Patents by Inventor Michael Boodaei

Michael Boodaei has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11777942
    Abstract: Disclosed herein are methods and systems for transferring trust between authentication devices associated with the same user. The user accessing secure online resource(s) uses a first (authentication) client device which is not yet associated (verified) with the user for accessing the secure online resource(s). In response to receiving an authentication request from the client device, an authentication message is transmitted to the first client device. The authentication message is transferred from the first client device to a second client device already associated (verified) with the user for accessing the secure online resource(s). The second authenticator transmits back the authentication message which may be verified against the authentication message transmitted to the first client device.
    Type: Grant
    Filed: December 8, 2020
    Date of Patent: October 3, 2023
    Assignee: Transmit Security Ltd.
    Inventors: Michael Boodaei, Eldan Ben-Haim, Dima Polsky
  • Patent number: 11546390
    Abstract: Disclosed herein are systems and methods for recovering online services user accounts of users based on verification of the users in video conferences, comprising receiving a request for recovering an account of a user of an online service, establishing one or more video conference sessions between a client device used by the user, client devices used by one or more trustees associated with the user and a bot agent initiated for the video conference session(s), operating the bot agent during the one or more video conference sessions to guide the one or more trustees to verify an identity of the user, and initiating an account recovery process for the account of the user in response to receiving a positive verification verdict from the one or more trustees.
    Type: Grant
    Filed: August 30, 2021
    Date of Patent: January 3, 2023
    Assignee: Transmit Security Ltd.
    Inventors: Michael Boodaei, Eldan Ben-Haim
  • Patent number: 11388167
    Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.
    Type: Grant
    Filed: December 2, 2019
    Date of Patent: July 12, 2022
    Assignee: Transmit Security Ltd.
    Inventors: Michael Boodaei, Eldan Ben-Haim, Dima Polsky
  • Publication number: 20220182388
    Abstract: Disclosed herein are methods and systems for transferring trust between authentication devices associated with the same user. The user accessing secure online resource(s) uses a first (authentication) client device which is not yet associated (verified) with the user for accessing the secure online resource(s). In response to receiving an authentication request from the client device, an authentication message is transmitted to the first client device. The authentication message is transferred from the first client device to a second client device already associated (verified) with the user for accessing the secure online resource(s). The second authenticator transmits back the authentication message which may be verified against the authentication message transmitted to the first client device.
    Type: Application
    Filed: December 8, 2020
    Publication date: June 9, 2022
    Inventors: Michael BOODAEI, Eldan BEN-HAIM, Dima POLSKY
  • Patent number: 11048792
    Abstract: A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.
    Type: Grant
    Filed: October 28, 2018
    Date of Patent: June 29, 2021
    Assignee: Transmit Security Ltd.
    Inventor: Michael Boodaei
  • Publication number: 20210168148
    Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.
    Type: Application
    Filed: December 2, 2019
    Publication date: June 3, 2021
    Inventors: Michael BOODAEI, Eldan BEN-HAIM, Dima POLSKY
  • Publication number: 20210073359
    Abstract: Presented herein are methods, systems and devices for authenticating a user according to a secure One Time Password (OTP), comprising generating a challenge encoding a first public key of a temporary key pair generated for use during a specific authentication process, storing a first private key of the temporary key pair, outputting the challenge to a code generation device associated with a user, receiving an OTP code derived by the code generation device from an outcome of a key agreement algorithm applied to the first public and a second private key of an authentication key pair uniquely associated with the code generation device, deriving a reference OTP code from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair, and authenticating the user according to a match between the OTP code and the reference OTP code.
    Type: Application
    Filed: September 10, 2019
    Publication date: March 11, 2021
    Inventors: Michael Boodaei, Eldan Ben-Haim
  • Patent number: 10735423
    Abstract: A system for enforcing a security policy on an application stored at a mobile device has an application at the device provided with software code for issuing a request for authenticating a user, and a security enforcement unit; an authentication agent at the device, which is separate from the application, and which is configured with an authentication data collecting unit for collecting authentication data upon receipt of the request for user authentication from the application, and for conveying the collected authentication data to an authentication-authorization server; and an authentication-authorization server for receiving the collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to the security enforcement unit. Upon receipt of the enforcement level signal, the security enforcement unit accordingly applies a security level at the application.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: August 4, 2020
    Inventor: Michael Boodaei
  • Publication number: 20200134165
    Abstract: A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.
    Type: Application
    Filed: October 28, 2018
    Publication date: April 30, 2020
    Inventor: Michael BOODAEI
  • Publication number: 20200074070
    Abstract: A computer implemented method of generating a Time based One Time Password (TOTP) comprising a risk assessment index comprising, monitoring an authentication process in which a user provides authentication credentials to enable the code generation device to generate a TOTP for use by a client device associated with the user to access a secure service, calculating a risk index indicating an estimated risk level of the authentication process based on data collected during the authentication process, generating the TOTP based on a unique secret key assigned to the code generation device and a current time, the TOTP is encoded to encode the risk index and outputting the encoded TOTP for transmission to an authentication system adapted to generate an authentication score for the user attempting to access the secure service based on verification of the TOTP and according to the risk index.
