Patents by Inventor Douglas McDorman
Douglas McDorman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956371Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.Type: GrantFiled: June 30, 2021Date of Patent: April 9, 2024Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Patent number: 11456870Abstract: A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.Type: GrantFiled: January 30, 2020Date of Patent: September 27, 2022Assignee: T-Mobile USA, Inc.Inventors: Komethagan Subramaniam, Michael Engan, Ramkishan Sadasivam, Douglas McDorman
-
Patent number: 11438342Abstract: This disclosure describes techniques that permit a user of a client device to authenticate their identity to a service provider using location-based telemetry data associated with the client device that is captured unobtrusively by a service provider over a predetermined time interval. More specifically, a Location-based identity authentication (LIA) system is described that is configured to develop authentication challenges that are based on the location-based telemetry data, such as location data, transaction data, calendar data, and event data. In one example, a client device may transmit an authentication request that relates to a set of service features available to a user identity. The LIA system may transmit a subset of the authentication challenges to the client device to authenticate the user identity. The LIA system may further receive to the subset of authentication challenges, and further, verify the user identity based at least in part on the number of correct responses.Type: GrantFiled: March 23, 2020Date of Patent: September 6, 2022Assignee: T-Mobile USA, Inc.Inventors: Douglas McDorman, Michael Engan, Ahmad Arash Obaidi
-
Patent number: 11438168Abstract: A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.Type: GrantFiled: November 29, 2018Date of Patent: September 6, 2022Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Patent number: 11277380Abstract: An adaptive greylist may be used to reject authentication requests that originate from a source network address that has been taken over by a malicious actor. A percentage of successful authentications for a predetermined number of authentication requests that last originated from a source network address may be calculated. Accordingly, the source network address may be added to a greylist of suspended network addresses when the percentage of successful authentications is less than a predetermined percentage threshold. On the other hand, the source network address is kept off the greylist of suspended network addresses when the percentage of successful authentications is equal to or greater than the predetermined percentage threshold.Type: GrantFiled: December 17, 2018Date of Patent: March 15, 2022Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Michael Kary, James Latham, Brett Peppe, Douglas McDorman
-
Publication number: 20210328811Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identify. A server is described that receives a service request to access a secure service provided by another service provider. The server may determine whether an additional secure service is required from a third-party server, and if so, generate a recursive authentication token for delivery to the third-party server. The recursive authentication token is intended to authenticate an identity of the server to the third-party server.Type: ApplicationFiled: June 30, 2021Publication date: October 21, 2021Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Publication number: 20210297422Abstract: This disclosure describes techniques that permit a user of a client device to authenticate their identity to a service provider using location-based telemetry data associated with the client device that is captured unobtrusively by a service provider over a predetermined time interval. More specifically, a Location-based identity authentication (LIA) system is described that is configured to develop authentication challenges that are based on the location-based telemetry data, such as location data, transaction data, calendar data, and event data. In one example, a client device may transmit an authentication request that relates to a set of service features available to a user identity. The LIA system may transmit a subset of the authentication challenges to the client device to authenticate the user identity. The LIA system may further receive to the subset of authentication challenges, and further, verify the user identity based at least in part on the number of correct responses.Type: ApplicationFiled: March 23, 2020Publication date: September 23, 2021Inventors: Douglas McDorman, Michael Engan, Ahmad Arash Obaidi
-
Patent number: 11095455Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.Type: GrantFiled: March 27, 2019Date of Patent: August 17, 2021Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Publication number: 20200195671Abstract: An adaptive greylist may be used to reject authentication requests that originate from a source network address that has been taken over by a malicious actor. A percentage of successful authentications for a predetermined number of authentication requests that last originated from a source network address may be calculated. Accordingly, the source network address may be added to a greylist of suspended network addresses when the percentage of successful authentications is less than a predetermined percentage threshold. On the other hand, the source network address is kept off the greylist of suspended network addresses when the percentage of successful authentications is equal to or greater than the predetermined percentage threshold.Type: ApplicationFiled: December 17, 2018Publication date: June 18, 2020Inventors: Michael Engan, Michael Kary, James Latham, Brett Peppe, Douglas McDorman
-
Publication number: 20200169405Abstract: A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.Type: ApplicationFiled: January 30, 2020Publication date: May 28, 2020Inventors: Komethagan Subramaniam, Michael Engan, Ramkishan Sadasivam, Douglas McDorman
-
