Patents by Inventor David M'Raihi
David M'Raihi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9264234Abstract: In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.Type: GrantFiled: January 24, 2012Date of Patent: February 16, 2016Assignee: APPLE INC.Inventors: Augustin J. Farrugia, David M'Raihi, Mathieu Ciet, Thomas Icart
-
Patent number: 9258124Abstract: A system and method for generating a One Time Password (OTP) based upon a value TEC that can change based both upon the occurrence of an event and the passage of time. The OTP can be computed at a token and sent to a verifier. The verifier stores exact or estimated parameters necessary to compute one or more expected OTPs from the token, including TEC. The value TEC can be synchronized between the token and the verifier.Type: GrantFiled: April 21, 2006Date of Patent: February 9, 2016Assignee: Symantec CorporationInventor: David M'Raihi
-
Patent number: 9185108Abstract: A scalable system and method for authenticating entities such as consumers to entities with a diverse set of authentication requirements, such as merchants, banks, vendors, other consumers, and so on. An authentication credential such as a token can be shared among several resources as a way to authenticate the credential owner.Type: GrantFiled: May 5, 2006Date of Patent: November 10, 2015Assignee: Symantec CorporationInventors: David M'Raihi, Siddharth Bajaj, Nicolas Popp
-
Patent number: 9026788Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.Type: GrantFiled: April 25, 2013Date of Patent: May 5, 2015Assignee: Symantec CorporationInventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
-
Publication number: 20150074157Abstract: A random number generator uses a looped circuit that produces pulses dependent on manufacturing variations and noise, and fed into a counting circuit. In certain embodiments, the technology can be merged with a Physical Unclonable Function (PUF) such that a single circuit provides both 1) bits that are unique to each chip that remain fairly similar each time they are queried on the same chip; as well as 2) bits that are random, i.e., different each time the randomness is queried, even on the same device.Type: ApplicationFiled: September 10, 2014Publication date: March 12, 2015Inventors: Meng-Day (Mandel) YU, David M'RAIHI
-
Patent number: 8908866Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.Type: GrantFiled: April 13, 2012Date of Patent: December 9, 2014Assignee: Symantec CorporationInventors: Joseph A. Adler, David M'Raihi
-
Publication number: 20140331288Abstract: A system and methods are disclosed that limiting the number of challenge/response pairs available to an adversary. In accordance with the various aspects of the present invention, gate the access to an authentication module with a gatekeeper. The system can create a challenge/response protocol whereby the amount of challenge/response information leaked is controlled by the server. The device cannot leak challenge/response pairs when the device is in the possession of or being queried by an adversary or false device.Type: ApplicationFiled: May 1, 2014Publication date: November 6, 2014Applicant: VERAYO, INC.Inventors: Meng-Day (Mandel) YU, David M'RAIHI
-
Publication number: 20140301551Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.Type: ApplicationFiled: April 13, 2012Publication date: October 9, 2014Applicant: Symantec CorporationInventors: Joseph A. Adler, David M'Raihi
-
Publication number: 20140237622Abstract: A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program.Type: ApplicationFiled: August 12, 2013Publication date: August 21, 2014Applicant: Arxan Technologies, Inc.Inventors: Hoi Chang, Florian Kerschbaum, Kyle Faulkner, David M'Raihi, Michael Joseph Mehlberg
-
Patent number: 8762723Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.Type: GrantFiled: July 6, 2012Date of Patent: June 24, 2014Assignee: Verayo, Inc.Inventors: Meng-Day Yu, Srinivas Devadas, David M'Raihi, Eric Duprat
-
Patent number: 8751806Abstract: A method and apparatus to authenticate limited processing-power systems (LPPS) using elliptic cryptography within a well known elliptic curve E, over a well known finite field F ((E(F)). The apparatus comprises a random number generator to choose a random value b, of a similar order of magnitude to the order of E(F). The apparatus further comprises a challenge calculator to calculate a value C=bP and send the challenge to the LPPS, where P is a point on the elliptic curve E(F) which was used as a basis for generating a private key, a, for the LPPS. The apparatus further comprising an RFID reader to receive a challenge response, R=aC=abP from the LPPS, and a crypto calculator to calculate bQ, based on a public key, Q, of the LPPS. The apparatus further comprising a comparison logic to authenticate the LPPS if bQ=aC=abP.Type: GrantFiled: January 11, 2012Date of Patent: June 10, 2014Assignee: Symantec CorporationInventors: Joseph A. Adler, David M'Raihi
-
Patent number: 8615809Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.Type: GrantFiled: November 10, 2011Date of Patent: December 24, 2013Assignee: Symantec CorporationInventors: Siddharth Bajaj, Roxana Alina Bradescu, Jeffrey Burstein, David M'Raihi, Nicolas Popp
-
Publication number: 20130298211Abstract: The disclosed invention is a system and method that allows for authentication of a user to a network using a token. The token interacts with a device and authenticates the user to the system. The token may be part of the device or stand alone. The various aspects of the present invention capture a novel design for an authentication token that eliminates the need for user interaction with the token.Type: ApplicationFiled: April 2, 2013Publication date: November 7, 2013Applicant: VERAYO, INC.Inventors: David M'Raihi, Srinivas Devadas, WILLIAM HENRY BARES, Meng-Day Mandel Yu, ZDENEK SIDNEY PARAL
-
Publication number: 20130269042Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: ApplicationFiled: June 3, 2013Publication date: October 10, 2013Inventors: Gary Krall, Barry Ferg, David M'Raihi
-
Publication number: 20130238894Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.Type: ApplicationFiled: April 25, 2013Publication date: September 12, 2013Applicant: Symantec CorporationInventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
-
Patent number: 8533581Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: GrantFiled: May 13, 2010Date of Patent: September 10, 2013Assignee: Symantec CorporationInventors: Gary Krall, Barry Ferg, David M'Raihi
-
Patent number: 8510571Abstract: A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program.Type: GrantFiled: March 24, 2004Date of Patent: August 13, 2013Inventors: Hoi Chang, Florian Kerschbaum, Kyle Faulkner, David M'Raïhi, Michael Joseph Mehlberg
-
Patent number: 8438382Abstract: A centralized credential management system includes website credentials that are stored at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.Type: GrantFiled: August 6, 2008Date of Patent: May 7, 2013Assignee: Symantec CorporationInventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
-
Patent number: 8434138Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.Type: GrantFiled: December 6, 2011Date of Patent: April 30, 2013Assignee: Symantec CorporationInventors: Nicolas Popp, David M'Raihi, Loren Hart
-
Patent number: 8407802Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: GrantFiled: March 30, 2010Date of Patent: March 26, 2013Assignee: Symantec CorporationInventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp