Patents by Inventor Garret Grajek

Garret Grajek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240195819
    Abstract: An identity trust score system is described. In one aspect, a computer-implemented method includes accessing, at a server, identity metadata from a remote Identity and Access Management (IAM) system, the identity metadata indicating identity events associated with one or more users of a user group of the IAM system, computing an identity trust score for the one or more users of the user group based on the identity metadata, and configuring the remote IAM system based on the identity trust score.
    Type: Application
    Filed: December 13, 2022
    Publication date: June 13, 2024
    Inventor: Garret Grajek
  • Publication number: 20220391503
    Abstract: A system for auto-attestation of identity and access management (IAM) system is described. In one aspect, a computer-implemented method includes accessing, at a server, identity access management data from the IAM system, forming a log model and a rule model, forming an anomalous detection model, forming a malicious detection model, forming a rule engine, computing an anomalous detection score for an identity event based on the anomalous detection model, computing a malicious detection score for the identity event based on the malicious detection model, computing a rule engine score for the identity event based on the rule engine, calculating a zero trust identity governance and administration (IGA) score for the identity event based on an aggregation of the anomalous detection score, the malicious detection score, and the rule engine score, and determining whether to attest the identity event based on the zero trust IGA score and a threshold score.
    Type: Application
    Filed: June 1, 2022
    Publication date: December 8, 2022
    Inventor: Garret Grajek
  • Patent number: 9742570
    Abstract: A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.
    Type: Grant
    Filed: May 22, 2015
    Date of Patent: August 22, 2017
    Assignee: Garret Grajek
    Inventor: Garret Grajek
  • Publication number: 20160344561
    Abstract: A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.
    Type: Application
    Filed: May 22, 2015
    Publication date: November 24, 2016
    Inventor: Garret Grajek
  • Patent number: 8327142
    Abstract: A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.
    Type: Grant
    Filed: February 5, 2007
    Date of Patent: December 4, 2012
    Assignee: SecureAuth Corporation
    Inventors: Craig Lund, Garret Grajek, Stephen Moore
  • Patent number: 8301877
    Abstract: A method and system for configuring a valid duration period for a digital certificate. The method includes assigning a positive numeric value for each certificate term. The positive numeric value assigned to each certificate term is representative of the valid duration period. The method continues by prompting a user of the client device to request one certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the positive numeric value associated with the requested certificate term into a duration counter. The method may also include a certificate server receiving from the server, the certificate request including the duration counter. The certificate server is configured to digitally sign the certificate request.
    Type: Grant
    Filed: March 10, 2008
    Date of Patent: October 30, 2012
    Assignee: SecureAuth Corporation
    Inventors: Garret Grajek, Craig Lund, Steven Moore, Mark Lambiase
  • Publication number: 20100257358
    Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.
    Type: Application
    Filed: April 7, 2009
    Publication date: October 7, 2010
    Inventors: GARRET GRAJEK, Jeff Lo
  • Publication number: 20100217975
    Abstract: A method and system for authenticating a client and a server is disclosed. In one contemplated embodiment, the client has a client certificate and the server have a server certificate. The client is validated to an authentication module based upon a certificate request identifier generated thereby, a secure data link certificate, and an authentication module Uniform Resource Locator. The authentication module is validated to the client based upon the client certificate and the certificate request identifier. A password associated with a user identifier that is encrypted with a private client key and signed with a public server key is transmitted to the authentication module. The password is then validated.
    Type: Application
    Filed: February 25, 2009
    Publication date: August 26, 2010
    Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
  • Publication number: 20100138907
    Abstract: A certificate server is provided for issuing digital certificates to be used by a network resource and/or a client resource. The certificate server is configured to communicate with the network resource or the client resource to receive a certificate request. Upon receiving the certificate request, the certificate server may automate the process for authenticating the certificate request, validating the terms of the certificate request and digitally signing the certificate request. An authentication appliance may communicate with or be integrated within the certificate server. The certificate server includes a web service server, a certificate authority component, and a database that enable communication with either the network resource, client resource, or the authentication appliance to automate the administration process typically involved in receiving and signing a certificate request.
