Patents by Inventor Dirk Balfanz
Dirk Balfanz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10848484Abstract: The subject technology provides for detecting, by a first computing device, a second computing device being within a predetermined distance of the first computing device, the first computing device being in a locked mode. The subject technology receives an access key from the second computing device. Additionally, the subject technology exits, by the first computing device, the locked mode based on the access key from the second computing device.Type: GrantFiled: January 4, 2018Date of Patent: November 24, 2020Assignee: Google LLCInventors: Joshua Woodward, Jay Pierre Civelli, Dirk Balfanz, Marco Fucci, Alexei Czeskis, Nishit Shah, Kan Liu, Michal Levin
-
Patent number: 10050960Abstract: A method of adding a user account to an unassociated device may include detecting, by an associated device that is associated with a user account, an audio signal broadcast by an unassociated device that is not associated with the user account, where the audio signal includes a token. The method may include sending the token to a computing device associated with a service provider of the user account, receiving, by the associated device, a command, determining that the received command is an authorization command, and in response to determining that the received command is an authorization command, sending one or more authorization instructions to the computing device. The one or more authorization instructions may instruct the computing device to send one or more credentials associated with the user.Type: GrantFiled: August 24, 2016Date of Patent: August 14, 2018Assignee: Google LLCInventors: Alexei Czeskis, Dirk Balfanz
-
Publication number: 20180131683Abstract: The subject technology provides for detecting, by a first computing device, a second computing device being within a predetermined distance of the first computing device, the first computing device being in a locked mode. The subject technology receives an access key from the second computing device. Additionally, the subject technology exits, by the first computing device, the locked mode based on the access key from the second computing device.Type: ApplicationFiled: January 4, 2018Publication date: May 10, 2018Inventors: Joshua Woodward, Jay Pierre Civelli, Dirk Balfanz, Marco Fucci, Alexei Czeskis, Nishit Shah, Kan Liu, Michal Levin
-
Patent number: 9882895Abstract: A first computing device provides an indication that the first computing device accepts dynamic user registration of user accounts over a wireless connection. A second computing device automatically connects to the first computing device and passes an account token to the first computing device over the wireless connection, all without physical interaction with the first computing device. The first computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the first computing device.Type: GrantFiled: January 6, 2016Date of Patent: January 30, 2018Assignee: Google LLCInventors: Joshua Woodward, Jay Pierre Civelli, Dirk Balfanz, Marco Fucci, Alexei Czeskis, Nishit Shah, Kan Liu, Michal Levin
-
Patent number: 9449160Abstract: A method of adding a user account to an unassociated device may include detecting, by an associated device that is associated with a user account, an audio signal broadcast by an unassociated device that is not associated with the user account, where the audio signal includes a token. The method may include sending the token to a computing device associated with a service provider of the user account, receiving, by the associated device, a command, determining that the received command is an authorization command, and in response to determining that the received command is an authorization command, sending one or more authorization instructions to the computing device. The one or more authorization instructions may instruct the computing device to send one or more credentials associated with the user.Type: GrantFiled: February 18, 2014Date of Patent: September 20, 2016Assignee: Google Inc.Inventors: Alexei Czeskis, Dirk Balfanz
-
Patent number: 9392104Abstract: A first computing device monitors a presence of a second computing device, and determines when the second computing device has moved out of an area proximate to the first computing device. In response to determining that the second computer moved out of the area, the first computing device is automatically configured to limit user interaction with one or more applications currently operating on the first computing device to a predetermined set of commands while preventing user interaction with other applications provided by the first computing device.Type: GrantFiled: February 10, 2015Date of Patent: July 12, 2016Assignee: Google Inc.Inventors: Nishit Shah, Kan Liu, Caesar Sengupta, Benjamin Thomas Smith, Eric Sachs, Mayank Dutt Upadhyay, Dirk Balfanz, Michal Levin
-
