Patents by Inventor Robert A. Jerdonek
Robert A. Jerdonek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8904180Abstract: A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.Type: GrantFiled: October 16, 2012Date of Patent: December 2, 2014Assignee: CA, Inc.Inventors: Robert Allen, Robert A. Jerdonek, John Wang, Tom Wu
-
Patent number: 8769607Abstract: Systems, methods and articles of manufacture for evaluating a password policy are disclosed. The password evaluation system receives password policy data regarding a password policy, including a password constraint. The system analyzes the password policy data to determine a usability index and a password strength index for the password policy, and also determines a usability index and password strength index for a plurality of modified password policies having password constraints different from the password policy. The system then provides a graphical representation of the usability index and the password strength for the password policy and the modified password policies, thereby allowing a password designer to optimize the tradeoffs between usability and security of a password policy.Type: GrantFiled: January 26, 2011Date of Patent: July 1, 2014Assignee: Intuit Inc.Inventors: Robert A. Jerdonek, Christopher C. Chung
-
Patent number: 8290165Abstract: A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.Type: GrantFiled: March 12, 2010Date of Patent: October 16, 2012Assignee: CA, Inc.Inventors: Robert Allen, Robert A. Jerdonek, John Wang, Tom Wu
-
Publication number: 20100172504Abstract: A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.Type: ApplicationFiled: March 12, 2010Publication date: July 8, 2010Applicant: Arcot Systems, Inc.Inventors: Robert Allen, Robert A. Jerdonek, John Wang, Tom Wu
-
Patent number: 7711122Abstract: A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.Type: GrantFiled: March 8, 2002Date of Patent: May 4, 2010Assignee: Arcot Systems, Inc.Inventors: Robert Allen, Robert A. Jerdonek, John Wang, Tom Wu
-
Publication number: 20090034735Abstract: In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.Type: ApplicationFiled: August 25, 2008Publication date: February 5, 2009Applicant: Arcot Systems, Inc.Inventor: Robert Jerdonek
-
Patent number: 7418728Abstract: In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.Type: GrantFiled: March 17, 2004Date of Patent: August 26, 2008Assignee: Arcot Systems, Inc.Inventor: Robert Jerdonek
-
Patent number: 7181762Abstract: A computer program product for a client computing system including a processor includes code that directs the processor to request a challenge from a authentication server, code that directs the processor to receive the challenge from the authentication server via a first secure communications channel, the challenge comprising an identity code, code that directs the processor to receive user authentication data from a user, code that directs the processor to determine a private key and a digital certificate in response to the user authentication data, code that directs the processor to form a digital signature in response to the identity code and the private key, code that directs the processor to communicate the digital signature to the authentication server, code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form, and code that directs the processor to communicate network user authentication datType: GrantFiled: June 28, 2001Date of Patent: February 20, 2007Assignee: Arcot Systems, Inc.Inventor: Robert A. Jerdonek
-
Patent number: 7111789Abstract: Techniques are disclosed to increase the efficiency of multi-party authentication communications protocols. One technique includes a four party authentication method utilizing a general authenticator to store and provide a credit card authentication password and other payment information to an issuing bank and/or other parties involved in the transaction. Other techniques include the use of skeleton messages to minimize the forwarding of information through a forwarding party, the elimination of redundant communications exchanges, the use of a merchant appliance hardware solution to minimize system integration difficulties, and/or the imposition of credit card constraints. The techniques may be used singly or in combination.Type: GrantFiled: August 22, 2002Date of Patent: September 26, 2006Assignee: Arcot Systems, Inc.Inventors: Sanguthevar Rajasekaran, James Reno, Rammohan Varadarajan, Sanjay Vyas, Do-Pil Park, Robert Jerdonek
-
Patent number: 6983381Abstract: A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.Type: GrantFiled: June 28, 2001Date of Patent: January 3, 2006Assignee: Arcot Systems, Inc.Inventor: Robert A. Jerdonek
-
Publication number: 20050228999Abstract: A computer-readable medium having stored thereon computer-executable instructions for implementing a method of verifying a digitally-signed document includes stored instruction for verifying a digital signature related to the document, stored instruction for validating at least one certificate associated with the signature, and stored instruction for storing audit information into a data structure movable as a unit. The audit information relates to verifying the digital signature and validating the at least one certificate, thereby retaining evidence that the document was verified. The instructions further include stored instruction for thereafter displaying the audit information.Type: ApplicationFiled: March 24, 2005Publication date: October 13, 2005Applicant: Arcot Systems, Inc.Inventors: Robert Jerdonek, Thomas Wu, Do-Pil Park
-
Publication number: 20050210286Abstract: In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.Type: ApplicationFiled: March 17, 2004Publication date: September 22, 2005Applicant: Arcot Systems, Inc., a California corporationInventor: Robert Jerdonek
-
Publication number: 20030042301Abstract: Techniques are disclosed to increase the efficiency of multi-party authentication communications protocols. One technique includes a four party authentication method utilizing a general authenticator to store and provide a credit card authentication password and other payment information to an issuing bank and/or other parties involved in the transaction. Other techniques include the use of skeleton messages to minimize the forwarding of information through a forwarding party, the elimination of redundant communications exchanges, the use of a merchant appliance hardware solution to minimize system integration difficulties, and/or the imposition of credit card constraints. The techniques may be used singly or in combination.Type: ApplicationFiled: August 22, 2002Publication date: March 6, 2003Inventors: Sanguthevar Rajasekaran, James Reno, Rammohan Varadarajan, Sanjay Vyas, Do-Pil Park, Robert Jerdonek
-
Publication number: 20020126850Abstract: A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.Type: ApplicationFiled: March 8, 2002Publication date: September 12, 2002Applicant: Arcot Systems, Inc.Inventors: Robert Allen, Robert A. Jerdonek, John Wang, Tom Wu
-
Publication number: 20020095569Abstract: A computer program product for a client computing system including a processor includes code that directs the processor to request a challenge from a authentication server, code that directs the processor to receive the challenge from the authentication server via a first secure communications channel, the challenge comprising an identity code, code that directs the processor to receive user authentication data from a user, code that directs the processor to determine a private key and a digital certificate in response to the user authentication data, code that directs the processor to form a digital signature in response to the identity code and the private key, code that directs the processor to communicate the digital signature to the authentication server, code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form, and code that directs the processor to communicate network user authentication datType: ApplicationFiled: June 28, 2001Publication date: July 18, 2002Inventor: Robert A. Jerdonek
-
Publication number: 20020095507Abstract: A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.Type: ApplicationFiled: June 28, 2001Publication date: July 18, 2002Inventor: Robert A. Jerdonek