Patents by Inventor Douglas L. Foiles
Douglas L. Foiles has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11431501Abstract: Embodiments presented herein provide a partner authentication (PA) system that coordinates a network-based authorization process for an application. The PA system exchanges a series of messages with the application seeking an access token for a protected resource, an authorization server associated with the resource, and an agent executing on a device accessed by a user who wants the application to access the resource. The PA system and the agent communicate with the authorization server on behalf of the application throughout the authorization process. At the completion of the authorization process, the PA system receives an access token and a refresh token from the server on behalf of the application and sends a partner authorization (PA) token to the application. When the application seeks access to the resource that is available to authorized parties via the resource server, the application sends the PA token to the PA system and receives the access token in return.Type: GrantFiled: July 6, 2020Date of Patent: August 30, 2022Assignee: INTUIT INC.Inventors: Parul Jain, Douglas L. Foiles, Nagaraj Janardhana
-
Patent number: 11080375Abstract: Certain aspects of the present disclosure provide techniques for determining an identity of a user requesting access to a resource. An example technique for determining the identity of the user includes, upon receiving a request for a resource, determining the identity assurance strength of the user. The determination of the identity assurance strength of the user is based on personal identifying information, risk signals, user history, and the like. If the user does not have the requisite identity assurance strength to access a resource, based on policy criteria, an identity proofing operation may be determined for the user to complete in order to access the resource, where the operation is determined based on policy criteria, risk signals, and the like. Upon completion of the identity assurance operation, if the user has adequate identity assurance strength, then the user may access the resource.Type: GrantFiled: August 1, 2018Date of Patent: August 3, 2021Assignee: INTUIT INC.Inventors: Antonio Fuentes, Douglas L. Foiles, Jeremy Luchau, Ergang Sun
-
Publication number: 20200336310Abstract: Embodiments presented herein provide a partner authentication (PA) system that coordinates a network-based authorization process for an application. The PA system exchanges a series of messages with the application seeking an access token for a protected resource, an authorization server associated with the resource, and an agent executing on a device accessed by a user who wants the application to access the resource. The PA system and the agent communicate with the authorization server on behalf of the application throughout the authorization process. At the completion of the authorization process, the PA system receives an access token and a refresh token from the server on behalf of the application and sends a partner authorization (PA) token to the application. When the application seeks access to the resource that is available to authorized parties via the resource server, the application sends the PA token to the PA system and receives the access token in return.Type: ApplicationFiled: July 6, 2020Publication date: October 22, 2020Inventors: Parul JAIN, Douglas L. FOILES, Nagaraj JANARDHANA
-
Patent number: 10708053Abstract: Embodiments presented herein provide a partner authentication (PA) system that coordinates a network-based authorization process for an application. The PA system exchanges a series of messages with the application seeking an access token for a protected resource, an authorization server associated with the resource, and an agent executing on a device accessed by a user who wants the application to access the resource. The PA system and the agent communicate with the authorization server on behalf of the application throughout the authorization process. The PA system receives an access token and a refresh token from the server on behalf of the application and sends a partner authorization (PA) token to the application. When the application seeks access to the resource that is available to authorized parties via the resource server, the application sends the PA token to the PA system and receives the access token in return.Type: GrantFiled: July 14, 2017Date of Patent: July 7, 2020Assignee: INTUIT INC.Inventors: Parul Jain, Douglas L. Foiles, Nagaraj Janardhana
-
Patent number: 10565360Abstract: The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources. The system then calculates an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques. Upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, the system enables access to the computer-based resource in a response to the request.Type: GrantFiled: November 13, 2018Date of Patent: February 18, 2020Assignee: INTUIT INC.Inventors: Robert E. Lee, Thomas M. Pigoski, II, Douglas L. Foiles
-
Publication number: 20200042679Abstract: Certain aspects of the present disclosure provide techniques for determining an identity of a user requesting access to a resource. An example technique for determining the identity of the user includes, upon receiving a request for a resource, determining the identity assurance strength of the user. The determination of the identity assurance strength of the user is based on personal identifying information, risk signals, user history, and the like. If the user does not have the requisite identity assurance strength to access a resource, based on policy criteria, an identity proofing operation may be determined for the user to complete in order to access the resource, where the operation is determined based on policy criteria, risk signals, and the like. Upon completion of the identity assurance operation, if the user has adequate identity assurance strength, then the user may access the resource.Type: ApplicationFiled: August 1, 2018Publication date: February 6, 2020Inventors: Antonio FUENTES, Douglas L. FOILES, Jeremy LUCHAU, Ergang SUN
-
Publication number: 20190080064Abstract: The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources. The system then calculates an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques. Upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, the system enables access to the computer-based resource in a response to the request.Type: ApplicationFiled: November 13, 2018Publication date: March 14, 2019Inventors: Robert E. LEE, Thomas M. PIGOSKI, II, Douglas L. FOILES
-
