Patents by Inventor Asad Mahboob Ali
Asad Mahboob Ali has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240114022Abstract: A system or method of image-based login authentication of a user on an access device using a mobile device registered to the user can include receiving login information at the access device, displaying an image reference at the access device, the image reference being one among a plurality of image references provisioned at the mobile device and an authentication authority, displaying the image reference selected by the authentication authority along with other image references, and receiving an authentication token at the authentication authority from the mobile device corresponding to a selection at the mobile device of one of the plurality of image references provisioned at the mobile device. The method can further include receiving validation by the access device of a completed authentication if the selection matches the image reference displayed at the access device and allowing login at the access device if the authentication token is validated.Type: ApplicationFiled: September 30, 2022Publication date: April 4, 2024Applicant: THALES DIS CPL USA, INC.Inventors: Najam SIDDIQUI, Asad Mahboob ALI, Benoît FAMECHON
-
Publication number: 20240095331Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.Type: ApplicationFiled: September 20, 2022Publication date: March 21, 2024Applicant: THALES DIS CPL USA, INC.Inventors: Yateendra JAIMAN, Pranay Shahab GUPTA, Asad Mahboob ALI
-
Patent number: 11797392Abstract: A system and method for backing up critical data of edge devices includes originator, surrogate, and target edge devices as well as a vault-broker server. The critical data, encrypted, is transmitted to and stored by a surrogate. The association of originator and surrogate is managed by the vault-broker server. Encryption protects the data from recovery by unauthorized parties while allowing surrogate edge devices to determine if recovery attempts are made by authorized parties.Type: GrantFiled: September 9, 2020Date of Patent: October 24, 2023Assignee: THALES DIS FRANCE SASInventors: Ijaz Muhammad Khan, Asad Mahboob Ali
-
Publication number: 20220075695Abstract: A system and method for backing up critical data of edge devices includes originator, surrogate, and target edge devices as well as a vault-broker server. The critical data, encrypted, is transmitted to and stored by a surrogate. The association of originator and surrogate is managed by the vault-broker server. Encryption protects the data from recovery by unauthorized parties while allowing surrogate edge devices to determine if recovery attempts are made by authorized parties.Type: ApplicationFiled: September 9, 2020Publication date: March 10, 2022Inventors: Ijaz Muhammad KHAN, Asad Mahboob ALI
-
Patent number: 11184765Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.Type: GrantFiled: July 21, 2017Date of Patent: November 23, 2021Assignee: THALES DIS FRANCE SAInventors: Darmawan Suwirya, Asad Mahboob Ali
-
Patent number: 11177963Abstract: A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.Type: GrantFiled: December 12, 2017Date of Patent: November 16, 2021Assignee: THALES DIS FRANCE SAInventors: Benoît Famechon, Najam Siddiqui, Karen HongQian Lu, Asad Mahboob Ali
-
Publication number: 20190182050Abstract: A server accesses a user identifier associated with a first user device and a reference image, as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image, the server authenticates the user.Type: ApplicationFiled: December 12, 2017Publication date: June 13, 2019Applicant: Gemalto, Inc.Inventors: Benoît Famechon, Najam Siddiqui, Karen HongQian Lu, Asad Mahboob Ali
-
Publication number: 20190028891Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.Type: ApplicationFiled: July 21, 2017Publication date: January 24, 2019Applicant: GEMALTO INCInventors: Darmawan SUWIRYA, Asad Mahboob ALI
-
Publication number: 20170244692Abstract: A mechanism for using a mobile device connected to a security device to authenticate a user to a service provider using a security device operating according to an applet without storing keys or user interface text on the security device or the mobile device. Registration and authentication messages to the mobile device are routed to a security device. These messages include a nonce. The security device encrypts responses from the user using the nonce and transmits an encrypted response message including the encrypted response to the authentication server, wherein the nonce is unique for each communication between the authentication server and the security device. Other systems and methods are disclosed.Type: ApplicationFiled: February 24, 2016Publication date: August 24, 2017Applicants: Gemalto Inc., Valimo Wireless OyInventors: Sridhar BHUPATHIRAJU, Benoit FAMECHON, HongQian Karen LU, Asad Mahboob ALI
-
Patent number: 9626527Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.Type: GrantFiled: November 4, 2013Date of Patent: April 18, 2017Assignee: GEMALTO SAInventors: Asad Mahboob Ali, Ella Segura
-
Patent number: 9258121Abstract: A method to manage modification of encryption credentials for an encryption server. The encryption server is used to encrypt data uploaded by a user after provision of user encryption credentials associated with an encryption account. The data is encrypted by using a user encryption key stored in a cloud storage server.Type: GrantFiled: June 20, 2014Date of Patent: February 9, 2016Assignee: GEMALTO SAInventors: Asad Mahboob Ali, Ella Segura
-
Publication number: 20150372814Abstract: A method to manage modification of encryption credentials for an encryption server. The encryption server is used to encrypt data uploaded by a user after provision of user encryption credentials associated with an encryption account. The data is encrypted by using a user encryption key stored in a cloud storage server.Type: ApplicationFiled: June 20, 2014Publication date: December 24, 2015Inventors: Asad Mahboob ALI, Ella Segura
-
Publication number: 20150127937Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.Type: ApplicationFiled: November 4, 2013Publication date: May 7, 2015Applicant: GEMALTO INC.Inventors: Asad Mahboob ALI, Ella Segura
-
Patent number: 8527757Abstract: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.Type: GrantFiled: June 23, 2008Date of Patent: September 3, 2013Assignee: Gemalto SAInventors: HongQian Karen Lu, Asad Mahboob Ali, Kapil Sachdeva
-
Patent number: 8479011Abstract: A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.Type: GrantFiled: October 27, 2009Date of Patent: July 2, 2013Assignee: Gemalto SAInventors: Asad Mahboob Ali, Bart John Bombay, Ashish Malpani
-
Patent number: 7926096Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.Type: GrantFiled: August 31, 2005Date of Patent: April 12, 2011Assignee: Gemalto SAInventors: Asad Mahboob Ali, Bertrand du Castel, Apostol Vassilev, Sylvain Prevost, Kapil Sachdeva
-
Publication number: 20110083017Abstract: A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.Type: ApplicationFiled: October 27, 2009Publication date: April 7, 2011Applicant: GEMALTO INC.Inventors: Asad MAHBOOB ALI, Bart John Bombay, Ashish Malpani
-
Publication number: 20100235637Abstract: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.Type: ApplicationFiled: June 23, 2008Publication date: September 16, 2010Applicant: GEMALTO, SAInventors: H.Karen Lu, Asad Mahboob Ali, Kapil Sachdeva
-
Patent number: 7509487Abstract: Secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.Type: GrantFiled: May 19, 2004Date of Patent: March 24, 2009Assignee: Gemalto Inc.Inventors: HongQian Karen Lu, Michael Andrew Montgomery, Asad Mahboob Ali
-
Patent number: 7392534Abstract: A system and method for effecting secure transactions over a computer network in a manner designed to foil identity theft perpetrated from an untrusted computer. A connection from a client computer to the network wherein the client computer provides a user interface for a user, a connection from a server computer to the network, and a connection from a portable secure computing device to the network provides for secure transmission of private confidential user information from the user to a server. The private information is transmitted directly from the secure computing device to the server over the secure connection without possibility of capture on the computer with which the user is interacting.Type: GrantFiled: December 31, 2003Date of Patent: June 24, 2008Inventors: HongQian Karen Lu, Asad Mahboob Ali