Patent number: 10652746Abstract: A secure device access token allows a server to verify that a device presenting the token for access to the server is an authorized device and that an application presenting the token is an authorized application as it purports to be. The secure device access token is unique to the device and to the application attempting to access the server. The secure device access token differs from a bearer token in that it is unique to the device and to the application.Type: GrantFiled: August 22, 2017Date of Patent: May 12, 2020Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Douglas McDorman, Senthil Kumar Mulluppadi Velusamy
-
Patent number: 10587409Abstract: A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.Type: GrantFiled: November 30, 2017Date of Patent: March 10, 2020Assignee: T-Mobile USA, Inc.Inventors: Komethagan Subramaniam, Michael Engan, Ramkishan Sadasivam, Douglas McDorman
-
Patent number: 10505916Abstract: Techniques are described for using two tokens to request access to a secure server. The tokens allow the server to verify, without an external call, that the requesting device is one identified in the request and that the requesting device is authorized by a trusted identity provider. A first token is an authentication token issued by the trusted identity provider and including a client device public key. The second token is a proof-of-possession token that is signed by a client device using a client device private key corresponding to the client device public key. The server obtains the client device public key from the authentication token, and then uses the client device public key to validate the proof-of-possession token. The authentication token can be re-used by a server creating its own proof-of-possession token for presentation to a second server to access a secure service on the second server.Type: GrantFiled: October 19, 2017Date of Patent: December 10, 2019Assignee: T-Mobile USA, Inc.Inventors: Michael Engan, Douglas McDorman, Senthil Kumar Mulluppadi Velusamy, Komethagan Subramaniam
-
Publication number: 20190312730Abstract: A server application may request an authentication token from an authentication token provider on behalf of a client application instance. An application instance public key of a client application instance may be received at the server application, in which the application instance public key belongs to an application instance public-private key pair of the client application instance. An authentication token request is generated at the server application, in which the request includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application. The authentication token request is sent by the server application to an authentication token provider to request an authentication token for use by the client application instance.Type: ApplicationFiled: November 29, 2018Publication date: October 10, 2019Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Publication number: 20190312733Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.Type: ApplicationFiled: March 27, 2019Publication date: October 10, 2019Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
-
Publication number: 20190165942Abstract: A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.Type: ApplicationFiled: November 30, 2017Publication date: May 30, 2019Inventors: Komethagan Subramaniam, Michael Engan, Ramkishan Sadasivam, Douglas McDorman
-
Publication number: 20190124070Abstract: Techniques are described for using two tokens to request access to a secure server. The tokens allow the server to verify, without an external call, that the requesting device is one identified in the request and that the requesting device is authorized by a trusted identity provider. A first token is an authentication token issued by the trusted identity provider and including a client device public key. The second token is a proof-of-possession token that is signed by a client device using a client device private key corresponding to the client device public key. The server obtains the client device public key from the authentication token, and then uses the client device public key to validate the proof-of-possession token. The authentication token can be re-used by a server creating its own proof-of-possession token for presentation to a second server to access a secure service on the second server.Type: ApplicationFiled: October 19, 2017Publication date: April 25, 2019Inventors: Michael Engan, Douglas McDorman, Senthil Kumar Mulluppadi Velusamy, Komethagan Subramaniam
-
Publication number: 20190069177Abstract: A secure device access token allows a server to verify that a device presenting the token for access to the server is an authorized device and that an application presenting the token is an authorized application as it purports to be. The secure device access token is unique to the device and to the application attempting to access the server. The secure device access token differs from a bearer token in that it is unique to the device and to the application.Type: ApplicationFiled: August 22, 2017Publication date: February 28, 2019Inventors: Michael Engan, Douglas McDorman, Senthil Kumar Mulluppadi Velusamy
-
Publication number: 20120066750Abstract: Disclosed are methods and systems to authenticate and provision new, unknown users into a computer network. A computer program utilizes a card reader to extract user information from a smart card and collect additional user information inputted by the user into a computer terminal. The computer program analyzes the secure electronic certificate extracted from the smart card to authenticate the user's credentials, and transmits the user information securely to a user provisioning application. Moreover, methods and systems consistent with the present invention, utilize secure communication protocols to enable the computer program to pass the user information from an unsecured area outside of a computer network perimeter through a network firewall to a secure provisioning application inside the computer network.Type: ApplicationFiled: September 13, 2010Publication date: March 15, 2012Inventors: Douglas McDorman, Rex Wheeler