Patents by Inventor Ari Juels

Ari Juels has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10594823
    Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: March 17, 2020
    Assignee: RavenWhite Security, Inc.
    Inventors: Bjorn Markus Jakobsson, Ari Juels
  • Patent number: 10367642
    Abstract: A first cryptographic device determines multiple sets of passcodes for possible release in association with a corresponding one of a plurality of epochs, and transmits a message to a second cryptographic device over an auxiliary channel embedded in one or more passcodes released by the first cryptographic device to the second cryptographic device. For example, the first cryptographic device can determine multiple sets of passcodes by precomputing and storing the multiple sets of passcodes, or by generating one or more data sets from which the multiple sets of passcodes can be computed. The first cryptographic device transmits the message over the auxiliary channel by selecting a particular one of the multiple sets of passcodes based on content of the message and releasing a passcode from the selected set. The first cryptographic device may comprise an authentication token and the second cryptographic device may comprise an authentication server.
    Type: Grant
    Filed: December 12, 2012
    Date of Patent: July 30, 2019
    Assignee: EMC IP Holding Company LLC
    Inventor: Ari Juels
  • Publication number: 20190182049
    Abstract: Systems and methods are described for providing a secure counter that is resistant to rollback attacks. In an exemplary embodiment, a tag memory, such as an RFID or NFC tag, is provided with a counter value, a verification value, and a digitally signed hash chain head value. The tag is initialized with a counter value of zero and a random initial verification value. The hash chain head value is initialized by applying a cryptographic hash function to the initial verification value a predetermined number of times. The counter is updated by incrementing the counter value and applying the hash function to the verification value. The counter is verified by determining the number of times the hash function must be applied to the verification value to reach the hash chain head value. Embodiments using a plurality of sub-counters are also described.
    Type: Application
    Filed: November 30, 2016
    Publication date: June 13, 2019
    Inventor: Ari Juels
  • Publication number: 20190156301
    Abstract: An apparatus in an illustrative embodiment comprises a processing platform that includes one or more processing devices each comprising a processor coupled to a memory. The processing platform is configured to communicate over at least one network with one or more additional sets of processing devices associated with at least a first blockchain-based cryptocurrency system. Each of at least a subset of the one or more processing devices of the processing platform comprises a trusted execution environment, such as a secure enclave.
    Type: Application
    Filed: November 21, 2018
    Publication date: May 23, 2019
    Inventors: Iddo Bentov, Ari Juels, Fan Zhang, Philip Daian, Lorenz Breidenbach
  • Publication number: 20190158472
    Abstract: Systems and methods are provided for protecting the privacy of wireless enabled medical device (WEMD) communications, particularly against traffic-analysis attacks. In an exemplary method, a WEMD measures a physiological parameter and conveys that physiological parameter to a WEMD-receiver using messages that simulate at least one message from a cover device, for example by embedding physiological data in a message from a simulated cover device. In some embodiments, the WEMD sends messages that simulate traffic patterns of the cover device. The cover device may be a device not associated with serious medical conditions, such as a fitness-oriented heart rate monitor. In some embodiments, the simulation is discontinued under emergency conditions or in particular regions that are deemed to be safe.
    Type: Application
    Filed: January 25, 2019
    Publication date: May 23, 2019
    Inventor: Ari Juels
  • Patent number: 10230699
    Abstract: Systems and methods are provided for protecting the privacy of wireless enabled medical device (WEMD) communications, particularly against traffic-analysis attacks. In an exemplary method, a WEMD measures a physiological parameter and conveys that physiological parameter to a WEMD-receiver using messages that simulate at least one message from a cover device, for example by embedding physiological data in a message from a simulated cover device. In some embodiments, the WEMD sends messages that simulate traffic patterns of the cover device. The cover device may be a device not associated with serious medical conditions, such as a fitness-oriented heart rate monitor. In some embodiments, the simulation is discontinued under emergency conditions or in particular regions that are deemed to be safe.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: March 12, 2019
    Assignee: PCMS Holdings, Inc.
    Inventor: Ari Juels
  • Patent number: 10129027
    Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server; storing the authenticated alert message in a buffer; transmitting the buffer to the server; and detecting a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein the cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that the messages are inserted in the buffer and wherein the cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that the buffers are transmitted over a network.
