Patents by Inventor Ismail Cem Paya
Ismail Cem Paya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8335921Abstract: Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.Type: GrantFiled: September 26, 2011Date of Patent: December 18, 2012Assignee: Google, Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya, Alexej Muehlberg, Hauke Meyn
-
Patent number: 8335932Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.Type: GrantFiled: September 26, 2011Date of Patent: December 18, 2012Assignee: Google Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya
-
Publication number: 20120297187Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.Type: ApplicationFiled: August 4, 2011Publication date: November 22, 2012Applicant: Google Inc.Inventors: Ismail Cem PAYA, Marcel Mordechai Moti YUNG
-
Publication number: 20120295587Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.Type: ApplicationFiled: September 30, 2011Publication date: November 22, 2012Applicant: Google Inc.Inventors: Ismail Cem PAYA, Marcel Mordechai Moti Yung
-
Publication number: 20120272306Abstract: An authentication ticket is validated to ensure authenticated communications between a client and an online service provider. In an embodiment an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.Type: ApplicationFiled: June 26, 2012Publication date: October 25, 2012Applicant: MICROSOFT CORPORATIONInventors: JOSH D. BENALOH, ISMAIL CEM PAYA
-
Patent number: 8239927Abstract: Computer-readable media, systems, and methods for validating an authentication ticket to ensure authenticated communications between a client and an online service provider. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.Type: GrantFiled: February 29, 2008Date of Patent: August 7, 2012Assignee: Microsoft CorporationInventors: Josh D. Benaloh, Ismail Cem Paya
-
Publication number: 20120159163Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.Type: ApplicationFiled: September 17, 2011Publication date: June 21, 2012Applicant: GOOGLE Inc.Inventors: Rob von BEHREN, Jonathan Wall, Ismail Cem Paya
-
Publication number: 20120159148Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.Type: ApplicationFiled: September 26, 2011Publication date: June 21, 2012Applicant: GOOGLE Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya
-
Publication number: 20120159195Abstract: Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.Type: ApplicationFiled: September 26, 2011Publication date: June 21, 2012Applicant: GOOGLE Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya, Alexej Muehlberg, Hauke Meyn
-
Publication number: 20120159105Abstract: Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.Type: ApplicationFiled: September 26, 2011Publication date: June 21, 2012Applicant: Google Inc.Inventors: Rob von BEHREN, Jonathan Wall, Ismail Cem Paya, Alexej Muehlberg, Hauke Meyn
-
Publication number: 20120079585Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.Type: ApplicationFiled: December 6, 2011Publication date: March 29, 2012Applicant: MICROSOFT CORPORATIONInventors: Kok Wai Chan, Colin Chow, Trevin M. Chow, Lin Huang, Ryan Hurst, Naresh Jain, Wei Jiang, Yordan I. Rouskov, Pui-Yin Winfred Wong, Ismail Cem Paya, Ryan Hurst
-
Publication number: 20110138179Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: ApplicationFiled: February 14, 2011Publication date: June 9, 2011Applicant: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D. Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 7890634Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: March 18, 2005Date of Patent: February 15, 2011Assignee: Microsoft CorporationInventors: Wei Jiang, Ismail Cem Paya, John D Whited, Wei-Quiang Michael Guo, Yordan Rouskov, Adam Back
-
Patent number: 7849324Abstract: A permission level associated with a user's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set or modify the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.Type: GrantFiled: September 9, 2008Date of Patent: December 7, 2010Assignee: Microsoft CorporationInventors: Baskaran Dharmarajan, Ismail Cem Paya, Ashvin J Mathew
-
Patent number: 7844826Abstract: A permission level associated with an entity's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.Type: GrantFiled: September 8, 2008Date of Patent: November 30, 2010Assignee: Microsoft CorporationInventors: Baskaran Dharmarajan, Ismail Cem Paya, Ashvin J Mathew
-
Publication number: 20100115594Abstract: Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.Type: ApplicationFiled: January 13, 2010Publication date: May 6, 2010Applicant: MICROSOFT CORPORATIONInventors: Ismail Cem Paya, Trevin Chow, Christopher N. Peterson
-
Patent number: 7685631Abstract: Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.Type: GrantFiled: February 5, 2003Date of Patent: March 23, 2010Assignee: Microsoft CorporationInventors: Ismail Cem Paya, Trevin Chow, Christopher N. Peterson
-
Patent number: 7653944Abstract: The subject invention provides a unique system and method that facilitates creating HIP challenges (HIPs) that can be readily segmented and solved by human users but that are too difficult for non-human users. More specifically, the system and method utilize a variety of unique alteration techniques that are segmentation-based. For example, the system and method employ thicker arcs or occlusions that do not intersect characters already placed in the HIP. The thickness of the arc can be measured or determined by the thickness of the characters in the HIP. In addition to increasing the thickness, the arcs can be lengthened because longer arcs tend to resemble pieces of characters and may be harder to erode. Usability maps can be generated and used to selectively place clutter or occlusions and to selectively warp characters or the character sequence to facilitate human recognition of the characters.Type: GrantFiled: January 31, 2005Date of Patent: January 26, 2010Assignee: Microsoft CorporationInventors: Kumar H. Chellapilla, Patrice Y. Simard, Shannon A. Kallin, Erren Dusan Lester, Ismail Cem Paya
-
Patent number: 7634570Abstract: Managing state information across communication sessions between a client and a server via a stateless protocol. The server delivers to the client a cacheable web page with a hyperlink to non-cacheable embedded content. In the hyperlink to the non-cacheable embedded content, the server adds a token or an identifier uniquely associated with the user. When the user obtains embedded content from the cached web page via the hyperlink, the identifier is also sent to the server. Upon receipt of the identifier from the client, the server accesses the stored state information. In this manner, the server manages state information related to the client across communication sessions without the use of cookies as long as the client caches the web page with the unique identifier.Type: GrantFiled: April 29, 2003Date of Patent: December 15, 2009Assignee: Microsoft CorporationInventors: Ismail Cem Paya, Trevin Chow, Stephen J. Purpura
-
Publication number: 20090222900Abstract: Computer-readable media, systems, and methods for validating an authentication ticket to ensure authenticated communications between a client and an online service provider. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.Type: ApplicationFiled: February 29, 2008Publication date: September 3, 2009Applicant: MICROSOFT CORPORATIONInventors: JOSH D. BENALOH, ISMAIL CEM PAYA