Patents by Inventor Ronald L. Rivest
Ronald L. Rivest has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9621576Abstract: There are disclosed techniques for use in detecting malicious websites. In at least one embodiment, there is disclosed a technique for generating a profile in connection with a website. The profile comprising at least one attribute associated with the website. The technique also comprises collecting information relating to the website during a visit to the website. The technique further comprises detecting a change in connection with the website. The detection of the change comprises identifying a variation between the generated profile and the collected information.Type: GrantFiled: December 31, 2014Date of Patent: April 11, 2017Assignee: EMC IP Holding Company LLCInventors: Alina Oprea, Sumayah Alrwais, Kevin D. Bowers, Todd S. Leetham, Zhou Li, Ronald L. Rivest
-
Patent number: 9537845Abstract: A method comprises storing in a memory of a first processing device information relating to one or more historical events visible to the first processing device and a second processing device. The method further comprises, in an authentication sessions between the first processing device and the second processing device, transmitting an indicator derived from at least a portion of the stored information from the first processing device to the second processing device. The indicator permits the second processing device to determine authenticity of the first processing device.Type: GrantFiled: September 30, 2013Date of Patent: January 3, 2017Assignee: EMC IP Holding Company LLCInventors: Ari Juels, Ronald L. Rivest
-
Patent number: 9471777Abstract: A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.Type: GrantFiled: February 24, 2012Date of Patent: October 18, 2016Assignee: EMC CorporationInventors: Ari Juels, Marten Erik van Dijk, Alina M. Oprea, Ronald L. Rivest
-
Multi-server one-time passcode verification on respective high order and low order passcode portions
Patent number: 9454654Abstract: Multi-server one-time passcode verification is provided for respective high order and low order passcode portions. A user is authenticated by receiving an authentication passcode generated by a token associated with the user; and authenticating the user based on the received authentication passcode using at least a first authentication server and a second authentication server, wherein the first authentication server verifies a high-order portion of the received authentication passcode and wherein the second authentication server verifies a low-order portion of the received authentication passcode. The received authentication passcode is based on, for example, at least two protocodes PR,t and PB,t generated by the token and/or pseudorandom information RA,t. A codebook Ct, based on the pseudorandom information RA,t, can be used to embed additional auxiliary information into the authentication passcode.Type: GrantFiled: December 31, 2013Date of Patent: September 27, 2016Assignee: EMC CorporationInventors: Nikolaos Triandopoulos, Ari Juels, Ronald L. Rivest, John Brainard -
Patent number: 9361447Abstract: A processing device comprises a processor coupled to a memory and is configured to implement an overlay effects selection interface for use in conjunction with generation of a graphical password. An image is obtained and presented in the overlay effects selection interface with a plurality of user-selectable overlay effects. User input is received identifying at least one overlay effect selected from the plurality of user-selectable overlay effects, and a modified version of the image is presented incorporating the selected at least one overlay effect. Information characterizing the image and the selected at least one overlay effect is utilized to control access to a protected resource. For example, the information characterizing the image and the selected at least one overlay effect may be obtained as part of a graphical password enrollment process and stored as at least a portion of the graphical password for controlling access to the protected resource.Type: GrantFiled: September 4, 2014Date of Patent: June 7, 2016Assignee: EMC CorporationInventors: Kevin D. Bowers, Vihang P. Dudhalkar, Ari Juels, Ronald L. Rivest, Samir Saklikar, Nikolaos Triandopoulos
-
Patent number: 9280871Abstract: Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.Type: GrantFiled: July 9, 2007Date of Patent: March 8, 2016Assignee: EMC CorporationInventors: Daniel Vernon Bailey, Burton S. Kaliski, Jr., Ari Juels, Ronald L. Rivest
-
Patent number: 8983874Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.Type: GrantFiled: October 14, 2009Date of Patent: March 17, 2015Assignee: Massachusetts Institute of TechnologyInventors: Silvio Micali, Ronald L. Rivest
-
Patent number: 8966276Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.Type: GrantFiled: September 10, 2004Date of Patent: February 24, 2015Assignee: EMC CorporationInventors: Andrew Nanopoulos, Karl Ackerman, Piers Bowness, William Duane, Markus Jakobsson, Burt Kaliski, Dmitri Pal, Shane D. Rice, Ronald L. Rivest
-
Patent number: 8813234Abstract: A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.Type: GrantFiled: June 29, 2011Date of Patent: August 19, 2014Assignee: EMC CorporationInventors: Kevin D. Bowers, Marten E. van Dijk, Ari Juels, Alina M. Oprea, Ronald L. Rivest, Nikolaos Triandopoulos
-