Publication number: 20160119322Abstract: A first computing device provides an indication that the first computing device accepts dynamic user registration of user accounts over a wireless connection. A second computing device automatically connects to the first computing device and passes an account token to the first computing device over the wireless connection, all without physical interaction with the first computing device. The first computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the first computing device.Type: ApplicationFiled: January 6, 2016Publication date: April 28, 2016Inventors: Joshua Woodward, Jay Pierre Civelli, Dirk Balfanz, Marco Fucci, Alexei Czeskis, Nishit Shah, Kan Liu, Michal Levin
-
Patent number: 9325696Abstract: A system and method is disclosed for authenticating a user using locally stored credentials. A website is configured to provide, to a web browser, a login page, including header information which informs the web browser that the website may accept an automatic login. In response to receiving, from the web browser, credential information and a request to login to the website, a login token having an expiration time is generated by an authentication server and returned to the web browser. The web browser provides the login token to an authentication address associated with the website, before the expiration time, to automatically login to the website.Type: GrantFiled: January 31, 2012Date of Patent: April 26, 2016Assignee: Google Inc.Inventors: Dirk Balfanz, Michael K. Fleming, Doru Costin Manolache
-
Patent number: 9276914Abstract: A computing device provides an indication that the computing device accepts dynamic user registration of user accounts over a wireless connection. A wireless mobile device automatically connects to the computing device, establishes an encrypted connection, and receives, over the encrypted connection, and passes an encrypted account token over the encrypted connection to the computing device, all without physical interaction with the computing device. The computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the device.Type: GrantFiled: January 29, 2015Date of Patent: March 1, 2016Assignee: Google Inc.Inventors: Joshua Woodward, Jay Pierre Civelli, Dirk Balfanz, Marco Fucci, Alexei Czeskis, Nishit Shah, Kan Liu, Michal Levin
-
Publication number: 20150295901Abstract: A computing device provides an indication that the computing device accepts dynamic user registration of user accounts over a wireless connection. A wireless mobile device automatically connects to the computing device, establishes an encrypted connection, and receives, over the encrypted connection, and passes an encrypted account token over the encrypted connection to the computing device, all without physical interaction with the computing device. The computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the device.Type: ApplicationFiled: January 29, 2015Publication date: October 15, 2015Inventors: Joshua WOODWARD, Jay Pierre CIVELLI, Dirk BALFANZ, Marco FUCCI, Alexei CZESKIS, Nishit SHAH, Kan LIU, Michal LEVIN
-
Publication number: 20150296074Abstract: A first computing device monitors a presence of a second computing device, and determines when the second computing device has moved out of an area proximate to the first computing device. In response to determining that the second computer moved out of the area, the first computing device is automatically configured to limit user interaction with one or more applications currently operating on the first computing device to a predetermined set of commands while preventing user interaction with other applications provided by the first computing device.Type: ApplicationFiled: February 10, 2015Publication date: October 15, 2015Inventors: Nishit SHAH, Kan LIU, Caesar SENGUPTA, Benjamin Thomas SMITH, Eric SACHS, Mayank Dutt UPADHYAY, Dirk BALFANZ, Michal LEVIN
-
Patent number: 8515389Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.Type: GrantFiled: February 14, 2011Date of Patent: August 20, 2013Assignee: Palo Alto Research Center IncorporatedInventors: Diana K. Smetters, Dirk Balfanz, Glenn E. Durfee, Rebecca E. Grinter, Paul J. Stewart, Hao-Chi Wong
-
Patent number: 8345871Abstract: A method of providing secure communications over a network includes receiving, at a receiving computer, a public key of a sending computer, and a hash of a sending random number over a first communication channel, transmitting, from the receiving computer, a public key of the receiving computer and a receiving random number provided by the receiving computer over the first communication channel, and receiving, at the receiving computer, the sending random number provided by the sending computer over the first communication channel.Type: GrantFiled: March 15, 2007Date of Patent: January 1, 2013Assignees: Palo Alto Research Center Incorporated, Samsung Electronics Co., Ltd.Inventors: Dirk Balfanz, Philippe J. Golle, Diana K. Smetters, Glenn E. Durfee
-
Patent number: 8256664Abstract: Systems and methods provide a user with secure access to a web site at a first client device without having to enter login information, such as a username and password, at that device. For example, the first device may request access to user information from a server system. The server may generate a session ID, associate it with the first device, and encode it into a bar code that is displayed at the first device. Using camera functions, a second client device may identify and decode the bar code to determine the session ID. The login information may be entered into the second device in order to establish a secure connection with the server. The second device may transmit the session ID to the server system. The server may identify the first client device based on the common session ID and transmit the requested user information to the first device.Type: GrantFiled: April 9, 2010Date of Patent: September 4, 2012Assignee: Google Inc.Inventors: Dirk Balfanz, Breno Fonseca de Medeiros, Sheldon Walfish
