Patents by Inventor George Robert Blakley

George Robert Blakley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8561161
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: October 15, 2013
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
  • Patent number: 8554930
    Abstract: A method, apparatus, system, and computer program product are presented in which federated domains interact within a federated environment. Domains within a federation are able to initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. To enhance security, domains may also require users to re-prove their identity through proof-of-possession challenges that are executed after a user has initiated a single-sign-on operation.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: October 8, 2013
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton
  • Patent number: 8122138
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Grant
    Filed: July 22, 2010
    Date of Patent: February 21, 2012
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Patent number: 8060632
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Grant
    Filed: July 22, 2010
    Date of Patent: November 15, 2011
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Patent number: 8042162
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
    Type: Grant
    Filed: June 12, 2007
    Date of Patent: October 18, 2011
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin
  • Patent number: 7853014
    Abstract: A data encryption method performed with ring arithmetic operations using a residue number multiplication process wherein a first conversion to a first basis is done using a mixed radix system and a second conversion to a second basis is done using a mixed radix system. In some embodiments, a modulus C is be chosen of the form 2w?L, wherein C is a w-bit number and L is a low Hamming weight odd integer less than 2(w?1)/2. And in some of those embodiments, the residue mod C is calculated via several steps. P is split into 2 w-bit words H1 and L1. S1 is calculated as equal to L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1. S1 is split into two w-bit words H2 and L2. S2 is computed as being equal to L2+(H22x1)+(H22x2)+ . . . +(H22xk)+H2. S3 is computed as being equal to S2+(2x1+ . . . +2xk+1). And the residue is determined by comparing S3 to 2w. If S3<2w, then the residue equals S2. If S3?2w, then the residue equals S3?2w.
    Type: Grant
    Filed: February 27, 2007
    Date of Patent: December 14, 2010
    Assignee: nCipher Corporation Limited
    Inventors: George Robert Blakley, Rajat Datta, Oscar Mitchell, Kyle Stein
  • Publication number: 20100287235
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Application
    Filed: July 22, 2010
    Publication date: November 11, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Publication number: 20100287291
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Application
    Filed: July 22, 2010
    Publication date: November 11, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Patent number: 7827318
    Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or reauthenticating by providing to a web browser by a home domain server a home identity cookie with an extensible data area and an enrollment token; performing enrollment through an e-community for a web-browser user by redirecting the home identity cookie via the web browser to each affiliated domain in the e-community until each has been visited once; responsive to each visit to each affiliated domain, sending an affiliated domain identity cookie to the web browser including an enrollment successful indicator; accumulating received enrollment success indicators in the extensible data area of the home identity cookie; and subsequently, vouching for an identity of the user at an affiliated domain through exchange of a vouch-for request and vouch-for response between the home domain server and an affiliated domain server.
    Type: Grant
    Filed: November 20, 2008
    Date of Patent: November 2, 2010
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
  • Patent number: 7797434
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: September 14, 2010
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Patent number: 7725562
    Abstract: A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: May 25, 2010
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Birgit Monika Pfitzmann
  • Publication number: 20090094383
    Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.
    Type: Application
    Filed: November 20, 2008
    Publication date: April 9, 2009
    Inventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
  • Patent number: 7502468
    Abstract: A method and system for generating a cryptographically random number stream (100) is provided. A system includes a module (102) configured to provide at least two statistically random number streams (106) and (108) and an oscillator (104) operably coupled to the module (102). The oscillator (104) is configured to operate at a frequency which varies in response to physically unpredictable events and to select a current number from one of the at least two statistically random number streams (106) and (108) based on the oscillator's state. A process includes several steps. At least two statistically random number streams are provided (138). A current number is selected (140) from one of the at least two statistically random number streams based on the state of an oscillator operating at a frequency which varies in response to physically unpredictable events. The step of selecting (140) is repeated (142) to create the cryptographically random number stream.
    Type: Grant
    Filed: September 2, 2004
    Date of Patent: March 10, 2009
    Assignee: nCipher Corporation Ltd.
    Inventors: George Robert Blakley, Randall Findley, Richard Goble, Scott Herrington, Kyle Stein
  • Patent number: 7484012
    Abstract: An Internet user transfers directly to a domain within an e-community by providing a home identity cookie having an extensible data area and enrollment token to a web browser by a home domain server, and enrolling through an e-community for a user of the web browser by redirecting the home identity cookie via the web browser to each of the affiliated domains in the e-community until each affiliated domain has been visited once by the web browser. Upon each visit to each affiliated domain, an affiliated domain identity cookie is sent to the web browser including an enrollment successful indicator. Enrollment success indicators are accumulated and persistently stored received in the extensible data area of said home identity cookie. Subsequently, the identity of the user is vouched for at an affiliated domain through exchange of a vouch-for request and vouch-for response between the home domain server and an affiliated domain server.
    Type: Grant
    Filed: October 6, 2005
    Date of Patent: January 27, 2009
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
  • Patent number: 7219154
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: May 15, 2007
    Assignee: International Business Machines Corporation
    Inventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
  • Patent number: 6993596
    Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.
    Type: Grant
    Filed: December 19, 2001
    Date of Patent: January 31, 2006
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
  • Publication number: 20040128378
    Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
    Type: Application
    Filed: December 31, 2002
    Publication date: July 1, 2004
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, Heather Maria Hinton, Birgit Monika Pfitzmann
  • Publication number: 20040128392
    Abstract: A method, apparatus, system, and computer program product are presented in which federated domains interact within a federated environment. Domains within a federation are able to initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. To enhance security, domains may also require users to re-prove their identity through proof-of-possession challenges that are executed after a user has initiated a single-sign-on operation.
    Type: Application
    Filed: December 31, 2002
    Publication date: July 1, 2004
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, Heather Maria Hinton
  • Publication number: 20040128390
    Abstract: A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.
    Type: Application
    Filed: December 31, 2002
    Publication date: July 1, 2004
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, Heather Maria Hinton, Anthony Joseph Nadalin, Birgit Monika Pfitzmann
  • Publication number: 20040128393
    Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.
    Type: Application
    Filed: December 31, 2002
    Publication date: July 1, 2004
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: George Robert Blakley, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley