Patents by Inventor David M'Raihi
David M'Raihi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20130010957Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.Type: ApplicationFiled: July 6, 2012Publication date: January 10, 2013Applicant: Verayo, Inc.Inventors: Meng-Day Yu, Srinivas Devadas, David M'Raihi, Eric Duprat
-
Publication number: 20120311338Abstract: In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.Type: ApplicationFiled: January 24, 2012Publication date: December 6, 2012Applicant: Apple Inc.Inventors: Augustin J. FARRUGIA, David M'RAIHI, Mathieu CIET, Thomas ICART
-
Publication number: 20120159177Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.Type: ApplicationFiled: November 10, 2011Publication date: June 21, 2012Applicant: Symantec CorporationInventors: Siddharth Bajaj, Roxana Alina Bradescu, Jeffrey Burstein, David M'Raihi, Nicolas Popp
-
Patent number: 8171289Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.Type: GrantFiled: June 11, 2007Date of Patent: May 1, 2012Assignee: Symantec CorporationInventors: Joseph A. Adler, David M'Raihi
-
Publication number: 20120095877Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.Type: ApplicationFiled: October 19, 2010Publication date: April 19, 2012Applicant: Apple, Inc.Inventors: Jean-Pierre Ciudad, Augustin J. Farrugia, David M'Raihi, Bertrand Mollinier Toublet, Gianpaolo Fasoli, Nicholas T. Sullivan
-
Publication number: 20120096535Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10?Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.Type: ApplicationFiled: December 6, 2011Publication date: April 19, 2012Applicant: Symantec CorporationInventors: Nicolas POPP, David M'RAIHI, Loren HART
-
Patent number: 8112626Abstract: A method and apparatus to authenticate limited processing-power systems (LPPS) using elliptic cryptography within a well known elliptic curve E, over a well known finite field F((E(F)). The apparatus comprises a random number generator to choose a random value b, of a similar order of magnitude to the order of E(F). The apparatus further comprises a challenge calculator to calculate a value C=bP and send the challenge to the LPPS, where P is a point on the elliptic curve E(F) which was used as a basis for generating a private key, a, for the LPPS. The apparatus further comprising an RFID reader to receive a challenge response, R=aC=abP from the LPPS, and a crypto calculator to calculate bQ, based on a public key, Q, of the LPPS. The apparatus further comprising a comparison logic to authenticate the LPPS if bQ=aC=abP.Type: GrantFiled: January 20, 2006Date of Patent: February 7, 2012Assignee: Symantec CorporationInventors: Joseph A. Adler, David M'Raihi
-
Patent number: 8087074Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.Type: GrantFiled: October 17, 2005Date of Patent: December 27, 2011Assignee: Symantec CorporationInventors: Nicolas Popp, David M'Raihi, Loren Hart
-
Publication number: 20110283174Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: ApplicationFiled: May 13, 2010Publication date: November 17, 2011Applicant: VeriSign, Inc.Inventors: David M'Raihi, Barry Ferg, Gary Krall
-
Patent number: 8060916Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.Type: GrantFiled: November 6, 2006Date of Patent: November 15, 2011Assignee: Symantec CorporationInventors: Siddharth Bajaj, Roxana Alina Bradescu, Jeffrey Burstein, David M'Raihi, Nicolas Popp
-
Publication number: 20110126292Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.Type: ApplicationFiled: March 30, 2010Publication date: May 26, 2011Applicant: VeriSign, Inc.Inventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
-
Patent number: 7861286Abstract: A system and method for providing identity protection services. According to an embodiment, a validation server receives over a network a response from a credential associated with a user, the credential response provided by the user in order to authenticate the user to one of a plurality of sites on the network that accepts the credential as a factor for authentication, the validation server verifies the credential response on behalf of the one network site, a fraud detection server receives over the network information in connection with a transaction associated with the user at the one network site, and the fraud detection server evaluates the transaction information for suspicious activity based at least in part on information provided to the fraud detection server in connection with one or more transactions at one or more sites on the network other than the one network site.Type: GrantFiled: February 12, 2007Date of Patent: December 28, 2010Assignee: Symantec Software CorporationInventors: David M'Raihi, Joseph Adler, Siddharth Bajaj, Nicolas Popp, Kerry E. Loftus, Bruce Ong, Alin M. Mutu, Jeffrey Burstein, Yueqin Lin
