Patents Assigned to SecureAuth Corporation
-
Patent number: 9900163Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: GrantFiled: March 18, 2016Date of Patent: February 20, 2018Assignee: SecureAuth CorporationInventors: Craig J. Lund, Garret F. Grajek, Stephen Moore, Mark V. Lambiase
-
Patent number: 9882728Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: GrantFiled: September 28, 2016Date of Patent: January 30, 2018Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 9781097Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: October 3, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 9769209Abstract: An alert source issues security alerts to an identity provider, which acts as a gatekeeper to a secure resource. Each security alert is associated with an alert user identity and a security threat. When a user identity requests access to the secure resource, the identity provider may look up security alerts associated with the user identity, such as my matching up the user identity with the alert user identity associated with each alert. Based on any discovered security alerts that correspond to the user identity and a pre-defined security policy, the identity provider may perform various security actions on the user identity. For example, the identity provider may contain a user identity associated with high-risk and/or high fidelity security alerts. The identity provider may deny the user identity access to the secure resource, or the identity provider may request additional authentication factors associated with the user identity before access to the secure resource is provided.Type: GrantFiled: March 4, 2016Date of Patent: September 19, 2017Assignee: SecureAuth CorporationInventors: Keith Martin Graham, Stephen Garnett Cox
-
Patent number: 9756035Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: September 5, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 9736145Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.Type: GrantFiled: July 31, 2015Date of Patent: August 15, 2017Assignee: SecureAuth CorporationInventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
-
Patent number: 9660974Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: May 23, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 9473310Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: GrantFiled: April 18, 2014Date of Patent: October 18, 2016Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 9369457Abstract: Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.Type: GrantFiled: June 26, 2014Date of Patent: June 14, 2016Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeff Chiwai Lo, Robert Jason Phillips, Shu Jen Tung
-
Patent number: 9338155Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.Type: GrantFiled: August 12, 2013Date of Patent: May 10, 2016Assignee: SecureAuth CorporationInventors: Allen Yu Quach, Jeffrey Chiwai Lo, Garret Florian Grajek, Mark V. Lambiase
-
Patent number: 9294288Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: GrantFiled: March 27, 2014Date of Patent: March 22, 2016Assignee: SecureAuth CorporationInventors: Craig J. Lund, Garret F. Grajek, Stephen Moore, Mark V. Lambiase
-
Patent number: 9288195Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.Type: GrantFiled: December 13, 2013Date of Patent: March 15, 2016Assignee: SecureAuth CorporationInventors: Mark V. Lambiase, Garret Florian Grajek, Jeffrey Chiwai Lo, Tommy Ching Hsiang Wu
-
Patent number: 9124576Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.Type: GrantFiled: August 13, 2014Date of Patent: September 1, 2015Assignee: SECUREAUTH CORPORATIONInventors: Garret Florian Grajek, Stephen Moore, Mark V. Lambiase, Craig J. Lund
-
Publication number: 20140344567Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: ApplicationFiled: April 18, 2014Publication date: November 20, 2014Applicant: SecureAuth CorporationInventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 8812838Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.Type: GrantFiled: June 17, 2013Date of Patent: August 19, 2014Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Stephen Moore, Mark V. Lambiase, Craig J. Lund
-
Publication number: 20140215213Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: ApplicationFiled: March 27, 2014Publication date: July 31, 2014Applicant: SecureAuth CorporationInventors: Craig J. Lund, Garret F. Grajek, Stephen Moore, Mark V. Lambiase
-
Patent number: 8769651Abstract: Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.Type: GrantFiled: March 14, 2013Date of Patent: July 1, 2014Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeff Chiwai Lo, Robert Jason Phillips, Shu Jen Tung
-
Publication number: 20140181946Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.Type: ApplicationFiled: December 13, 2013Publication date: June 26, 2014Applicant: SecureAuth CorporationInventors: Mark V. Lambiase, Garret Florian Grajek, Jeffrey Chiwai Lo, Tommy Ching Hsiang Wu
-
Patent number: 8707031Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: GrantFiled: April 7, 2009Date of Patent: April 22, 2014Assignee: SecureAuth CorporationInventors: Garrett F. Grajek, Jeff C. Lo, Mark V. Lambiase
-
Patent number: 8700901Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: GrantFiled: December 3, 2012Date of Patent: April 15, 2014Assignee: SecureAuth CorporationInventors: Craig Lund, Garret F. Grajek, Stephen Moore, Mark V. Lambiase