    Type: Grant
    Filed: February 21, 2018
    Date of Patent: November 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Nikolaos Triandopoulos, Kevin D. Bowers
  • Patent number: 10104104
    Abstract: A security alerting system is provided with a network blockage policy based on alert transmission activity. Alert messages from a Security Alerting System executing on a host indicating a potential compromise of a protected resource are processed by determining if a number of buffer contents received from the host within a predefined time interval satisfies a predefined criteria, the buffer content comprising one or more of the alert messages from the Security Alerting System; and blocking a network connection of the host if the number of buffer contents received from the host within the predefined time interval does not satisfy the predefined criteria. The blocked network connection of the host can optionally be restored when a valid buffer content is received from the host. The predefined criteria is based on the alerting activity of the host.
    Type: Grant
    Filed: June 20, 2013
    Date of Patent: October 16, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Nikolaos Triandopoulos, Kevin D. Bowers
  • Publication number: 20180191693
    Abstract: Systems and methods are provided for protecting the privacy of wireless enabled medical device (WEMD) communications, particularly against traffic-analysis attacks. In an exemplary method, a WEMD measures a physiological parameter and conveys that physiological parameter to a WEMD-receiver using messages that simulate at least one message from a cover device, for example by embedding physiological data in a message from a simulated cover device. In some embodiments, the WEMD sends messages that simulate traffic patterns of the cover device. The cover device may be a device not associated with serious medical conditions, such as a fitness-oriented heart rate monitor. In some embodiments, the simulation is discontinued under emergency conditions or in particular regions that are deemed to be safe.
    Type: Application
    Filed: June 28, 2016
    Publication date: July 5, 2018
    Inventor: Ari Juels
  • Patent number: 9935770
    Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.
    Type: Grant
    Filed: June 20, 2013
    Date of Patent: April 3, 2018
    Assignee: EMC Corporation
    Inventors: Ari Juels, Nikolaos Triandopoulos, Kevin D. Bowers
  • Patent number: 9923718
    Abstract: In one aspect, a method comprises the steps of deriving a base point on an elliptic curve in a first processing device, generating authentication information in the first processing device utilizing the base point and a private key of the first processing device, and transmitting the authentication information from the first processing device to a second processing device. The base point on the elliptic curve may be derived, for example, by applying a one-way function to a current time value, or by computation based on a message to be signed.
    Type: Grant
    Filed: August 7, 2013
    Date of Patent: March 20, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Daniel Vernon Bailey, John G. Brainard, Ari Juels, Burton S. Kaliski, Jr.
  • Patent number: 9917694
    Abstract: A processing device is configured to obtain an address and a public key, both associated with an authentication service, to generate a symmetric key as a function of the public key, to configure an authentication token to incorporate the symmetric key, to encrypt the symmetric key utilizing the public key, and to transmit the encrypted symmetric key to the address so as to permit the authentication service to bind the symmetric key to an identifier of the authentication token. By way of example, the authentication token may comprise a software authentication token implemented on the processing device. One or more tokencodes generated by the authentication token utilizing the symmetric key are transmitted to the authentication service for authentication. The authentication by the authentication service is based on the symmetric key bound to the identifier of the authentication token.
    Type: Grant
    Filed: November 27, 2013
    Date of Patent: March 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, David D. Taku
  • Patent number: 9871785
    Abstract: Forward-secure one-time authentication tokens are provided with embedded time hints. A token generates a passcode for presentation to an authentication server by determining a current state of the token; generating a user authentication passcode based on the current state, wherein the generated user authentication passcode comprises an embedded time hint; and communicating the generated user authentication passcode to the authentication server. The passcode may be generated with the embedded time hint, for example, each time a user authentication passcode is generated or upon demand when a user authentication passcode is generated. A server processes a user authentication passcode by receiving the user authentication passcode, wherein the received user authentication passcode comprises an embedded time hint; and determining a time interval to search for another user authentication passcode based on the embedded time hint.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: January 16, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Nikolaos Triandopoulos, Ari Juels, John Brainard
  • Patent number: 9843574
    Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by obtaining a source set of passwords comprising at least one valid password for each of a plurality of users; and generating a chaff set of passwords for a given user, wherein the chaff set comprises at least one valid password for the given user and a plurality of chaff passwords for the given user, wherein the plurality of chaff passwords for the given user are obtained from the source set of passwords. Chaff passwords can also be generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: December 12, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Nikolaos Triandopoulos, Kevin Bowers, Ari Juels, Ronald Rivest, Guoying Luo
  • Publication number: 20170352027
    Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.