Patent number: 10169556Abstract: The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources. The system then calculates an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques. Upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, the system enables access to the computer-based resource in a response to the request.Type: GrantFiled: October 30, 2014Date of Patent: January 1, 2019Assignee: INTUIT INC.Inventors: Robert E. Lee, Thomas M. Pigoski, II, Douglas L. Foiles
-
Publication number: 20180337784Abstract: Embodiments presented herein provide a partner authentication (PA) system that coordinates a network-based authorization process for an application. The PA system exchanges a series of messages with the application seeking an access token for a protected resource, an authorization server associated with the resource, and an agent executing on a device accessed by a user who wants the application to access the resource. The PA system and the agent communicate with the authorization server on behalf of the application throughout the authorization process. At the completion of the authorization process, the PA system receives an access token and a refresh token from the server on behalf of the application and sends a partner authorization (PA) token to the application. When the application seeks access to the resource that is available to authorized parties via the resource server, the application sends the PA token to the PA system and receives the access token in return.Type: ApplicationFiled: July 14, 2017Publication date: November 22, 2018Inventors: Parul JAIN, Douglas L. FOILES, Nagaraj JANARDHANA
-
Patent number: 10044730Abstract: Disclosed are methods, systems, and articles of manufacture for implementing adaptive levels of authentication assurance according to sensitivity or criticality of information accessed or actions performed in a financial management system to enhance user experience and usability of the financial management system while providing adequate security to safeguard sensitive data. Various flow nodes are associated with one or more levels of assurance which are further associated with some authentication tokens of different authentication strengths. Users are usually first authenticated with a lower authentication strength token. Risk profiles may also be accessed to examine the users' requests for access for fraud detection or prevention purposes.Type: GrantFiled: September 12, 2016Date of Patent: August 7, 2018Assignee: INTUIT INC.Inventors: Alex G. Balazs, Xiaoyan C. Liu-Barker, Douglas L. Foiles, Thomas M. Pigoski, Robert E. Lee
-
Patent number: 9444824Abstract: Disclosed are methods, systems, and articles of manufacture for implementing adaptive levels of authentication assurance according to sensitivity or criticality of information accessed or actions performed in a financial management system to enhance user experience and usability of the financial management system while providing adequate security to safeguard sensitive data. Various flow nodes are associated with one or more levels of assurance which are further associated with some authentication tokens of different authentication strengths. Users are usually first authenticated with a lower authentication strength token. Risk profiles may also be accessed to examine the users' requests for access for fraud detection or prevention purposes.Type: GrantFiled: February 28, 2014Date of Patent: September 13, 2016Assignee: INTUIT INC.Inventors: Alex G. Balazs, Xiaoyan C. Liu-Barker, Douglas L. Foiles, Thomas M. Pigoski, II, Robert E. Lee
-
Publication number: 20160125199Abstract: The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources. The system then calculates an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques. Upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, the system enables access to the computer-based resource in a response to the request.Type: ApplicationFiled: October 30, 2014Publication date: May 5, 2016Inventors: Robert E. Lee, Thomas M. Pigoski, II, Douglas L. Foiles
-
Patent number: 9088564Abstract: One embodiment of the present invention relates to a system that enables a user of an application that runs natively on a client to obtain access to a web resource that is affiliated with the native application. First, the native application obtains an access token from a Central Authentication Service (CAS). Next, the native application sends a secure request for a one-time use session token to the CAS. If the CAS determines the request is valid, the CAS initializes a session token and sends the session token to the native application. After receiving the session token, the native application directs a browser to an endpoint server, appending the session token to the browser's request. Finally, the endpoint server initializes an authenticated session wherein the authenticated session is scoped to the desired web resource.Type: GrantFiled: February 7, 2013Date of Patent: July 21, 2015Assignee: INTUIT INC.Inventors: Timothy E. Hobson, Shrisha Radhakrishna, Kishore Jonnalagedda, Soumendra Daas, Bibhakar Ranjan, Douglas L. Foiles
-
Patent number: 7895181Abstract: A system that tunes search results is presented. During operation, the system receives content to be searched. The system then iteratively performs the following operations until search results meet specified criteria. The system generates an index of the content based on a set of configuration parameters. Next, the system performs a search against the index to produce the search results. The system then determines whether the search results meet the specified criteria. If the search results do not meet the specified criteria, the system modifies one or more of: the set of configuration parameters; and the content. If the search results meet the specified criteria, the system saves the set of configuration parameters into a configuration file which can be used to generate the index for the content.Type: GrantFiled: February 1, 2008Date of Patent: February 22, 2011Assignee: Intuit Inc.Inventors: James Shaw, Cindy X. Deng, Douglas L. Foiles, Kam M. Law
-
Publication number: 20090198669Abstract: A system that tunes search results is presented. During operation, the system receives content to be searched. The system then iteratively performs the following operations until search results meet specified criteria. The system generates an index of the content based on a set of configuration parameters. Next, the system performs a search against the index to produce the search results. The system then determines whether the search results meet the specified criteria. If the search results do not meet the specified criteria, the system modifies one or more of: the set of configuration parameters; and the content. If the search results meet the specified criteria, the system saves the set of configuration parameters into a configuration file which can be used to generate the index for the content.Type: ApplicationFiled: February 1, 2008Publication date: August 6, 2009Applicant: INTUIT INC.Inventors: James Shaw, Cindy X. Deng, Douglas L. Foiles, Kam M. Law