Patents by Inventor Jeffrey Chiwai Lo
Jeffrey Chiwai Lo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11223614Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.Type: GrantFiled: August 9, 2019Date of Patent: January 11, 2022Assignee: SecureAuth CorporationInventors: Mark V. Lambiase, Garret Florian Grajek, Jeffrey Chiwai Lo, Tommy Ching Hsiang Wu
-
Publication number: 20200106768Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.Type: ApplicationFiled: August 9, 2019Publication date: April 2, 2020Inventors: Mark V. Lambiase, Garret Florian Grajek, Jeffrey Chiwai Lo, Tommy Ching Hsiang Wu
-
Publication number: 20200099677Abstract: A security object creation and validation system provides an additional factor of authentication. An authentication system as described herein provides secure two-factor authentication, such as for IT resources in an organization. The authentication system can perform generation of a security object (such as an X.509 object, Java object, persistent browser token, or other digital certificate); registration of the generated security object or of an existing security object (such as a near field communication identifier, smart card identifier, OATH token, etc.); validation of the security object as part of an authentication process; and assertion of the identity of the security object to native network resources (such as web resources, network resources, cloud resources, mobile applications, and the like) that may accept the security object. The authentication system may provide user interfaces to allow users and administrators to manage registered device inventory and revoke security objects.Type: ApplicationFiled: August 30, 2019Publication date: March 26, 2020Inventors: Garret Florian Grajek, Allen Yu Quach, Jeffrey Chiwai Lo, Shu Jen Tung
-
Patent number: 10567385Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client device, such as a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client device is associated with the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.Type: GrantFiled: March 23, 2018Date of Patent: February 18, 2020Assignee: SecureAuth CorporationInventors: Allen Yu Quach, Jeffrey Chiwai Lo, Garret Florian Grajek, Mark V. Lambiase
-
Patent number: 10439826Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: GrantFiled: January 29, 2018Date of Patent: October 8, 2019Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 10419418Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: September 28, 2017Date of Patent: September 17, 2019Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 10404678Abstract: A security object creation and validation system provides an additional factor of authentication. An authentication system as described herein provides secure two-factor authentication, such as for IT resources in an organization. The authentication system can perform generation of a security object (such as an X.509 object, Java object, persistent browser token, or other digital certificate); registration of the generated security object or of an existing security object (such as a near field communication identifier, smart card identifier, OATH token, etc.); validation of the security object as part of an authentication process; and assertion of the identity of the security object to native network resources (such as web resources, network resources, cloud resources, mobile applications, and the like) that may accept the security object. The authentication system may provide user interfaces to allow users and administrators to manage registered device inventory and revoke security objects.Type: GrantFiled: February 25, 2015Date of Patent: September 3, 2019Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Allen Yu Quach, Jeffrey Chiwai Lo, Shu Jen Tung
-
Patent number: 10382427Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.Type: GrantFiled: March 14, 2016Date of Patent: August 13, 2019Assignee: SecureAuth CorporationInventors: Mark V. Lambiase, Garret Florian Grajek, Jeffrey Chiwai Lo, Tommy Ching Hsiang Wu
-
Publication number: 20180295136Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.Type: ApplicationFiled: March 23, 2018Publication date: October 11, 2018Inventors: Allen Yu Quach, Jeffrey Chiwai Lo, Garret Florian Grajek, Mark V. Lambiase
-
Publication number: 20180167222Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: ApplicationFiled: January 29, 2018Publication date: June 14, 2018Inventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 9992189Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.Type: GrantFiled: August 14, 2017Date of Patent: June 5, 2018Assignee: SecureAuth CorporationInventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
-
Publication number: 20180124039Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: ApplicationFiled: September 28, 2017Publication date: May 3, 2018Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Publication number: 20180091499Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.Type: ApplicationFiled: August 14, 2017Publication date: March 29, 2018Inventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
-
Patent number: 9930040Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.Type: GrantFiled: April 27, 2016Date of Patent: March 27, 2018Assignee: SecureAuth CorporationInventors: Allen Yu Quach, Jeffrey Chiwai Lo, Garret Florian Grajek, Mark V. Lambiase
-
Patent number: 9882728Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.Type: GrantFiled: September 28, 2016Date of Patent: January 30, 2018Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Jeffrey Chiwai Lo, Mark V. Lambiase
-
Patent number: 9781097Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: October 3, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 9756035Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: September 5, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Patent number: 9736145Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.Type: GrantFiled: July 31, 2015Date of Patent: August 15, 2017Assignee: SecureAuth CorporationInventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
-
Patent number: 9660974Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.Type: GrantFiled: February 13, 2015Date of Patent: May 23, 2017Assignee: SecureAuth CorporationInventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
-
Publication number: 20170078292Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.Type: ApplicationFiled: April 27, 2016Publication date: March 16, 2017Inventors: Allen Yu Quach, Jeffrey Chiwai Lo, Garret Florian Grajek, Mark V. Lambiase