Patents by Inventor Conor P. Cahill

Conor P. Cahill has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10104068
    Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.
    Type: Grant
    Filed: August 8, 2017
    Date of Patent: October 16, 2018
    Assignee: FACEBOOK, INC.
    Inventor: Conor P. Cahill
  • Patent number: 10097350
    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: October 9, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
  • Patent number: 10009327
    Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: June 26, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Micah J. Sheller, Jason Martin
  • Patent number: 9898880
    Abstract: A wearable device (“WD”) stores a token after its wearer completes a successful strong authentication on a primary protected device (“primary PD”). Other protected devices (“secondary PDs”) recognize the stored token as representing a strong authentication and grant the user access while the user continues to wear the WD within a “digital leash-length” proximity. The WD constantly monitors whether the user continues to wear the device. Upon sensing that the user has removed the WD, the WD deletes, disables, or invalidates the token, The user must then repeat the strong authentication to gain further access to the protected devices.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: February 20, 2018
    Assignee: Intel Corporation
    Inventors: Ramune Nagisetty, Melissa A Cowan, Jason Martin, Richard A Forand, Wen-Ling M Huang, Conor P Cahill
  • Patent number: 9871779
    Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: January 16, 2018
    Assignee: Intel Corporation
    Inventors: Micah J. Sheller, Conor P. Cahill, Jason Martin, Ned M. Smith, Brandon Baker
  • Publication number: 20170339129
    Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.
    Type: Application
    Filed: August 8, 2017
    Publication date: November 23, 2017
    Inventor: Conor P. Cahill
  • Patent number: 9813849
    Abstract: Systems and methods for generating suggestions based on group criteria. A device may act as a proxy for a group and scan information from other devices in the group. The proxy device may then transmit the scanned information to a remote resource. The remote resource may obtain preference information based on profile information, for devices that are determined to be registered with a service, and based on inquiry responses for unregistered devices. The preference information may be compiled into group criteria that may be employed in making one or more suggestions to the group. If the group selects one of the suggestions then the remote resource may make arrangements based on the selection. Otherwise, additional suggestions may be provided to the group. The remote resource may also monitor the group and continue to make suggestions accordingly.
    Type: Grant
    Filed: February 9, 2012
    Date of Patent: November 7, 2017
    Assignee: INTEL CORPORATION
    Inventors: Uttam K. Sengupta, Conor P. Cahill, Mark A. Mccorkle, Kyle A. Short
  • Publication number: 20170244684
    Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
    Type: Application
    Filed: March 7, 2017
    Publication date: August 24, 2017
    Inventors: NED M. SMITH, CONOR P. CAHILL, MICAH J. SHELLER, JASON MARTIN
  • Patent number: 9729543
    Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.
    Type: Grant
    Filed: July 16, 2014
    Date of Patent: August 8, 2017
    Assignee: FACEBOOK, INC.
    Inventor: Conor P. Cahill
  • Publication number: 20170214526
    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
    Type: Application
    Filed: February 3, 2017
    Publication date: July 27, 2017
    Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
  • Patent number: 9674254
    Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: June 6, 2017
    Assignee: AOL Inc.
    Inventors: David F. Pare, David L. Biderman, Stephen Loomis, Scott K. Brown, Michael Wise, David Wexelblat, Conor P. Cahill, David S. Bill
  • Patent number: 9628478
    Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
    Type: Grant
    Filed: July 29, 2015
    Date of Patent: April 18, 2017
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Micah J. Sheller, Jason Martin
  • Patent number: 9602492
    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: March 21, 2017
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
  • Publication number: 20170012983
    Abstract: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
    Type: Application
    Filed: April 14, 2016
    Publication date: January 12, 2017
    Inventors: Ned M. SMITH, Conor P. Cahill, Jason Martin, Abhilasha Bhargav-Spantzel, Sanjay Bakshi
  • Publication number: 20160359921
    Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.
    Type: Application
    Filed: August 19, 2016
    Publication date: December 8, 2016
    Inventors: Hong C. Li, Mark D. Boucher, Conor P. Cahill, Manohar R. Castelino, Steve Orrin, Vinay Phegade, John E. Simpson, JR.
  • Patent number: 9436838
    Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.
    Type: Grant
    Filed: December 20, 2012
    Date of Patent: September 6, 2016
    Assignee: Intel Corporation
    Inventors: Hong C. Li, Mark D. Boucher, Conor P. Cahill, Manohar R. Castelino, Steve Orrin, Vinay Phegade, John E. Simpson, Jr.
  • Publication number: 20160092665
    Abstract: An initial authentication of a user, if successful, causes a token to be stored on, and presented from, a wearable device (WD). The WD continually monitors one or more of the wearer's vital signs to confirm that (1) the WD is being worn by a living person rather than an inanimate simulacrum, and (2) the WD is still worn by the same person who underwent the authentication. The token can be read by a token-reader on at least one protected device (PD). If the token is valid, its presentation serves as authentication and the token-reader grants the user access to the PD. If the WD vital-sign signal is interrupted when the user removes the WD, the WD stops presenting the token and can no longer be used to access a PD.
    Type: Application
    Filed: September 27, 2014
    Publication date: March 31, 2016
    Inventors: Melissa A. Cowan, Ramune Nagisetty, Jason Martin, Richard A. Forand, Conor P. Cahill, Bradley A. Jackson
  • Publication number: 20160028787
    Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.
    Type: Application
    Filed: September 30, 2015
    Publication date: January 28, 2016
    Inventors: David F. PARE, David L. BIDERMAN, Stephen LOOMIS, Scott K. Brown, Michael WISE, David WEXELBLAT, Conor P. CAHILL, David S. BILL
  • Publication number: 20160006732
    Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
    Type: Application
    Filed: July 29, 2015
    Publication date: January 7, 2016
    Inventors: NED M. SMITH, CONOR P. CAHILL, MICAH J. SHELLER, JASON MARTIN
  • Publication number: 20150373007
    Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
    Type: Application
    Filed: August 28, 2015
    Publication date: December 24, 2015
    Inventors: Micah J. Sheller, Conor P. Cahill, Jason Martin, Ned M. Smith, Brandon Baker