Patents by Inventor Marten Van Dijk

Marten Van Dijk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10129249
    Abstract: Methods and apparatus are provided for randomizing state transitions for one-time authentication tokens. A user authentication passcode is generated by determining a generation time within an epoch for initiating computation of the user authentication passcode; initiating computation of the user authentication passcode at the determined generation time; and presenting the user authentication passcode at a presentation time that is de-coupled from the generation time. The generation time occurs, for example, at a random offset from a start of the epoch. A time difference between the presentation time and a completion of the computation of the user authentication passcode comprises, e.g., a uniformly distributed random variable over a range of values having a finite mean value. The epoch optionally comprises pre-computation epochs and a variable number of user authentication passcodes are optionally computed during a given pre-computation epoch.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: November 13, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Nikolaos Triandopoulos, Marten van Dijk, John Brainard, William M. Duane
  • Patent number: 9654467
    Abstract: Methods and apparatus are provided for improving resilience to forward clock attacks. A token generates a passcode from a user authentication token for presentation to an authentication server by detecting a forward clock attack; and communicating an indication of the forward clock attack to the authentication server. The generation of the user authentication passcodes is optionally suspended upon detecting the forward clock attack. The detection may be based on a comparison of a current device time of the token and a last used device time during a generation of a user authentication passcode.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: May 16, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Nikolaos Triandopoulos, Marten van Dijk, John Brainard, Ronald Rivest
  • Patent number: 9430655
    Abstract: An improved technique involves providing protection of secrets by splitting the secret into secret shares and providing tokens for each secret share. Along these lines, a terminal splits a secret such as a credit card number into shares. The terminal then transmits each share to a separate and distinct token server. Each token server, upon receiving a secret share, generates a corresponding token and sends that token to an application server. In some cases, when a user at the application server requires access to the secret, the application server sends each token to the token server form which the token was generated. The token servers each send, in return, a secret share to the application server. The application server combines the secret shares to recover the secret.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: August 30, 2016
    Assignee: EMC Corporation
    Inventors: Rachael Stockton, Marten van Dijk
  • Patent number: 9294473
    Abstract: Server methods and apparatus are provided for processing passcodes generated by configurable one-time authentication tokens. An authentication server is configured to process an original passcode generated by a configurable one-time authentication token by configuring the authentication server to have a server configuration that is compatible with a selected configuration of the configurable one-time authentication token; receiving a candidate passcode based on the original passcode generated by the configurable one-time authentication token; and processing the Is candidate passcode based on the server configuration. The selected configuration of the configurable one-time authentication token must always enable a forward-secure pseudorandom number generation feature for the one-time authentication token and at least one additional selected token feature.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: March 22, 2016
    Assignee: EMC Corporation
    Inventors: Ari Juels, Nikolaos Triandopoulos, Marten van Dijk, John Brainard, Ronald Rivest, Kevin Bowers
  • Patent number: 9270655
    Abstract: Configurable one-time authentication tokens are provided with improved resilience to attacks. A one-time authentication token is configured by providing a plurality of token features that may be selectively incorporated into the configurable one-time authentication token, wherein the plurality of token features comprise at least two of the features; obtaining a selection of at least a plurality of the token features: and configuring the one-time authentication token based on the selected token features, wherein the configuration must always enable forward security for the one-time authentication token and at least one additional selected token feature. A configurable one-time authentication token is provided that comprises a plurality of selectable token features that may be selectively incorporated into the configurable one-time authentication token, wherein the configurable one-time authentication token is always configured with the forward security and at least one additional token feature.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 23, 2016
    Assignee: EMC Corporation
    Inventors: Ari Juels, Nikolaos Triandopoulos, Marten van Dijk, John Brainard, Ronald Rivest, Kevin Bowers
  • Patent number: 9225717
    Abstract: Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: December 29, 2015
    Assignee: EMC Corporation
    Inventors: John Brainard, Nikolaos Triandopoulos, Marten van Dijk, Ari Juels
  • Patent number: 9122878
    Abstract: An improved technique for verifying a license of a software product includes performing license checks with a server and passing to the server, as part of the license checks, a drifting digital code. The drifting code forms a particular drift pattern, which the server detects over the course of multiple license checks. The drift pattern is typically unique, or relatively unique, to the machine on which the software product is run, and changes in a manner that is difficult for malicious users to replicate on other machines. If a second copy of the software is installed, e.g., if the software is pirated, the second copy will produce a drifting code that has its own drift pattern, which differs from that of the initial copy. The server detects the duplicate copy by observing a divergence in the codes it receives during license checks.
    Type: Grant
    Filed: June 28, 2012
    Date of Patent: September 1, 2015
    Assignee: EMC Corporation
    Inventors: Samuel J. Curry, Marten Van Dijk
  • Patent number: 9083515
    Abstract: Methods and apparatus are provided for generation of forward secure pseudorandom numbers that are resilient to such forward clock attacks. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node ?i in a hierarchical tree, wherein the current leaf ?i produces a first pseudorandom number ri?1; updating the first state si to a second state si+t corresponding to a second leaf node ?i+t; and computing a second pseudorandom number ri+t?1 corresponding to the second leaf node ?i+t, wherein the second pseudorandom number ri+t?1 is based on a forward clock reset index that identifies an instance of the hierarchical tree, wherein the instance of the hierarchical tree is incremented when one or more criteria indicating a forward clock attack are detected. The forward clock reset index can be encoded in a forward secure manner in the hierarchical tree.