Patent number: 8699713Abstract: A key is updated in a first cryptographic device and an update message comprising information characterizing the updated key is sent from the first cryptographic device to a second cryptographic device. The update message as sent by the first cryptographic device is configured to permit the second cryptographic device to detect compromise of the updated key by determining if an inconsistency is present in the corresponding received update message based at least in part on that received update message and one or more previously-received update messages. In an illustrative embodiment, the first cryptographic device comprises an authentication token and the second cryptographic device comprises an authentication server.Type: GrantFiled: September 30, 2011Date of Patent: April 15, 2014Assignee: EMC CorporationInventors: Ronald L. Rivest, Ari Juels
-
Patent number: 8438617Abstract: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.Type: GrantFiled: October 29, 2007Date of Patent: May 7, 2013Assignee: EMC CorporationInventors: John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo
-
Patent number: 8346742Abstract: A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.Type: GrantFiled: March 30, 2011Date of Patent: January 1, 2013Inventors: Ari Juels, Marten Erik van Dijk, Alina Oprea, Ronald L. Rivest, Emil P. Stefanov
-
Publication number: 20100241569Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.Type: ApplicationFiled: October 14, 2009Publication date: September 23, 2010Applicant: Massachusetts Institute of TechnologyInventors: Ronald L. Rivest, Silvio Micali
-
Publication number: 20090267747Abstract: In accordance with the present invention, a radio frequency identification (RFID) tag for use with an RFID system which includes one or more RFID tag readers, includes a tag communication device adapted to communicate with each of the one or more tag readers, a one-way hash function stored on the RFID tag, and a memory having stored therein a metaID. The tags may be locked and unlocked. The system includes a reader and a database. The system communicates with the tags via a forward channel and a backward channel. The present invention can singulate one tag from several responding tags and acquire the ID for the singulated tag.Type: ApplicationFiled: March 23, 2009Publication date: October 29, 2009Inventors: Ronald L. Rivest, Daniel W. Engels, Sanjay Sarma, Stephen A. Weis
-
Publication number: 20090113530Abstract: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.Type: ApplicationFiled: October 29, 2007Publication date: April 30, 2009Inventors: John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo
-
Patent number: 7502467Abstract: In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.Type: GrantFiled: November 2, 2005Date of Patent: March 10, 2009Assignee: RSA Security Inc.Inventors: John G. Brainard, Burton S. Kaliski, Jr., Magnus Nyström, Ronald L. Rivest
-
Publication number: 20080232590Abstract: A method of producing an offer package includes defining, within the offer package, a description of an offered product. The cost of the offered product and the merchant making the offer are also defined within the offer package, which includes an encrypted version of the offered product.Type: ApplicationFiled: January 23, 2004Publication date: September 25, 2008Inventors: Ronald L. Rivest, Silvio Micali, Perry Solomon, Robert Nix, Robert Carney, Prasad Jonnalagadda, Joseph Bergeron III, Mark Bates
-
Patent number: 7363494Abstract: A time-based method for generating an authentication code associated with an entity uses an authentication code generated from a secret, a dynamic, time-varying variable, and the number of previous authentication code generations within the particular time interval. Other information such as a personal identification number (PIN) and a verifier identifier can also be combined into the authentication code.Type: GrantFiled: December 4, 2001Date of Patent: April 22, 2008Assignee: RSA Security Inc.Inventors: John G. Brainard, Burton S. Kaliski, Jr., Ronald L. Rivest
-
Patent number: 6985583Abstract: In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.Type: GrantFiled: May 4, 1999Date of Patent: January 10, 2006Assignee: RSA Security Inc.Inventors: John G. Brainard, Burton S. Kaliski, Jr., Magnus Nyström, Ronald L. Rivest
-
Patent number: 6970070Abstract: Techniques are disclosed for providing enhanced privacy in an RFID system comprising a plurality of RFID devices, each having an associated identifier, and at least one reader which communicates with one or more of the devices. A blocker device is operative to receive a communication directed from the reader to one or more of the RFID devices, and to generate, possibly based on information in the received communication, an output transmittable to the reader. The output simulates one or more responses from at least one of the RFID devices in a manner which prevents the reader from determining at least a portion of the identifier of at least one of the RFID devices. The blocker device may itself comprise one of the RFID devices. In an illustrative embodiment, the output generated by the blocker device interferes with the normal operation of a singulation algorithm implemented by the reader.Type: GrantFiled: September 29, 2003Date of Patent: November 29, 2005Assignee: RSA Security Inc.Inventors: Ari Juels, Ronald L. Rivest, Michael Szydlo