Patents by Inventor Garret Grajek
Garret Grajek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240195819Abstract: An identity trust score system is described. In one aspect, a computer-implemented method includes accessing, at a server, identity metadata from a remote Identity and Access Management (IAM) system, the identity metadata indicating identity events associated with one or more users of a user group of the IAM system, computing an identity trust score for the one or more users of the user group based on the identity metadata, and configuring the remote IAM system based on the identity trust score.Type: ApplicationFiled: December 13, 2022Publication date: June 13, 2024Inventor: Garret Grajek
-
Publication number: 20220391503Abstract: A system for auto-attestation of identity and access management (IAM) system is described. In one aspect, a computer-implemented method includes accessing, at a server, identity access management data from the IAM system, forming a log model and a rule model, forming an anomalous detection model, forming a malicious detection model, forming a rule engine, computing an anomalous detection score for an identity event based on the anomalous detection model, computing a malicious detection score for the identity event based on the malicious detection model, computing a rule engine score for the identity event based on the rule engine, calculating a zero trust identity governance and administration (IGA) score for the identity event based on an aggregation of the anomalous detection score, the malicious detection score, and the rule engine score, and determining whether to attest the identity event based on the zero trust IGA score and a threshold score.Type: ApplicationFiled: June 1, 2022Publication date: December 8, 2022Inventor: Garret Grajek
-
Patent number: 9742570Abstract: A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.Type: GrantFiled: May 22, 2015Date of Patent: August 22, 2017Assignee: Garret GrajekInventor: Garret Grajek
-
Publication number: 20160344561Abstract: A media server authenticates a user of a client device. The media server retrieves or generates a shared key stored at the media server, encrypts the shared key with a hash based on web session attributes of the client device. The server provides the encrypted private key to the client device after authentication of the user. The media server provides encrypted media content to the client device in response to a request from the client device. The client device decrypts the shared key and decrypts the encrypted media content with the decrypted private key.Type: ApplicationFiled: May 22, 2015Publication date: November 24, 2016Inventor: Garret Grajek
-
Patent number: 8327142Abstract: A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: GrantFiled: February 5, 2007Date of Patent: December 4, 2012Assignee: SecureAuth CorporationInventors: Craig Lund, Garret Grajek, Stephen Moore
-
Patent number: 8301877Abstract: A method and system for configuring a valid duration period for a digital certificate. The method includes assigning a positive numeric value for each certificate term. The positive numeric value assigned to each certificate term is representative of the valid duration period. The method continues by prompting a user of the client device to request one certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the positive numeric value associated with the requested certificate term into a duration counter. The method may also include a certificate server receiving from the server, the certificate request including the duration counter. The certificate server is configured to digitally sign the certificate request.Type: GrantFiled: March 10, 2008Date of Patent: October 30, 2012Assignee: SecureAuth CorporationInventors: Garret Grajek, Craig Lund, Steven Moore, Mark Lambiase
-
Publication number: 20100257358Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: ApplicationFiled: April 7, 2009Publication date: October 7, 2010Inventors: GARRET GRAJEK, Jeff Lo
-
Publication number: 20100217975Abstract: A method and system for authenticating a client and a server is disclosed. In one contemplated embodiment, the client has a client certificate and the server have a server certificate. The client is validated to an authentication module based upon a certificate request identifier generated thereby, a secure data link certificate, and an authentication module Uniform Resource Locator. The authentication module is validated to the client based upon the client certificate and the certificate request identifier. A password associated with a user identifier that is encrypted with a private client key and signed with a public server key is transmitted to the authentication module. The password is then validated.Type: ApplicationFiled: February 25, 2009Publication date: August 26, 2010Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
-
Publication number: 20100138907Abstract: A certificate server is provided for issuing digital certificates to be used by a network resource and/or a client resource. The certificate server is configured to communicate with the network resource or the client resource to receive a certificate request. Upon receiving the certificate request, the certificate server may automate the process for authenticating the certificate request, validating the terms of the certificate request and digitally signing the certificate request. An authentication appliance may communicate with or be integrated within the certificate server. The certificate server includes a web service server, a certificate authority component, and a database that enable communication with either the network resource, client resource, or the authentication appliance to automate the administration process typically involved in receiving and signing a certificate request.Type: ApplicationFiled: December 1, 2008Publication date: June 3, 2010Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