    Type: Application
    Filed: December 1, 2008
    Publication date: June 3, 2010
    Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
  • Publication number: 20090307486
    Abstract: A method for self-service authentication of a client and a server. The method includes the server receiving an initialization command from the client. The initialization command may be transmitted to the server via a client web browser over an unsecured data transfer link. The method continues with requesting authentication information from the client. In response to receiving the authentication information from the client, the server transmits a client software component to the client. The client software component utilizes a client-side library installed on the operating system of the client to generate the various client credentials described above. Thereafter, the certificate signing request may be transmitted to a certificate server for signing the certificate signing request. The signed certificate signing request is then received by the client via the client web browser.
    Type: Application
    Filed: June 9, 2008
    Publication date: December 10, 2009
    Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
  • Publication number: 20090240936
    Abstract: A method and system is provided for storing a plurality of client certificate credentials via a client web browser into one or more keystore file(s). The client web browser is used to establish the secure data transfer link between the client and the server. The client web browser includes a plug-in software component. The plug-in software component is configured to generate the keystore file and a key pair. The method may continue with generating a certificate request on the client. The certificate request generated is then transmitted to a certificate server. The certificate server is configured to digitally sign the certificate request generated. The method continues with the client receiving a signed certificate request. The signed certificate request is received by the client via the client web browser. The method may conclude by storing the plurality of client certificate credentials associated with the signed certificate request in one or more keystore file(s).
    Type: Application
    Filed: March 20, 2008
    Publication date: September 24, 2009
    Inventors: MARK LAMBIASE, Garret Grajek, Stephen Moore
  • Publication number: 20090228703
    Abstract: A method and system for configuring a valid duration period for a digital certificate. The method includes assigning a positive numeric value for each certificate term. The positive numeric value assigned to each certificate term is representative of the valid duration period. The method continues by prompting a user of the client device to request one certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the positive numeric value associated with the requested certificate term into a duration counter. The method may also include a certificate server receiving from the server, the certificate request including the duration counter. The certificate server is configured to digitally sign the certificate request.
    Type: Application
    Filed: March 10, 2008
    Publication date: September 10, 2009
    Inventors: Garret Grajek, Craig Lund, Steven Moore, Mark Lambiase
  • Publication number: 20090025080
    Abstract: Authenticating a client to a server accessible through an Internet Protocol Security (IPSec) Virtual Private Network (VPN) appliance. The IPSec VPN appliance and an SSL VPN appliance are configured to receive an initialization command from the client. The SSL VPN appliance is in communication with an authentication appliance for authenticating the client to the server. In response to the initialization command, the authentication appliance generates a client key pair including a client private key and a client public key. The authentication appliance generates a client certificate and a client IPSec profile. The authentication appliance transmits the client key pair, the client certificate and the client IPSec profile to the client. A secure communication session between the client and the server is established. The secure communication session is established through the IPSec VPN appliance. Upon receipt of the IPSec profile, the communication session between the client and the server is encrypted.
    Type: Application
    Filed: September 18, 2008
    Publication date: January 22, 2009
    Inventors: Craig Lund, Garret Grajek, Stephen Moore, Mark Lambiase
  • Publication number: 20080077791
    Abstract: A method and system for secured network access is provided in accordance with the present invention. The method begins with receiving a login request from a client on a router. Thereafter, a certificate transfer instruction for the router to an authentication appliance is generated where the client lacks a copy of a client certificate. The client is authenticated with a challenge-response sequence, the response to which is deliverable through an out-of-band communications channel. Upon authentication, the client certificate and the client private key are transmitted to the client, which are used to authenticate the client to the network.
    Type: Application
    Filed: July 23, 2007
    Publication date: March 27, 2008
    Inventors: Craig Lund, Garret Grajek, Stephen Moore
  • Publication number: 20080077796
    Abstract: A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.
    Type: Application
    Filed: February 5, 2007
    Publication date: March 27, 2008
    Inventors: Craig Lund, Garret Grajek, Stephen Moore