    Type: Application
    Filed: June 6, 2017
    Publication date: December 7, 2017
    Inventors: Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Runting Shi
  • Patent number: 9740844
    Abstract: Wireless wearable authenticators (WWAs) are provided using attachment to confirm user possession of the WWA. A user is authenticated by receiving authentication information from a wireless, wearable authentication (WWA) device of the user. The authentication information indicates whether the user has substantially continuously worn the WWA since a prior session where the user proved his or her identity to a relying device while wearing the WWA. The user is authenticated based on an evaluation of the authentication information. The authentication information comprises, for example, a credential ? and a current session label J. A value of the current session label J can provide the indication of whether the user has substantially continuously worn the WWA since a prior session where the user proved his or her identity to a relying device while wearing the WWA.
    Type: Grant
    Filed: December 24, 2013
    Date of Patent: August 22, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Kevin D. Bowers, Ari Juels, Ronald Rivest
  • Patent number: 9674210
    Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain data characterizing host devices of a computer network of an enterprise. The data is applied to a logistic regression model to generate malware infection risk scores for respective ones of the host devices. The malware infection risk scores indicate likelihoods that the respective host devices will become infected with malware. The logistic regression model incorporates features of the host devices including at least user demographic features, virtual private network (VPN) activity features and web activity features of the host devices, and the data characterizing the host devices comprises data for the incorporated features. Proactive measures are taken to prevent malware infection in a subset of the host devices based at least in part on the malware infection risk scores. The processing device may be implemented in the computer network or an associated network security system.
    Type: Grant
    Filed: November 26, 2014
    Date of Patent: June 6, 2017
    Assignees: EMC IP Holding Company LLC, University of North Carolina at Chapel Hill
    Inventors: Alina M. Oprea, Ting-Fang Yen, Viktor Heorhiadi, Michael Kendrick Reiter, Ari Juels
  • Patent number: 9659177
    Abstract: An authentication token configured to generate authentication information comprises an attestation module. The attestation module of the authentication token is configured to receive an attestation generated by an attestation module of a client, to perform a check on the received attestation, and to release the authentication information to a designated entity if the check indicates that the attestation is valid. The designated entity may comprise the client itself or another entity that participates in an authentication process involving at least one of the authentication token and the client. The authentication token in performing the check on the attestation received from the client may determine if the received attestation conforms to a predetermined policy. The attestation may comprise a platform attestation generated by the client for a given instantiated software stack of the client.
    Type: Grant
    Filed: September 24, 2012
    Date of Patent: May 23, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Kevin D. Bowers
  • Patent number: 9654467
    Abstract: Methods and apparatus are provided for improving resilience to forward clock attacks. A token generates a passcode from a user authentication token for presentation to an authentication server by detecting a forward clock attack; and communicating an indication of the forward clock attack to the authentication server. The generation of the user authentication passcodes is optionally suspended upon detecting the forward clock attack. The detection may be based on a comparison of a current device time of the token and a last used device time during a generation of a user authentication passcode.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: May 16, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Nikolaos Triandopoulos, Marten van Dijk, John Brainard, Ronald Rivest
  • Publication number: 20170124535
    Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a database configured to store bindings between user identity information and respective cryptocurrency addresses for users of an address-based cryptocurrency, and an account-identity service system accessible to at least one cryptocurrency vendor. The account-identity service system is configured to utilize the stored bindings to respond to queries from the cryptocurrency vendor. A given one of the queries from the cryptocurrency vendor identifies a particular one of the users and a corresponding cryptocurrency address for which the particular user has requested to purchase an amount of the address-based cryptocurrency.
    Type: Application
    Filed: October 28, 2016
    Publication date: May 4, 2017
    Inventors: Ari Juels, Faiyam Rahman