-
Publication number: 20100037046Abstract: A centralized credential management system. Website credentials are stored at a vault storing at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.Type: ApplicationFiled: August 6, 2008Publication date: February 11, 2010Applicant: VeriSign, Inc.Inventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
-
Publication number: 20090313687Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10?Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.Type: ApplicationFiled: October 17, 2005Publication date: December 17, 2009Inventors: Nicolas Popp, David M'Raihi, Loren Hart
-
Publication number: 20080170695Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.Type: ApplicationFiled: June 11, 2007Publication date: July 17, 2008Inventors: Joseph A. Adler, David M'Raihi
-
Patent number: 7347366Abstract: A method and apparatus to provide authentication. The method comprising sending a challenge to a user to be authenticated, the challenge including a reference on a card issued to the user and receiving a user-supplied value purported by the user to be associated with the reference on the card issued to the user. The method further comprising accessing a secret key associated with the card issued to the user and generating a password using a function F of the secret key and the reference. The method further comprising mapping the function F to a value in an alphabet and authenticating the user by comparing the value in the alphabet to the user-supplied value.Type: GrantFiled: March 14, 2006Date of Patent: March 25, 2008Assignee: Verisign, Inc.Inventor: David M'Raihi
-
Publication number: 20070250923Abstract: A system and method for generating a One Time Password (OTP) based upon a value TEC that can change based both upon the occurrence of an event and the passage of time. The OTP can be computed at a token and sent to a verifier. The verifier stores exact or estimated parameters necessary to compute one or more expected OTPs from the token, including TEC. The value TEC can be synchronized between the token and the verifier.Type: ApplicationFiled: April 21, 2006Publication date: October 25, 2007Inventor: David M'Raihi
-
Publication number: 20070220595Abstract: A system and method for providing identity protection services. According to an embodiment, a validation server receives over a network a response from a credential associated with a user, the credential response provided by the user in order to authenticate the user to one of a plurality of sites on the network that accepts the credential as a factor for authentication, the validation server verifies the credential response on behalf of the one network site, a fraud detection server receives over the network information in connection with a transaction associated with the user at the one network site, and the fraud detection server evaluates the transaction information for suspicious activity based at least in part on information provided to the fraud detection server in connection with one or more transactions at one or more sites on the network other than the one network site.Type: ApplicationFiled: February 12, 2007Publication date: September 20, 2007Inventors: David M'raihi, Joseph Adler, Siddharth Bajaj, Nicolas Popp, Kerry Loftus, Bruce Ong, Alin Mutu, Jeffrey Burstein, Yueqin Lin
-
Publication number: 20070215693Abstract: A method and apparatus to provide authentication. The method comprising sending a challenge to a user to be authenticated, the challenge including a reference on a card issued to the user and receiving a user-supplied value purported by the user to be associated with the reference on the card issued to the user. The method further comprising accessing a secret key associated with the card issued to the user and generating a password using a function F of the secret key and the reference. The method further comprising mapping the function F to a value in an alphabet and authenticating the user by comparing the value in the alphabet to the user-supplied value.Type: ApplicationFiled: March 14, 2006Publication date: September 20, 2007Inventor: David M'Raihi
-
Publication number: 20070016943Abstract: A scalable system and method for authenticating entities such as consumers to entities with a diverse set of authentication requirements, such as merchants, banks, vendors, other consumers, and so on. An authentication credential such as a token can be shared among several resources as a way to authenticate the credential owner.Type: ApplicationFiled: May 5, 2006Publication date: January 18, 2007Inventors: David M'Raihi, Siddharth Bajaj, Nicolas Popp