Patents by Inventor David M'Raihi
David M'Raihi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11966380Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: GrantFiled: July 21, 2021Date of Patent: April 23, 2024Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Christian Tschudin, David M′Raihi
-
Publication number: 20240015141Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: ApplicationFiled: June 12, 2023Publication date: January 11, 2024Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 11706198Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: May 8, 2020Date of Patent: July 18, 2023Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 11475106Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.Type: GrantFiled: October 31, 2018Date of Patent: October 18, 2022Assignee: Apple Inc.Inventors: Jean-Pierre Ciudad, Augustin J. Farrugia, David M'Raihi, Bertrand Mollinier Toublet, Gianpaolo Fasoli, Nicholas T. Sullivan
-
Publication number: 20220012228Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: ApplicationFiled: July 21, 2021Publication date: January 13, 2022Inventors: Christian Tschudin, David M'Raihi
-
Patent number: 11100082Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: GrantFiled: November 14, 2019Date of Patent: August 24, 2021Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Christian Tschudin, David M'Raihi
-
Patent number: 10936191Abstract: An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a remote management system that receives a request to operate on an element of the computing system and generates a message based on the request and a first token for the remote management system that is associated with the request. The message includes data representative of a second token for the remote management system. The remote management system signs the message and transmits the signed message to the computing system, which is configured to verify and use the signed message, including the second token included in the signed message, to obtain and use a local access token to access and operate on the element in accordance with the request.Type: GrantFiled: December 5, 2018Date of Patent: March 2, 2021Assignee: Pure Storage, Inc.Inventors: Sitaraman Suthamali Lakshminarayanan, Christopher Holtz, Jonathan McLachlan, Li Zhao, David M'Raihi, Yu Tan
-
Publication number: 20200344218Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: ApplicationFiled: May 8, 2020Publication date: October 29, 2020Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Patent number: 10819709Abstract: An organization that wishes its messages to be secure (the “communicating organization”) uses services of a secure communications infrastructure to securely exchange communications among its users. The secure communications infrastructure allows granting to third-party applications the permission to act on behalf of the users when using the secure communications infrastructure. This delegation may be accomplished at a very granular level, specifying the particular applications that are authorized to act on behalf of a user, the particular operations that those applications are authorized to perform, and/or in which contexts the applications may perform the operations. An agent component acts as an intermediary between third-party applications and the core of the secure communications infrastructure. This permits the third-party application to take actions on behalf of the user, while also preventing the third-party applications from obtaining the security-specific data that could lead to a breach of security.Type: GrantFiled: September 25, 2017Date of Patent: October 27, 2020Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: David M'Raihi, Aaron Scales, Bruce Skingle, Glenn Anderson, Benjamin Liu, Paul Teyssier, Daniel Nathanson
-
Patent number: 10693847Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: December 11, 2018Date of Patent: June 23, 2020Assignee: Symphony Communication Services Holdings LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Publication number: 20200142881Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: ApplicationFiled: November 14, 2019Publication date: May 7, 2020Inventors: Christian Tschudin, David M'Raihi
-
Patent number: 10496631Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: GrantFiled: March 10, 2017Date of Patent: December 3, 2019Assignee: Symphony Communication Services Holdings LLCInventors: Christian Tschudin, David M'Raihi
-
Patent number: 10432589Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: July 29, 2016Date of Patent: October 1, 2019Assignee: Symphony Communication Services Holdings LLCInventors: David M'Raihi, David Gurle, Michael Harmon, Jon McLachlan, Ivan Rylach, Sergey Stelmakh
-
Publication number: 20190114399Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.Type: ApplicationFiled: October 31, 2018Publication date: April 18, 2019Inventors: Jean-Pierre CIUDAD, Augustin J. FARRUGIA, David M'RAIHI, Bertrand Mollinier TOUBLET, Gianpaolo FASOLI, Nicholas T. SULLIVAN
-
Patent number: 10237246Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.Type: GrantFiled: July 29, 2016Date of Patent: March 19, 2019Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLCInventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
-
Publication number: 20180260430Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.Type: ApplicationFiled: March 10, 2017Publication date: September 13, 2018Inventors: Christian Tschudin, David M'Raihi
-
Patent number: 9792089Abstract: A random number generator uses a looped circuit that produces pulses dependent on manufacturing variations and noise, and fed into a counting circuit. In certain embodiments, the technology can be merged with a Physical Unclonable Function (PUF) such that a single circuit provides both 1) bits that are unique to each chip that remain fairly similar each time they are queried on the same chip; as well as 2) bits that are random, i.e., different each time the randomness is queried, even on the same device.Type: GrantFiled: September 10, 2014Date of Patent: October 17, 2017Assignee: Verayo, Inc.Inventors: Meng-Day (Mandel) Yu, David M'raihi
-
Patent number: 9712532Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: GrantFiled: June 3, 2013Date of Patent: July 18, 2017Assignee: Symantec CorporationInventors: Gary Krall, Barry Ferg, David M'Raihi, Nicolas Popp
-
Publication number: 20160127346Abstract: The disclosed invention is a system and method that allows for authentication of a user to a network using a token. The user can use movements or gesture that are recorded by an accelerometer and the token interacts with a device and authenticates the user to the system. The token may be part of the device or stand alone. The various aspects of the present invention capture a novel design for an authentication token that authenticated the token and the user of the token.Type: ApplicationFiled: June 2, 2014Publication date: May 5, 2016Applicant: Verayo, Inc.Inventors: William Henry BARES, David M'RAIHI, Eric DUPRAT
-
Publication number: 20160127365Abstract: The disclosed invention is a system and method that allows for authentication of a user to a network using a token. The token interacts with a device and authenticates the user to the system using lower power consumption and minimal bandwidth user for communication. The token may be part of the device or stand alone. The various aspects of the present invention capture a novel design for an authentication token that eliminates the need for user interaction with the token.Type: ApplicationFiled: June 3, 2014Publication date: May 5, 2016Applicant: Verayo, Inc.Inventors: William Henry BARES, David M'RAIHI