-
Patent number: 8156337Abstract: Pre-authentication information of devices is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link with location-limited channels being initially used to pre-authenticate devices. Use of public keys in the pre-authentication data allows for the broadening of types of media suitable for use as location-limited channels to include, for example, audio and infrared. Also, it allows a range of key exchange protocols which can be authenticated in this manner to include most public-key-based protocols. As a result, a large range of devices, protocols can be used in various applications. Further, an eavesdropper is forced to mount an active attack on the location-limited channel itself in order to access an ad-hoc exchange. However, this results in the discovery of the eavesdropper.Type: GrantFiled: April 3, 2006Date of Patent: April 10, 2012Assignee: Palo Alto Research Center IncorporatedInventors: Dirk Balfanz, Cristina Lopes, Diana Smetters, Paul Stewart, Hao-Chi Wong
-
Patent number: 8135956Abstract: Techniques are provided for the lightweight authentication of a user to an application, a computer or other device. An interaction element such as a stylus, a pen or marker is uniquely identified. The interactive element is associated with a user. The interaction element provides a means for interacting with the application. The proximity of the identification element within the interaction element during data entry operations to the authentication sensor signals the controlled application that the user has been authenticated.Type: GrantFiled: December 11, 2006Date of Patent: March 13, 2012Assignee: Palo Alto Research Center IncorporatedInventor: Dirk Balfanz
-
Patent number: 8023654Abstract: A method for securing human to human communication over a network includes receiving, by a first computer, an incoming authenticated data stream from a second computer over a first communication channel, the incoming authenticated data stream having been computed using an incoming digital experiential data stream and a first imprint, and extracting the first imprint from the incoming authenticated data stream. The incoming authenticated data stream is then presented for sensory experience by a human. An outgoing digital experiential data stream is then input and the method computes a second imprint associated with the first computer and computes an outgoing authenticated data stream using the outgoing digital experiential data stream and the second imprint. A second communication channel is then secured from the first computer to the second computer using the first imprint, the second communication channel suitable for sending the outgoing authenticated data stream to the second computer.Type: GrantFiled: December 18, 2006Date of Patent: September 20, 2011Assignee: Palo Alto Research Center IncorporatedInventors: Paul J. Stewart, Dirk Balfanz, Glenn E. Durfee, Diana K. Smetters
-
Publication number: 20110219358Abstract: A method of receiving mobile code includes receiving, from a source node, a dependency descriptor describing at least one permitted configuration, each configuration comprising necessary conditions on a destination node to execute mobile code, executing, on the destination node, checker code associated with the conditions described in the dependency descriptor, and, if at least one configuration is compatible, receiving the mobile code at the destination node.Type: ApplicationFiled: May 13, 2011Publication date: September 8, 2011Applicant: PALO ALTO RESEARCH CENTER INCORPORATEDInventor: Dirk Balfanz
-
Publication number: 20110134847Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.Type: ApplicationFiled: February 14, 2011Publication date: June 9, 2011Applicant: PALO ALTO RESEARCH CENTER INCORPORATEDInventors: Diana K. Smetters, Dirk Balfanz, Glenn E. Durfee, Rebecca E. Grinter, Paul J. Stewart, Hao-Chi Wong
-
Patent number: 7937752Abstract: A system and method for sharing files securely includes server software on a first device configured to communicate with server software operating on one or more other preauthorized devices, such as a second device. The servers communicate with each other securely using cryptographic information exchanged during a preauthorization phase using a range-limited communication channel. The server on the first device obtains file information from the other preauthorized device(s) and combines the information with local file information from the first device. This combined file information is sent to client software operating on the machine, which presents the combined file information to users.Type: GrantFiled: February 18, 2009Date of Patent: May 3, 2011Assignee: Palo Alto Research Center IncorporatedInventors: Dirk Balfanz, Diana Smetters, Kenneth Conley, Bryan Pendleton, Steve Cousins