-
Publication number: 20090307486Abstract: A method for self-service authentication of a client and a server. The method includes the server receiving an initialization command from the client. The initialization command may be transmitted to the server via a client web browser over an unsecured data transfer link. The method continues with requesting authentication information from the client. In response to receiving the authentication information from the client, the server transmits a client software component to the client. The client software component utilizes a client-side library installed on the operating system of the client to generate the various client credentials described above. Thereafter, the certificate signing request may be transmitted to a certificate server for signing the certificate signing request. The signed certificate signing request is then received by the client via the client web browser.Type: ApplicationFiled: June 9, 2008Publication date: December 10, 2009Inventors: Garret Grajek, Stephen Moore, Mark Lambiase
-
Publication number: 20090240936Abstract: A method and system is provided for storing a plurality of client certificate credentials via a client web browser into one or more keystore file(s). The client web browser is used to establish the secure data transfer link between the client and the server. The client web browser includes a plug-in software component. The plug-in software component is configured to generate the keystore file and a key pair. The method may continue with generating a certificate request on the client. The certificate request generated is then transmitted to a certificate server. The certificate server is configured to digitally sign the certificate request generated. The method continues with the client receiving a signed certificate request. The signed certificate request is received by the client via the client web browser. The method may conclude by storing the plurality of client certificate credentials associated with the signed certificate request in one or more keystore file(s).Type: ApplicationFiled: March 20, 2008Publication date: September 24, 2009Inventors: MARK LAMBIASE, Garret Grajek, Stephen Moore
-
Publication number: 20090228703Abstract: A method and system for configuring a valid duration period for a digital certificate. The method includes assigning a positive numeric value for each certificate term. The positive numeric value assigned to each certificate term is representative of the valid duration period. The method continues by prompting a user of the client device to request one certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the positive numeric value associated with the requested certificate term into a duration counter. The method may also include a certificate server receiving from the server, the certificate request including the duration counter. The certificate server is configured to digitally sign the certificate request.Type: ApplicationFiled: March 10, 2008Publication date: September 10, 2009Inventors: Garret Grajek, Craig Lund, Steven Moore, Mark Lambiase
-
Publication number: 20090025080Abstract: Authenticating a client to a server accessible through an Internet Protocol Security (IPSec) Virtual Private Network (VPN) appliance. The IPSec VPN appliance and an SSL VPN appliance are configured to receive an initialization command from the client. The SSL VPN appliance is in communication with an authentication appliance for authenticating the client to the server. In response to the initialization command, the authentication appliance generates a client key pair including a client private key and a client public key. The authentication appliance generates a client certificate and a client IPSec profile. The authentication appliance transmits the client key pair, the client certificate and the client IPSec profile to the client. A secure communication session between the client and the server is established. The secure communication session is established through the IPSec VPN appliance. Upon receipt of the IPSec profile, the communication session between the client and the server is encrypted.Type: ApplicationFiled: September 18, 2008Publication date: January 22, 2009Inventors: Craig Lund, Garret Grajek, Stephen Moore, Mark Lambiase
-
Publication number: 20080077791Abstract: A method and system for secured network access is provided in accordance with the present invention. The method begins with receiving a login request from a client on a router. Thereafter, a certificate transfer instruction for the router to an authentication appliance is generated where the client lacks a copy of a client certificate. The client is authenticated with a challenge-response sequence, the response to which is deliverable through an out-of-band communications channel. Upon authentication, the client certificate and the client private key are transmitted to the client, which are used to authenticate the client to the network.Type: ApplicationFiled: July 23, 2007Publication date: March 27, 2008Inventors: Craig Lund, Garret Grajek, Stephen Moore
-
Publication number: 20080077796Abstract: A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.Type: ApplicationFiled: February 5, 2007Publication date: March 27, 2008Inventors: Craig Lund, Garret Grajek, Stephen Moore