    Type: Application
    Filed: October 31, 2018
    Publication date: March 5, 2020
    Inventor: Michael Boodaei
  • Patent number: 10320837
    Abstract: Managing denial-of-service attacks by intercepting a query by a client software executed by a computer to resolve at a DNS server a network address associated with a target computer system, determining if the DNS server is under denial-of-service attack, and providing to the client software, in response to the query, an alternate network address associated with the target computer system if the DNS server is under denial-of-service attack.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: June 11, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Michael Boodaei
  • Publication number: 20180343256
    Abstract: The invention relates to a system for enforcing a security policy on an application stored at a mobile device, which comprises: (a) an application at said device which comprises: (a.1) software code within the application for issuing a request for authenticating a user; and (a.2) a security enforcement unit; (b) an authentication agent at said device, which is separate from the application, and which comprises: (b.1) an authentication data collecting unit for collecting authentication data upon receipt of said request for a user authentication from the application, and for conveying said collected authentication data to an authentication-authorization server; and (c) an authentication-authorization server for receiving said collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to said security enforcement unit; wherein, upon receipt of said enforcement level signal, said security enforcement unit accordingly applies a security level at said application.
    Type: Application
    Filed: May 25, 2017
    Publication date: November 29, 2018
    Inventor: Michael Boodaei
  • Patent number: 10104095
    Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: October 16, 2018
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Michael Boodaei, Shlomo Kramer
  • Publication number: 20170366559
    Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.
    Type: Application
    Filed: September 5, 2017
    Publication date: December 21, 2017
    Inventors: Amichai SHULMAN, Michael BOODAEI, Shlomo KRAMER
  • Patent number: 9781133
    Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.
    Type: Grant
    Filed: April 16, 2014
    Date of Patent: October 3, 2017
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Michael Boodaei, Shlomo Kramer
  • Patent number: 9727715
    Abstract: A computer implemented user authentication method, according to which a mobile application is installed on the mobile terminal device of the user and when the user inputs his username and password, the mobile application creates a private and public encryption keys and encrypts the password with the public key. Data including the encrypted password, the username and the public key is sent to a dedicated server and stored therein as an encrypted file under the username, along with information required for contacting the user's mobile terminal device. The user to selects, and enrolls to, an advanced authentication mechanism, which creates an authentication key for validating the identity of the user and encrypting the private key. The encrypted private key is stored on the user's terminal device. Upon launching the mobile application, the user selects a preferred advanced authentication mechanism which returns an authentication key upon successful authentication of the user.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: August 8, 2017
    Inventor: Michael Boodaei
  • Publication number: 20160125410
    Abstract: The invention relates to system for validating a transaction in an institution and ensuring that said transaction has not been exploited by use of social-engineering, which comprises: (A). in an institution server: (a) a validation engine which is configured to: (a.1)receiving a request message for the performance of a transaction validation against a possibility of social-engineering type manipulation, said request comprises parameters of said transaction; (a.2) based on a set of predefined rules and on a storage of predefined template messages, selecting a message template from said storage, filling fields of the message with specific data, and sending an inquiry message to an application of said institution within a customer device; and (a.3) receiving a response message from said application, and either repeating formulation and sending of an additional message to said application, or concluding the request; (B.) in a customer device: (b) an application and a user interface for: (b.
    Type: Application
    Filed: October 28, 2015
    Publication date: May 5, 2016
    Inventor: Michael Boodaei
  • Publication number: 20160112369
    Abstract: The invention relates to a system for validating a pair of phone number and person's name, which comprises: (a) a logical unit at a provider's server which is configured to receive said pair, and to determine based on a number of full matches or partial matches of said pair within as many as possible individual contact lists of respective mobile devices whether the pair is valid or not; and (b) a module within each provider's application which are in turn installed within each of said mobile devices, said module is configured to communicate with the respective contact list stored in the mobile, and to (a) either communicate said full contact list to said provider's server, or (b) to determine whether a full or partial match exists with said pair, and to communicate the determined result to said provider's server.
    Type: Application
    Filed: October 21, 2015
    Publication date: April 21, 2016
    Inventor: Michael Boodaei
  • Publication number: 20160070894
    Abstract: A computer implemented user authentication method, according to which a mobile application is installed on the mobile terminal device of the user and when the user inputs his username and password, the mobile application creates a private and public encryption keys and encrypts the password with the public key. Data including the encrypted password, the username and the public key is sent to a dedicated server and stored therein as an encrypted file under the username, along with information required for contacting the user's mobile terminal device. The user to selects, and enrolls to, an advanced authentication mechanism, which creates an authentication key for validating the identity of the user and encrypting the private key. The encrypted private key is stored on the user's terminal device. Upon launching the mobile application, the user selects a preferred advanced authentication mechanism which returns an authentication key upon successful authentication of the user.
    Type: Application
    Filed: September 4, 2015
    Publication date: March 10, 2016
    Inventor: Michael BOODAEI
  • Patent number: 9270691
    Abstract: A method for detecting HTML-modifying malware present in a computer includes providing a server which serves a web page (HTML) to a browser. A determination is made whether a modified string exists in the page received by the browser and if a modifying element is found, determining the malware is present in the computer.
    Type: Grant
    Filed: November 1, 2010
    Date of Patent: February 23, 2016
    Assignee: TRUSTEER, LTD.
    Inventors: Amit Klein, Michael Boodaei