Patents by Inventor Guillaume Maron
Guillaume Maron has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240283664Abstract: Examples of the present disclosure provide an authenticator system that protects secret authentication keys associated with relying parties to which a user is authenticating. Present systems and methods allow cross-platform and cross-device WebAuthn usage. Example systems employ a server-based secure enclave and secure tunnel communication between the browser application or mobile application and the secure enclave server. A user of a service provider of the authenticator system owns the secret authentication key, which is stored in an encrypted vault protected by a user secret and hosted by the service provider. Decrypting the secret key may be based on a key arrangement, where keys from the user, the service provider, and the secure enclave are used to successfully decrypt the secret authentication key within the secure enclave.Type: ApplicationFiled: January 19, 2024Publication date: August 22, 2024Applicant: Dashlane SASInventors: Mohammed Ruhul Islam, Ludovic Widmer, Guillaume Maron, Cyril Leclerc, Corentin Mors, Frédéric Rivain
-
Patent number: 12052232Abstract: A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.Type: GrantFiled: April 21, 2022Date of Patent: July 30, 2024Assignee: DASHLANE SASInventors: Quentin Barbe, Cyril Leclerc, Frederic Rivain, Guillaume Maron
-
Publication number: 20240012933Abstract: A system and method for protecting user data using a key escrow service. The key escrow service may be hosted by a service provider to integrate Identity Access Management (IAM) solutions, such as Single-Sign-On (SSO) and/or System for Cross-domain Identity Management (SCIM), with a zero-knowledge service, such as a password manager or other service handling sensitive user data. In examples, secure enclave technology may be used to allow the service provider to host and manage the key escrow service without being able to access any cryptographic key used and/or stored within a secure enclave. Accordingly, in some aspects, the service provider may have the ability to store users' secret keys for SSO and sharing keys for SCIM in a trusted, secure storage location without breaking the zero-knowledge principles of the infrastructure.Type: ApplicationFiled: March 21, 2023Publication date: January 11, 2024Applicant: Dashlane SASInventors: Ludovic Widmer, Corentin Mors, Cyril Leclerc, Tony Oreglia, Guillaume Maron, Frédéric Rivain
-
Publication number: 20230038940Abstract: A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.Type: ApplicationFiled: April 21, 2022Publication date: February 9, 2023Applicant: DASHLANE SASInventors: Quentin Barbe, Cyril Leclerc, Frederic Rivain, Guillaume Maron
-
Patent number: 11080597Abstract: A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first value provided in a first field of the electronic form. An autofill application is trained using the received user input.Type: GrantFiled: November 28, 2017Date of Patent: August 3, 2021Inventors: Manuel Dalle, Guillaume Maron, Frédéric Rivain, Laure Hugo, Kévin Miguet, Loïc Guychard, Damien Rajon
-
Patent number: 10904004Abstract: Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials.Type: GrantFiled: August 6, 2018Date of Patent: January 26, 2021Assignee: DASHLANE SASInventors: William Delmas, Guillaume Maron, Cyril Leclerc, Frédéric Rivain
-
Patent number: 10848312Abstract: Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the cryptographic key may be encrypted using a second cryptographic key. The encrypted representation of the cryptographic key may be provided to a first system, while the second cryptographic key may be provided to a second system. As a result, a user computing device may retrieve both the encrypted representation of the cryptographic key and the second cryptographic key from the first and second systems, respectively, in order to encrypt/decrypt user data.Type: GrantFiled: February 8, 2018Date of Patent: November 24, 2020Assignee: DASHLANE SASInventors: Frédéric Rivain, Guillaume Maron, Cyril Leclerc, Alexis Fogel, Rew Islam
-
Patent number: 10574648Abstract: Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an acceptable response to the first challenge. Access to the first content is granted to the first user in response determining that the first response is an acceptable response.Type: GrantFiled: June 14, 2017Date of Patent: February 25, 2020Assignee: Dashlane SASInventors: Thomas Guillory, Guillaume Maron, Frédéric Rivain, Alexis Fogel
-
