Patents by Inventor Craig A. Pearson
Craig A. Pearson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11943370Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.Type: GrantFiled: November 10, 2021Date of Patent: March 26, 2024Assignee: International Business Machines CorporationInventors: Shane Bradley Weeden, Craig Pearson, Carsten Hagemann
-
Publication number: 20230141966Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.Type: ApplicationFiled: November 10, 2021Publication date: May 11, 2023Inventors: SHANE BRADLEY WEEDEN, CRAIG PEARSON, CARSTEN HAGEMANN
-
Patent number: 11368446Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.Type: GrantFiled: October 2, 2018Date of Patent: June 21, 2022Assignee: International Business Machines CorporationInventors: Keiran W. Robinson, Craig Pearson, Leo M. M. Farrell
-
Patent number: 11343341Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: GrantFiled: January 7, 2019Date of Patent: May 24, 2022Assignee: International Business Machines CorporationInventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 10958644Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.Type: GrantFiled: May 30, 2019Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Stephen Burmester, Trevor S. Norvill, Craig A. Pearson
-
Patent number: 10958641Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.Type: GrantFiled: November 20, 2017Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Stephen Burmester, Trevor S. Norvill, Craig A. Pearson
-
Publication number: 20200242717Abstract: A processor-implemented method manages an identification document (ID) that is displayed on an electronic device. One or more processors (e.g., within an identity document manager) receive a set of profile details about an entity. The processor(s) send the set of profile details about the entity to a blockchain system that generates a blockchain from the set of profile details about the entity. The processor(s) generate a barcode from a hash of the blockchain, and transmit the barcode to an entity device. The processor(s) subsequently receive a new barcode from an entity verification device. The processor(s) compare information in the new barcode that is received from the entity verification device to information in the blockchain that the identity document manager received from the blockchain system. In response to the two sets of information matching, the processor(s) transmit entity authorization instructions to the entity verification device.Type: ApplicationFiled: January 30, 2019Publication date: July 30, 2020Inventors: PRANAB AGARWAL, CRAIG PEARSON, MICHAEL E. HOOD
-
Publication number: 20200106767Abstract: A service provider configured to establish a federated identity management with an identity provider, provision a first user account, and retrieve revocation information from a ledger. The revocation information can include a revoked user account identifier published to the ledger by the identity provider. The service provider can determine that the revoked user account identifier corresponds to the first user account. The service provider can delete the first user account from the service provider.Type: ApplicationFiled: October 2, 2018Publication date: April 2, 2020Inventors: Keiran W. Robinson, Craig Pearson, Leo M. M. Farrell
-
Publication number: 20190281051Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.Type: ApplicationFiled: May 30, 2019Publication date: September 12, 2019Inventors: Stephen Burmester, Trevor S. Norvill, Craig A. Pearson
-
Publication number: 20190158491Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: Stephen Burmester, Trevor S. Norvill, Craig A. Pearson
-
Publication number: 20190141154Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: ApplicationFiled: January 7, 2019Publication date: May 9, 2019Inventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 10225359Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: GrantFiled: September 22, 2016Date of Patent: March 5, 2019Assignee: International Business Machines CorporationInventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 10093235Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.Type: GrantFiled: February 6, 2017Date of Patent: October 9, 2018Assignee: Ford Global Technologies LLCInventors: Craig Pearson, Robert Anthony Brancaleone
-
Publication number: 20180084071Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Inventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 9906558Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.Type: GrantFiled: June 24, 2015Date of Patent: February 27, 2018Assignee: International Business Machines CorporationInventors: David P. Moore, Craig Pearson
-
Patent number: 9669762Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.Type: GrantFiled: December 19, 2011Date of Patent: June 6, 2017Assignee: Ford Global Technologies, LLCInventors: Craig Pearson, Robert Anthony Brancaleone
-
Publication number: 20170144600Abstract: An automotive side view mirror attachment assembly includes first and second loading surfaces for engaging a mounting member of a side view mirror assembly, wherein the first and second loading surfaces are disposed within an interior of a vehicle door, such that, in assembly, a mounting member of the mirror assembly is substantially or fully disposed within the interior of a vehicle door, thereby minimizing the overall mirror footprint by eliminating the need for an external base for attachment of a mirror assembly to a vehicle door.Type: ApplicationFiled: February 6, 2017Publication date: May 25, 2017Inventors: Craig Pearson, Robert Anthony Brancaleone
-
Publication number: 20160381021Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.Type: ApplicationFiled: June 24, 2015Publication date: December 29, 2016Inventors: David P. Moore, Craig Pearson
-
Publication number: 20160284146Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.Type: ApplicationFiled: December 18, 2015Publication date: September 29, 2016Inventors: David P. Moore, Craig Pearson
-
Publication number: 20160284141Abstract: An approach for access authorization to a protected resource is provided. The approach provisions a physical access badge identifier to a door controller. The approach receives a swipe event, wherein the swipe event includes a door controller identifier and the physical access badge identifier. The approach creates an authorization request to access a protected resource, wherein the authorization request includes a request from a user for access to a protected resource. The approach identifies one or more security policies for the protected resource. The approach determines whether to permit access to the protected resource based, at least in part, on the one or more security policies and the swipe event. Responsive to a determination to permit access to the protected resource, the approach permits access to the protected resource, wherein permitting access to the protected resource includes validating an authentication session for a user.Type: ApplicationFiled: March 27, 2015Publication date: September 29, 2016Inventors: David P. Moore, Craig Pearson