 2018Inventors: ALON FREUND, YOSSI GILAD, ODED MARGALIT, AVIV RON
-
Patent number: 10027477Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: GrantFiled: March 31, 2017Date of Patent: July 17, 2018Assignee: International Business Machines CorporationInventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Patent number: 9985865Abstract: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.Type: GrantFiled: November 23, 2015Date of Patent: May 29, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yossi Gilad, Shahar Kohanim
-
Patent number: 9984512Abstract: A cooperative vehicle monitoring method including, at an intravehicular monitor configured with each of a plurality of vehicles, gathering any in-vehicle data associated with the vehicle, detecting any intravehicular anomaly associated with the vehicle by analyzing the in-vehicle data, and reporting intravehicular information including any of the detected intravehicular anomaly and the in-vehicle data, and, at an extravehicular monitor, detecting any anomaly by analyzing the reported intravehicular information in combination with extravehicular data that are external to the plurality of vehicles, and reporting any of the intravehicular information, the extravehicular data, and any anomaly detected at the extravehicular monitor.Type: GrantFiled: January 10, 2016Date of Patent: May 29, 2018Assignee: International Business Machines CorporationInventors: Yair Allouche, Yossi Gilad, Oded Margalit, Yaron Wolfsthal
-
Patent number: 9954759Abstract: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.Type: GrantFiled: July 29, 2015Date of Patent: April 24, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yossi Gilad, Shahar Kohanim
-
Patent number: 9900775Abstract: A method, system and computer-usable medium for performing an authorization operation on an Internet of Things (IoT) type device, comprising: providing each of a plurality of IoT type devices with a respective authorization system; receiving a request to share resources at one of the plurality of IoT type devices; determining via the respective authorization system whether the one of the plurality of IoT devices has an IoT resource available for sharing; and, enabling sharing of the IoT resource when the respective authorization system determines that the IoT resource is available for sharing.Type: GrantFiled: September 2, 2015Date of Patent: February 20, 2018Assignee: International Business Machines CorporationInventors: Yossi Gilad, Ayman Jarrous, Ravid Sagy, Alexandra Shulman-Peleg
-
Patent number: 9843597Abstract: Techniques for monitoring a controller area network bus are described herein. In one example, a system comprises a processor that is to detect a message from a source electronic control unit in a vehicle and calculate a location of the source electronic control unit based on at least two arrival times, the arrival times indicating a distance between a first monitor and the source electronic control unit. The processor can also detect that the message corresponds to a function controlled by a second electronic control unit and generate a warning that the message from the source electronic control unit is malicious.Type: GrantFiled: August 10, 2015Date of Patent: December 12, 2017Assignee: International Business Machines CorporationInventors: Yair Allouche, Yossi Gilad, Oded Margalit
-
Publication number: 20170207912Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: ApplicationFiled: March 31, 2017Publication date: July 20, 2017Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20170200323Abstract: A cooperative vehicle monitoring method including, at an intravehicular monitor configured with each of a plurality of vehicles, gathering any in-vehicle data associated with the vehicle, detecting any intravehicular anomaly associated with the vehicle by analyzing the in-vehicle data, and reporting intravehicular information including any of the detected intravehicular anomaly and the in-vehicle data, and, at an extravehicular monitor, detecting any anomaly by analyzing the reported intravehicular information in combination with extravehicular data that are external to the plurality of vehicles, and reporting any of the intravehicular information, the extravehicular data, and any anomaly detected at the extravehicular monitor.Type: ApplicationFiled: January 10, 2016Publication date: July 13, 2017Inventors: YAIR ALLOUCHE, YOSSI GILAD, ODED MARGALIT, YARON WOLFSTHAL
-
Patent number: 9705872Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.Type: GrantFiled: September 25, 2015Date of Patent: July 11, 2017Assignee: International Business Machines CorporationInventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
-
Publication number: 20170064556Abstract: A method, system and computer-usable medium for performing an authorization operation on an Internet of Things (IoT) type device, comprising: providing each of a plurality of IoT type devices with a respective authorization system; receiving a request to share resources at one of the plurality of IoT type devices; determining via the respective authorization system whether the one of the plurality of IoT devices has an IoT resource available for sharing; and, enabling sharing of the IoT resource when the respective authorization system determines that the IoT resource is available for sharing.Type: ApplicationFiled: September 2, 2015Publication date: March 2, 2017Inventors: Yossi Gilad, Ayman Jarrous, Ravid Sagy, Alexandra Shulman-Peleg
-
Publication number: 20170034037Abstract: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.Type: ApplicationFiled: July 29, 2015Publication date: February 2, 2017Inventors: YOSSI GILAD, SHAHAR KOHANIM
-
Publication number: 20170034029Abstract: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.Type: ApplicationFiled: November 23, 2015Publication date: February 2, 2017Inventors: YOSSI GILAD, SHAHAR KOHANIM
-
Publication number: 20160197944Abstract: Techniques for monitoring a controller area network bus are described herein. In one example, a system comprises a processor that is to detect a message from a source electronic control unit in a vehicle and calculate a location of the source electronic control unit based on at least two arrival times, the arrival times indicating a distance between a first monitor and the source electronic control unit. The processor can also detect that the message corresponds to a function controlled by a second electronic control unit and generate a warning that the message from the source electronic control unit is malicious.Type: ApplicationFiled: August 10, 2015Publication date: July 7, 2016Inventors: Yair Allouche, Yossi Gilad, Oded Margalit