Patent number: 10432397Abstract: Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the second copy may be encrypted using a recovery key. The recovery key may then be stored by a third party. In a reset scenario in which the master password is forgotten, the recovery key may be retrieved from the third party and used to decrypt the second copy of the local ciphering key, thereby providing access to the encrypted user data without use of the master password.Type: GrantFiled: July 6, 2017Date of Patent: October 1, 2019Assignee: Dashlane SASInventors: Guillaume Maron, Frédéric Rivain, Alexis Fogel
-
Publication number: 20190268156Abstract: Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials.Type: ApplicationFiled: August 6, 2018Publication date: August 29, 2019Applicant: Dashlane, Inc.Inventors: William Delmas, Guillaume Maron, Cyril Leclerc, Frédéric Rivain
-
Publication number: 20190149332Abstract: Examples of the present disclosure describe systems and methods relating to a zero-knowledge architecture between multiple systems. In an example, multiple systems may provide an application. User data of the application may be encrypted using a cryptographic key to restrict access to the user data. In some examples, the cryptographic key may not be provided to the multiple systems, thereby providing a zero-knowledge architecture. In order to ensure a user may access the cryptographic key, the cryptographic key may be encrypted using a second cryptographic key. The encrypted representation of the cryptographic key may be provided to a first system, while the second cryptographic key may be provided to a second system. As a result, a user computing device may retrieve both the encrypted representation of the cryptographic key and the second cryptographic key from the first and second systems, respectively, in order to encrypt/decrypt user data.Type: ApplicationFiled: February 8, 2018Publication date: May 16, 2019Applicant: Dashlane, Inc.Inventors: Frédéric RIVAIN, Guillaume MARON, Cyril LECLERC, Alexis FOGEL, Rew ISLAM
-
Publication number: 20180323970Abstract: Examples of the present disclosure describe systems and methods relating to master password reset in a zero-knowledge architecture. A master password reset may be used to regain access to encrypted user data despite not having access to the master password associated with decrypting the user data. As an example, the user data may be encrypted using a local ciphering key, wherein the key may be encrypted using a master password and stored. A second copy of the key may be stored, wherein the second copy may be encrypted using a recovery key. The recovery key may then be stored by a third party. In a reset scenario in which the master password is forgotten, the recovery key may be retrieved from the third party and used to decrypt the second copy of the local ciphering key, thereby providing access to the encrypted user data without use of the master password.Type: ApplicationFiled: July 6, 2017Publication date: November 8, 2018Applicant: Dashlane, Inc.Inventors: Guillaume Maron, Frédéric Rivain, Alexis Fogel
-
Publication number: 20180183777Abstract: Methods and systems for passwordless authenticating of a user are provided. A first request to access a first content is received from a first user of a first device. A first challenge is sent to the first device in response to the first request. The first challenge is resolved using a first private key associated with the first user for the first content. A first response, including a resolved challenge, is received from the first device. It is determined whether the first response is an acceptable response to the first challenge. Access to the first content is granted to the first user in response determining that the first response is an acceptable response.Type: ApplicationFiled: June 14, 2017Publication date: June 28, 2018Applicant: Dashlane, Inc.Inventors: Thomas Guillory, Guillaume Maron, Frédéric Rivain, Alexis Fogel
-
Publication number: 20180181866Abstract: A method for autofilling an electronic form is provided. Elements of the electronic form are identified. A value for each identified elements of the electronic form is determined. The electronic form is automatically filled with the determined values. During the automatically filling of the electronic form, the determined value is provided in a field corresponding to each of the elements. A user input is received on the provided value. The received user input includes a correction to a first value provided in a first field of the electronic form. An autofill application is trained using the received user input.Type: ApplicationFiled: November 28, 2017Publication date: June 28, 2018Applicant: Dashlane, Inc.Inventors: Manuel Dalle, Guillaume Maron, Frédéric Rivain, Laure Hugo, Kévin Miguet, Loïc Guychard, Damien Rajon
-