    Type: Grant
    Filed: December 27, 2012
    Date of Patent: July 14, 2015
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Nikolaos Triandopoulos, Ari Juels, Ronald Rivest
  • Patent number: 8978159
    Abstract: Access control systems are provided that mediate access to derivatives of sensitive data. A method is provided for processing a data request from a client, the data request comprising a client identifier and an indication of the intended use of the data, by receiving the data request from the client; providing the client identifier and indicated use to an access manager, wherein the access manager assesses a risk of providing access to the data for the indicated use; if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions from the access manager; computing a result; and providing the result to the client, wherein the provided result comprises the derivative of sensitive data. The access manager grants the access for the indicated use, for example, based on a risk score.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: March 10, 2015
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Samuel J. Curry, Robert D. Hopley, John G. Linn, Alina M. Oprea, Kenneth Ray
  • Patent number: 8909967
    Abstract: A technique for secure computation obfuscates program execution such that observers cannot detect what instructions are being run at any given time. Rather, program execution and memory access patterns are made to appear uniform. A processor operates based on encrypted inputs and produces encrypted outputs. In various examples, obfuscation is achieved by exercising computational circuits in a similar way for a wide range of instructions, such that all such instructions, regardless of their operational differences, affect the processor's power dissipation and processing time substantially uniformly. Obfuscation is further achieved by limiting memory accesses to predetermined time intervals, with memory interface circuits exercised regardless of whether a running program requires a memory access or not. The resulting processor thus reduces leakage of any meaningful information relating to the program or its inputs, which could otherwise be detectable to observers.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: December 9, 2014
    Assignee: EMC Corporation
    Inventor: Marten van Dijk
  • Patent number: 8875263
    Abstract: A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication.
    Type: Grant
    Filed: March 29, 2012
    Date of Patent: October 28, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, John G. Brainard, Samuel Curry, Sean P. Doyle, Michael J. O'Malley, Nikolaos Triandopoulos
  • Patent number: 8817988
    Abstract: An improved technique involves protecting a set of resources in a distributed computer system by scheduling epochs for replacing keys that have a variable duration. Along these lines, a Variable Epoch Scheduler (VES) generates schedules of key updates for a set of players in the distributed system such that at least two epochs in the schedules have different durations. For example, the epoch durations within a schedule may vary, or the epoch durations for different players may be different. At the end of each epoch, the VES notifies the distributed system to update the key identified in the schedule as corresponding to that epoch.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: August 26, 2014
    Assignee: EMC Corporation
    Inventors: Rachael Stockton, Robert Damon Hopley, Marten van Dijk, Ari Juels, Nikolaos Triandopoulos
  • Patent number: 8819769
    Abstract: An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating the user to the remote network.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: August 26, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Sean P. Doyle, Eyal Kolman, Nikolaos Triandopoulos, Riaz Zolfonoon
  • Patent number: 8752146
    Abstract: A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc.
    Type: Grant
    Filed: March 29, 2012
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Sean P. Doyle, Nikolaos Triandopoulos, Riaz Zolfonoon
  • Patent number: 8752156
    Abstract: A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples of the set of random bits and tests actual samples arriving in connection with subsequent authentication requests. Mismatches between predicted samples and received samples indicate discrepancies between the random bits of the device providing the samples and the random bits of the mobile device, and thus indicate unauthorized soft token copies.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Sean P. Doyle, Nikolaos Triandopoulos, Riaz Zolfonoon
  • Patent number: 8683570
    Abstract: An improved technique provides scheduled data transfer between a mobile device and a server. The mobile device combines token codes generated by a soft token with sequences of auxiliary bits and displays the combinations to users as passcodes. Users may then copy the passcodes to their computers for authenticating to a server on a remote network. As the passcodes include both token codes and sequences of auxiliary bits, a communication channel is established whereby the auxiliary bits as well as the soft token codes are transmitted from the mobile device to the server.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: March 25, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Nikolaos Triandopoulos
  • Patent number: 8683563
    Abstract: An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: March 25, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Sean P. Doyle, William M. Duane, Ari Juels, Michael J. O'Malley, Nikolaos Triandopoulos, Riaz Zolfonoon
  • Patent number: 8621649
    Abstract: A technique provides a security-sensitive environment. The technique involves establishing a first secure channel from a trusted server to a first data source DA. The technique further involves establishing a second secure channel from the trusted server to a second data source DB. The technique further involves, while the trusted server performs a set of collaborative operations in which the trusted server (i) accesses the first data source through the first secure channel (ii) accesses the second data source through the second secure channel, and (iii) generates a set of collaborative results based on information from the first and second data sources (i.e., the output of f(DA,DB)), running a set of security policy compliance operations in the trusted server to inhibit unauthorized leakage of data in the set of collaborative results.
    Type: Grant
    Filed: March 31, 2011
    Date of Patent: December 31, 2013
    Assignee: EMC Corporation
    Inventors: Marten Van Dijk, Ari Juels, Brian William Fitzgerald, George Matthews
  • Patent number: 7840803
    Abstract: A group of devices are fabricated based on a common design, each device having a corresponding plurality of measurable characteristics that is unique in the group to that device, each device having a measurement module for measuring the measurable characteristics. Authentication of one of the group of devices is enabled by selective measurement of one or more of the plurality of measurable characteristics of the device.
    Type: Grant
    Filed: April 4, 2003
    Date of Patent: November 23, 2010
    Assignees: Massachusetts Institute of Technology, Intrinsic ID B.V.
    Inventors: Dwaine Clarke, Blaise Gassend, Marten Van Dijk, Srinivas Devadas
  • Publication number: 20090222672
    Abstract: An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.
    Type: Application
    Filed: January 29, 2009
    Publication date: September 3, 2009
    Applicant: Massachusetts Institute of Technology
    Inventors: Dwaine Clarke, Blaise Gassend, Marten Van Dijk, Srinivas Devadas