Publication number: 20170024743Abstract: Embodiments of the present disclosure provide methods and system for managing payment options. The methods may include receiving a trigger for updating user information associated with a payment option, the trigger comprising a change in the user information associated with the payment option. Upon receiving the trigger, at least one website associated with the payment option may be determined. A script may be provided to be run on the determined at least one website to update the user information. The generated script may be executed on the at least one website to update the user information.Type: ApplicationFiled: July 12, 2016Publication date: January 26, 2017Applicant: Dashlane, Inc.Inventors: Alexis Fogel, Guillaume Maron, Charles Kimble, Tanguy Le Barzic
-
Patent number: 9330245Abstract: Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.Type: GrantFiled: December 3, 2012Date of Patent: May 3, 2016Assignee: Dashlane SASInventor: Guillaume Maron
-
Publication number: 20120253985Abstract: A method for shopping cart validation automation, comprising analyzing a webpage to determine if it contains a shopping cart structure and if the user has expressed desire to initiate a checkout procedure, extracting shopping cart and other price elements from pages of a checkout tunnel, accumulating such information for the shopping transaction, validating the shopping transaction using the accumulated information, and allowing the user to confirm or cancel the transaction upon validation. Alternatively, the method may message the use that the transaction is not reconcilable where the shopping cart could not be validated. Also, the system can advantageously build a history database storing transactional details, including screen shots of pages of the checkout tunnel.Type: ApplicationFiled: May 23, 2011Publication date: October 4, 2012Applicant: Kwift SASInventors: Guillaume Maron, Damien Rajon, Jean Guillou
-
Publication number: 20120116921Abstract: A method for online purchase automation, comprising identifying when the user has selected to navigate to or receive a web page related to a purchasing action, identifying when content of the web page is received; analyzing the web page concurrent with the purchase action, without requiring detailed structural information about the web page in advance, and determining whether the web page is related to a purchasing action, by parsing the web page or related data elements. If the web page is related to a purchasing action, the next steps are determining the user interface elements of the web page or related data elements, retrieving site-independent customer data for the purchase based on the analyzing of the user interface elements, simulating user input using the site-independent customer data to populate at least portions of the web page, and displaying to the user the populated purchasing page for user action.Type: ApplicationFiled: May 23, 2011Publication date: May 10, 2012Applicant: Kwift SASInventors: Alexis Fogel, Guillaume Maron, Jean Guillou
-
Publication number: 20120117569Abstract: Methods and systems are provided for web page task automation. In one embodiment, the method comprises of the following steps: i) decomposing the high level task into a sequence of anthropomimetic subroutines, ii) decomposing each routine into a series of anthropomimetic actions or steps, for example stored as a unit shares of work, iii) generating computer code to interact with the content of the webpage, for each unit share of work, iv) executing the generated computer code by a web interface module, and transmitting the results of the execution of computer code, steps iii) and iv) being repeated until all steps of a subroutine have been executed, until the sequence of subroutines for a logical task have been achieved.Type: ApplicationFiled: May 23, 2011Publication date: May 10, 2012Applicant: Kwift SASInventors: Alexis Fogel, Guillaume Maron, Jean Guillou
-
Publication number: 20120117455Abstract: An analysis engine executes under client control to review web pages in real-time and control interaction with the web pages of a website to assist the user of the client in providing selections, providing information and otherwise interacting with the website. In analyzing web pages, the engine uses rule-based logic and considers web pages from an anthropomimetic view, i.e., considers the content, forms and interaction elements as would be perceived and dealt with by a human user, as opposed to by merely considering the web pages in their native form, such as HTML formatted files.Type: ApplicationFiled: May 23, 2011Publication date: May 10, 2012Applicant: Kwift SAS (a French corporation)Inventors: Alexis Fogel, Guillaume Maron, Jean Guillou